(Re)Considering Citrix NetScaler SD-WAN

Is NetScaler SD-WAN a Citrix product that you should just gloss over? Jo Harder walks you through why you should indeed consider/reconsider it for your environment.

We all thought that by 2017, we’d truly have paperless offices and corporate networks would be simpler. Not quite. But while we’re not going to solve paperless offices today, revisiting NetScaler SD-WAN just might indeed make your corporate networks simpler while improving your virtualization environment.

Admittedly, I was one of those naysayers that thought that there wasn’t a good reason to consider NetScaler SD-WAN for a XenApp/XenDesktop environment. After all, whether your deployment uses ICA/HDX, Framehawk, and/or the new Adaptive Transport protocol, your user session traffic is traversing the wire as compressed and efficiently as possible, right? Yes, but …

In a virtualized environment, it’s all about application and desktop delivery, and that requires an ample network to support the bandwidth and capacity that your users need. The days of ICA traffic consuming 10 or 20 kbps are long since past because applications have become more robust and graphically complex, plus users are demanding larger monitors and more of them. Further, even when run through user sessions, peripherals such as printers, scanners, and webcams have a big appetite when it comes to bandwidth. For example, webcams running through a user session may consume well over 300 kbps.

NetScaler SD-WAN

For those that have tracked NetScaler SD-WAN since the days of the Orbital acquisition in 2006, initially the product was basically a WAN optimization device that included QoS functionality. The product changed names over the years and was called WANScaler, Branch Repeater, CloudBridge, and finally NetScaler SD-WAN.

In the Branch Repeater days, I was fairly proficient with the product, yet less than moderately impressed. It was basic WAN optimization and QoS. At that time, the product was able to uniquely address ICA/HDX traffic all the way up to the Presentation (Layer 6) and Application (Layer 7) Layers by allowing prioritization based on the virtual channels and/or applications. The reality was that no one implemented either option because modifying virtual channels was a complex undertaking for negligible (if any) gain, and session sharing had to be disabled in order to use application-based QoS.

So, I (re)immersed myself in NetScaler SD-WAN. I spent many hours reading about it, hands-on with the technology, and talking to Citrix technical experts about it. Wow!

Why (Re)Consider SD-WAN?

NetScaler SD-WAN has become a significantly more robust product in the past year. The latest releases append edge router and VPN functionality (v9.1 released October 2016) and stateful firewall/NAT (v9.2 released March 2017). This feature combination consolidates branch office network requirements within one device. These are the quite powerful capabilities that come with the Standard edition virtual or physical appliance. Based on hands-on experience, I found that setup and management was straightforward (see graphic below). Further, configurations can be pushed out from the master control node to branch nodes.

Previous features such as link aggregation enable any type of network connection, e.g., MPLS, DSL, or maybe even satellite or 4G/LTE, to be combined, managed, and prioritized to provide the best user experience, e.g., if a DSL link fails, 4G/LTE may be sourced for Citrix sessions and other traffic so that users don’t even know there was a failure. 

Circuits are still a major expense for every IT organization, perhaps even the single most expensive line item in the budget. If expensive links such as MPLS or satellite can be replaced with more cost-effective options, this translates into savings. Further, the new edge router and firewall capabilities can streamline functionality and management of network devices.

Beyond the color-coded diagnostics in the admin UI showing status, NetScaler SD-WAN can feed into the NetScaler Management and Analytics System, which is the optional centralized umbrella for all NetScaler data and management products, including NetScaler Gateway. Lastly, if you’re heading towards Azure or AWS, NetScaler SD-WAN can go there too.

Why Hasn’t NetScaler SD-WAN Caught on?

Most Citrix XenApp/XenDesktop administrators aren’t network administrators, so marketing NetScaler SD-WAN to them just isn’t the right audience. XenApp/XenDesktop administrators often struggle with NetScaler Gateway. Even though setup has been greatly simplified with the new wizard, changes to the gateway—as well as overall management—are still far more complex than it should be. So, XenApp/XenDesktop admins frequently hear “NetScaler” and tune out.

To take it one step further, XenApp/XenDesktop admins often don’t desire to extend deeper into networking and security. Although NetScaler SD-WAN functionality sits more appropriately on the IT network team, they may not fully understand Citrix technologies and dependencies on the network. Hence, the conundrum is which IT group would be the best entry point for this relevant technology.


NetScaler SD-WAN isn’t just an average tool for WAN optimization and QoS anymore. In addition to the link aggregation functionality, the newer stateful firewall, edge router, and VPN capabilities make it a compelling solution to (re)consider.

A list of NetScaler SD-WAN configuration options
NetScaler SD-WAN management and configuration options. (Click to expand.)

Dig Deeper on Citrix virtual desktops