Citrix has tightly coupled NetScaler with XenApp/XenDesktop, inducing users to look no further than NetScaler for gateway functionality. Between NetScaler Gateway’s complexity and cost, will conditions encourage third-party vendors to try to wedge their way into the Citrix gateway/load balancer/delivery controller market?

Citrix’s website states that NetScaler Gateway “reduces costs by up to 45 percent with easier configuration and maintenance.” That must have been written by a marketing person, because configuring NetScaler Gateway is neither easy nor intuitive for a traditional XenApp/XenDesktop administrator who touches NetScaler Gateway only infrequently. While there are a number of wizards that can be used for configuration, the administration interface includes numerous optional and mandatory fields, as well as some that are only required to address specific needs. As a result, it’s easy to overlook an important field or create an entry that’s unnecessary (or that will cause an issue).

With the exception of a consultant who regularly configures NetScaler, charging an hourly fee, Citrix administrators who access NetScaler Gateway only occasionally find it necessary to reference detailed instructions because of its complexity. Hence, there is either a hard-dollar cost for a consultant or a soft-dollar cost associated with implementing and/or configuring it.

Those who have been involved with virtualization for many years will fondly remember Citrix Secure Gateway. It was released in 2001, and “easy to use” was an understatement. Secure Gateway was installed on a Windows server in just a few minutes, and it was difficult to make a mistake during deployment. In the event that something wasn’t right, you clicked the Diagnostics button, and any potential issues would be clearly revealed on the screen. Admittedly, there were security concerns about putting an IIS server in the DMZ, but Secure Gateway was extremely fast and easy. Citrix Secure Gateway 3.3.2 is still available and functions with older versions of XenApp and XenDesktop, but it is clearly falling into end of life.

When Access Gateway, based on the former Net6 platform, was released, it was introduced as a hardened DMZ appliance. Although Access Gateway has reached end of life, at the time it was a giant step forward in terms of security. Access Gateway wasn’t as easy as Secure Gateway, but it was fairly intuitive. As Citrix continues to centralize all networking functionality into NetScaler, the go-forward gateway product is NetScaler Gateway.

Citrix Secure Gateway was made available at no charge. Although NetScaler Express VPX is available for free (available through a MyCitrix account only, and not well publicized), its limitations make it appropriate for proof-of-concept setups and very small environments only. Thus, for most environments, NetScaler VPX for gateway functionality comes with a price tag. Further, NetScaler costs rise as redundancy, multiple locations, and larger load increase.

During the time when there was no charge for an enterprise-grade gateway product from Citrix, it is understandable that competitors wouldn’t encroach on this market space: there was no financial incentive to do so. Product development costs money, and business managers couldn’t compete against free.

However, as the load balancer marketplace continues to mature, and Citrix’s enterprise-sized customers are looking at a minimum invoice of $995 for NetScaler Gateway VPX, some third-party vendors are starting to see this as an opportunity to develop products that will wedge into the Citrix gateway space. Of course, these vendors must take into account research and development costs, but the potential for upselling load balancers into enterprise environments certainly makes the business case appealing.

Even more importantly, competition in this space would likely force innovation and ease of use that would reduce the soft-dollar costs associated with occasional administration. It will be interesting to see what competition the future brings in the gateway/load balancer/application delivery controller market.