We've unified Citrix solutions and our portfolio. Learn more .

Cisco VMDC Architecture with Citrix ADC VPX and SDX

Citrix Ready Product Image / Logo

The Cisco Virtual Multiservice Data Center (VMDC)architecture is a blue print for creating and deploying scalable, highly secure, and resilient infrastructure for both cloud and traditional data center environments.

Request Product Details

Compatible with

  • NetScaler 10.5 SDX
  • NetScaler 10.5 VPX


  • Citrix ADC (NetScaler ADC)

Product Details

The Cisco Virtual Multiservice Data Center (VMDC) architecture is a blue print for creating and deploying scalable, highly secure, and resilient infrastructure for both cloud and traditional data center environments. It can meet the needs of enterprise, service provider, and public sector customers. The architecture consists of modular validated designs that address specific areas, and the VMDC modules can be combined to offer a pre-integrated design approach. VMDC is the Cisco reference architecture for IaaS Cloud deployments. Citrix offers a range of appliances designed to perform server load balancing (SLB) and offloading for certain applications. These appliances are offered in both physical (MPX, SDX) and virtual (VPX) form factors.

There have been multiple VMDC designs as platforms and technologies evolve. The VMDC 2.x architecture is VRF-Lite and Virtual Port Channel (vPC) based, and VMDC 2.2 is the large-scale version of this architecture, with VMDC 2.3 being an optimized and smaller-footprint version. The VMDC 3.x architecture is VRF-Lite and FabricPath based.

The VMDC IaaS cloud architecture is designed around a set of modular DC components comprised of building blocks of resources called pods, which comprise:

  • Cisco Unified Computing System (UCS)
  • Storage area network (SAN) and network attached storage (NAS) storage arrays
  • Access (switching) layers and aggregation (switching and routing) layers connecting to the Data Center Services Node (DSN) or Appliance based services layer
  • Multiple 10 GE fabrics using highly scalable Cisco network switches and routers

VMDC is built around Cisco UCS, Cisco Nexus 1000V, Nexus 5000 and Nexus 7000 switches, Cisco Multilayer Director Switch (MDS), Cisco Aggregation Services Router (ASR) 9000, ASR 1000, Cisco Adaptive Security Appliance (ASA) 5585-X or ASA Services Module (ASASM), Cisco Catalyst 6500 DSN, Cisco ACE, Nexus 1000V Virtual Security Gateway (VSG), VMware vSphere, EMC VMAX, and NetApp FAS storage arrays. Cloud service orchestration is currently provided by the BMC Cloud Lifecycle Management (CLM) suite. Refer to VMDC system releases.

Citrix ADC, formerly NetScaler VPX and SDX Overview

The Citrix ADC products offer SLB and content switching, along with application acceleration Layer 4 - Layer 7 (L4 - L7) traffic management, data compression, Secure Socket Layer (SSL) acceleration, network optimization, and application security. For the purposes of this validation and documentation, the focus was on using SLB, SSL Offload and related features on the Citrix ADC, as a means of replacing the ACE SLB functionality in VMDC designs.

Citrix ADC VPX has the same features as the Citrix ADC MPX physical appliance, but is a virtual form of the Citrix ADC product. VPX is installed as a virtual machine (VM) on a hypervisor. Currently, VPX can be installed on Citrix Hypervisor, formerly XenServer, VMware, and Hyper-V. The Citrix ADC VPX can handle up to 3 Gbps of HTTP traffic when deployed on VMware or Hyper-V. Performance is based on the type of license installed on the VPX instance.

The Citrix ADC VPX supports application load balancing and optimization in the compute layer, at rates of up to 3 Gbps. It is inserted in the VMDC architecture in the compute layer, installed as a virtual machine (VM) on the VMware hypervisor. Each consumer or tenant can be assigned their own VPX instance. Those requiring multiple server segments can be serviced by the same VPX, as it can be installed with one or more interfaces (one interface can be configured as a trunk, making it capable of servicing multiple server segments.

Alternatively, multiple VPX instances can be installed in a consumer container to accommodate each server segment. The VMDC design prescribes for the server load balancing to be done after security checks, therefore the VPX connection should exist on the inside network of any firewall within the container. In one-armed mode, this means that traffic between the load balancer and tenant VMs will no longer have to traverse the access layer or aggregation layer in the infrastructure, as this traffic needs only traverse the Nexus 1000V in the compute layer.

Citrix ADC SDX is the multi-tenant Citrix ADC appliance. Multiple fully isolated, fully independent Citrix ADC instances can run on a single Citrix ADC SDX device. The SDX appliance comes with 10 Gbps Ethernet (10GE) and 1 Gbps Ethernet (1GE) ports (type and number of ports depends on the SDX model) that can form an EtherChannel bundle, which is desirable for an appliance-based service design in the VMDC architecture. This evaluation used the SDX 20500, which provides four 10GE ports and eight 1GE ports. This model also has 16 SSL cores to handle SSL hardware acceleration. The SDX 20500 can support up to 20 Citrix ADC instances.

Code versions earlier than Citrix ADC 10.1 do not support sharing EtherChannel among multiple Citrix ADC instances on SDX. Because EtherChannel sharing is a requirement for VMDC appliance deployments, testing was done using a beta of version 10.1. Throughput capacity depends upon which SDX platform is used, and which license is installed on the appliance. Using the SDX 20500, a single Citrix ADC instance can handle up to 18 Gbps of HTTP traffic. The SDX 20500 appliance can handle an aggregate throughput of 42 Gbps of HTTP traffic (across multiple Citrix ADC instances).


  • Demonstrated solutions to critical technology-related problems in evolving IT infrastructure: Provides support for cloud computing, applications, desktop virtualization, consolidation and virtualization, and business continuance
  • Reduced time to deployment: Provides best-practice recommendations based on a fully tested and validated architecture, helping enable technology adoption and rapid deployment
  • Reduced risk: Enables enterprises and service providers to deploy new architectures and technologies with confidence
  • Increased flexibility: Enables rapid, on-demand, workload deployment in a multitenant environment using a comprehensive automation framework with portal-based resource provisioning and management capabilities
  • Improved operating efficiency: Integrates automation with a multitenant pool of computing, networking, and storage resources to improve asset use, reduce operation overhead, and mitigate operation configuration errors


Flexible Modular Design

The architecture is designed to support different deployment models at different scales to facilitate gradual growth and expansion as needed by enterprises ranging from small businesses to large service providers. This support is provided through definition of modular standardized building blocks that can be replicated as needed. A deployment can start very small and grow as the business demands with no need for major overhaul or redesign. In this way, Cisco VMDC helps administrators scale their build-outs in predictable, logical units, easing their planning and capacity management and ultimately lowering their operating costs.

High Availability

The architecture is designed to optimize service uptime by enabling availability and fault tolerance at all layers of the data center through the use of a combination of physical redundancy best practices as well as virtualized failover features at the networking, computing, and storage layers.

Security and Multitenancy

By embedding security at each layer of the data center, Cisco VMDC provides a comprehensive and powerful set of tools for operators to use to secure their deployments, enabling highly secure multitenant deployments, one of the primary features of cloud computing. Several features of the networking devices and of the computing infrastructure combine to provide the robust security desired to give organizations the confidence to use cloud computing infrastructure to deploy applications to address their business needs.

Multitenancy refers to the capability of the data center to host multiple separate zones, each of which can serve a separate group of users with a specific service profile. Tenants can be organizations, departments, customers, enterprises, regions, etc. Using a comprehensive set of security features that separate and secure tenant traffic and interactions, Cisco VMDC enables both simple, loose separation as is needed in private clouds, and very strict and secure separation as is needed in public cloud deployments.

Service Differentiation

Cisco VMDC architecture enables a cloud operator to either define custom service classes or use predefined service classes to differentiate service offerings over the cloud. Components of a service may include computing allocations in the form of CPU and virtual machine limits, storage and data protection allocations, network-based services such as VLAN segment allocations, quality-of-service (QoS) capabilities, security, disaster recovery and business continuity, and other application-level features. The Cisco VMDC architecture includes four predefined service tiers: Bronze, Silver, Gold, and Palladium. These tiers are not meant to define the only levels of service that can be offered, but are simply representative service levels that were used in the validation tests.

Comprehensive Service Management

Cisco VMDC architecture is closely integrated with the service orchestration and service assurance subsystems that provide configuration and provisioning automation for both the operator offering services through the cloud and the users using these services. Service orchestration is a multidomain configuration abstraction layer on top of the data center infrastructure. It enables a portal-based configuration model in which the subscriber can select from a defined number of service options and host applications as virtual machines. On the basis of these selections, configuration actions are performed on the devices to achieve the service represented in the portal. This self-service, portal-based model offers customization per customer and reduces the number of manual tasks required of the IT department. Service orchestration also automates configuration across many devices based on the services advertised through the portal.

Transition to IT as a Service

The transition to ITaaS, in which IT essentially provides services to internal "customers," involves the same technology and design principles as can be applied to any organization that wants to monetize its service offerings. Service providers can use the same technology to deliver cloud or hosting services. Enterprises can take excess data center capacity and sell these services in a community cloud model.