Citrix NetScaler 9010
I know it seemed like we were leaning towards the Big-IP, but in truth our evaluation showed that both devices are equally good. The Big-IP has the advantage of being able to use iRules to do some pretty creative things at the site edge before it passes anything back to the servers. The NetScaler had the advantage of very trivial remote web logging setup, software that is very IOS-like and therefore would be easy to learn for any NetAdmin who knows Cisco, and very good word-of-mouth recommendations. This isn't taking anything away from the Big-IPs. I still like them and would recommend them to anyone.
Force10 C300
So I don't know that much about Force10 but I have had some experience administering Cisco 6500 series switches, which this thing presumably is competing against. They look the same, I'm sure the software is pretty similar too. I've heard anecdotal evidence that these outperform the Cisco's, but in reality, anything is going to be better than the POS Dell PowerConnect switches we are currently forced to use now. This C300 has 336 10/100/1000 Mbps Ethernet ports which is perfect for our phase 1 plans (about 60 hosts with 3 network interfaces in use). I'm a NetAdmin-in-training and I actually find it more enjoyable to work with network devices than systems so I really can't wait to get my grubby little paws on this bad boy.
3Par Inserv S400
So I've never heard of 3Par until our Ops lead joined the team. He used to work for 3Par a few years ago and it might seem like we're picking this product over the likes of NetApp, HDS, or EMC because of that reason...but after visiting 3Par's lab and having a few meetings with the other vendors it really became a no brainer decision. 3Par wasn't the cheapest solution, but in terms of performance, ease of use, and customer support they beat everyone else we checked out. This was actually the most controversial (although I use that term very lightly) item when we were discussing the data center project with the Engineering team. We currently have a very distributed, DAS (Direct Attached Storage) environment and it's understandable that they were a bit hesistant when we said that we could move away from all the local hard drives and just use centralize storage. From an administrative standpoint it's a no-brainer. From a performance standpoint, it took some convincing but in the end we all agreed that our systems would perform no lesser (and possibly better) with centralized storage. We'll use DAS for certain situations of course.
Sun Netra X4200
So we decided on Sun to host our site. It was between Sun and HP. Both are great systems (especially compared to Dell) but the clincher for us was remote management capabilities. HP's ILO is great, but would cost us an additional $300 per server to give us what Sun was including in the base price. The sun boxes are very well manufactured. At my last job I administered Linux on Dell PowerEdges for 5 years and the Sun just blew me away when it came to how it was engineered. The Netras will power all our front-end servers.
Sun Fire X4600
And the Fire will power our back-end servers and also host some VMs. This bad boy is the toy that still makes us all giddy like a school girl. Besides the fact that it has 8 dual-core Opterons (and is quad-core ready) and 32 GB of memory (up to 256 GB), it's the most well-engineered machine I've ever laid my hands on. It looks like a solid piece of metal and it feels like it too. We' re going to try running 16 instances of our front-end code (Apache / PHP) and benchmark it. I'll post more info on our results later.
4 comments:
I'm just wondering if you could dive a little deeper into the reasons you chose NetScaler over the BigIP. This is very useful information, thank you for posting!
Thanks for your comment.
It was really a close call, they are both great solutions and it was fun doing the bake off. I've used the Big-IP in the past and I always felt that it was a more sysadmin-friendly load balancer. If you know your way around a UNIX-like environment then it's really easy to figure out how to do things on the Big-IP. The NetScaler seems more of a netadmin-friendly device. Seeing how this would be administered by our future network engineer, it seemed to make sense for us to lean towards the NetScaler.
But there were two main reasons why we ended up choosing the NetScaler: 1) Trivial remote logging setup and 2) SSL VPN capability. To setup remote logging for our web servers (as an example) you just need to type a couple of lines on the NetScaler and install an RPM on your logging host. Done. The F5 can accomplish this but it involves an iRule and just didn't feel as integrated of a feature. You can also use your NetScaler as a last resort type of VPN gateway as it offers SSL VPN. You wouldn't want to run your entire organization through it of course (and I don't think it supports that many concurrent sessions anyway), but it's a nice to have feature nonetheless.
I know that's not a very deep dive, but we were only able to use them for a week and we didn't get a chance to try out any exotic configurations. I'll definitely post more about the NetScaler once we have them setup. Keep an eye out! =)
Hi my name's Tal Klein and I work at Citrix. I get an rss feed of blogs mentioning our products and I have to tell you that this has been a fascinating read for me. I used to work in Technical Marketing for the NetScaler team so doing competitive analysis was part of my job. One of the things your post brings to lights is the conclusion I reached around the middle of last year:
There is no "standard" bakeoff for Big-IP vs. NetScaler, the only way to properly decide which solution is right for you is to test it using metrics that matter to your particular situation. Big-IP and NetScaler fall into the "Application Delivery Controller" category, and that is a fancy name for a load balancing appliance that contains a bunch of bandaids for things that are broken with applications delivered over a network. Which solution is "better" depends on the application, the network, and the administrator.
Finally, I'm glad you're digging the SSL-VPN, but just one minor correction. You actually could run your entire organization on it (and many large companies do). It supports up to 10,000 simultaneous VPN users per appliance, and it does TCP compression which reduces the overall time it takes to get things delivered over the VPN. You can read more about it here:
http://www.citrix.com/English/ps2/products/feature.asp?contentID=26144
Anyway, enough marketing speak. Thanks so much for posting about your experience, and I look forward to reading as you guys get more familiar with the NS and dive into some of the more advanced functionality.
Thanks for the feedback Tal. I really agree with your definition that most "load balancers" tend to be band-aids for most network applications. It also feels really nice that someone actually finds my boring blog "fascinating". :-))
I totally stand corrected about the number of concurrent SSL VPN users. I should have actually done a little more homework before blurting out a claim like that. (To my defense, I didn't know Citrix was watching though, lol). We have an eval license that apparently is only good for 5 simultaneous VPN connections and I committed the cardinal sin of assuming.
I *will* say this about the SSL VPN that I doubt anyone would argue: It was absolutely simple to configure. There's a wizard you can use when configuring through the GUI and in about 5 clicks you are done. I love it when things just work.
Post a Comment