Citrix NetScaler with SSD (first impression)

The Citrix NetScaler MPX 5500-7500 and 9500 appliance models now ship with Solid State Drives and says (good?)bye to the platter disk for these particulair models. This was anounced by Citrix back in februari this year: http://blogs.citrix.com/2012/02/09/citrix-netscaler-moves-to-solid-state-drives-for-future-mpx-5500-7500-and-9500-shipments/

Citrix has been using Solid State Drives in the MPX 17500/19500/21500 platforms for a longer time but they are only used for mounting the /flash volume. In the MPX 5500/7500/9500 the /flash volume is mounted on a CompactFlash Card. The (platter) Hard Disk Drive which is now being replaced by an SSD is used for the /var volume, this is where all the data and logs files are kept.

I now have a set of Citrix NetScaler MPX 5500 series which has been delivered with such Solid State Drives. The SSD in question is a Samsung 2.5” 128GB SSD (SATA3.0Gbps) which is known as a Samsung 470 series. This particulair SSD can perform sequential reads up to 250 MB/sec and sequential writes at 220 MB/sec. In comparison to the latest releases of Solid State Drives those numbers are not amazing. More information of the SSD : http://www.samsung.com/us/computer/memory-storage/MZ-5PA128/US-specs

As you can see on the Samsung website this is not a high-end SSD for servers but merely a Desktop drive with mediocre specifications.

Copying files to the appliance.

Granted, not a real good test of the performance of an SSD, but I’m doing some basic setup stuff on these newly delivered appliances. Copying large files to the Citrix NetScaler is somewhat faster then it used to be. In the below example I’m copying the latest firmware to the appliance which is about 165MB in size.

Upgrading the firmware.

Upgrading the appliance to a newer firmware build is somewhat faster then it was before.

Updating Citrix NetScaler to version 9.3-55.6

Booting the appliance

I am under the impression the appliance boots faster then the platter disk version, it takes the SSD Citrix NetScaler roughly about 3 and a half minutes to boot. In the below boot video there is little to none configuration in the Citrix NetScaler. When I come across a platter version of the Citrix NetScaler MPX 5500 series I will post the video’s side-by-side for comparison.

Booting the Citrix NetScaler MPX 5500 on SSD

Accessing the interface.

What I’d find pleasently noticable is that the normally sluggish Java interface is bit faster to respond. But offcourse it is still Java slow.

Conclusion.

Time will tell if moving from from the (finally) stable platter disks to SSD was a good decision made by Citrix. The NetScaler MPX line is good when it comes to stability of the platter disks, with the older Citrix NetScaler (7000, etc) series we had a relatively large amount of disk failures. Citrix NetScaler MPX did not seem to have that problem anymore.

The (relatively small) performance gain of the SSD shows when booting the appliance or doing maintenance on the machine (updating firmware, booting, extracting, etc) but how often do you such a task? That’’s right, as least as possible. I for one prefer stability of the Citrix NetScaler over a minimalistic boot time gain.

Another thing that I’m thinking of is Wear leveling, there is really not much known about wear leveling of SSD’s over a longer period of time, they have not proven themselfs yet to withstand years of read/write production.

As far as I know there is no TRIM functionality within Citrix NetScaler or FreeBSD, so I wonder what the performance will be like 6 months down the road. NetScaler still uses an old FreeBSD version which does not have this functionality built-in.

Another very valid reason for moving to SSD is simply consuming less power and be more green. This Solid State Drive consumes 0.24 Watts when active and about 0.14 Watts in Idle state, so that’s not bad. Since the performance is not that much different from the platter disk version, I think this has been the primary reason for Citrix to move to SSD.

Again, I will post an update as soon as I have more info on this.

Web Interface on NetScaler nCore–first impression

I have been waiting anxiously on this feature for a while since it has been delayed by Citrix a number of times, this feature was already announced at Citrix Synergy (SF 2010) back in May. And now I had the chance to install it at a customer which was also very interested in decommisioning his (Microsoft Windows) Citrix Web Interface servers and replacing it with Web Interface on Citrix NetScaler. For me it is the chance to find out what the pros and cons are about this feature.

Installation

Installation was ok, if it was up to me the Citrix Web Interface was just like other components such as Access Gateway just to be enabled within a build. Maybe can expect this in future releases. I installed the Web Interface on a more recent build of the nCore version (Build 98.6) so I had to downgrade to get this working. Good to know is that the Access Gateway customizations were retained which I was very happy about. Because you are downgrading Citrix NetScaler asks you if you would like to import a different nsconfig file.

Creating

There are very few settings possible when working within the NetScaler GUI. There is a wizard which let’s you create the websites.

Customization

I thought the documentation was not very complete, first thing you want to do is customize the Citrix Web Interface which you can find nothing about in de Admin Guide. The files you need to customize are in /var/wi/tomcat/webapps/Citrix/<web interface name>

You have to customize Citrix Web interface in the WebInterface.conf which is located in /var/wi/tomcat/webapps/Citrix/<web interface name>/WEB-INF/. This file is the same format as used in regular Citrix Web Interface servers installed on Windows.

Bugs

There is an issue when importing the certificate for Access Gateway Web Interface. The certificate used for Citrix Access Gateway needs to be imported in the Java Diablo Latte JRE Webserver. At first I got “Import SSL certificate failed. Following command execution failed: ./export_cert.sh /nsconfig/ssl/<certname.pem>”, so executed this command at the CLI and got the following output “keytool error: java.lang.Exception: Input not an X.509 certificate”. Opening up export_cert.sh seems to be a script built around the Java Keytool executable which doesn’t quite work just jet. I imported the original .pfx certificate in Windows and exported it as a X.509 certificate, uploaded it to the Citrix NetScaler en executed “keytool -import -trustcacerts -file /nsconfig/ssl/<certname.cer> –alias <alias>  -keystore $JAVA_HOME/jre/lib/security/cacerts” which succesfully imported the certificate in the JAVA keystore. It could be just coincedence that this happens when using Thawte certificates which I used in this environment, I googled more folks with this problem with Thawte certificates.

Performance

The Citrix Web Interface servers worked like a charm . I will update this post (or a new one) with results when it will be put into production.

Limitations

Many customers use a Citrix NetScaler MPX 5500 series, Citrix has limited the number of Web Interfaces on these particulair series to 3 which I think is too bad. Expecially because of the enormous gap with the MPX 7500 series which supports 25. In a standard Citrix infrastructure environment I would like at least 4 Web Interfaces to get everything going:
- Citrix Web Interface site / HTTP (inside);
- Citrix XenApp Services site / HTTP (inside);
- Citrix Web Interface for Access Gateway / SSL (outside);
- Citrix XenApp Services site for Citrix Receiver / SSL (outside).

The supported numbers by platform:

Another limitation is the fact that it can only be used on Citrix NetScaler, I would like to see this feature released on the Citrix Access Gateway Enterprise which makes it a more complete (Enterprise) product.

On top of the Web Interface on NetScaler nCore download page it states “The solution requires the use of NetScaler MPX or VPX models with nCore”. As you may or may not know there is no nCore version for the VPX platform (only Classic), but there will be an nCore version for the VPX platform released within the next 2 months. So as of then it will be possible to install Web Interface on the VPX platform and I for one will be very curious about the limitations that will be built in.