Sizing guidelines
This document provides the recommended sizing guidelines for deploying a Secure Private Access site in a hybrid deployment model. The following guidance is based on validation with production-like configurations and user scenarios, and is intended specifically for Secure Private Access workloads. For environments that include both Citrix DaaS™ and Secure Private Access, use these guidelines to estimate the additional resources required for Secure Private Access.
Test inputs
The following parameters were used in the tests that validated these recommendations:
| Parameter | Value |
|---|---|
| Concurrent access (users) | Up to 20,000 |
| Login ramp-up time | 20 minutes (1,000/min) |
| Active Directory domains | 10 |
| Group membership per user | 150 |
| Total published applications | 250 (200 HTTP, 50 TCP/UDP) |
| Application launches per user/hour | 25 |
| Number of access policies | 50 |
Cloud Connector sizing
The following table outlines the minimum recommended CPU and memory configurations for Cloud Connectors based on the site sizes.
| Medium | Large | Maximum | ||
|---|---|---|---|---|
| Concurrent Users | 5,000 | 10,000 | 20,000 | |
| Connectors for high availability | 2 | 2 | 3 | |
| vCPUs for Cloud Connectors | 4 | 4 | 4 | |
| Memory for Cloud Connectors | 8 GB | 8 GB | 8 GB | |
Note:
For environments exceeding 20,000 concurrent users, scale out connector instances proportionally. If your requirements fall between the two recommended values, use the larger size as your guideline.
NetScaler® Gateway sizing
During testing, NetScaler Gateway with 4 vCPUs and 16 GB RAM was used for workloads ranging from 5,000 to 20,000 users.
Note the following recommendations:
- It is recommended to allocate 4 GB RAM per vCPU.
- For user counts exceeding 20,000, it is recommended to use a global server load balancing (GSLB) deployment with additional NetScaler instances.
- Deploy NetScaler Gateway in a high availability (HA) mode to ensure continuous service and minimum downtime.
Note:
These tests and recommendations are guidelines to help you begin your testing. We recommend that you perform the testing in your environment to validate the correct Cloud Connector and NetScaler Gateway sizing. Regular monitoring of CPU and memory usage for all components is recommended, along with periodic performance validations.