Product Documentation


Apr 26, 2017

Note: The current NetScaler 1000V release does not support this feature.

Basic Questions

What is SDX?
SDX is a true service delivery networking platform for enterprises and cloud datacenters. SDX features an advanced virtualization architecture that supports multiple NetScaler instances on a single hardware appliance.
When do I need SDX?
If you have multiple enterprise applications that have independent life cycle needs for L4–L7 networking services, or if you have a need to consolidate multiple underutilized load balancing appliances, you benefit from SDX.
What's unique about SDX?
SDX uniquely delivers key benefits from advancements in server hardware virtualization, hardware-assisted SSL acceleration, and the market-proven, award-winning NetScaler product line. The Management Service features an advanced control plane to unify provisioning, monitoring, and management in the most demanding multitenant environments, while providing full resource isolation for data separation and to meet service level agreement guarantees, such as availability, reliability, and performance.
How will I benefit from SDX?
SDX delivers isolated multitenancy with up to 40:1 consolidation. As a key pillar in Citrix's TriScale technology framework, SDX addresses the growing need to "scale in" within virtual data centers and cloud network infrastructures. The TriScale scale-in factor enables IT to provide the foundation for consolidating L4–L7 network services today, thereby simplifying the build-out of cloud based services down the line, in accordance with business requirements.
Will I need to go outside my normal procurement procedure to purchase SDX?
SDX is a fully contained networking appliance, designed for network deployment. SDX is not designed to be managed through standard hypervisor management tools such as XenCenter.
How do I purchase an SDX?
An SDX order has three basic product components: SDX appliance SKU, SDX support contract SKU, and Add-On Instance Packs. SKUs are also available for platform conversion (MPX-to-SDX) and platform upgrade (SDX-to-SDX). SDX today is available in Platinum Edition only.
Is there SDX-specific documentation?
Yes, please visit
Do NetScaler editions apply to NetScaler SDX?
The editions do not apply from a packaging perspective. NetScaler SDX appliances and the instance 5-packs are priced the same regardless of the edition. However, when provisioning new instances, the administrator is free to deploy the Standard, Enterprise, or Platinum edition of the NetScaler software.


How much memory can I assign to each instance?
There is no maximum limit to the memory that can be assigned to each instance. Minimum memory required per instance is 2GB.
Can we migrate the existing configuration (ns.conf) from the MPX platform to SDX VPX instance?
Yes, but some configuration, such as RBA policies and SNMP community configuration, is deleted.

Features and Functionality

What NetScaler features do I get with SDX?
All NetScaler features are available on SDX.
Does SDX accelerate SSL in hardware like MPX does?
Yes. You can assign SSL cores to an instance during provisioning.
What changes to my network are required for me to deploy SDX?
SDX fits into your network environment through standard Ethernet interfaces. You must disable link aggregation control protocol (LACP) on any external switch ports connected to the appliance.
Is SDX interoperable with my routing and switching infrastructure?
Yes, although link aggregation control protocol (LACP) is currently not supported. However, SDX supports manual link aggregation.
Is SDX interoperable with my existing NetScaler deployment?
Yes, although standard VPX-to-MPX limitations apply. For example, high availability is supported only across homogeneous devices (you cannot pair a virtual device with a physical device), some configuration, such as RBA policies and SNMP configuration, is deleted, and license transfer is not supported.
Can I manage SDX from Command Center?
Yes. You can identify SDX appliances and provision and de-provision VPX instances by using Command Center.
How does SDX deliver multitenancy?
Each instance runs as a separate virtual machine with its own dedicated NetScaler kernel, CPU resources, memory resources, address space, and bandwidth allocation. Network I/O is done in a way that not only maintains aggregate system performance but also enables complete segregation of each tenant's data-plane and management-plane traffic.
Do I need to manage an SDX through XenCenter?
No. XenCenter is not supported. Use the Management Service to manage XenServer.
We are a VMware shop. We have no infrastructure available to support XenServer, do you have a VMware variant of SDX?
No additional XenServer infrastructure is necessary. SDX is a fully contained networking appliance with its own control plane, and the virtualization layer is transparent to the deployment.
Why is the system health monitoring page not showing any data?
You have to install the supplemental pack before you can use this feature. For installation instructions for the supplemental pack, see
How do I verify that the supplemental pack installation was successful?
After installation, a pop up window shows whether installation was successful or if there was an error.
Why is the VPX instance not reachable after interfaces on the appliance are modified?
When you provision a NetScaler VPX instance with L2VLAN configuration, physical interfaces on the SDX appliance are mapped to virtual interfaces on the VPX instance. If you remove an interface, you might change the mapping between the physical interfaces and VPX instances, and therefore you might lose connectivity to the VPX instance.

For example,

  1. You provision a VPX instance, by using the Management Service, with interfaces 10/1, 10/2, 10/7, and tag VLAN 512 to interface 10/2. When you log on to that VPX instance, you see that interfaces 10/1, 10/2, and 10/3 are configured.
  2. If you later modify the instance and remove interface 10/1, you lose connectivity to the instance, because interface 10/2 is renamed to 10/1 in the VPX instance.
Are IPv6 addresses supported on the NetScaler SDX appliance?
Yes. All NetScaler-supported IPv6 functionality is available on the SDX appliance.
Where are link parameters, such as speed and duplex, configured?
Link parameters are configured from the Management Service.
Should the appliance be restarted if the platform license is upgraded?
No. You do not need to restart the appliance for the new license to apply.
Do I need to restart the appliance to upgrade the device-level firmware?
Yes, this upgrade is handled through the Management Service and requires that the appliance be restarted. This is the only time that the SDX appliance needs a complete restart.
Do I need to restart the appliance when I upgrade it by using a Pay-As-You-Grow license?
No. Upgrading the appliance upgrades the platform license. Restart the Management Service but not the instances running on the SDX appliance. Once upgraded, the Management Service detects the higher throughput available for the instances. If you decide to increase the bandwidth limit for an instance, restart that instance after modifying the bandwidth limit.
What happens to production instances if I remove my platform license?
There is no change to the production instances. However, you cannot add new instances.
How can we readd a gadget to the Home page?
Click the << button in the top-right corner of the Home page. Then, type the name of the gadget, or press Enter for all gadgets. Click "Add to Dashboard".
Should member interfaces in manual link aggregation be part of same VLAN?
Yes. Member interfaces in manual link aggregation should be part of the same VLAN.
How many VLANs are supported per interface with VLAN filtering enabled? What happens if I configure more?
With VLAN filtering enabled, 10G interfaces support up to 63 VLANs, and 1G interfaces suppport up to 31 VLANs. This is a hard limit based on the number of the queues supported by the NIC. An error message appears if the limit is exceeded.
How many instances can be shared on a single NIC?
For a 10G interface, SDX supports up to 63 virtual functions per physical port, which translates to 63 instances per 10G NIC. For 1G interfaces, the maximum number of shared instances per NIC is 7.
Why is the XenServer password the same as the Management Service password?
The XenServer password and the Management Service password are the same to maintain administrative consistency. Changing the XenServer password causes the internal communication between the Management Service and XenServer to fail.
If I have separate management networks, do I need to manually add these networks to the Management Service?
No. Communication is over an external device.
Why can't I modify the default administrator profile?
The default administrator profile enables multiple administrative roles to exist on the SDX. You cannot change the password of the nsroot administrator profile, but you can create a new administrator profile and make it the default profile.
Why does Core usage show 50% when I'm not passing any traffic through my NetScaler instance?
CPU core usage shows, from the hypervisor perspective, the CPU utilization of one physical CPU, which has two hyperthreads: one for the packet engine and one for the management CPU. For example, assume a single instance with one dedicated core. Even if you are not passing any traffic through your appliance, PE CPU utilization will be 100%, and average core utilization will be 50%.
Will restarting the Management Service interrupt my production instances?
No. Your production instances will continue to pass traffic without interruption while the Management Service restarts. The same applies when you upgrade the Management Service.
Can I configure the Management Service to send syslog?
Syslog through the Management Service is currently not supported.
Am I required to upgrade all VPX instances if I upgrade the Management Service?
No, instance life cycles can be managed independently of one other and of the life cycle of the Management Service.
If my Management Service and VPX instances are on different networks, how can I manage the VPX instance through HTTPS?
The same way as if they are on the same network.
If my Management Service and VPX instances are on different networks, how can I manage the VPX instance through the Management Service?
If the Management Service and the VPX instance are in different networks but the instance can be reached from Management Service, the Management Service shows the instance as UP. If an instance is UP, you can manage it from the Management Service. However, if communication between the two fails, the Management Service shows the instance as "Out of Service".
I forgot the IP address of my Management Service. What can I do?
Log on to XenServer, and then use the default IP address ( to log on to the Management Service. At the shell prompt, type networkconfig to view or modify the IP address of the Management Service.
Can I specify VLANs on management interfaces?
VLANs on management interfaces are currently not supported.
How do I restart XenServer?
The only supported method for restarting XenServer is from the Management Service. It is equivalent to restarting the appliance.
How many instances can I provision on the SDX appliance? How much aggregate throughput can I expect?
This number is dependent on the hardware and the license that you purchased, as shown below:
  • 11500, 13500, 14500, 16500, 18500, 20500—5 to 20 instances. Throughput ranges from 8 to 42 Gbps.
  • 17500, 19500, 21500—5 to 20 instances. Throughput ranges from 20 to 50 Gbps.
  • 17550, 19550, 20550, 21550—5 to 40 instances. Throughput ranges from 20 to 50 Gbps.
  • 8400, 8600—2 to 5 instances. Throughput ranges from 4 to 6 Gbps.
Note: For more information, see the NetScaler datasheet at
Can I restrict functionality on the VPX instances?
Some functionality can be restricted by specifying the license (Standard, Enterprise, or Platinum) when you provision the instance.


How many SDX models are there, and how do they differ?
The NetScaler SDX appliance comes in the following variants:
  • SDX 11500/13500/14500/16500/18500/20500—8 to 42 Gbps, maximum 20 instances, 8x1G ports, 4x10G ports.
  • SDX 17500/19500/21500—20 to 50 Gbps, maximum 20 instances, 8x10G ports.
    Note: This platform is going EOS this year.
  • SDX 17550/19550/20550/ 21550—20 to 50 Gbps, maximum 40 instances, 8x10G ports.
  • SDX 8400/8600—4 to 6 Gbps, maximum 5 instances, (6x10/100/1000Base-T copper Ethernet ports + 6x1G SFP) and (6x10/100/1000Base-T copper Ethernet ports + 2x10G SFP+)
What is the minimum NetScaler software version required for SDX instances?
NetScaler VPX instances should run release 9.3 and later to be able to work on SDX.
How many physical interfaces will I need to use?
If you have a single management network, you'll need on an average 1 or 2 physical NICs per instance. For 2 or more management networks (multiple VLANs for NetScaler IP addresses), you'll need a dedicated separate physical NIC for each management VLAN trunk. You can share physical NICs among multiple instances with L2 separation. Therefore, depending on your topology, you can offset the management VLAN trunk count with multiple instances sharing a physical NIC.
Can I upgrade my MPX to an SDX? What about my MPX FIPS platform?
A non-FIPS MPX platform that supports the SDX architecture can be converted to a similar class of SDX platform. The MPX platform must have a platinum license to be eligible for this upgrade. This is a one way upgrade, and it wipes out the entire configuration on that MPX platform. For more information about this upgrade, see
How many SSL cards (cores) are supported on a NetScaler SDX appliance?
The number of SSL cards supported varies by the platform as follows:
  • SDX 17500/19500/21500—16 cards.
  • SDX 11500/13500/14500/16500/18500/20500—16 cards.
  • SDX 17550/19550/20550/21550—36 cards.
  • SDX 8400/8600—4 cards.
Note: Instances cannot share SSL cores. Any SSL cores that are allocated at the time of provisioning an instance are dedicated to that instance.
Can I apply my VPX license to SDX?
No. NetScaler SDX and NetScaler VPX have different licensing models. One license cannot be used for the other.
Why are the hardware sensors not displayed on the NetScaler SDX 17500/19500/21500 appliance?
The NetScaler SDX 17500/19500/21500 is built on the MPX 17500/19500/21500 hardware platform. These appliance configurations do not support monitoring of hardware components.
When I upgraded my MPX to an SDX, the LCD panel went dark. Is that expected?
Yes, that is normal behavior. SDX does not support the LCD panel.
What are RX and TX errors on the NetScaler SDX appliance?
RX and TX errors include cyclic redundancy check (CRC) errors and small or runt packet errors.
What happens if a hardware component is removed from the SDX appliance?
If a hardware component is physically removed from the appliance, it no longer appears in the Management Service user interface.
Do I need to restart my appliance after I reconfigure VLAN filtering?
No. However, you need to restart the VPX instances that are affected by this change. The Management Service restarts the affected instances if you select "Reboot associated Instances" in the Enable/Disable VLAN Filter dialog box.
What is the NMI button for on the SDX appliance?
The NMI button is not operational on the SDX appliance.