Netscaler Basics – SSL Offload

The MPX series appliances have a Cavium SSL accelerator card and this card has the ability to handle SSL encryption/decryption cycles using a hardware card, rather than consuming valuable CPU resources. The VPX can have the SSL offload feature enabled also, however as there is no Cavium card, the SSL offload performance is not as high as an MPX appliance

1. Create a server object

“SSL Offload -> Servers” and then select “add”

The webserver is named WinWeb01 and has an IP address of

2. Create a service object to reflect the HTTP service that is running on this web server.

A NetScaler service consists of a server object, a protocol, port and a monitor.

The monitor is used to determine if the service is available, if the service is unavailable the NetScaler will mark the service as down, removing it from load balancing decisions.

3. Create a NetScaler virtual server (vServer) and provide the following information and bind the service to the vServer.

IP Address
Bound services

The IP address of the vServer will be used by clients to connect to the backend services.

Bind a certificate to the vServer, this is certificate will be presented for client connections.

Client connections should now be directed to the vServer’s IP address – The vServer will present the SSL certificate when a connection is made using HTTPS (TCP 443), any encryption/decryption of data will be processed using the NetScaler’s built in Cavium card.


About Murugan B Iyyappan

Working as a Consultant - Citrix solutions architect with 18 years of experience in the IT industry. Expertise in Citrix products and Windows platform.
This entry was posted in Citrix XenApp. Bookmark the permalink.