enterprise service delivery from the aws cloud (arc208) | aws re:invent 2013
DESCRIPTION
(Presented by Citrix) As we move to a world where all users are mobile and apps are increasingly delivered from the cloud, security, compliance, and user experience service-level expectations are higher than ever, necessitating that IT look beyond traditional methods for delivering applications. However, there are intelligent cloud networking and provisioning solutions on AWS that can be leveraged to create a service delivery model that addresses the new paradigm. Learn how Citrix NetScaler VPX on AWS provides full application visibility and control through a combination of customer case studies and demos. In this session, you learn how to: -Deploy Citrix application delivery technologies (NetScaler, NetScaler Gateway, CloudBridge) into AWS -Optimize next-gen web applications delivered from AWS, using traffic management and application acceleration capabilities -Provide global application availability across on-premises data centers and multiple AWS regions using CloudBridge, global server load balancing, and Amazon Route 53 DNSTRANSCRIPT
ARC208 - Enterprise Networking and Service Delivery in the AWS Cloud
Sridhar Devarapalli, Director Product Management, Citrix Aaron Delp, Sr. Director Technical Marketing, Citrix November 13, 2013
How can IT leverage both AWS and on-premises resources to deliver
IT-as-a-Service?
Role of IT Ops in Cloud Computing
Data Center Cloud
IT Organization acting as a Provider and Broker
IT Operations
Consumer IT Broker Group
Cloud Hybrid IT
Agenda
Intelligent cloud networking to manage across AWS and on-premises Cloud management scenarios across AWS and on-premises
1
2
Virtual Appliance
Fabric Multi-service
Physical Appliance
Now available on
Citrix NetScaler for AWS
• Full NetScaler L4-7 functionality
• Easy setup and launch
• Both BYOL and hourly pricing
Product Overview
It’s NetScaler
All L4-7 Functionality Supported
• L4 load balancing • Content switching • Rewrites • Responder • Redirects • TCP offload • CloudBridge • GSLB
• SSL offload • Access Gateway Enterprise • Caching • Compression • Datastream • Appflow • NetScaler Insight • App Firewall
✔ ✔
✔
✔ ✔ ✔ ✔
✔ ✔
✔ ✔ ✔
✔ ✔
✔ ✔
NetScaler TestDrive Demo
NetScaler Use Cases
For Production
For Dev/Test, DR
Citrix Cloud Bridge
Amazon VPC
AWS Region
Public Subnet
Private Subnet
Corporate Data
Center
Corporate Headquarters
Availability Zone 1
Availability Zone 2
Branch Offices
VPN Gateway Customer Gateway
(BGP/NoBGP)
Internet Gateway
Router
DirectConnect Location
New Enterprise IT Network Architecture
10G
S3 SimpleDB SQS/SNS/SES DynamoDB SWF Elastic Beanstalk
NetScaler Requirements: Subnets and ENIs
• Recommend three subnets and thus three ENIs – One for management (e.g., NSIP) – One for client-side traffic (e.g., VIPs) – One for server-side traffic (e.g., SNIPs, MIPs)
• Can be launched with two subnets/ENIs – One for management – Shared subnet for client-side and server-side traffic
• Can be launched with a single subnet/network interface – Management, client-side and server-side traffic all on same subnet – HA is not supported in this configuration
• More than three subnets/ENIs is of course supported
Region: US East AZ: us-east-1a AZ: us-east-1b AZ: us-east-1c
Default Gateway 10
.20.
15.0
10.2
0.10
.0
10.2
0.1.
0
10.2
0.11
.0
10.2
0.12
.0
NetScaler
ENI ENI ENI
NetScaler in AWS VPC
Scaling Across Zones
NetScaler NSIP
VIP
SNIP SNIP
NetScaler NSIP
VIP
SNIP SNIP
GSLB
Region: US East AZ: us-east-1a AZ: us-east-1b
Elastic IP’s (Public Route)
Private IP
’s (Private R
oute 1)
Private IP
’s (Private R
oute 2)
DC/DNS (DC1)
DC/DNS (DC2)
DC/DNS (DC3)
DC/DNS (DC4)
MB01 MB02 MB03 MB06 MB05 MB04
CA01 CA01 ET01
MB07 MB08 MB09 MB12 MB11 MB10
ET02 CA03 CA04
Remote Management & Administration
Outlook Users
Direct internet-based Message delivery
Or cloud-based Message Hygiene Service
Exchange Reference Architecture
GSLB
NetScaler Benefits
• Cookie-based persistence
• Site-level persistence
• Load-based distribution between AZs/Regions
• SSL Offload
Scaling Across Regions
NetScaler NSIP
VIP
SNIP SNIP
NetScaler NSIP
VIP
SNIP SNIP
GSLB
Region: US West Region: US East AZ: us-east-1a AZ: us-west-1a
Large-scale XenApp Deployments
NetScaler for XenApp
High performance, highly scalable remote access designed for Citrix Receiver
Global Distribution of Users based on client location, server availability, and data center load
Transparently routes around failures in the network for DR at the software, server, and global level
Secures XenApp from data leaks with tight integration and proper authentication of users
GSLB for Region Selection
US East 1a 1b
US West 1a 1b
EMEA 1a 1b
storefront.uswest.co.com storefront.useast.co.com Storefront.emea.co.com
Service.co.com
US East 1a 1b
US East 1b
service.co.com
storefront.useast.co.com
1a
Storefront servers … Storefront servers
…
… ag.1a.useast.co.com
… ag.1b.useast.co.com
PS Farm Servers …
PS Farm Servers …
Region View
Role of IT Ops in Cloud Computing
Data Center Cloud
IT Organization acting as a Provider and Broker
IT Operations
Consumer IT Broker Group
Cloud Hybrid IT
Hybrid IT Use Cases
• On-premises deployment leverages AWS resources (e.g., Amazon S3)
• Self-service access to cloud services, some of which run on AWS, and some on-premises
CloudPortal Business Manager
CloudPlatform powered by Apache CloudStack
Networking Storage Compute
INFRA- STRUCTURE
DEV & TEST
DISASTER RECOVERY
BYO PLATFORM
APPS & DESKTOPS
MOBILE APPS
YOUR SERVICE
Citrix Hybrid IT Deployments
NetScaler
Pod 1
CloudPlatform Architecture
Cluster 1
Host 2
Host 1
….
L3 switch
Pod N
Secondary
Storage
Zone 1 Firewall NetScaler
Primary Storage
L2 switch
….
Cluster N
Amazon S3
Storage
Amazon S3 Secondary Storage • Use Cases
– Secondary Storage across multiple Availability Zones within a region – VM launch in multiple zones based on same template
• Benefits
– Higher Availability • Availability of Templates, Volume Snapshots across zone failures
• Things to know
– Based on the Amazon S3 API
CloudPortal Business Manager
Cloud admins broker and deliver IT and cloud services
Users and Customers
Developers and Cloud Admins
Off Premise
3rd Party Web, SaaS apps
On Premise
IT Managed Cloud Broker
Discovery
Service Catalog
Billing
Charge back
Self-Service
Auth
entic
atio
n an
d
role
bas
ed a
utho
rizat
ion
CloudPlatform powered by Apache CloudStack
Connector for AWS
Connector for AWS on Citrix CloudPortal Business Manager
• Connector in development • Account Provisioning
– Linkage to Existing AWS Account – Get New AWS Account through CloudPortal
• Insight into AWS Billing for Cost Consolidation • Single Bill (along with other non-AWS services) for
Customer Chargeback
Summary
• Take the NetScaler Test Drive
• Check out the Exchange on AWS Reference Architecture
• Same L4-7 services on-prem and in AWS makes
it easier to extend enterprise workloads into AWS
For More Information
• http://www.citrix.com/netscaler/aws • http://aws.amazon.com/marketplace • http://www.citrix.com/cloudplatform • http://www.citrix.com/cloudportal
Work better. Live better.
We are sincerely eager to hear your feedback on this presentation and on re:Invent. Please fill out an evaluation form when you have a chance.
Availability Zone a Availability Zone b
Internet
VPC customers can launch instances in their own isolated network
VPC Customer
10.0.0.5
10.0.0.6
10.0.3.17
10.0.3.5
10.0.1.5
10.0.1.25 10.0.1.8
10.0.1.6
Amazon You can assign your own IP range to the VPC network