What was the certification requirements? Tony Lyne Consultant Senior Systems Engineer [cid:image001.gif@01C8284B.00251E70] +64 6 353 7300 [cid:image002.gif@01C8284B.00251E70]<http://www.gen-i.co.nz/> +64 6 356 6800 +64 27 472 0696 tony.lyne@xxxxxxxxxxx<mailto:tony.lyne@xxxxxxxxxxx> www.gen-i.co.nz<http://www.gen-i.co.nz/> 53 Queen Street, PO Box 1470, Palmerston North, New Zealand "This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002." From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Wood Sent: Friday, 16 November 2007 11:23 a.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Juniper That's an interesting insight - our difficulty was in the certification requirements for the device - which citrix at the time couldn't match. And it's a fair point - you want to deliver something other than simply ica/internal web connections - especially some sort of direct file share/general network connectivity method then the Netscaler could well offer a better solution than the IVE straight - as iirc Juniper would require multiple devices to secure and optimise that sort of connection - whereas Citrix simply use the netscaler. Our solution merely required simple web/ica connectivity - so that functionality wasn't really a consideration for us. From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Tony Lyne Sent: 15 November 2007 20:15 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Juniper We had an interesting meeting with Citrix yesterday and discussed this exact issue with a customer who was comparing a HA juniper SSL VPN solution with the equivalent Citrix solution. For larger sites comparing a High availability Juniper configuration to something like the HA Netscaler with the VPN option enabled the NEtscaler came way ahead in bang for buck. The thing that weighed in the Netscaler favour was for the price of a HA juniper SSL VPN solution you got a HA Netscaler setup which does far more than just SSL VPN. There was no comparison Netscaler ate it. As for the CAG, yes in its earlier days the CAG was a little flaky. But now I can't justify positioning a Juniper equivalent solution to a user when something like the CAG/Advanced solution is much better priced, easier to implement and integrates much better with existing citrix infrastructures. Tony Lyne Consultant Senior Systems Engineer [cid:image001.gif@01C8284B.00251E70] +64 6 353 7300 [cid:image002.gif@01C8284B.00251E70]<http://www.gen-i.co.nz/> +64 6 356 6800 +64 27 472 0696 tony.lyne@xxxxxxxxxxx<mailto:tony.lyne@xxxxxxxxxxx> www.gen-i.co.nz<http://www.gen-i.co.nz/> 53 Queen Street, PO Box 1470, Palmerston North, New Zealand "This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002." From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Wood Sent: Thursday, 15 November 2007 11:49 p.m. To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Juniper Yep, Running with it with a couple of government customers to provide secure access to restricted level networks. We're using the 4000 FIPS appliance, but I've used the smaller ones. I also like the lab license option that they do for development. When the CAG first came out I thought the interface and reliability of the IVE was much better than what the CAG had to offer - it also offered FIPS compliance at the lower end whereas the CAG didn't. As time has moved on Citrix have done some work on the CAG, and it does seem to be catching up - there's also now a greater amount of interaction between the CAG and your Citrix environment that you just don't get on the IVE. That said, the ability to reconfigure the login process and configuration options seemed to be wider with the IVE than the CAG. Cost and availability wise I thought that the Juniper was better - but you might find that different personally I think the management and maintenance of the IVEs is far more straightforward than the CAGs were, but I've not seen the latest cag interface releases. Reliability wise we've had no problems at all (queue the thing falling over now all next week) hth