[THIN] Re: Juniper
- From: "Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 15 Nov 2007 22:22:35 -0000
That's an interesting insight - our difficulty was in the certification
requirements for the device - which citrix at the time couldn't match.
And it's a fair point - you want to deliver something other than simply
ica/internal web connections - especially some sort of direct file
share/general network connectivity method then the Netscaler could well
offer a better solution than the IVE straight - as iirc Juniper would
require multiple devices to secure and optimise that sort of connection -
whereas Citrix simply use the netscaler.
Our solution merely required simple web/ica connectivity - so that
functionality wasn't really a consideration for us.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Tony Lyne
Sent: 15 November 2007 20:15
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Juniper
We had an interesting meeting with Citrix yesterday and discussed this exact
issue with a customer who was comparing a HA juniper SSL VPN solution with
the equivalent Citrix solution.
For larger sites comparing a High availability Juniper configuration to
something like the HA Netscaler with the VPN option enabled the NEtscaler
came way ahead in bang for buck.
The thing that weighed in the Netscaler favour was for the price of a HA
juniper SSL VPN solution you got a HA Netscaler setup which does far more
than just SSL VPN. There was no comparison Netscaler ate it.
As for the CAG, yes in its earlier days the CAG was a little flaky. But now
I can't justify positioning a Juniper equivalent solution to a user when
something like the CAG/Advanced solution is much better priced, easier to
implement and integrates much better with existing citrix infrastructures.
Tony Lyne
Consultant
Senior Systems Engineer
cid:image001.gif@01C7F6CB.F4AC3930
+64 6 353 7300
<http://www.gen-i.co.nz/> cid:image003.gif@01C7F6CB.F4AC3930
+64 6 356 6800
+64 27 472 0696
<mailto:tony.lyne@xxxxxxxxxxx> tony.lyne@xxxxxxxxxxx
<http://www.gen-i.co.nz/> www.gen-i.co.nz
53 Queen Street, PO Box 1470,
Palmerston North, New Zealand
"This communication, including any attachments, is confidential. If you are
not the intended recipient, you should not read it - please contact me
immediately, destroy it, and do not copy or use any part of this
communication or disclose anything about it. Thank you. Please note that
this communication does not designate an information system for the purposes
of the Electronic Transactions Act 2002."
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Andrew Wood
Sent: Thursday, 15 November 2007 11:49 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Juniper
Yep,
Running with it with a couple of government customers to provide secure
access to restricted level networks.
We're using the 4000 FIPS appliance, but I've used the smaller ones. I also
like the lab license option that they do for development.
When the CAG first came out I thought the interface and reliability of the
IVE was much better than what the CAG had to offer - it also offered FIPS
compliance at the lower end whereas the CAG didn't.
As time has moved on Citrix have done some work on the CAG, and it does
seem to be catching up - there's also now a greater amount of interaction
between the CAG and your Citrix environment that you just don't get on the
IVE.
That said, the ability to reconfigure the login process and configuration
options seemed to be wider with the IVE than the CAG.
Cost and availability wise I thought that the Juniper was better - but you
might find that different personally I think the management and maintenance
of the IVEs is far more straightforward than the CAGs were, but I've not
seen the latest cag interface releases.
Reliability wise we've had no problems at all (queue the thing falling over
now all next week)
hth
Other related posts:
