1.

0
1.1
1.1
1.2
1.3
1.5
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.8
1.7
1.8
1.9
2.0
2.1
2.2
2.3
2.4
2.5
3.0
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
4.0
4.1
5.0
5.1
5.2
 CSOG Application Load Balancing Evaluation Criteria
Technology
On-premise Deployment
On-premise Deployment
Can support multi-platform/hybrid Application Load Balancing (Cloud, On-premise, etc.):
Can support performance monitoring
Can support monitoring of On-premise and Cloud Infrastructure, Databases and Applications
Endpoint agnostic monitoring capability:
- Servers (HP, Dell, IBM, etc…) with different OS
- Network Elements (Switch, Routers, FW, IPS, etc…)
- Applications and Services (.Net, Java, Node, etc... )
- Databases (MSSQL, Oracle, MySQL, PostgreSQL, etc...)
- Virtualized Environments (VMs, VNFs)
- End user perspective
Neglible (5%-10%) overhead to endpoints (for agent-based monitors)
Capable of SLA management
Capability to perform automated event actions as initial response to an incident
Management
Centralized management for all monitors
Multiple ways to connect to management portal (web, mobile, etc.)
Provide central deployment platform for agent-based monitors
Support Role-based Access
Capability to allow access to multiple users on-the-fly
Reporting
Support out-of-the box report generation
Provide real-time dashboard for all monitors with filter capability
Support reporting dashboard customization
Provide report for Capacity Planning and Forecasting
Provide trend analysis report
Provide end-to-end performance report (end user to network element to back end servers)
Provide real-time mapping of integrating assets/endpoints
Provide Network Bandwith Analysis
Integrations
Can support integration to other security solutions (SIEM, ServiceNow, WAF, etc...)
Security
Communication between agent and central management must be encrypted
Management portals (web and mobile) must be encrypted
1. Mode of operations -
1.1 Deployment

1.1.1
1.2 Capability

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5
 1.2.6

1.2.7

1.2.8

1.2.9

1.2.10

1.2.11

1.2.12
 1.2.13

1.2.14
2. Alerts and Reports -

2.1

2.1

2.2

2.3

2.4
 2.5

2.6

2.7
3. Interoperability -
3.1 Integration with existing LB

3.1.1

3.2 Integration with Security Solutions

3.2.1

3.2.2

3.2.3
 3.2.4

3.2.5

3.2.6
4. Ease of Use -
4.1 User Management

4.1.1

4.1.2

4.1.3
 4.1.4
4.2 Portal Management

4.2.1

4.2.2

4.2.2
5. Others -
5.1 Technical Support

5.1.1
5.1.2
5.1.3
5.1.4

5.1.5
On-premise deployment

Can support multi-platform/hybrid Application Load Balancing (Cloud, On-premise, etc.)

Able to support SSL Offloading with monitoring of expirations

Can suppport customizations for granular load balancing policies/rules

Can provide health monitoring of backend servers for optimized load balancing

Can provide multi-site/geo-site load balancing

Can support load balancing of multiple protocols (HTTP, HTTPS, FTP, SMB, etc.)

Can provide optimized dynamic routing capability based on user location, backend server
state, etc.

Can provide SSO capability for Applications

Can support Network Segmentation

Can ensure encrypted traffic between LB to Backend servers

Can support multiple session management (Stateless, Stateful, etc…)

Can support Clustering for higher scalability.

Can support secure API gateway implementation to protect microservices

Can support TLS1.2 or higher encryption protocol

Must provide real-time monitoring of application traffic

Ability to provide real-time and historical reports including performance statistics, hits,
response, concurrent sessions, etc..

Supports creation of customized reports

Ability to export data in a variety of convenient formats (csv, xml, pdf, html)

Ability to deliver email alerts for reports or incidents

 Must provide a health assessment capability (infrastructure analytics) of all deployed LB
appliances in a single dashboard view.

Must have the ability to provide security analytics which allows for threat identification of
the web server infrastructure. The collected data shall be utilised to identify the threat
level (severity level) and validate if the web infrastructure is protected against the
identified vulnerabilities.

Can support scheduled reports

existing LB

Able to integrate with CSOG's existing LB (Citrix MPX 5900)

Security Solutions

Ability to integrate with SecOps

Ability to integrate with Endpoint Security

Can support event log forwarding with our SOC and other analytics/dashboarding tools
 Ability to integrate with 3rd Party WAF

Must have an API that can be used for automation

Can support integration with HSM

nt

Supports effective RBAC for user Segregation of Duties and promote least-privileged
access

Supports effective user provisioning process

Ability to support configuration options for user SSO

 Ability to support Multi-Factor Authentication
ment

Can provide Centralized management of Multiple LB Appliance

Easy administration of Application Profile, VIPs, Backend Servers and Policies

Supports HTTPS or encrypted Management Portal

rt
Must have 24/7 on-line and on-call support through phone, email, and online access to
knowledgebase
With indicative SLA for resolution
With committed number of Engineers when support is needed
Can provide on-site support if needed

Can provide planning and implementation support for application migration to ADC
 Vendor Compliance
(Compliant, Non-compliant) Supporting Details/Remarks

Can support Physical/Virtual On-Premise

Compliant Deployment as well as Cloud Deployment

Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/getting-started-with-citrix-
Compliant adc/load-balancing.html

SSL Offloading supported and can

monitor/notify when SSL Certificate is
expiring

https://docs.citrix.com/en-us/citrix-adc/
Compliant current-release/ssl/config-ssloffloading.html

Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/load-balancing/faq-load-
balancing1.html#what-are-the-various-load-
balancing-policies-i-can-create-on-the-citrix-
Compliant adc-appliance

Using Citrix ADC Monitors

https://docs.citrix.com/en-us/citrix-adc/
current-release/load-balancing/load-
Compliant balancing-configure-monitors.html

Yes. Global Server Load Balancing (GSLB)

https://docs.citrix.com/en-us/citrix-adc/
current-release/global-server-load-
Compliant balancing.html
 Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/load-balancing/load-
balancing-common-
protocols.html#:~:text=Several%20of
%20these%20protocols%20require,and
Compliant %20masking%20for%20those%20servers.

Supported using GSLB's Proximity

https://docs.citrix.com/en-us/citrix-adc/
current-release/global-server-load-
balancing/how-to/configure-gslb-
Compliant proximity.html

Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/aaa-tm/single-sign-on-
Compliant types.html

Using Citrix ADC's Supported Network

Topologies

https://docs.citrix.com/en-us/citrix-adc/
current-release/getting-started-with-citrix-
Compliant adc/network-topologies.html

Citrix ADC End-to-End Encryption

https://docs.citrix.com/en-us/citrix-adc/
current-release/ssl/how-to-articles/end-to-
Compliant end-encrypt.html

Can also leverage Connection Multiplexing for

re-use of connections

https://www.citrix.com/blogs/2012/03/08/
Compliant connection-multiplexing-in-netscaler/

Citrix ADC Clustering

https://docs.citrix.com/en-us/advanced-
Compliant concepts/design-guides/clustering.html
 Supported

https://www.citrix.com/content/dam/citrix/
en_us/documents/solution-brief/secure-
your-microservices-based-applications-with-
Compliant citrix-adc.pdf

Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/ssl/tls13-protocol-
Compliant support.html

Using Citrix Application Delivery Management

(ADM)

https://docs.citrix.com/en-us/tech-zone/
design/reference-architectures/citrix-
Compliant adm.html

With Citrix ADM

https://docs.citrix.com/en-us/citrix-
application-delivery-management-service/
citrix-application-delivery-management-
Compliant service.html

Customizable Reports using Citrix ADM

https://docs.citrix.com/en-us/citrix-
application-delivery-management-service/
Compliant networks/network-reporting.html

Support for PDF, JPG, PNG and CSV Format

https://docs.citrix.com/en-us/citrix-
application-delivery-management-service/
setting-up/export-or-schedule-export-
Compliant reports.html

Can send email notifications

https://docs.citrix.com/en-us/citrix-
application-delivery-management-service/
networks/events/how-to-set-repeated-email-
Compliant notifications.html
 Generate report for load balancing entities

https://docs.citrix.com/en-us/citrix-
application-delivery-management-software/
current-release/networks/network-
functions/how-to-generate-reports-for-load-
Compliant balancing-entities.html

Using Citrix ADM's Security Insight which

provides Threat index

https://docs.citrix.com/en-us/citrix-
application-delivery-management-service/
Compliant analytics/security-insight.html

Supported.

https://docs.citrix.com/en-us/citrix-
application-delivery-management-service/
setting-up/export-or-schedule-export-
Compliant reports.html

Comply. Can use GSLB with different Citrix

Compliant ADC Models

Supported through Syslogs and with the use

of API. Please check below Link for more
information

https://docs.citrix.com/en-us/citrix-adc/
current-release/system/audit-logging/
Compliant configuring-audit-logging.html

Compliant Not Applicable

Supported through Syslogs

https://docs.citrix.com/en-us/citrix-adc/
current-release/system/audit-logging/
Compliant configuring-audit-logging.htm
 Can integrate and can also be a WAF
Appliance

https://docs.citrix.com/en-us/citrix-adc/
current-release/application-firewall/
Compliant configuring-application-firewall.html

Citrix ADC'S Nitro API

https://docs.citrix.com/en-us/citrix-adc/
Compliant current-release/nitro-api.html#

Support for nSheild Connect Hardware

security module

https://docs.citrix.com/en-us/citrix-adc/
Compliant current-release/ssl/support_for_thales.html

Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/system/authentication-and-
authorization-for-system-user/user-
Compliant usergroups-command-policies.html

https://docs.citrix.com/en-us/citrix-adc/
current-release/aaa-tm/entities-of-
authentication-authorization-auditing/
authentication-authorization-users-
groups.html#:~:text=Navigate%20to
%20Security%20%3E%20AAA%20%2D
%20Application,account%2C%20and%20then
Compliant %20click%20Open.

Citrix ADC SSO

https://docs.citrix.com/en-us/citrix-adc/
current-release/aaa-tm/single-sign-on-
types/kerberos-single-sign-on/setup-citrix-
Compliant adc-single-sign-on.html
 Supported.

https://docs.citrix.com/en-us/citrix-adc/
current-release/aaa-tm/authentication-
methods/multi-factor-nfactor-
Compliant authentication.html

Using Citrix ADM

https://docs.citrix.com/en-us/tech-zone/
design/reference-architectures/citrix-
Compliant adm.html

Can leverage Citrix ADM for easy

administration of multiple Citrix ADC's

https://docs.citrix.com/en-us/tech-zone/
design/reference-architectures/citrix-
Compliant adm.html

HTTPS for Citrix ADC Management

Compliant https://support.citrix.com/article/CTX205264

Compliant
Compliant
Compliant
Compliant

Compliant
Client's Remarks
The appliance should be compatible with our
existing Citrix ADC for GSLB setup.

We need to ensure that appliance should

compatible and be able to integrated with
our existing security solutions.

Integration with SecOps for Centralized

Incident Ticketing.
Endpoint Security should be installed on the
appliance.

eSOC integration for log forwarding and

correlation.
Integration with other Analytics and
Dashboarding Tools for reporting.
Active Directory for authentication.