Posts Tagged 'Netscaler'

June 22, 2015

3 Reasons Citrix NetScaler Should Be in Your PCI DSS Compliant Application Stack at SoftLayer

Whether you already process credit card information or are just starting to consider it, you’ve likely made yourself familiar with the Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS’s 12 requirements (plus one appendix for service providers) outlines what you need to do to have a compliant workload and to pass your audits.

While SoftLayer handles the physical access and security aspects on our platform, we also offer tools to supplement your internal tools and processes to help you maintain PCI-DSS compliance such as the Citrix NetScaler VPX and MPX Platinum Edition product line.

Unique Features NetScaler Offers That Support PCI-DSS

  1. Mask Payment Account Numbers (PANs)
  2. With NetScaler Platinum Edition it’s possible to configure the device to block or mask PANs to prevent leakage of cardholder data—even if your application is attempting to present the data to a user. This is extremely useful when adhering to PCI-DSS Section 3.3—the first six and last four digits are the maximum number of digits to be displayed.

    NetScaler provides reporting as well so that your developers can tighten up that aspect of your application for more identification protection.

  3. Detect and Prevent Web-based Attacks
  4. By deploying a Web application firewall into your application stack, you can fully comply with PCI-DSS Section 6.6, which requires addressing new threats and vulnerabilities on an ongoing basis and ensuring these applications are protected against known attacks. The NetScaler Application Firewall module included in Platinum Edition provides continuous protection and can dynamically adjust to changes in your application code.

  5. Prevent Buffer Overflow, XML Security, Cross Site Scripting, & SQL Injection
  6. The NetScaler Web Application Firewall helps close the door on many common coding vulnerabilities outlined in PCI-DSS Section 6.5. By utilizing XML security protections, form tagging, dynamic context sensitive protections, and deep stream inspection, you can block, log, and report on these common security vectors and ensure your development team can shore up you applications

How to Order
SoftLayer offers Citrix NetScaler VPX Standard and Platinum Editions in multiple bandwidth packages—10Mbps, 200Mbps, and 1Gbps. Order these quickly and easily from your customer portal devices page (click order devices, scroll to networking devices, and select Citrix NetScaler).

SoftLayer also provides the NetScaler MPX for customers that require a dedicated hardware appliance running the NetScaler OS that can handle thousands of concurrent SSL transactions. To order the MPX product, chat with one of our sales advisors.

Be sure to take a look at some of the other features included with Citrix NetScaler.

Learn More About PCI-DSS
SoftLayer supports PCI workloads by providing the physical security required in the DSS. Within the customer portal you’re able to pull our most recent SOC 2 Type II audit report. You can use this as part of your compliance strategy. The rest is up to you to take advantage of the tools and services to make sure you meet the remaining PCI standards. Additionally, when you’re working with your PCI-DSS qualified security assessor, we can also provide an Attestation of Compliance.

For more information on compliance standards, check out http://www.softlayer.com/compliance.

-Seth

Categories: 
May 14, 2012

Synergy and Cloud - Going Beyond the Buzzwords

Citrix Synergy 2012 took over San Francisco this week. Because Citrix is one of SoftLayer's technology partners, you know we were in the house, and I thought I'd share a few SoftLayer-specific highlights from the conference.

Before I get too far, I should probably back up give you a little context for what the show is all about if you aren't familiar with it. In his opening keynote, Citrix CEO Mark Templeton explained:

"We call it 'Citrix Synergy,' but really it's 'Synergy' because this is an event that's coordinated by us across a hundred sponsors, our ecosystem partners, companies in the industry that we work together with to bring you an amazing set of solutions around cloud, virtualization, networking and mobility."

Given how broad of a spectrum those areas of technology represent, the short four-day agenda was jam-packed with informational sessions, workshops, demos and conversations. It goes without saying that SoftLayer had to be in the mix in a BIG WAY. We had a booth on the expo hall floor, I was lined up to lead a breakout session about how business can "learn how to build private clouds in the cloud," and we were the proud presenting sponsor of the huge Synergy Party on Thursday night.

Our partnership with Citrix is unique. We incorporate Citrix NetScaler and Citrix XenServer as part of our service offerings. Plus, Citrix is also a SoftLayer customer, using SoftLayer infrastructure to offer a hosted desktop solution. Designed and architected from the ground up to run in the cloud, the Citrix Virtual Demo Center provides a dashboard interface for managing Citrix XenDesktop demo environments that are provisioned on-demand using SoftLayer's infrastructure.

My biggest thrill at the conference came when I was asked to speak and share a little of our expertise in a keynote address on simplifying cloud networking. I like to tell people I have a great face for radio, but that didn't keep me off the stage. The hall was packed to capacity and after defeating a few "demo gremlins," I got to show off how easy SoftLayer makes it for our customers to take advantage of amazing products like Citrix Netscaler VPX:

In my "Learn How to Build Private Clouds in the Cloud" breakout session, I had a little more time to speak to the larger question of how SoftLayer is approaching the shift to cloud-specific architectures and share some best practices in moving to a private cloud. Private clouds are a great way to provide real-time service delivery of IT resources with a single-tenant, customized, secure environment. However, the challenge of scaling and managing physical resources still exists, so I tried to explain how businesses can leverage an Infrastructure-as-a-Service provider to add scalability to a private cloud environment.

Thanks to SynergyTV, that presentation has been made available for all to see:

As I joked at the beginning of the breakout session, an attendee at Citrix Synergy was probably bombarded by "the cloud" in presentations and conversations at the show. While it's important to demystify the key terms we use on a daily basis, a few straight days of keynotes and breakout sessions about the cloud can get you thinking, "All work and no play makes Jack a dull boy." Beyond our capabilities as a cloud infrastructure provider, SoftLayer knows how to have a good time, so after we took care of the "work" stuff in the sessions above, we did our best to help provide a little "play" as well. This year, we were the proud sponsor of the Synergy Party, featuring Lifehouse!

Citrix Synergy 2012 was a blast. As a former rocket scientist, I can say that authoritatively.

-@nday91

December 7, 2009

Availability with NetScaler VPX and Global Load Balancing

The concept Single Point of Failure refers to the fact that somewhere between your clients and your servers there is a single point that if it fails downtime happens. The SPoF can be the server, the network, or the power grid. The dragon Single Point of Failure is always going to be there stalking you; the idea is to push SPoF far enough out to where you have done the best you can with your ability and budget.

At the server level you could combat SPoF by using redundant power supplies and disks. You can also have redundant servers fronted by a load balancer. One of the benefits when using load balancer technology is that the traffic for an application is spread between multiple app servers. You have the ability to take an app server out of rotation for upgrades and maintenance. When you’re done you bring the server back online, the load balancer notices it UP on the next check and the server is back in service.

Using a NetScaler VPX you can even have two groups of servers—one group which generally answer your queries and another group which usually does something else—with the second group functioning as a backup against all of the primary servers for a service having to be taken down through the Backup Virtual Server function.

Result: no Single Point of Failure for the app servers.

What happens if you are load balancing and have to take the load balancer out of service for upgrades or maintenance? Right, now we’ve moved SPoF up a level. One way to handle this is by using the NetScaler VPX product we have at SoftLayer. A pair of VPX instances (NodeA/NodeB) can be teamed in a failover cluster so that if the primary VPX is taken down (either by human action or because the hardware failed) the secondary VPX will begin answering for the IPs within a few seconds and processing the actions. When you bring NodeA back online it slips into the role of secondary until such time as NodeB fails or is taken down. I will note here that VPX instances do have dependency on certain network resources and that dependency can take both VPX instances down.

Result: Loss of a single VPX is not a Single Point of Failure.

So what’s next? A wide-ranging power failure or general network failure of either the frontend or the backend network could render both of the NetScalers in a city unusable or even the entire facility unusable. This can be worked around by having resources in two cities which are able to process queries for your users and by using the Global Load Balancer product we offer. GLB load balances between the cities using DNS results. A power failure taking down Seattle just means your queries go to Dallas instead. Why not skip the VPX layer and just GLB to the app servers? You could, if you don’t have a need for the other functionalities from the VPX.

Result: no single point of failure at the datacenter level

Having redundant functionality between cities takes planning, it takes work, and it takes funding. You have to consider synchronization of content. The web content is easy. Run something like an rsync from time to time. Synching the database content between machines or across cities is a bit more complicated. I’ve seen some customers use the built-in replication capabilities of their database software while others will do a home-grown process such as having their application servers write to multiple database servers. You also have to consider issues of state for your application. Can your application handle bouncing between cities?

Redundancy planning is not always fun but it is required for serious businesses, even if the answer is ultimately to not do any redundancy. People, hardware and processes will fail. Whether a failure event is a nightmare or just an annoyance depends on your preparation.

Subscribe to netscaler