[THIN] Re: Juniper
- From: Tony Lyne <tony.lyne@xxxxxxxxxxx>
- To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
- Date: Fri, 16 Nov 2007 12:19:57 +1300
What was the certification requirements?
Tony Lyne
Consultant
Senior Systems Engineer
[cid:image001.gif@01C8284B.00251E70]
+64 6 353 7300
[cid:image002.gif@01C8284B.00251E70]<http://www.gen-i.co.nz/>
+64 6 356 6800
+64 27 472 0696
tony.lyne@xxxxxxxxxxx<mailto:tony.lyne@xxxxxxxxxxx>
www.gen-i.co.nz<http://www.gen-i.co.nz/>
53 Queen Street, PO Box 1470,
Palmerston North, New Zealand
"This communication, including any attachments, is confidential. If you are not
the intended recipient, you should not read it - please contact me immediately,
destroy it, and do not copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this communication does not
designate an information system for the purposes of the Electronic Transactions
Act 2002."
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Andrew Wood
Sent: Friday, 16 November 2007 11:23 a.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Juniper
That's an interesting insight - our difficulty was in the certification
requirements for the device - which citrix at the time couldn't match.
And it's a fair point - you want to deliver something other than simply
ica/internal web connections - especially some sort of direct file
share/general network connectivity method then the Netscaler could well offer a
better solution than the IVE straight - as iirc Juniper would require multiple
devices to secure and optimise that sort of connection - whereas Citrix simply
use the netscaler.
Our solution merely required simple web/ica connectivity - so that
functionality wasn't really a consideration for us.
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Tony Lyne
Sent: 15 November 2007 20:15
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Juniper
We had an interesting meeting with Citrix yesterday and discussed this exact
issue with a customer who was comparing a HA juniper SSL VPN solution with the
equivalent Citrix solution.
For larger sites comparing a High availability Juniper configuration to
something like the HA Netscaler with the VPN option enabled the NEtscaler came
way ahead in bang for buck.
The thing that weighed in the Netscaler favour was for the price of a HA
juniper SSL VPN solution you got a HA Netscaler setup which does far more than
just SSL VPN. There was no comparison Netscaler ate it.
As for the CAG, yes in its earlier days the CAG was a little flaky. But now I
can't justify positioning a Juniper equivalent solution to a user when
something like the CAG/Advanced solution is much better priced, easier to
implement and integrates much better with existing citrix infrastructures.
Tony Lyne
Consultant
Senior Systems Engineer
[cid:image001.gif@01C8284B.00251E70]
+64 6 353 7300
[cid:image002.gif@01C8284B.00251E70]<http://www.gen-i.co.nz/>
+64 6 356 6800
+64 27 472 0696
tony.lyne@xxxxxxxxxxx<mailto:tony.lyne@xxxxxxxxxxx>
www.gen-i.co.nz<http://www.gen-i.co.nz/>
53 Queen Street, PO Box 1470,
Palmerston North, New Zealand
"This communication, including any attachments, is confidential. If you are not
the intended recipient, you should not read it - please contact me immediately,
destroy it, and do not copy or use any part of this communication or disclose
anything about it. Thank you. Please note that this communication does not
designate an information system for the purposes of the Electronic Transactions
Act 2002."
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Andrew Wood
Sent: Thursday, 15 November 2007 11:49 p.m.
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Juniper
Yep,
Running with it with a couple of government customers to provide secure access
to restricted level networks.
We're using the 4000 FIPS appliance, but I've used the smaller ones. I also
like the lab license option that they do for development.
When the CAG first came out I thought the interface and reliability of the IVE
was much better than what the CAG had to offer - it also offered FIPS
compliance at the lower end whereas the CAG didn't.
As time has moved on Citrix have done some work on the CAG, and it does seem
to be catching up - there's also now a greater amount of interaction between
the CAG and your Citrix environment that you just don't get on the IVE.
That said, the ability to reconfigure the login process and configuration
options seemed to be wider with the IVE than the CAG.
Cost and availability wise I thought that the Juniper was better - but you
might find that different personally I think the management and maintenance of
the IVEs is far more straightforward than the CAGs were, but I've not seen the
latest cag interface releases.
Reliability wise we've had no problems at all (queue the thing falling over now
all next week)
hth
Other related posts:
