Citrix NetScaler and Cisco ACI are jointly responding to our customer demand for delivering application centric automation of the network and application delivery controllers. In just under two years, the two companies have several customer deployment proof-points for the ACI-NetScaler joint solution and many have been shared externally as success stories. Read blog for details.

Before I deep-dive into the blog, I want to share my recent customer experiences with ACI. Customers increasingly are looking to deploy the Nexus 9k series of switches in ACI mode. Particularly, more customers are expressing interests in integrating L4-L7 network and security services with ACI. I had the privilege of understanding customers’ perspectives on how they plan on deploying the device package, which is a software package that integrates Cisco ACI with a given vendor’s L4-L7 service device. In recent months, the Insieme Business Unit at Cisco is continuing to work with its ecosystem partners to provide choice with regard to the modes customers can deploy the L4-L7 service devices with ACI.

In this blog, I am going to introduce the latest integration between Cisco ACI and Citrix NetScaler utilizing Citrix Management and Analytics System (MAS). This integration is categorized as a ‘Service Manager Mode (a.k.a hybrid mode)’ of operation.

But first, a quick recap on the history of Citrix NetScaler and Cisco ACI integration modes.


Jointly, Citrix NetScaler and Cisco ACI delivered on the first phase of innovation, also referred to as Service Policy Mode/Managed Mode. In this mode, customers provisioned the complete policy for network and application delivery controller in response to a specific application deployment through the Cisco APIC. This was achieved with a customized plugin called the Citrix NetScaler device package that was integrated into the Cisco APIC. The strategic nature of this deep integration was to enable Cisco APIC to be the central controller to provision the production ready suite of NetScaler functions including advanced ADC functions like Web Application Firewalls(WAF), and Global Server Load Balancing (GSLB), etc.

Our early success with our joint customers was endorsement to our solution; however, we also learnt that the journey to application centric networking had a sample set of customers that would prefer to get comfortable with network automation first and application delivery would follow. This led us to offering our customers the second choice which is also referred to as Network Policy Mode/Unmanaged Mode, where the automation of the network and ADC were managed separately.

Changing the Game with Service Manager Mode Integration

As we continued to learn from our customers with our solution becoming mainstream and deployments going global, we started challenging ourselves to a third offering where customers could have a flexibility of deploying new features and functions independently for the network and application deliver controller, while having the flexibility of managing the application policy provisioning through a combination of Cisco APIC and NetScaler Management and Analytics System (MAS).

In the spirit of customer success and continued innovation, we integrated NetScaler MAS with Cisco APIC using a lightweight/hybrid device package and effectively delivered, what is referred to as the Service Manager Mode/Hybrid Mode.

What is Service Manager Mode? – In very simple terms, you can perform network automation through the Application Policy Infrastructure Controller (APIC), while delegating the rich and detailed L4-L7 configuration to NetScaler MAS, which acts as a Device Manager in the APIC. Nonetheless, we still maintain full L2-7 automation to deliver true application agility and operational flexibility.

How does it work? – The solution is supported by a device package uploaded to the APIC which communicates to the NetScaler MAS. This package provides all network L2-L3 configurable entities from NetScaler. Application parity is mapped by StyleBook from NetScaler MAS to the APIC. In other words, the StyleBook acts as a programmable template between L2-L3 and L4-L7 configurations for a given application. You must provide a StyleBook name while configuring the network entities from the APIC for NetScaler.


In this new mode, the NetScaler configuration is performed in the following phases:

  • L2-L3 network stitching is done from the Cisco APIC For any given application, a network administrator has to provide network specific details, such as IP addresses, port, VLAN (automated) and so on, as part of the service graph creation and deployment in the Cisco APIC. These configuration details are then pushed to NetScaler MAS, through the device package, which are processed internally to configure the NetScaler ADC as the end goal.
  • L4-7 configuration is done from the NetScaler MAS and linked via Styblebook(s) on the APIC An application administrator creates the application’s ADC related configuration by using a StyleBook in NetScaler MAS, and these configurations are then pushed from NetScaler MAS to the NetScaler ADC. The Cisco APIC and NetScaler MAS communicate with the ADC through the management network.


Why should customers care for the Service Manager Mode?

Customers’ deployments will be further simplified while retaining the native experience of using Cisco APCI for specific network automation and NetScaler MAS for specific ADC automation. With this offering, the new and innovative offerings on Cisco APIC or NetScaler MAS does not necessarily have to be in lockstep. Cisco APIC can continue to deliver newer network automation and telemetry functions that might not affect the application delivery functions and hence avoid mandatory device package upgrades. The same is true as the NetScaler MAS continues to offer more application centric functions and Enterprise Stylebook templates that does not require change to the network connectivity and policies.

“Together, Cisco and Citrix continue to provide innovative solutions that address customer needs. Now with the integration of NetScaler MAS with ACI, customers will benefit from an easier integration model with full L2-7 automation while maintaining native operational flexibility.” Ish Limkakeng, VP Product Marketing, Insieme Business Unit, Cisco.

What to expect with Cisco ACI – NetScaler MAS innovation going forward?

Cisco ACI and Citrix MAS jointly provide an app-centric fleet management and automation with industry leading telemetry and insights. The MAS framework works for a wide range of network instances like IETF complaint Service chains, NFV network function graphs. The Cisco ACI-MAS framework is a pluggable one and supports third-party technologies in any layer of the stack. We look forward to delivering continued customer success with further differentiated solutions in the near future, specifically around hybrid cloud with Cisco Cloud Center, micro-services deployments, and integration with Tetration Analytics platform.

I would like to thank Raj Gulani, Senior Director, Product Management, DNBU, Citrix Systems and Ahmed Dessouki, Product Manager, Insieme Business Unit, Cisco, for their valuable insights and additions to this blog.

Related Links:


‪Citrix NetScaler ACI Workflow – Configuring Service Manager Mode

For more info about Cisco ACI, you can visit:




Ravi Balakrishnan

Senior Product Marketing Manager

Datacenter Solutions