Despite the pandemic, the Citrix ADC team has continued its push to provide solutions that improve application reliability and performance, with security always front of mind. In 2020, the Citrix ADC and Citrix Gateway Product Management and Engineering teams hunkered down to work remotely but stayed focused on software innovations to enhance performance and security for customers. They’ve accomplished a lot of great things in the past 12 months, and here are my Top 10 coolest Citrix ADC enhancements of the past year.

10) Ongoing enhancements to the security and automation posture

  • Enhanced security via system hardening and implementation of additional security controls
  • Additional security-centric analysis testing tools to further enhance Citrix ADC and Citrix Gateway development processes, including static analysis, variant analysis, source composition analysis, and dynamic application security testing
  • Extensive boost in design reviews for various product models and/or components
  • Manual secure code audits and fuzzing for high-visibility features

Also, check out the Citrix Trust Center, where you can get details on Citrix’s approach to responding to vulnerabilities, as well as information on how we’re continuing to align our security response with ISO 29147 standards. You can also learn more in this blog post on updates to the Citrix Trust Center, including our pre-notification program.

9) Enhanced API security with a simplified process to onboard, automatically discover, and secure APIs.

An API Security (formerly API gateway) acts as the entry point for your APIs and ensures secure and reliable access to multiple APIs and microservices in your system. An API Security communicates between the application and the back-end services. It helps you to create, publish, maintain, and secure APIs. See our product documentation and this solution brief for more details.

8) Advances in DTLS support and capabilities

With the release of Citrix ADC 13.0 build 47.x, we’re supporting the DTLS 1.2 protocol on the front end of a Citrix ADC VPX appliance. The DTLS 1.2 protocol is also supported on the front-end of the Citrix ADC MPX 8900, 15000, 26000 hardware appliances, which are based on Intel Coleto SSL chips (from release 13.0 build 52.x). Additionally, DTLS 1.2 is supported on the front end of older Citrix ADC MPX 80xx, 14000, and 25000 appliances, based on Cavium N3 based (from release 13.0 build 58.x). See our DTLS documentation for details.

7) Broadening Citrix ADM service functionality

Recent enhancements in Citrix Application Delivery Management (ADM) make for easy, intuitive deployments, especially in a public-cloud environment. In 2020, we also improved ADM monitoring and boosted the machine learning framework for analytics. Check out these links for more details:

In the Security Violations section of Citrix ADM, you can now view Website ScannersContent ScrapersAccount Takeover for Citrix Gateway under the Bot Violation category.

6)  Enhanced bot detection with fingerprinting

Citrix added device fingerprinting as a bot detection technique for mobile (Android) applications using a bot mobile SDK. On the appliance side, the device fingerprinting bot detection technique examines the data and determines whether the connection is from a bot or a human. See the 13.0-71.40 release notes for details.

5) Improved response time and reliability for IoT devices with MQTT load balancing

Message Queuing Telemetry Transport (MQTT) is a standard communication protocol on which the whole IoT ecosystem depends. Citrix ADC understands MQTT and can distribute IoT traffic to back-end servers. This is vital for businesses as their IoT requirements scale. See our MQTT documentation for details.

4) Enhancing performance in Azure with Accelerated Networking support:

Accelerated Networking enables single root I/O virtualization (SR-IOV) to a virtual machine in Azure. Accelerated Networking on a Citrix ADC interface reduces latency and jitter and decreases CPU utilization. For more information on Azure Accelerated Networking and supported instance types, check out the Azure Accelerated Networking documentation.

3) Uplifting TLS 1.3 performance with hardware acceleration support and expanding TLS 1.3 policies

While TLS 1.3 software support has been available for a while, Citrix has added support for TLS 1.3 hardware acceleration, which is critical for customers who require higher SSL performance and scale. Support for application protocol negotiation (ALPN) and Online Certificate Status Protocol (OCSP) stapling is also included. See our documentation for details.

2) Expanding Citrix services with Citrix Web App and API Protection

Citrix Web App and API Protection is a cloud-delivered security solution that provides comprehensive security to all your applications, regardless of their architecture (monolithic and microservices-based) or where they are deployed across your multi-cloud environment. See the Citrix Web App and API Protection data sheet for details.

1) Showcasing Citrix ADC performance, security, and scale with independent, third-party performance reports from the Tolly Group

There are times when it is better for a third-party to demonstrate our performance capabilities. So check out the recent tests by the Tolly Group validating the incredible performance advantage of Citrix ADC over F5 in hybrid multi-cloud environments, focusing on latency, throughput, and CPU utilization.

Among the findings in the tests against F5 BIG-IP VE were (from Tolly report #221100) Citrix ADC VPX delivers:

  • 1/5 the latency of F5 in HTTPS data throughput tests
  • 1/2 the latency of F5 in HTTPS transaction tests
  • Up to 1.85 billion more HTTPS transactions in 24 hours
  • Lower latency and CPU than F5 with WAF enabled tests

Tolly also carried out additional, exciting benchmark testing (Tolly report #221101) for Citrix ADC CPX against Envoy Proxy for cloud-native environments. There, we see Citrix outperform Envoy. Pretty awesome, right?

We’re proud of the work we did in 2020 to enhance Citrix ADC. And whether we’re working from home, connecting virtually with our global customers, or in an office, we’ll continue to focus on innovating and improving the security posture of Citrix ADC and Citrix Gateway while advancing application performance and monitoring/analytics capabilities.