Sizing guidelines

This document provides the recommended sizing guidelines for deploying a Secure Private Access site in a hybrid deployment model. The following guidance is based on validation with production-like configurations and user scenarios, and is intended specifically for Secure Private Access workloads. For environments that include both Citrix DaaS and Secure Private Access, use these guidelines to estimate the additional resources required for Secure Private Access.

Test inputs

The following parameters were used in the tests that validated these recommendations:

Parameter Value
Concurrent access (users) Up to 20,000
Login ramp-up time 20 minutes (1,000/min)
Active Directory domains 10
Group membership per user 150
Total published applications 250 (200 HTTP, 50 TCP/UDP)
Application launches per user/hour 25
Number of access policies 50

Cloud Connector sizing

The following table outlines the minimum recommended CPU and memory configurations for Cloud Connectors based on the site sizes.

Medium Large Maximum
  Concurrent Users 5,000 10,000 20,000
  Connectors for high availability 2 2 3
  vCPUs for Cloud Connectors 4 4 4
  Memory for Cloud Connectors 8 GB 8 GB 8 GB

Note:

For environments exceeding 20,000 concurrent users, scale out connector instances proportionally. If your requirements fall between the two recommended values, use the larger size as your guideline.

NetScaler Gateway sizing

During testing, NetScaler Gateway with 4 vCPUs and 16 GB RAM was used for workloads ranging from 5,000 to 20,000 users.

Note the following recommendations:

  • It is recommended to allocate 4 GB RAM per vCPU.
  • For user counts exceeding 20,000, it is recommended to use a global server load balancing (GSLB) deployment with additional NetScaler instances.
  • Deploy NetScaler Gateway in a high availability (HA) mode to ensure continuous service and minimum downtime.

Note:

These tests and recommendations are guidelines to help you begin your testing. We recommend that you perform the testing in your environment to validate the correct Cloud Connector and NetScaler Gateway sizing. Regular monitoring of CPU and memory usage for all components is recommended, along with periodic performance validations.

Sizing guidelines