branch repeater 5.6, 5.7 & vpx technical presentation
TRANSCRIPT
Branch Repeater 5.6, 5.7 & VPXTechnical Presentation
High Definition Experience Needs Optimization and Orchestration Across the Entire Delivery System
Server
3Network
1Client
2
Citrix Confidential - Do Not DistributeCitrix Confidential - Do Not Distribute
HDX
Receivers Repeaters Gateways Controllers
Our Arrow ECS Labs Setup
Server
RouterWAN
emulator 1Mbps
Client
Citrix Confidential - Do Not DistributeCitrix Confidential - Do Not Distribute
WANem
Receivers
on
Wifi Network
172.32.1.0/24
Repeater VPX
172.32.1.250
Repeater VPX
192.168.1.254
XenDesktop
XenApp
CIFS HTTP MAPI
192.168.0.0/20
XenServer
Branch Offices
Branch Repeater
Citrix Branch Repeater | The Big Picture
Tele-workersMobile Users
Citrix Repeater Plug-in for Citrix Receiver
Redundant Datacenter or Disaster Recovery Site
Repeater
Applications:XenAppXenDesktop File ServersExchange EmailSharePointERP/CRM
Data Center
Repeater
Acceleration for any user, anywhere
Repeater appliancesRepeater Plug-inBranch Repeater with
Windows Server, and
Branch Repeater
What’s new in Branch Repeater 5.x & VPX
Exchange (MAPI) Acceleration
•Features• Protocol acceleration (similar to CIFS)• Compression & de-duplication of attachments• Cross-application and multi-user optimization• Supports Exchange Server 2003 and 2007• Supports MS Outlook 2003 and 2007• Available on all appliances and Repeater Plug-in
•Benefits• Up to 50 times faster sending/receiving emails• Reduces bandwidth consumption
Outlook Exchange
Branch Repeater running Windows Server 2008
•Features• Natively integrated Windows Server 2008 Standard
Edition OS• File, print, DHCP, DNS, WINS, DFS• Read-only Domain Controller (RODC)• MMC, WMI, SCOM manageability
•Benefits• Simplify IT by consolidating servers in the branch• Leverage existing Windows management tools and
expertise
WAN Optimization
Read-Only Domain Controller (RODC)
• Features
• Read-only AD DS database
• Unidirectional replication
• Credential caching
• Administrator role separation
• Read-only Domain Name System (DNS)
• Benefits
• Securely deploy a local DC in any branch location
• Faster authentication and logon times for branch users
• Centralized IT management and control
Command Center Enhancements
• Features
• Now supports all Branch Repeater appliances (Linux and Windows)
• Benefits
• Easy and cost-effective management of large number of remote sites
Citrix Branch Repeater Key Features
HDX Broadcast & HDX IntelliCache
Repeater Plug-in for Citrix Receiver
Plug-n-Play for Any Network
Integrated Windows Services
Flexible & Centralized Management
HDX Broadcast &HDX IntelliCache
Adaptive Protocol
Acceleration
Adaptive Compression
Adaptive TCP Flow Control
HDX IntelliCache and HDX Broadcast
Branch RepeaterRepeater
WAN
HDX Broadcast
Branch Caching ofOnline Apps
Prioritization & QoS
HDX IntelliCache
Branch Staging ofOffline Apps
Branch Repeater Technology – HDX Broadcast
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Adaptive TCP Flow Control
Adaptive Compression
Adaptive Protocol Acceleration
Prioritization and QoS
Intelligently accelerates common application protocols Adaptive Protocol Acceleration
• Mitigates latency by reducing round trips (chatty protocols)
• CIFS (File Sharing)
• MAPI (Exchange)
• Makes compression engine application-aware
• Separates headers from payload
• ICA, CIFS, MAPI, HTTP, FTP, NFS
Example: CIFS
CIFS
CIFS: Common Internet File System
Most common file sharing protocolMicrosoft Office, Linux Open Office, etc.Windows XP/Vista, Windows Server 2003/2008, Mac OS X NetApp Filers, EMC
File System AccessDrag/Drop, Read/Write, Copy, Directory Browsing
Example: CIFS – without Branch RepeaterI want to open a file
\\dog\bone\blue
“Whatever”
John Whomever
Which file?
Who are you?
Password?
OK, It’s open!
250ms
250ms
250ms
250ms
1000 ms
Example: CIFS – with Branch Repeater
I want to open a file
\\dog\bone\blue
“Whatever”
John Whomever
Which file?
Who are you?
Password?
I want to open a file
\\dog\bone\blue
“Whatever”
John Whomever
Which file?
Who are you?
Password?
OK, It’s open!
1 ms
125 ms
1 ms
OK, It’s open!
125 ms
252 ms
Open \\dog\bone\bluefor John Whomever,password “Whatever”
"Drag & Drop"- 1 Small File
"Drag & Drop"- 1 Large File
"Drag & Drop" 20 Files
Browse Directory with 20 Files
Open Word Doc Over WAN
0% 200% 400% 600% 800% 1000% 1200% 1400% 1600%
Improvement in Application Response Time
Branch Repeater CIFS Performance
CIFS Acceleration Requirements
Windows 2003/2008 Server :
• Set “Microsoft network client: Digitally sign communications (always)” to “Disabled”
• Set “Microsoft network server: Digitally sign communications (always)” to “Disabled”
Windows 2000 Server :
• Set “Digitally sign server communication (always)” to “Disabled”
• Set “Digitally sign client communication (always)” to “Disabled”
For Windows 2008 Server Disable SMB 2.0See : http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm
• Faster sending/receiving of email attachments
• Lessen MAPI-related bandwidth requirements
• Increase mail system responsiveness for branch office users
• Help enable Exchange server consolidation
• Drastically reduce idle time in sending/receiving emails• Iterations of same or similar messages by email• Optimization when different users, different applications access similar files
Why accelerate MAPI?
What is MAPI Acceleration?
• MAPI Acceleration is:• The pipelining of MAPI-based traffic between Microsoft Outlook and Exchange.• Acceleration of the uploading and downloading of email attachments made to email
messages.• The compression of message attachments.
What is MAPI Acceleration?
• MAPI Acceleration is:• The pipelining of MAPI-based traffic between Microsoft Outlook and Exchange.• Acceleration of the uploading and downloading of email attachments made to email
messages.• The compression of message attachments.
How does MAPI Acceleration work?
• The Outlook client initiates a MAPI connection to Exchange on TCP port 135.
• User authentication and mailbox enumeration occurs.
• Branch Repeater detects the Outlook to Exchange handshake.
• If an accelerated connection is allowed the native Exchange compression is decompressed on the server-side Repeater.
• No acceleration = native compression only
• The Repeater/Branch Repeater pair then apply compression to subsequent MAPI traffic.
How does MAPI Acceleration work?
• A compression bit is flipped in the packet prior to reaching the client, notifying Outlook not to decompress the native Exchange compression.
• Outlook then creates multiple connections the to Exchange server and message requests are exchanged simultaneously among the connections
• The downloading and uploading of message attachments (messages larger than 32k) is then accelerated.
• Appropriate compression is applied to obtain a higher compression ratio.
• Packet header : Memory-based history
• Packet payload: Disk -based history
The acceleration of MAPI is accomplished using several methods
Pipelining of ROP requests containing data• Queuing up of upload bytes acknowledged by the client.
Pipelining of ROP responses containing data• Pre-fetching of bytes of download data to be sent to the client.
Aggregation of DCERPC fragments• MAPI/RPC requests combined into single multithreaded messages
How does MAPI Acceleration work?
Exchange (MAPI) Acceleration
•Requirements• Microsoft Outlook/Exchange Server 2003 and 2007.• Outlook must use normal Exchange mode
(no HTTP or HTTPS proxy), without encryption
• To disable encryption manually on a single Outlook 2007 client, go to the menu shownuncheck the box, “Encrypt data between Microsoft Office Outlook and Microsoft Exchange’.
• To disable encryption for multiple users via group policies, follow the instructions at http://support.microsoft.com/default.aspx/kb/924617 .Change the Properties for “Enable RPC Encryption” to “Disabled” under “User Configuration: Administrative Templates: Microsoft Office Outlook 2007: Tools: Advanced Settings: Exchange.
Branch Repeater Technology – HDX Broadcast
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Adaptive TCP Flow Control
Adaptive Compression
Adaptive Protocol Acceleration
Prioritization and QoS
Sensing real-time network and traffic conditions Adaptive Compression
• First pass compression• In L2 cache and memory• Various algorithms (ZLIB, LZS)
• Byte Caching• In memory or on disk
• De-Duplication• Across workflows• Across applications• Across users History Length
Cache
DRAM
Disk
Acc
ess
Tim
e
First PassAdaptive Compression
Compression History
Compression History
Second PassAdaptive Compression
Compression History
Compression History
A Small Token Replaces Thousands of Bytes
Branch Repeater Technology – HDX Broadcast
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)Adaptive TCP Flow Control
Adaptive Compression
Adaptive Protocol Acceleration
Prioritization and QoS (Prioritize critical traffic)
Sensing and responding to latency and packet lossAdaptive TCP Flow Control
Slow Start Slow Ramp
Without Branch Repeater
AverageUtilization
Throughput
Time
With Branch Repeater
AverageUtilization
Throughput
Time
Link Speed
Branch Repeater Technology – HDX Broadcast
(Improve inefficient protocols)
(Reduce application turns and data)
(Overcome loss/latency penalties)
(Prioritize critical traffic)
Adaptive TCP Flow Control
Adaptive Compression
Adaptive Protocol Acceleration
Prioritization and QoS
Traffic Prioritization and QoS
ICA (Interactive)
Bulk Transfers1.5 Mbps
Recreational
Without Branch Repeater
60%
20%
20%
Bulk Transfers
Recreational
ICA (Interactive)
With Branch Repeater
Adaptively allocates bandwidth across different applications and ICA virtual channel types
• 5 traffic classes (or QoS queues)
• Each queue assigned a min % of the link bandwidth
• If queue bandwidth is unused, other traffic can use it
• QoS is Citrix ICA aware
• Dynamic mapping based on ICA priority bits
• Queue specific reporting
Quality of Service (QoS) prioritizes applications
Goal = Fill the pipe
Quality of Service Scheduling
Adapter (NIC)
Flow(Partner unit)
Flow(Partner unit)
Flow(Partner unit)
Class A – 50%
Class B – 25%
Class C – 25%
Class D – 0%
Class E – 0%
• Default Priority bits and ICA virtual channels:
• ICA packet with data from multiple channels gets the priority bit associated with
the highest level Virtual Channel
• ICA Priority bits can be changed via the registry of the Presentation Servers.
Priority Sample Virtual Channels
High (0) Video, Mouse and Keyboard Screen Updates
Medium (1) Program Neighborhood, clipboard, audio mapping, license management
Low (2) Client COM Port Mapping, Client Drive Mapping
Background (3) Auto Client Update, Client Printer Mapping and OEM Channels
QoS and ICA Priority Tags
Branch Repeater Technology – HDX IntelliCache
Branch Staging of Offline Apps
Branch Caching of Online AppsLocal caching and de-duplication across multiple XenApp user sessions
Pre-positions streamed applications locally for rapid delivery to branch users
• Stages and accelerates Offline apps to branches
• Deliver LAN-like performance
• Branch remains productive even during WAN outages
• Reduce management complexities of services in the branch
• Transparent, instant-on service to the user
Accelerating XenApp Offline Apps
Pre-positioning of Offline applications locally in the branchBranch Staging
Branch Repeater with Windows Server
Branch Users
XenApp Application Profiler
File Share (Application Hub)
WAN
• User accesses an app for the first time
• Get updated or patched applications
• After users download the app, it is saved to the local PC cache
When do .CAB stream over the WAN?
XenApp 5
Citrix Repeater
XenAppProfiler
.cabFile
store
Citrix Branch
RepeaterClient
• Very automatic and transparent to client
• Can be done anytime
• QoS administration of both DFS replicated traffic and other traffic to branch
• Tip: Make sure that the Branch Repeater and the XenApp Server have domain permissions.
1
2
WAN
Pre-positioning .CAB files
Citrix Repeater
XenAppProfiler
.cabFile
store
Citrix Branch
RepeaterClient 1
WAN
• Designed based on DFS replication• Redirects client to closest DFS replication site the local BR• No client changes required
2
XenApp 5
and redirection (Authenticate / Download / Redirect)Client accessing the files via DFS Namespace
Citrix Repeater
XenAppProfiler
.cabFile
store
Citrix Branch
RepeaterClient
3
WAN
• Designed based on DFS replication• Redirects client to closest DFS replication site the local BR• No client changes required
XenApp 5
and redirection (Authenticate / Download / Redirect)Client accessing the files via DFS Namespace
XenApp
Citrix Repeater
XenAppProfiler
.cabFile
store
Citrix Branch
Repeater
Client
WAN
• LAN like performance• No need to go over WAN to get the LARGE .cab file
• Results: Very HAPPY user!
Branch Repeater responds to client request
Branch Repeater Technology – HDX IntelliCache
Branch Staging of Offline Apps
Branch Caching of Online AppsLocal caching and de-duplication across multiple XenApp user sessions
Pre-positions streamed applications locally for rapid delivery to branch users
Branch RepeaterRepeater
Optimized TCP Connections
Branch OfficeData Center
XenApp Farm
Infrastructure Servers
Local caching and de-duplication across multiple sessionsBranch Caching
Multi-user Optimization for XenApp
Delivers best performance for XenApp to branch users
• 22-39% faster application start up per user
• 2-6x faster bulk data transfer over ICA + up to 20x less bandwidth consumption
• Up to 30x reduction for UPD print traffic over the WAN
• Multiple users accessing the same text heavy applications• e.g. Microsoft Word or Excel
• Multiple users frequently accessing forms-based Web applications• e.g. Call center environment utilizing SAP
• Multiple users printing similar files within ICA• i.e. Universal Print Driver (UPD)
• Multiple users performing repetitive file transfers within ICA• i.e. Client drive mapping
• Multiple users streaming the same media file within ICA• i.e. HDX MediaStream
Ideal Use Cases for Branch Caching
Example: Text Heavy Application
Same text between users using Word. Redundant data not sent over WAN.
User 1 User 2
Form and web browser based apps share background objects between users. Redundant data not sent over WAN.
Example: Forms-based Web Application
User 1 User 2
Example: Multi-user file and print services on ICA
Cross-session de-duplication benefit for print or transfer of similar files by different users
Redundant data not sent over WAN.
User #1 User #2
•Supports Windows 2003 servers
•Leave all compression, encryption settings enabled
•Native ICA from XenApp is optimized and compressed
ICA Acceleration with XenApp alone
WAN
compressed and encrypted ICA data
XenApp Client
XenApp Server
ICA Acceleration with Branch Repeater
WAN
compressed and encrypted ICA data
XenApp Client
XenApp Server
Branch Repeater
Repeater
ICA data still encrypted ICA data still encrypted
•Branch Repeater decrypts and encrypts ICA traffic to allow the ICA protocol to be parsed and compressed
•Supports basic and advanced encryption
ICA Acceleration with Branch Repeater
WAN
compressed and encrypted ICA data
Branch Repeater
Repeater XenApp Server
XenApp Client
• Automatic disabling of ICA compression on the XenApp server and client
• Branch Repeater parses ICA traffic inside the virtual channel
• Compression works across users and virtual channels to optimize all traffic
• Optimal performance for print, client drive mapping, and common apps
Mixed Environment Support
HQ/Data Center
Branch Office #1
Repeater
Branch Repeater
Branch Office #2
HDX IntelliCache ensures that branch users on direct WAN as well as those behind a Branch Repeater continue to enjoy ICA application performance!
WAN
Decrypted and Encrypted by Repeater
ICA Pass-through by Repeater
Further Reading
Whitepaper: Performance
assessment of Multiuser
XenApp Optimization
• http://www.citrix.com/branchrepeater
• http://support.citrix.com/article/ctx120160
Citrix Repeater Plug-in for Citrix Receiver
Citrix ReceiverSimple user experience
Single point for notificationsOrchestrates installation, updates, and interaction of third party plug-ins with Citrix plug-ins
For the enterprise PC, home PC, and BYOPC
Windows, Macintosh, iPhone, & SmartphonesWorks inside and outside the firewall
A single Citrix client for Citrix Delivery Center infrastructure
• Improved User Experience• Simplified User Interface• Reduce Systray Sprawl• Consistent User Notifications• Simpler Secure Connection from outside work
• Improved IT Experience• Centralized client management• Head-end controls default settings• Simpler support for BYOC, home, etc
Citrix Receiver Key Benefits
Three ComponentsCitrix Receiver for Windows
• Citrix Receiver – software installed on end-user desktop that houses plug-ins and communicates with the Merchandising Server for updates
• Citrix Receiver Merchandising Server – Linux-based XenServer Virtual Machine that stores plug-in updates
• Citrix Receiver Administrator Console – Web-based console used to administer the Merchandising Server and configure plug-in deliveries
• Available as plug-in for the Citrix Receiver as well as standalone
• High-definition experience for mobile users and teleworkers ("office like")
• Overcomes bandwidth and latency uncertainty of 'on-road' connectivity• WiFi, broadband, 3G connections
Citrix Repeater Plug-in
Deployment Scenarios
Integrated mode• Merchandising Server is used to deploy Citrix Receiver and
plug-ins
• Schedule the delivery for self-service install by end-user
Standalone mode• Citrix Repeater plug-in is deployed without the Citrix
Receiver or Merchandising Server
• Citrix Repeater plug-in software is downloaded from www.citrix.com
• Software is customized and deployed using existing software distribution mechanisms
• Repeater and Access Gateway plug-ins interoperate to turbocharge secure, remote access
• Unique, single-vendor secure accelerated access solution
• Best remote and mobile user experience
• Simple, secure and fast
Turbocharge Your Access Gateway!
WANWAN
Turbocharge Access Gateway
Traffic between the client and the secure network is optimized before passing through the VPN tunnel
Repeater Plug-in
Access Gateway Plug-in
Un-optimized traffic
Optimized traffic
Secure & Optimized traffic
Access Gateway
Repeater
Repeater Packet Interceptor
Access Gateway Driver
Network Driver
Application(Email, Web Browser)
User Space
Kernel
Access Gateway Plug-inRepeater Plug-in
TCP/IP Protocol Stack (Kernel) TCP/IP Protocol Stack (Kernel)
Repeater and Access Gateway Plug-Ins Integration
Access Gateway Configuration
Standard Edition
Advanced Edition
Enterprise Edition
All editions of Access Gateway can be turbocharged
Step by step configuration and planning available in CTX121035 Turbocharge Access Gateway Reference Architecture
• Secure and accelerated remote access
• Compared to secure access without the Repeater Plug-in, a turbocharged Access Gateway:• Improves CIFS performance by up to 30X• Improves HTTP performance by up to 50X• Improves MAPI performance by up to 50X
• Up to 99% bandwidth saving with native Windows file shares, Exchange email, SharePoint document libraries, and other apps
Benefits of Access Gateway integration
Turbocharge Access Gateway
Test results showing the performance improvement over different types of bandwidth
Plug-n-Play for Any Network
Plug-and-Play Deployment with Full Transparency
Auto-discoveryNo tunnelsZero impact to:
FirewallsNetFlowQoS
Branch Repeater Repeater
Branch Office Users
Non-CitrixWAN
Optimization
Non-CitrixWAN
Optimization
Proprietary Tunnel
NoTunnel
Multiple Deployment Modes
InlineBypass NIC
Virtual InlinePBRWCCPv2
Switch Router
Repeater or Branch Repeater
LAN WAN
Switch RouterRepeater orBranch Repeater
LAN WAN
Optional HA
Optional HA
Multiple Deployment Modes : Proxy Modes
• The 4-port NIC is two logically-individual fail-to-wire pairs
• 4-port NICs are for the environments that are:• dual homed, load balanced, and redundant• the multiple WAN links have the same speed
• Supports HA Pair mode starting with release 5.0• can be deployed inline, WCCP, or policy based routing modes
High Availability – 4-port NICs in Repeater
• High-availability mode • Transparently combines two Branch Repeaters with Windows Server into a primary/secondary pair• Uses standard protocol VRRP
• Supports multiple HA deployment topologies for uninterrupted service to the branch
High Availability Mode in Branch Repeater
• Asymmetric Routing: In a multi-homed environment, a packet on a given connection might travel over either link
Approaches to Resolve ‘Asymmetric Routing’
Group mode over non-redundant links with possible asymmetric routing
•allows two or more appliances to be grouped together into a single virtual appliance
Group Mode
•where WAN routers send traffic from multiple links to the same appliance (or HA pair), via the WCCP protocol.
WCCP mode
•where routers send traffic from multiple WAN links through the same appliance (or HA pair).
Virtual Inline
•where an appliance (or HA pair) is placed closer to the LAN, before the convergence point of the WAN links
LAN-level aggregation
• When multiple WAN links exist.• Primary/secondary configurations.• Load balanced configurations.• Possibility of asymmetric routing issues.
• Group mode can be used on redundant links without reconfiguring routers.• Group mode applies only to the appliances on one side of the WAN link.• Appliances in group mode have no affect or reliance on the appliances on the other side of the WAN link.
Why deploy in Group Mode
Primary Link
Backup Link
• Within a Group Mode grouping, there is a connection “owner”.
• The owner of a connection is set by default according to a hash of IP/port pairs.
• The owner can optionally be set according to specific IP/port-based rules.
• Group mode uses a heartbeat mechanism to verify that other members of the group are active. Packets are only forwarded to active group members.
How does Group Mode work?
Primary Link
Backup Link
• If traffic arrives first at the “owning” appliance, it is accelerated and forwarded normally. If it arrives first at a non-owning appliance, it is forwarded to its owner, which accelerates it and returns it to the original appliance for forwarding.
• In addition, it means that an appliance is available for acceleration even if its link is down. When the routing tables change to bypass the failed link, group mode still forwards the packets through the owning appliance before sending them across the remaining link.
How does Group Mode work?
Owning Appliance
Integrated Windows Services
• A comprehensive branch solution, Citrix Branch Repeater:• Optimizes application delivery from the Citrix Delivery Center• Provides key native Microsoft Windows™ branch infrastructure services
• Branch Repeater is paired with Citrix Repeater appliances in the data center
• Administration is performed through an MMC snap-in or other Windows management services
Citrix Branch Repeater with Windows Server
FilePrintAD
DNS...
Citrix Hardware
WindowsServices
CitrixServices
Windows OS
Citrix XenApp Repeater for Streamed Apps
Citrix WAN Optimization
Branch Repeater System Architecture
AppsBranch Users
Datacenter
Repeater
• WAN Optimization – Citrix Repeater Technology
• Domain Controller Services – Windows 2003/ 2008
• Active Directory – Windows 2003/ 2008
• Web Content Caching – ISA Server 2006
• File and Print Services – Windows 2003/ 3008
• DNS, WINS and DHCP Services – Windows 2003/ 2008
• Administration – MMC Snap-in Framework or Citrix Command Center
Branch Repeater Feature Breakdown
OR
• The Branch Repeater appliance also serves as a local print server to speed up print job spooling times
• It also provides Windows file and printer services
• The queuing of CIFS messages and the compressing of traffic alleviate the effects of a slow WAN link
Windows File and Print Services
• Remote administration is eased through domain-level, instead of local machine, accounts
• Read Only Domain Controller (RODC) for improved data security in branch office servers
• This scenario also provides local authentication and Windows policy enforcement
• Branch Repeater allows the branch office be self-sufficient in the event of lost WAN connectivity
Domain Controller Services
New
• Management pack available for System Center Operations Manager 2007 (SCOM)
• Windows Management Instrumentation (WMI) support for integrating with custom management and reporting tools
• Using solutions such as Microsoft SCOM and WMI, an entire enterprise-wide deployment of Citrix Branch Repeaters can be centrally and seamlessly managed.
Windows Management Tools
• Optional add-on feature
• The web caching functionality of ISA Server 2006 Enterprise is leveraged
• Page elements, graphics, text and active content are cached locally on the Branch Repeater appliance
• Protocol object caching • HTTP• FTP• BITS
• Requires inline deployment
Advanced Microsoft Services – Web Content Caching
• Branch Repeater is the single platform to configure, administer and maintain the branch systems using existing Microsoft tools
• Eliminate dedicated branch servers and optimize WAN latency and bandwidth• SMS Secondary Site for geographically spread deployments• SCCM Branch Distribution Point for simplified software distribution and faster
patching
• Extend IT consolidation initiatives to the branch
Advanced Microsoft Services – Systems Management
Flexible and Centralized Management
• Single administrative interface to all remote appliances
• Automated discovery and inventory
• One-click configuration replication
• System-wide fault management and performance monitoring
What is Citrix Command Center?
• Manages NetScaler, Access Gateway, Repeater and Branch Repeater from Citrix
• Free and easy to use; runs on any Windows server
• Centralized management of Citrix Branch Repeater devices (both Windows and non-Windows)• Citrix Branch Repeater with Windows Server can also be centrally managed by
Microsoft System Center Operations Manager (SCOM) and other Microsoft management tools
• Centralized Configuration Management
Command Center 3.2 Features
• Microsoft® SQL Server™ support
• High Availability support
• Faster and more efficient backup
• Fault Management and Event Aggregation enhancements
• Historical Reporting and Performance Graphs enhancements
Other Enhancements in Command Center 3.2
Command Center - Web-based Interface
Command Center - Configuration Management
View archived configs and restore to any
previous config
• Multiple levels of performance monitoring• appliance-level (e.g. single WAN link)• System-wide (Citrix Command Center)• End-user (XenApp, XenDesktop)
• Full network transparency allows use of existing performance monitoring tools (e.g. NetFlow)
• Extensive alarm and activity information• Export data to industry-standard NMS tools
Command Center - Monitoring and Reporting
• Web-based configuration
• Scriptable CLI
• SNMPv2 support for NMS integration
Appliances - Additional Management Utilities
Hardware Overview
Mobile User
Integrated Windows Services
Branch Repeater with Windows Server 100 / 200 / 300
Repeater Plug-in
Branch Repeater 100 / 200 / 300
Repeater 85xx 85208540
Repeater 88xx8820
8820 High Speed
Branch Office
(1-10 Mbps)
Regional HQ (10-45 Mbps)
Data Center (45-500 Mbps)
Complete Product Line – Citrix Branch Repeater
Branch Repeater
VPX-2 / 10
Branch Repeater VPX-45
Branch Repeater VPX-45
• Small to medium branch offices
• WAN optimization functionality in a compact and nearly silent form-factor
• VPX = low-cost, flexible branch installation with existing servers
• WAN speeds up to 10 Mbps
• Command Center management
Branch Repeater & Branch Repeater VPX-2/10
• Small to medium branch offices
• Integrated Windows services
• Stages XenApp offline apps
• WAN speeds up to 10 Mbps
• Command Center and Microsoft manageability
Branch Repeater with Windows Server
• Datacenters and large offices
• Fan out to branches
• Datacenter replication
• Repeater Plug-in support
• WAN speeds up to 500 Mbps
• VPX = low-cost, flexible installation with existing servers
• Command Center management
Repeater Appliances & Branch Repeater VPX-45
• For remote and mobile users
• Plug-in for Citrix Receiver or run standalone
• Support broadband, WiFi and 3G connections
• Works with Access Gateway and other leading VPNs
• Included with XenApp, XenDesktop & NetScaler Platinum Editions
Repeater Plug-in
Branch Repeater 5.7 Key Features and Benefits
Feature Customer Benefits
SSL Acceleration Accelerate encrypted XenDesktop and XenApp traffic and secure web applications by up to 30X without compromising security
Disk Encryption Prevent theft of sensitive data and comply with security mandates and regulations
2008 R2 for Branch Repeater with Windows Server
Reduce the number of servers in branch offices and enable customers to upgrade to Windows Server 2008 R2
Windows 7 64-bit plug-in Support growing number of remote users with 64-bit devices
Citrix Confidential - Do Not Distribute
• Repeater appliances: all supported 8xxx models
• Branch Repeater appliances: 100, 200, 300
• Branch Repeater with Windows Server: 100, 200, 300• Note – 5.7 is versioned as 3.0 on Windows appliances
• Repeater plug-in for Receiver
• Branch Repeater VPX: N/A*
Branch Repeater 5.7 Platform Compatibility
* 5.7 features will be available for Branch Repeater VPX in Q4 with 6.0 release
SSL Acceleration
Citrix Confidential - Do Not Distribute
• Accelerate all applications that use SSL, e.g:• XenApp and XenDesktop (when using SSL encryption)• SharePoint and other ERP/CRM applications (e.g. SAP, Oracle) over HTTPS• Exchange – Outlook Web Access over HTTPS*
• Optional encryption of data at rest and over WAN
• Available for appliances and plug-ins
SSL Acceleration – Overview
PC with web browser
Secure Web Server (HTTPS)
Branch Repeater Today:
• TCP Flow Control• Quality of Service
Branch Repeater with SSL Acceleration:
• HTTP/ICA Protocol Awareness/Optimization• Multi-level Compression• TCP Flow Control• Quality of Service
* Note - Encrypted MAPI does not use SSL and is not supported
Brings parity with Riverbed and Cisco and adds a differentiator against others competitors
SSL Acceleration Disk Encryption
Citrix Y Y
Riverbed Y Y
Cisco Y Y
Blue Coat Y -
Juniper - -
Expand Networks - -
• Due to US export restrictions for encryption technology
• Available at zero cost ($0) to customers via MyCitrix
• Unlocks SSL acceleration and disk encryption capabilities
• Applied to each appliance on top of standard Citrix license
• Similar process to other WAN optimization vendors
New “Crypto” Licenses
Traffic InterceptionHow SSL Acceleration Works
• Compatible with existing application/web servers and certificate/key formats
• Interoperability with NetScaler (or any other SSL offload device)
SSL Traffic Interception
Secure Key StoreHow SSL Acceleration Works
• Built-in secure certificate/key store on Repeater• With tracking of certificate/key expiry
• Application/web server private keys NEVER leave data center
Secure, enterprise-class Certificate / Key
Store
Secure Data TransferHow SSL Acceleration Works
• Encrypt and secure user data sent between Repeater appliances
• Optional ability to encrypt ALL (non-SSL) TCP traffic between Repeater appliances
Secure Data transfer between Repeater
Appliances
Secure Disk StorageHow SSL Acceleration Works
• Ability to turn off disk compression for sensitive user data
• Ability to secure/encrypt the user’s data stored on disk• With ability to erase (scrub) the data
• Optional ability to secure/encrypt ALL (non-SSL) user data
Disk encryption
Flexible deployment modes for joining the branch network
LAN Switch Router
Branch Repeater
WANInline• Optional Bypass NIC
Virtual Inline• WCCPv2• Policy-based Routing
LAN Switch Router
Branch Repeater
WAN
• Hypervisor: Citrix XenServer only*
• Based on Branch Repeater software v5.5.1
• Support for Repeater Plug-in
• Inline, WCCP and PBR deployment modes
• Scale VM resources as needed
Branch Repeater VPX Features – 1/2
HypervisorPrint
Server Branch Services
* Additional hypervisor support in future releases
• Centralized management via Command Center*
• Support for “Essentials for XenServer” tools• XenMotion Live Migration, High
Availability and Resource Pool
• No Group Mode support
• No Fail-to-Wire (FTW) support
Branch Repeater VPX Features – 2/2
HypervisorPrint
Server Branch Services
* Requires Command Center v4.0 or higher
XenServer
Use Case 1: Accelerate other Virtual Machines
BranchRepeater
VPX
VM #1
VM #2
Inte
rnal
Net
wor
k
Network 0
XenServer
Use Case 2 : Accelerate other Servers
BranchRepeater
VPXNetwork 0Server
Network 1
VM
XenServer*
Use Case 3 : Accelerate Desktop Virtualization
BranchRepeater
VPX
XenApp
XenDesktop
Inte
rnal
Net
wor
k
Network 0
MerchandisingServer
* Likely to be a Resource Pool or Cluster
Use Case 4 : Multiple Instances for Traffic Separation
XenServer
BranchRepeater
VPX
BranchRepeater
VPX
BranchRepeater
VPX
Segregate traffic by VLAN in XenServer
VLAN 2 VLAN 2
VLAN 1
VLAN 3
VLAN 1
VLAN 3
VPX
VM #1
VM #2
• Cannot “bridge” or bypass the XenServer host if hosting other VMs
• XenServer does not recognize any special hardware (FTW card)
• Use WCCP or PBR
• Use XenServer HA• Configure VPX to start automatically• Configure HA on Resource Pool
Branch Repeater VPX Failover and Bypass Card
VPX Server
Branch Repeater VPX Requirements
VPX Minimum Requirements XenServer Requirements
• 1 CPU
• 1 GB RAM
• 60 GB Disk
• 2 Virtual NICs
• 64 bit x86 server
• VT enabled CPU (Intel VT or AMD-V) for running Windows VMs*
• Min. 1 GB RAM, 16 GB disk**
• Windows PC for XenCenter
* Branch Repeater VPX does not require VT enabled CPU** Not including VM requirements
Citrix Confidential - Do Not Distribute
Citrix Confidential - Do Not Distribute
• Repeater appliances: all supported 8xxx models
• Branch Repeater appliances: 100, 200, 300
• Branch Repeater with Windows Server: 100, 200, 300• Note – 5.7 is versioned as 3.0 on Windows appliances
• Repeater plug-in for Receiver
• Branch Repeater VPX: N/A*
Branch Repeater 5.7 Platform Compatibility
* 5.7 features will be available for Branch Repeater VPX in Q4 with 6.0 release
Repeater as a Virtual Machine available in different flavors :
Repeater VPX Express for trial purpose only (512kbps, 10 accelerated connections, 5 repeater
plugins)
Repeater VPX 2Mbps for WAN links up to 2Mbps
Repeater VPX 10Mbps for WAN links up to 10Mbps
Repeater VPX 45Mbps for WAN links up to 45Mbps
Repeater VPX
Citrix Confidential - Do Not Distribute
• The Citrix® Branch Repeater™ Promotion for XenDesktop™ Customers provides 2 free of charge Citrix Branch Repeater VPX-10 virtual appliances to all existing and new Citrix XenDesktop customers with active SA who purchase any of the following physical or virtual appliances:• Branch Repeater VPX-45• Repeater 8520• Repeater 8540• Repeater 8820• Repeater 8820 with high-speed option
Promotion Overview : Branch Repeater & XenDesktop
Repeater as a Virtual Machine Only on XenServer(a version for Vmware ESX or vSphere is expected Q4 2010)
All features are supported accept :
• Group Mode
• Repeater High-availability mode is not supported. (XenServer HA is supported.)
• Ethernet bypass card
• LCD front-panel display
• Serial console interface
Minimal Standard Config
Only for Demo/POC
Repeater VPX
Citrix FlexLM Licensing
• Branch Repeater product line now follows the standard Citrix Licensing
(a.k.a. V6, Flex LM) infrastructure
• Repeater 8x00 series
• Citrix Repeater Plug-in
• Branch Repeater
• Branch Repeater with Windows Server
Citrix Licensing
• Simplicity – consistent across all Citrix products• Single way to obtain Citrix product licenses (including Platinums)• Consistent license installation, management and compliance• A single way to upgrade and renew licenses• Consistent license consolidation, re-statement and reporting
• Flexibility – ease of deployment• Ability to allocate Repeater Plug-in licenses across multiple Repeater
appliances post-purchase• Separate Repeater Plug-in purchases from Repeater appliance purchases
Benefits of Citrix Licensing
• New Repeater and Branch Repeater units will ship from Citrix without a license
• License entitlements will be available on the “My Citrix” portal (www.mycitrix.com)
• License files can be generated from the “Activation System/Manage Licenses” tool on My Citrix
Obtaining New Licenses
