
The application delivery controller: load balancing, application security and remote access — the apps' traffic, governed.
NetScaler stands in front of the applications: it balances (L4-L7, GSLB between sites), protects (WAF, bot management, DDoS), accelerates (SSL offload, caching) and — in the Citrix world — it's the Gateway: the single, authenticated entrance to the HDX sessions, with MFA and smart access. One appliance, many trades done well.


The configurations versioned and promoted per environment: the NetScaler without archaeology.
The geographic failover of the workspace and the apps: the user doesn't know which site serves them.
NetScaler is a known target (recurring critical CVEs): our calendar doesn't forgive.
Ciphers, HSTS and automated certificates: the front door always up to code.
NetScaler stands in front of everything: as Gateway it's the VDI's single entrance (ICA proxy with MFA, smart access policies), as ADC it balances the apps (L4-L7, content switching, SSL offload with HSM), the WAF protects (signatures + positive security model), the GSLB dispatches between data centers by proximity and health, nFactor builds step-based authentication flows; the forms are MPX (iron), VPX (virtual), CPX (container), managed by console/ADM.
The redundant Gateway for the workspace.
Balanced and defended by the WAF.
GSLB: the geographic continuity from the DNS.