Formerly known as the Netscaler Gateway, Citrix VPN offers a way to unify disparate VPN connections and devices. Based around SSL, and suitable for small, medium, and large organizations, the VPN provides technicians with the tools required to manage network connections from a single source, while maintaining privacy and cybersecurity.
The VPN is new, at least in its current form, but Citrix has been creating firewalls and network security gateways since 1997. That makes it an experienced player, and expectations for Citrix VPN are understandably high. So how does it actually perform?
To start with, let’s quickly set out the security features that Citrix has to offer, as without a strong showing here, there’s not much point in assessing other aspects of what the VPN has to offer.
- Citrix VPN relies on SSL encryption to create its VPN tunnels
- It features Multi-Factor Authentication procedures, for both third-party authentication and nFactor authentication, including via geographic location and device identities.
- Always on system ensures VPN coverage follows credentialed users, so no gaps will appear in security perimeters.
- Can be combined with Citrix Access Control to filter web content and enhance security, while specific solutions are available for controlling access to SaaS applications (alongside the VPN service).
Citrix uses SSL instead of AES-based encryption, which is fine from a security standpoint, and it offers speed advantages when transmitting across local networks. Thus, the integrity of data being sent remotely isn’t likely to be a problem.
Additional features like “always-on” VPN coverage are well-adapted to remote working, making sure that employees are protected whether they remember to engage the VPN or not. And the Citrix Access Gateway has been engineered to suit numerous authentication systems, including most major third-party providers. That should limit the scope for malicious actors seeking access to your servers.
However, followers of the tech press may recall that Citrix was hit by a substantial data breach in early 2019. The attack worked around the company’s own 2FA barriers pretty easily and gained access to internal VPN systems – possibly via password spraying techniques which target weak passwords.
In any case, this story puts the security credentials of the Netscaler Gateway into perspective (especially when compared to direct rivals like Cisco). It’s not necessarily a blow to the Citrix product, but it’s worth keeping in mind.
When it comes to general privacy, users will want to check out the American jurisdiction of Citrix. US VPNs tend to be shunned by the most privacy-conscious users, owing to the potential for information sharing with the NSA and other authorities. So if that’s a major concern, looking for VPNs based elsewhere will be a priority.
Moreover, Citrix shares information in a myriad of ways, from “joint sales promotions,” to “consulting services.” So while the Citrix VPN will ensure a degree of protection against external threats, it’s worth noting that Citrix themselves will be monitoring plenty of aspects of your online behavior, and that of your staff. Given the data breach mentioned earlier, that may well be a very alarming prospect.
Features, installation, and deployment
At its most basic, the Citrix VPN is just a simple Virtual Private Network which acts as an add-on for the Citrix Access Gateway. If you have the CAG (or the older Netscaler Gateway) in place for other purposes, adding a VPN shouldn’t be too complicated.
The Gateway and VPN can be downloaded for the following platforms:
The core VPN is also available for iOS and Android phones, although a number of customers report that updates have been sparse for both mobile platforms. That’s a big problem for companies whose employees regularly use smartphones for remote working – even if it’s just for the odd email.
Companies using the full VPN and Citrix Gateway often report teething problems and a “steep learning curve,” which is pretty typical for enterprise-wide gateway solutions. But when the VPN and Gateway are up and running, clients tend to be happy with the flexibility it affords. For example, users can set it up as a Full VPN, covering all apps and traffic, or a MicroVPN, with a focus on specific endpoints and apps. RSA integration is simple, and SaaS packages can be added with ease – whether they fall under the VPN umbrella or not. That kind of flexibility is definitely a core strength of the Citrix security suite.
The console and apps are localized for speakers of French, German, Spanish, Korean, Japanese, Portuguese, and Chinese. And 20 devices can be covered by the standard Citrix Licensing Policy (which uses the information harvested from clients to adjust payments automatically).
Users can install the Citrix client via USB sticks if desired, and updates for the core Access Gateway are delivered automatically, while multiple inspection methods are accommodated. Managers can access web inspection tools to assess performance, and the flexible setup enables remote access from all types of devices, to whatever apps your business relies on.
As we noted above, the downside to this is added complexity. If companies seek to implement bespoke solutions, they will come to rely heavily on Citrix’s documentation and support, and the process can get bogged down. But for very basic remote working applications, it works fairly well.
Plans and pricing
Citrix offers two classes of license for the Netscaler Gateway: Concurrent User and Enterprise VPX. Both classes come in on-premises subscription and perpetual packages.
For the Concurrent User option, basic subscriptions cost around $55, and perpetual licenses cost $122.
For the Enterprise VPX option, basic subscriptions cost $549, while the perpetual option costs $995.
Both options deliver the Gateway software package, with the difference that the Enterprise VPX service includes 20 simultaneous connections. Perpetual subscriptions contrast with 1-year subscriptions – hence the price disparity.
Those prices put Citrix in the lower-end of the upscale VPN market, and cheaper than Cisco or Pulse. But setting up a Citrix Access Gateway system for medium-sized enterprises will still be a fairly costly undertaking.Fortunately, companies do have the option of giving the system a try. Citrix offers a handy free trial facility which includes a fully-featured version of the Gateway, letting managers tinker with its settings to ensure that it delivers everything they need.
Overall, Citrix scores well with its flexible pricing strategies and relatively simple licenses, along with the provision of a free trial. Although it’s not cheap, it’s still cheaper than leading competitors, and with its adaptable tools, it could be the ideal solution.
Over the years, Netscaler and Citrix have been flagged due to speed concerns, and it’s definitely a major concern for businesses thinking about adopting the company’s VPN. This can sometimes be traced to poor OS implementations, storage issues, problems with apps running across the VPN, and sometimes just underpowered CPUs. Getting the most from Citrix requires plenty of RAM and up-to-date systems, and laggy experiences are common with older networks.
Support is another area where Citrix doesn’t perform as well as its peers. On the face of it, plenty of support options are available, including:
- The Citrix Knowledge Center – an archive of how-to guides and queries which cover the entire range of Citrix products.
- Support forums where Citrix customers can ask questions and offer assistance.
- The option of starting Support Cases to access one-to-one technical help. (Available via individual Citrix Accounts).
- 24/7 Telephone support and Live Chat are both available if required as part of the support services for license holders.
- Social media accounts offer an additional way to make contact if needed.
All of that sounds fine, and response times are generally good -– as you’d hope from a major corporation. However, feedback from customers suggests that the quality of documentation available is not universally high and that support staff aren’t always as efficient as they could be when resolving setup and operational issues.
This matters, because each Citrix Gateway setup will be uniquely adapted to the size, geography, network settings, apps, and working culture of different businesses. So a bespoke approach is vital, and you may not get that with Citrix products. That’s worth bearing in mind.
- Very flexible package with Full and Micro VPN options
- Solid SSL encryption
- Integrates with third-party authentication and RSA systems, adding extra security
- Easily extendable to cover all remote working devices
- Doubts about the extent of information logging, and general security presented by recent data breaches
- Possible issues with customer support
- Speeds aren’t as fast as competitors’
- Complex to set up on larger networks
The Citrix Access Gateway (or the Netscaler Gateway to industry veterans) remains a very useful way to facilitate remote working for small, medium, and large enterprises. Flexible and powerful, it includes a reliable VPN, which will definitely enhance your security.
However, privacy issues surround the company, while speeds aren’t stellar, and it’s certainly not an entry-level option. This is one for experienced users and companies who know exactly what they want.