Workshop BR Citrix

Download Report

Transcript Workshop BR Citrix

Branch Repeater 5.6, 5.7 & VPX
Technical Presentation
High Definition Experience Needs Optimization and
Orchestration Across the Entire Delivery System
Receivers
2
1
3
Client
Network
Server
Repeaters
Gateways
Citrix Confidential - Do Not Distribute
Controllers
Our Arrow ECS Labs Setup
Client
Receivers
on
Wifi Network
172.32.1.0/24
Router
WAN
emulator
1Mbps
Repeater VPX
172.32.1.250
Repeater VPX
192.168.1.254
XenServer
Citrix Confidential - Do Not Distribute
Server
XenDesktop
XenApp
CIFS HTTP MAPI
192.168.0.0/20
Citrix Branch Repeater | The Big Picture
Citrix Repeater Plug-in for Citrix Receiver
Mobile Users
Tele-workers
Data Center
Repeater
Branch Offices
Applications:
XenApp
XenDesktop
File Servers
Exchange Email
SharePoint
ERP/CRM
Branch Repeater
Repeater
Redundant Datacenter or
Disaster Recovery Site
Acceleration for any user, anywhere
Repeater appliances
Branch Repeater with
Windows Server, and
Branch Repeater
Repeater Plug-in
What’s new in
Branch Repeater 5.x & VPX
Exchange (MAPI) Acceleration
• Features
•
•
•
•
•
•
Protocol acceleration (similar to CIFS)
Compression & de-duplication of attachments
Cross-application and multi-user optimization
Supports Exchange Server 2003 and 2007
Supports MS Outlook 2003 and 2007
Available on all appliances and Repeater Plug-in
• Benefits
• Up to 50 times faster sending/receiving emails
• Reduces bandwidth consumption
Outlook
Exchange
Branch Repeater running Windows Server 2008
• Features
• Natively integrated Windows Server 2008 Standard
Edition OS
• File, print, DHCP, DNS, WINS, DFS
• Read-only Domain Controller (RODC)
• MMC, WMI, SCOM manageability
• Benefits
• Simplify IT by consolidating servers in the branch
• Leverage existing Windows management tools and
expertise
WAN
Optimization
Read-Only Domain Controller (RODC)
• Features
• Read-only AD DS database
• Unidirectional replication
• Credential caching
• Administrator role separation
• Read-only Domain Name System (DNS)
• Benefits
• Securely deploy a local DC in any branch location
• Faster authentication and logon times for branch users
• Centralized IT management and control
Command Center Enhancements
• Features
• Now supports all Branch Repeater
appliances (Linux and Windows)
• Benefits
• Easy and cost-effective
management of large number of
remote sites
Citrix Branch Repeater Key Features
HDX Broadcast & HDX IntelliCache
Repeater Plug-in for Citrix Receiver
Plug-n-Play for Any Network
Integrated Windows Services
Flexible & Centralized Management
HDX Broadcast &
HDX IntelliCache
HDX IntelliCache and HDX Broadcast
HDX Broadcast
Adaptive TCP
Flow Control
Adaptive
Compression
Adaptive
Protocol
Acceleration
HDX IntelliCache
Prioritization &
QoS
Branch Staging of
Offline Apps
Branch Caching of
Online Apps
WAN
Repeater
Branch Repeater
Branch Repeater Technology – HDX Broadcast
Adaptive Protocol Acceleration
Adaptive Compression
Adaptive TCP Flow Control
Prioritization and QoS
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Adaptive Protocol Acceleration
Intelligently accelerates common application protocols
• Mitigates latency by reducing
round trips (chatty protocols)
• CIFS (File Sharing)
• MAPI (Exchange)
• Makes compression engine
application-aware
• Separates headers from payload
• ICA, CIFS, MAPI, HTTP, FTP, NFS
Example: CIFS
CIFS
CIFS: Common Internet File System
Most common file sharing protocol
Microsoft Office, Linux Open Office, etc.
Windows XP/Vista, Windows Server 2003/2008, Mac OS X
NetApp Filers, EMC
File System Access
Drag/Drop, Read/Write, Copy, Directory Browsing
Example: CIFS – without Branch Repeater
250ms
250ms
250ms
250ms
1000 ms
Example: CIFS – with Branch Repeater
Open \\dog\bone\blue
for John Whomever,
password “Whatever”
1 ms
252 ms
125 ms
1 ms
125 ms
Branch Repeater CIFS Performance
Open Word Doc Over WAN
Browse Directory with 20 Files
"Drag & Drop" 20 Files
"Drag & Drop"- 1 Large File
"Drag & Drop"- 1 Small File
0%
200%
400%
600%
800% 1000% 1200% 1400% 1600%
Improvement in Application Response Time
CIFS Acceleration Requirements
Windows 2003/2008 Server :
• Set “Microsoft network client: Digitally sign communications (always)” to “Disabled”
• Set “Microsoft network server: Digitally sign communications (always)” to “Disabled”
Windows 2000 Server :
• Set “Digitally sign server communication (always)” to “Disabled”
• Set “Digitally sign client communication (always)” to “Disabled”
For Windows 2008 Server Disable SMB 2.0
See : http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm
Why accelerate MAPI?
• Faster sending/receiving of email attachments
• Lessen MAPI-related bandwidth requirements
• Increase mail system responsiveness for branch office users
• Help enable Exchange server consolidation
• Drastically reduce idle time in sending/receiving emails
• Iterations of same or similar messages by email
• Optimization when different users, different applications access similar files
What is MAPI Acceleration?
• MAPI Acceleration is:
• The pipelining of MAPI-based traffic between Microsoft Outlook and Exchange.
• Acceleration of the uploading and downloading of email attachments made to email
messages.
• The compression of message attachments.
What is MAPI Acceleration?
• MAPI Acceleration is:
• The pipelining of MAPI-based traffic between Microsoft Outlook and Exchange.
• Acceleration of the uploading and downloading of email attachments made to email
messages.
• The compression of message attachments.
How does MAPI Acceleration work?
•The Outlook client initiates a
MAPI connection to Exchange on
TCP port 135.
•Branch Repeater detects the Outlook to Exchange
handshake.
•User authentication and mailbox
enumeration occurs.
•If an accelerated connection is allowed the native
Exchange compression is decompressed on the serverside Repeater.
•No acceleration = native compression only
•The Repeater/Branch Repeater pair then apply
compression to subsequent MAPI traffic.
How does MAPI Acceleration work?
•A compression bit is flipped in the •The downloading and uploading of message attachments
•Outlook then creates multiple
packet prior to reaching the client, (messages larger than 32k) is then accelerated.
connections the to Exchange server
notifying Outlook not to decompress
and message requests are exchanged
the native Exchange compression. • Appropriate compression is applied to obtain a higher compression
simultaneously among the connections
ratio.
•Packet header : Memory-based history
•Packet payload: Disk -based history
How does MAPI Acceleration work?
The acceleration of MAPI is
accomplished using several methods
Pipelining of ROP requests containing data
• Queuing up of upload bytes acknowledged by the client.
Pipelining of ROP responses containing data
• Pre-fetching of bytes of download data to be sent to the client.
Aggregation of DCERPC fragments
• MAPI/RPC requests combined into single multithreaded messages
Exchange (MAPI) Acceleration
• Requirements
• Microsoft Outlook/Exchange Server 2003 and 2007.
• Outlook must use normal Exchange mode
(no HTTP or HTTPS proxy), without encryption
• To disable encryption manually on a single
Outlook 2007 client, go to the menu shown
uncheck the box, “Encrypt data between
Microsoft Office Outlook and Microsoft Exchange’.
• To disable encryption for multiple users via group policies, follow the instructions at
http://support.microsoft.com/default.aspx/kb/924617 .
Change the Properties for “Enable RPC Encryption” to “Disabled” under “User Configuration:
Administrative Templates:
Microsoft Office Outlook 2007: Tools: Advanced Settings: Exchange.
Branch Repeater Technology – HDX Broadcast
Adaptive Protocol Acceleration
Adaptive Compression
Adaptive TCP Flow Control
Prioritization and QoS
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Adaptive Compression
Sensing real-time network and traffic conditions
• First pass compression
Disk
• Byte Caching
• In memory or on disk
• De-Duplication
• Across workflows
• Across applications
• Across users
Access Time
• In L2 cache and memory
• Various algorithms (ZLIB, LZS)
DRAM
Cache
History Length
Adaptive Compression
First Pass
Compression
History
Compression
History
Adaptive Compression
Second Pass
A Small Token Replaces Thousands of Bytes
Compression
History
Compression
History
Branch Repeater Technology – HDX Broadcast
Adaptive Protocol Acceleration
Adaptive Compression
Adaptive TCP Flow Control
Prioritization and QoS
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Adaptive TCP Flow Control
Sensing and responding to latency and packet loss
Without Branch Repeater
Throughput
With Branch Repeater
Throughput
Link Speed
Average
Utilization
Average
Utilization
Time
Slow Start
Slow Ramp
Time
Branch Repeater Technology – HDX Broadcast
Adaptive Protocol Acceleration
Adaptive Compression
Adaptive TCP Flow Control
Prioritization and QoS
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Traffic Prioritization and QoS
Adaptively allocates bandwidth across different applications and
ICA virtual channel types
Without Branch Repeater
1.5 Mbps
Bulk Transfers
With Branch Repeater
20%
20%
ICA (Interactive)
Recreational
Recreational
ICA (Interactive)
60%
Bulk Transfers
Quality of Service (QoS) prioritizes applications
• 5 traffic classes (or QoS queues)
• Each queue assigned a min % of the link
bandwidth
• If queue bandwidth is unused, other
traffic can use it
• QoS is Citrix ICA aware
• Dynamic mapping based on ICA priority
bits
Goal = Fill the pipe
• Queue specific reporting
Quality of Service Scheduling
Class A – 50%
Class B – 25%
Class C – 25%
Flow
(Partner unit)
Flow
(Partner unit)
Class D – 0%
Flow
(Partner unit)
Class E – 0%
Adapter (NIC)
QoS and ICA Priority Tags
•Default Priority bits and ICA virtual channels:
Priority
High (0)
Medium (1)
Sample Virtual Channels
Video, Mouse and Keyboard Screen Updates
Program Neighborhood, clipboard, audio mapping, license management
Low (2)
Background (3)
Client COM Port Mapping, Client Drive Mapping
Auto Client Update, Client Printer Mapping and OEM Channels
•ICA packet with data from multiple channels gets the priority bit associated with
the highest level Virtual Channel
•ICA Priority bits can be changed via the registry of the Presentation Servers.
Branch Repeater Technology – HDX IntelliCache
Branch Staging of Offline Apps
Pre-positions streamed applications
locally for rapid delivery to branch users
Branch Caching of Online Apps
Local caching and de-duplication across
multiple XenApp user sessions
Accelerating XenApp Offline Apps
• Stages and accelerates Offline apps to branches
• Deliver LAN-like performance
• Branch remains productive even during WAN outages
• Reduce management complexities of services in the branch
• Transparent, instant-on service to the user
Branch Staging
Pre-positioning of Offline applications locally in the branch
XenApp
Application Profiler
File Share
(Application Hub)
Branch Users
WAN
Branch Repeater with
Windows Server
When do .CAB stream over the WAN?
• User accesses an app for the first time
• Get updated or patched applications
• After users download the app, it is saved to the local PC
cache
Pre-positioning .CAB files
XenApp
Profiler
Client
Citrix
Branch
Repeater
Citrix
Repeater
1
XenApp 5
WAN
2
•
•
•
•
Very automatic and transparent to client
.cab
File
store
Can be done anytime
QoS administration of both DFS replicated traffic and other traffic to branch
Tip: Make sure that the Branch Repeater and the XenApp Server have domain permissions.
Client accessing the files via DFS Namespace
XenApp
Profiler
and redirection (Authenticate / Download / Redirect)
Client
Citrix
Branch
Repeater
Citrix
Repeater
1
XenApp 5
WAN
2
.cab
File
store
• Designed based on DFS replication
• Redirects client to closest DFS replication site the local BR
• No client changes required
Client accessing the files via DFS Namespace
XenApp
Profiler
and redirection (Authenticate / Download / Redirect)
Client
Citrix
Branch
Repeater
Citrix
Repeater
XenApp 5
WAN
3
.cab
File
store
• Designed based on DFS replication
• Redirects client to closest DFS replication site the local BR
• No client changes required
Branch Repeater responds to client request
XenApp
Profiler
Client
Citrix
Branch
Repeater
Citrix
Repeater
WAN
XenApp
.cab
File
store
• LAN like performance
• No need to go over WAN to get the LARGE .cab file
• Results: Very HAPPY user!
Branch Repeater Technology – HDX IntelliCache
Branch Staging of Offline Apps
Pre-positions streamed applications
locally for rapid delivery to branch users
Branch Caching of Online Apps
Local caching and de-duplication across
multiple XenApp user sessions
Branch Caching
Local caching and de-duplication across multiple sessions
Data Center
Branch Office
Branch
Repeater
Repeater
Infrastructure
Servers
XenApp
Farm
Optimized TCP
Connections
Multi-user Optimization for XenApp
Delivers best performance for XenApp to branch users
• 22-39% faster application start up per user
• 2-6x faster bulk data transfer over ICA + up to 20x less bandwidth
consumption
• Up to 30x reduction for UPD print traffic over the WAN
Ideal Use Cases for Branch Caching
• Multiple users accessing the same text heavy applications
• e.g. Microsoft Word or Excel
• Multiple users frequently accessing forms-based Web applications
• e.g. Call center environment utilizing SAP
• Multiple users printing similar files within ICA
• i.e. Universal Print Driver (UPD)
• Multiple users performing repetitive file transfers within ICA
• i.e. Client drive mapping
• Multiple users streaming the same media file within ICA
• i.e. HDX MediaStream
Example: Text Heavy Application
User 1
User 2
Same text between users using Word. Redundant data not sent over WAN.
Example: Forms-based Web Application
User 1
User 2
Form and web browser based apps share background objects between users.
Redundant data not sent over WAN.
Example: Multi-user file and print services on ICA
User #1
User #2
Cross-session de-duplication benefit for print or transfer of similar files by different users
Redundant data not sent over WAN.
ICA Acceleration with XenApp alone
compressed and encrypted ICA data
XenApp
Client
WAN
• Supports Windows 2003 servers
• Leave all compression, encryption settings enabled
• Native ICA from XenApp is optimized and compressed
XenApp
Server
ICA Acceleration with Branch Repeater
compressed and encrypted ICA data
XenApp
Client
Branch
Repeater
WAN
ICA data still encrypted
Repeater
XenApp
Server
ICA data still encrypted
• Branch Repeater decrypts and encrypts ICA traffic to allow the ICA
protocol to be parsed and compressed
• Supports basic and advanced encryption
ICA Acceleration with Branch Repeater
compressed and encrypted ICA data
XenApp
Client
Branch
Repeater
WAN
Repeater
XenApp
Server
• Automatic disabling of ICA compression on the XenApp server and client
• Branch Repeater parses ICA traffic inside the virtual channel
• Compression works across users and virtual channels to optimize all traffic
• Optimal performance for print, client drive mapping, and common apps
Mixed Environment Support
Decrypted and Encrypted by Repeater
ICA Pass-through by Repeater
Branch Office #1
HQ/Data Center
Branch Repeater
WAN
Branch Office #2
Repeater
HDX IntelliCache ensures that branch users on direct WAN as well as those
behind a Branch Repeater continue to enjoy ICA application performance!
Further Reading
Whitepaper: Performance
assessment of Multiuser
XenApp Optimization
• http://www.citrix.com/branchrepeater
• http://support.citrix.com/article/ctx120160
Citrix Repeater Plug-in for
Citrix Receiver
Citrix Receiver
A
single
Citrixexperience
clientPC,
for home
Citrix PC,
Delivery
Simple
For
the user
enterprise
and
Center
Singleinfrastructure
point for notifications
BYOPC
Orchestrates
installation,
updates,
and interaction of
Windows, Macintosh,
iPhone,
& Smartphones
third
party
plug-ins
with Citrix
Works
inside
and outside
the plug-ins
firewall
Citrix Receiver Key Benefits
• Improved User Experience
• Simplified User Interface
• Reduce Systray Sprawl
• Consistent User Notifications
• Simpler Secure Connection from outside work
• Improved IT Experience
• Centralized client management
• Head-end controls default settings
• Simpler support for BYOC, home, etc
Citrix Receiver for Windows
Three Components
• Citrix Receiver –
software installed on end-user desktop that houses plug-ins
and communicates with the Merchandising Server for
updates
• Citrix Receiver Merchandising Server –
Linux-based XenServer Virtual Machine that stores plug-in
updates
• Citrix Receiver Administrator Console –
Web-based console used to administer the Merchandising
Server and configure plug-in deliveries
Citrix Repeater Plug-in
• Available as plug-in for the Citrix
Receiver as well as standalone
• High-definition experience for mobile
users and teleworkers ("office like")
• Overcomes bandwidth and latency
uncertainty of 'on-road' connectivity
• WiFi, broadband, 3G connections
Deployment Scenarios
Integrated mode
• Merchandising Server is used to deploy Citrix Receiver and
plug-ins
• Schedule the delivery for self-service install by end-user
Standalone mode
• Citrix Repeater plug-in is deployed without the Citrix
Receiver or Merchandising Server
• Citrix Repeater plug-in software is downloaded from
www.citrix.com
• Software is customized and deployed using existing
software distribution mechanisms
Turbocharge Your Access Gateway!
• Repeater and Access Gateway plug-ins interoperate to
turbocharge secure, remote access
• Unique, single-vendor secure accelerated access solution
• Best remote and mobile user experience
• Simple, secure and fast
Turbocharge Access Gateway
Un-optimized traffic
Optimized traffic
Traffic between the client
and the secure network is
optimized before passing
through the VPN tunnel
Repeater Plug-in
Access Gateway Plug-in
Secure & Optimized traffic
WAN
Access
Gateway
Repeater
Repeater and Access Gateway Plug-Ins Integration
Application
(Email, Web Browser)
Repeater Plug-in
Access Gateway Plug-in
User Space
Kernel
TCP/IP Protocol Stack
(Kernel)
TCP/IP Protocol Stack (Kernel)
Repeater Packet Interceptor
Access Gateway Driver
Network Driver
Access Gateway Configuration
All editions of Access Gateway
can be turbocharged
Standard Edition
Advanced Edition
Enterprise Edition
Step by step configuration and planning available in
CTX121035 Turbocharge Access Gateway Reference Architecture
Benefits of Access Gateway integration
• Secure and accelerated remote access
• Compared to secure access without the Repeater Plug-in, a
turbocharged Access Gateway:
• Improves CIFS performance by up to 30X
• Improves HTTP performance by up to 50X
• Improves MAPI performance by up to 50X
• Up to 99% bandwidth saving with native Windows file shares,
Exchange email, SharePoint document libraries, and other apps
Turbocharge Access Gateway
Test results showing the performance
improvement over different types of bandwidth
Plug-n-Play for Any Network
Plug-and-Play Deployment with Full Transparency
Auto-discovery
No tunnels
NoTunnel
Zero impact to:
Firewalls
NetFlow
QoS
Branch Repeater
Repeater
Proprietary Tunnel
Branch
Office
Users
Non-Citrix
WAN
Optimization
Non-Citrix
WAN
Optimization
Multiple Deployment Modes
Optional HA
Inline
Bypass NIC
LAN
WAN
Switch
Repeater or
Branch Repeater
Router
Virtual Inline
PBR
WCCPv2
LAN
WAN
Switch
Router
Repeater or
Branch Repeater
Optional HA
Multiple Deployment Modes : Proxy Modes
High Availability – 4-port NICs in Repeater
• The 4-port NIC is two logically-individual fail-to-wire pairs
• 4-port NICs are for the environments that are:
• dual homed, load balanced, and redundant
• the multiple WAN links have the same speed
• Supports HA Pair mode starting with release 5.0
• can be deployed inline, WCCP, or policy based routing modes
High Availability Mode in Branch Repeater
• High-availability mode
• Transparently combines two Branch Repeaters with Windows Server into a primary/secondary pair
• Uses standard protocol VRRP
• Supports multiple HA deployment topologies for uninterrupted service to the branch
Approaches to Resolve ‘Asymmetric Routing’
• Asymmetric Routing: In a multi-homed environment, a
packet on a given connection might travel over either link
Group Mode
• allows two or more appliances to be
grouped together into a single virtual
appliance
WCCP mode
• where WAN routers send traffic from
multiple links to the same appliance (or
HA pair), via the WCCP protocol.
Virtual Inline
• where routers send traffic from multiple
WAN links through the same appliance
(or HA pair).
LAN-level
aggregation
• where an appliance (or HA pair) is
placed closer to the LAN, before the
convergence point of the WAN links
Group mode over non-redundant links with
possible asymmetric routing
Why deploy in Group Mode
• When multiple WAN links exist.
• Primary/secondary configurations.
• Load balanced configurations.
• Possibility of asymmetric routing issues.
• Group mode can be used on redundant links without reconfiguring routers.
• Group mode applies only to the appliances on one side of the WAN link.
• Appliances in group mode have no affect or reliance on the appliances on the other side of the WAN link.
Primary Link
Backup Link
How does Group Mode work?
• Within a Group Mode grouping, there is a connection “owner”.
• The owner of a connection is set by default according to a hash of IP/port pairs.
• The owner can optionally be set according to specific IP/port-based rules.
• Group mode uses a heartbeat mechanism to verify that other members of the group are active. Packets are
only forwarded to active group members.
Primary Link
Backup Link
How does Group Mode work?
• If traffic arrives first at the “owning” appliance, it is accelerated and forwarded normally. If it arrives first at a
non-owning appliance, it is forwarded to its owner, which accelerates it and returns it to the original
appliance for forwarding.
• In addition, it means that an appliance is available for acceleration even if its link is down. When the routing
tables change to bypass the failed link, group mode still forwards the packets through the owning appliance
before sending them across the remaining link.
Owning Appliance
Integrated Windows
Services
Citrix Branch Repeater with Windows Server
• A comprehensive branch solution, Citrix Branch Repeater:
• Optimizes application delivery from the Citrix Delivery Center
• Provides key native Microsoft Windows™ branch infrastructure services
• Branch Repeater is paired with Citrix Repeater appliances in
the data center
• Administration is performed through an MMC snap-in or
other Windows management services
Branch Repeater System Architecture
Windows
Services
Citrix
Services
File
Print
AD
DNS
.
.
.
Branch
Users
Datacenter
Citrix XenApp
Repeater for
Streamed
Apps
Repeater
Citrix WAN
Optimization
Windows OS
Citrix Hardware
Apps
Branch Repeater Feature Breakdown
• WAN Optimization – Citrix Repeater Technology
• Domain Controller Services – Windows 2003/ 2008
• Active Directory – Windows 2003/ 2008
OR
• Web Content Caching – ISA Server 2006
• File and Print Services – Windows 2003/ 3008
• DNS, WINS and DHCP Services – Windows 2003/ 2008
• Administration – MMC Snap-in Framework or Citrix Command Center
Windows File and Print Services
• The Branch Repeater appliance also serves as a local print
server to speed up print job spooling times
• It also provides Windows file and printer services
• The queuing of CIFS messages and the compressing of
traffic alleviate the effects of a slow WAN link
Domain Controller Services
• Remote administration is eased through domain-level,
instead of local machine, accounts
• Read Only Domain Controller (RODC) for improved data
security in branch office servers
• This scenario also provides local authentication and
Windows policy enforcement
• Branch Repeater allows the branch office be self-sufficient in
the event of lost WAN connectivity
Windows Management Tools
• Management pack available for System Center Operations Manager
2007 (SCOM)
• Windows Management Instrumentation (WMI) support for integrating
with custom management and reporting tools
• Using solutions such as Microsoft SCOM and WMI, an entire
enterprise-wide deployment of Citrix Branch Repeaters can be
centrally and seamlessly managed.
Advanced Microsoft Services – Web Content Caching
• Optional add-on feature
• The web caching functionality of ISA Server 2006
Enterprise is leveraged
• Page elements, graphics, text and active content are
cached locally on the Branch Repeater appliance
• Protocol object caching
• HTTP
• FTP
• BITS
• Requires inline deployment
Advanced Microsoft Services – Systems Management
• Branch Repeater is the single platform to configure,
administer and maintain the branch systems using existing
Microsoft tools
• Eliminate dedicated branch servers and optimize WAN
latency and bandwidth
• SMS Secondary Site for geographically spread deployments
• SCCM Branch Distribution Point for simplified software distribution and faster
patching
• Extend IT consolidation initiatives to the branch
Flexible and Centralized
Management
What is Citrix Command Center?
• Single administrative interface to all remote appliances
• Automated discovery and inventory
• One-click configuration replication
• System-wide fault management and performance monitoring
• Manages NetScaler, Access
Gateway, Repeater and
Branch Repeater from Citrix
• Free and easy to use; runs
on any Windows server
Command Center 3.2 Features
• Centralized management of Citrix Branch Repeater devices
(both Windows and non-Windows)
• Citrix Branch Repeater with Windows Server can also be centrally managed by
Microsoft System Center Operations Manager (SCOM) and other Microsoft
management tools
• Centralized Configuration Management
Other Enhancements in Command Center 3.2
• Microsoft® SQL Server™ support
• High Availability support
• Faster and more efficient backup
• Fault Management and Event Aggregation enhancements
• Historical Reporting and Performance Graphs
enhancements
Command Center - Web-based Interface
Command Center - Configuration Management
View archived configs
and restore to any
previous config
Command Center - Monitoring and Reporting
• Multiple levels of performance monitoring
• appliance-level (e.g. single WAN link)
• System-wide (Citrix Command Center)
• End-user (XenApp, XenDesktop)
• Full network transparency allows use of existing
performance monitoring tools (e.g. NetFlow)
• Extensive alarm and activity information
• Export data to industry-standard NMS tools
Appliances - Additional Management Utilities
• Web-based configuration
• Scriptable CLI
• SNMPv2 support for NMS integration
Hardware Overview
Complete Product Line – Citrix Branch Repeater
Integrated
Windows Services
Branch Repeater with
Windows Server
100 / 200 / 300
Repeater Plug-in
Branch Repeater
100 / 200 / 300
Branch
Repeater
VPX-2 / 10
Mobile User
Branch Office
(1-10 Mbps)
Repeater 85xx
8520
8540
Branch
Repeater
VPX-45
Regional HQ
(10-45 Mbps)
Repeater 88xx
8820
8820 High Speed
Branch
Repeater
VPX-45
Data Center
(45-500 Mbps)
Branch Repeater & Branch Repeater VPX-2/10
• Small to medium branch offices
• WAN optimization functionality
in a compact and nearly silent
form-factor
• VPX = low-cost, flexible branch
installation with existing servers
• WAN speeds up to 10 Mbps
• Command Center management
Branch Repeater with Windows Server
• Small to medium branch
offices
• Integrated Windows services
• Stages XenApp offline apps
• WAN speeds up to 10 Mbps
• Command Center and
Microsoft manageability
Repeater Appliances & Branch Repeater VPX-45
• Datacenters and large offices
• Fan out to branches
• Datacenter replication
• Repeater Plug-in support
• WAN speeds up to 500 Mbps
• VPX = low-cost, flexible
installation with existing servers
• Command Center management
Repeater Plug-in
• For remote and mobile users
• Plug-in for Citrix Receiver or
run standalone
• Support broadband, WiFi and
3G connections
• Works with Access Gateway
and other leading VPNs
• Included with XenApp,
XenDesktop & NetScaler
Platinum Editions
Branch Repeater 5.7 Key Features and Benefits
Feature
Customer Benefits
SSL Acceleration
Accelerate encrypted XenDesktop and XenApp traffic and
secure web applications by up to 30X without compromising
security
Disk Encryption
Prevent theft of sensitive data and comply with security
mandates and regulations
2008 R2 for Branch Repeater Reduce the number of servers in branch offices and enable
with Windows Server
customers to upgrade to Windows Server 2008 R2
Windows 7 64-bit plug-in
Support growing number of remote users with 64-bit devices
Branch Repeater 5.7 Platform Compatibility
• Repeater appliances: all supported 8xxx models
• Branch Repeater appliances: 100, 200, 300
• Branch Repeater with Windows Server: 100, 200, 300
• Note – 5.7 is versioned as 3.0 on Windows appliances
• Repeater plug-in for Receiver
• Branch Repeater VPX: N/A*
* 5.7 features will be available for Branch Repeater VPX in Q4 with 6.0 release
Citrix Confidential - Do Not Distribute
SSL Acceleration
Citrix Confidential - Do Not Distribute
SSL Acceleration – Overview
• Accelerate all applications that use SSL, e.g:
• XenApp and XenDesktop (when using SSL encryption)
• SharePoint and other ERP/CRM applications (e.g. SAP, Oracle) over HTTPS
• Exchange – Outlook Web Access over HTTPS*
• Optional encryption of data at rest and over WAN
• Available for appliances and plug-ins
Secure Web Server
(HTTPS)
PC with web
browser
Branch Repeater Today:
Branch Repeater with SSL Acceleration:
• TCP Flow Control
• Quality of Service
• HTTP/ICA Protocol Awareness/Optimization
• Multi-level Compression
• TCP Flow Control
• Quality of Service
* Note - Encrypted MAPI does not use SSL and is not supported
Brings parity with Riverbed and Cisco and adds a
differentiator against others competitors
SSL Acceleration
Disk Encryption
Citrix
Y
Y
Riverbed
Y
Y
Cisco
Y
Y
Blue Coat
Y
-
Juniper
-
-
Expand Networks
-
-
New “Crypto” Licenses
• Due to US export restrictions for encryption technology
• Available at zero cost ($0) to customers via MyCitrix
• Unlocks SSL acceleration and disk encryption capabilities
• Applied to each appliance on top of standard Citrix license
• Similar process to other WAN optimization vendors
How SSL Acceleration Works
Traffic Interception
• Compatible with existing application/web servers and
certificate/key formats
• Interoperability with NetScaler (or any other SSL offload
device)
SSL Traffic Interception
How SSL Acceleration Works
Secure Key Store
• Built-in secure certificate/key store on Repeater
• With tracking of certificate/key expiry
• Application/web server private keys NEVER leave data
center
Secure, enterpriseclass Certificate / Key
Store
How SSL Acceleration Works
Secure Data Transfer
• Encrypt and secure user data sent between Repeater
appliances
• Optional ability to encrypt ALL (non-SSL) TCP traffic
between Repeater appliances
Secure Data transfer
between Repeater
Appliances
How SSL Acceleration Works
Secure Disk Storage
• Ability to turn off disk compression for sensitive user data
• Ability to secure/encrypt the user’s data stored on disk
• With ability to erase (scrub) the data
• Optional ability to secure/encrypt ALL (non-SSL) user data
Disk encryption
Flexible deployment modes for joining
the branch network
Branch Repeater
Inline
• Optional Bypass NIC
WAN
LAN Switch
Virtual Inline
Router
Branch Repeater
• WCCPv2
• Policy-based Routing
WAN
LAN Switch
Router
Branch Repeater VPX Features – 1/2
• Hypervisor: Citrix XenServer
only*
• Based on Branch Repeater
software v5.5.1
• Support for Repeater Plug-in
Print
Server
Branch
Services
• Inline, WCCP and PBR
deployment modes
• Scale VM resources as
needed
* Additional hypervisor support in future releases
Branch Repeater VPX Features – 2/2
• Centralized management via
Command Center*
• Support for “Essentials for
XenServer” tools
• XenMotion Live Migration, High
Availability and Resource Pool
Print
Server
Branch
Services
• No Group Mode support
• No Fail-to-Wire (FTW)
support
* Requires Command Center v4.0 or higher
Use Case 1: Accelerate other Virtual Machines
VM #1
Network 0
Branch
Repeater
VPX
VM #2
XenServer
Use Case 2 : Accelerate other Servers
VM
Network 0
Branch
Repeater
VPX
XenServer
Network 1
Server
Use Case 3 : Accelerate Desktop Virtualization
XenApp
Network 0
Branch
Repeater
VPX
XenDesktop
Merchandising
Server
XenServer*
* Likely to be a Resource Pool or Cluster
Use Case 4 : Multiple Instances for Traffic Separation
Branch
Repeater
VPX
VLAN 2
Segregate
traffic by VLAN
in XenServer
Branch
Repeater
VPX
Branch
Repeater
VPX
XenServer
VLAN 2
Branch Repeater VPX Failover and Bypass Card
• Cannot “bridge” or bypass the
XenServer host if hosting other VMs
• XenServer does not recognize any
special hardware (FTW card)
VM #1
VPX
VM #2
• Use WCCP or PBR
• Use XenServer HA
• Configure VPX to start automatically
• Configure HA on Resource Pool
VPX
Server
Branch Repeater VPX Requirements
VPX Minimum Requirements
XenServer Requirements
• 1 CPU
• 64 bit x86 server
• 1 GB RAM
• VT enabled CPU (Intel VT or
AMD-V) for running Windows
VMs*
• 60 GB Disk
• 2 Virtual NICs
• Min. 1 GB RAM, 16 GB
disk**
• Windows PC for XenCenter
* Branch Repeater VPX does not require VT enabled CPU
** Not including VM requirements
Citrix Confidential - Do Not Distribute
Branch Repeater 5.7 Platform Compatibility
• Repeater appliances: all supported 8xxx models
• Branch Repeater appliances: 100, 200, 300
• Branch Repeater with Windows Server: 100, 200, 300
• Note – 5.7 is versioned as 3.0 on Windows appliances
• Repeater plug-in for Receiver
• Branch Repeater VPX: N/A*
* 5.7 features will be available for Branch Repeater VPX in Q4 with 6.0 release
Citrix Confidential - Do Not Distribute
Repeater VPX
Repeater as a Virtual Machine available in different flavors :
Repeater VPX Express
for trial purpose only (512kbps, 10 accelerated connections, 5 repeater plugins)
Repeater VPX 2Mbps
for WAN links up to 2Mbps
Repeater VPX 10Mbps
for WAN links up to 10Mbps
Repeater VPX 45Mbps
for WAN links up to 45Mbps
Promotion Overview : Branch Repeater & XenDesktop
• The Citrix® Branch Repeater™ Promotion for XenDesktop™
Customers provides 2 free of charge Citrix Branch Repeater
VPX-10 virtual appliances to all existing and new Citrix
XenDesktop customers with active SA who purchase any of
the following physical or virtual appliances:
•
•
•
•
•
Branch Repeater VPX-45
Repeater 8520
Repeater 8540
Repeater 8820
Repeater 8820 with high-speed option
Citrix Confidential - Do Not Distribute
Repeater VPX
Repeater as a Virtual Machine  Only on XenServer(a version for Vmware ESX or vSphere is expected Q4 2010)
All features are supported accept :
• Group Mode
• Repeater High-availability mode is not supported. (XenServer HA is supported.)
• Ethernet bypass card
• LCD front-panel display
• Serial console interface
Minimal Standard Config
Only for Demo/POC
Citrix FlexLM Licensing
Citrix Licensing
• Branch Repeater product line now follows the standard Citrix Licensing
(a.k.a. V6, Flex LM) infrastructure
• Repeater 8x00 series
• Citrix Repeater Plug-in
• Branch Repeater
• Branch Repeater with Windows Server
Benefits of Citrix Licensing
• Simplicity – consistent across all Citrix products
• Single way to obtain Citrix product licenses (including Platinums)
• Consistent license installation, management and compliance
• A single way to upgrade and renew licenses
• Consistent license consolidation, re-statement and reporting
• Flexibility – ease of deployment
• Ability to allocate Repeater Plug-in licenses across multiple Repeater
appliances post-purchase
• Separate Repeater Plug-in purchases from Repeater appliance purchases
Obtaining New Licenses
• New Repeater and Branch Repeater units will ship from
Citrix without a license
• License entitlements will be available on the “My Citrix”
portal (www.mycitrix.com)
• License files can be generated from the “Activation
System/Manage Licenses” tool on My Citrix