Citrix Systems Inc.'s NetScaler SDX virtualized services platform will now support Palo Alto Networks Inc.'s virtual next-generation firewall software.
The partnership between Citrix and Palo Alto will allow customers to run Palo Alto's VM Series firewall software on the same box as Citrix's application delivery and load-balancing technologies. Citrix and Palo Alto have validated the firewall for Citrix's NetScaler SDX appliance.
"Instead of having hardware firewalls and hardware application delivery controller appliances, you can consolidate them in a NetScaler SDX and spin up instances of ADCs and [Palo Alto's] VM series specifically for the needs of application owners on the network or for specific tenants in a service provider environment," said Graham Melville, director of product marketing at Citrix.
The NetScaler SDX is a virtualized services platform designed to run multiple instances of Citrix's NetScaler ADC software. The box enables a high-performance, multi-tenant hardware for Layer 4-7 services software. The appliance has a control plane that unifies provisioning, configuration and management of the multiple instances of the ADC services. Now, Citrix is extending that box and its unified control plane to Palo Alto's firewall. Engineers can download Palo Alto's software directly from the company's site and install it on the NetScaler SDX.
The Citrix-Palo Alto combination will allow data center infrastructure engineers to reduce the hardware footprint in their networks and simplify operations, said Rohit Mehra, vice president of network infrastructure research at Framingham, Mass.-based IDC. Engineers will be able to apply common configurations and settings to their firewall and application delivery services on the SDX platform, he said. The consolidated services will also enable so-called service chaining, which lets traffic be routed through firewall and ADC services within a single box.
"Running security applications [on an application delivery appliance] is a good, natural fit as you move toward more virtualized and software-defined environments," Mehra said. "If you are looking at a higher amount of virtualization in your data center, this gives you a common hardware architecture."
Data center engineers already had the option of running Palo Alto's VM Series on commodity x86 servers. For that matter, they have that option with Citrix's NetScaler software, too. SDX gives engineers the benefits of the incremental integrations of the appliance's advanced control plane, Mehra said. It's also a validated joint solution, which should simplify support of network and security services running on an SDX.
Citrix's partnership with Palo Alto is not expected to change its larger alliance with Cisco. Citrix and Cisco aligned closely in late 2012 after Cisco exited the application delivery controller market. Cisco and Palo Alto are major rivals in the firewall market, even though Palo Alto recently joined the partnership ecosystem for Cisco's data center SDN product, Application Centric Infrastructure.
Mehra said none of these partnerships are exclusive. He suspects that Citrix and Cisco could easily strike up a similar integration of network security on NetScaler SDX if enough customers ask for it.