Upload
lequynh
View
223
Download
7
Embed Size (px)
Citation preview
© 2014 Citrix
Agenda
•NetScaler 10.5 Overview and Features Update
•5min break
•CloudBridge 7.3 and the Windows Server appliances
NetScaler Release 10.5
Overview and Features Update
Simeon Bosshard, Systems Engineer
Citrix Systems International GmbH
09.02.2015
© 2014 Citrix
Overview
•NetScaler major release, 2014
•Over 100 features in Beta 1
•New feature highlights
ᵒ NetScaler MobileStream™
ᵒ Core
• Policy Variables, TCP Optimizations, Traffic Domains, Link Redundancy
ᵒ Load Balancing
© 2014 Citrix
Datacenter Enhancements
NetScaler MobileStream
TMNetwork
Virtualization
Release 10.5
Citrix NetScaler 10
© 2014 Citrix
Announcement Highlights MPTCP SPDY v3 AAA External
SupportSSL
EnhancementsOWA Force
Session Timeout
Minification Lazy Image Loading
Mobile Micro VPN
Link redundancy AAA Session Stickiness
RISE Integration ACI Integration SVM Managed API
HTML Views (not Java)
Client Cert Passthrough
GatewayEnhancements
BIC and CUBIC TCP
SSL Elliptical Curve
Optimization
Simplified File Operations
LLDP Support
Dynamic routingEnhancements
Traffic Domains Domain Sharding Forms Based SSO Enhancements
Ethernet JumboFrames
© 2014 Citrix
New Licensed Features
Feature Platinum
Enterprise Standard
NetScaler MobileStream™ ✔ ✔
Policy Variables ✔ ✔ ✔
Traffic Domains ✔ ✔ ✔
LLDP ✔ ✔ ✔
Link Redundancy ✔ ✔ ✔
Application Firewall ✔ *
Cisco: RISE* ✔ ✔
Cisco: vPath* ✔ ✔ ✔
NetScaler MobileStream™
Platinum Enterprise Standard
SPDYv3, MPTCP, BIC TCP, CUBIC, TCP Westwood
✔ ✔ ✔
Domain Sharding, Prefetch, Image Opt, CSS & JS Opt, Lazy loading
✔ ✔
MicroVPN for Mobile Devices (NetScaler Gateway)
✔ ✔ ✔
* Note: Only RISE or vPath can be enabled at one time per NetScaler instance* Available as an a-la-cart feature
© 2014 Citrix
Importance Of Mobile User Acceleration
FEOEvery device unique
Firmware different
Screen size different
Retina displays Web
browser different
Connectivity location different
Network speed
different
• Optimization historically focused on optimizing and reducing load at the backend.
• With current trend of Mobility NetScaler Focuses on faster and efficient web content delivery by optimizing the web page components most dependent on client side processing.
Mobile Acceleration Improves Your Mobile Clients’ Experience
© 2014 Citrix
• Transport layer protocol
• Coexist with TCP
• Provides fault tolerance and path failover
• Increase throughput by using multiple paths
• Availabilityᵒ RFC 6824
ᵒ Linux distribution (Standard & Android)
ᵒ BSD in development
Establish secure token on first subflow (SF #1)
Subsequent subflowsuse the secure token from SF #1 to connect
What is MPTCP?
TCP Options
MPTCP
SSL
HTTPApplication/Session
Presentation
Transport
TCP-2 TCP-nTCP-1
MP_CAPABLE
© 2014 Citrix
High-Speed Enablement
SPDYv3
Next Generation HTTP
•Proposed as HTTP 2.0
BIC TCP
For High Speed Variable Latency
Networks
Send large amounts of data quickly over long
distances
CUBIC
For High Speed Unreliable &
Lossy Networks
Simplified window control
•RTT window size
© 2014 Citrix
How NetScaler Optimizes The Front-End
• Change embedded URLs to use sub-domains and trick the browser to open more connections
Domain Sharding
• Remove unnecessary characters & space
• Simplify processing & reduce download time to client device
• Move CSS & JS objects to end of HTML body
• Inline Download
Minimize & Optimize Order of CSS & JS
• JPG optimize, Convert GIF to PNG, Image Lazy load, Image shrink to display attributes of the user-device
Image Optimization
© 2014 Citrix
•1000s of Views now only in HTML5
•Load time reduced by over 50%
• Improved user efficiency
•Following areas will be converted in a 10.5 maintenance release•AppFW, Visualizer, Diagnostics
Conversion from Java to HTML5
© 2014 Citrix
Core Feature
Watch This
• Policy Variablesᵒ Store a token (data) from the request or response in a system variable
ᵒ Reference stored data for• Fully customized session persistence
• Internal computation
• Policy processing
© 2014 Citrix
LLDP Support
• Allow stations attached to an
IEEE 802 LAN to advertise
System Information. Helps to
create network topology.
• System information
advertisedᵒ Capabilities
ᵒ Management addresses
ᵒ Connectivity information
Dst MAC01-80-C2-00-00-0E
Src MAC Ether Type88-CC
LLDP Info
LLDP Info consist of multiple TLVs
TLVs must be in following sequence
© 2014 Citrix
Ethernet jumbo frames
Big Payloads
Increased
Throughput and
Goodput
Fewer Packets
Less Packet
switching
Reduced
Network I/O
Lowered CPU
Usage
Reduced
Protocol
Processing
© 2014 Citrix
What is Admin Partition?
• Logical separation of NetScaler into multiple units
• Functions like an independent Netscaler.
• Provides isolation of configuration and data/traffic
• Provides multi-tenancy, but without separation of
system resources, like., CPU, Memory, etc.
• Consists of Application resources (services, vservers,
policies, monitors, etc.)
© 2014 Citrix
Highlights of Admin Partition (Contd…)
• Separate GUI/CLI/Monitoring/Report
• IP overlapping
• External Auth - AAA
• No inter partition routing
• No read/write access to others
• Overall System security
• HA – Connection Mirror
© 2014 Citrix
Partition Definition
• System admin defines partition
• Associates partition admins
• Defines IP space for partition
• Vlan and other Network config
Partition Admin
• Defines the App
• Service creation
• Vserver creation
• Policies/Profiles
• Access common resources
• Creates SNIPs
• Networking resources
System Expectation
• Config file
• Sh run
• Save config
• Clear config
• SSL cert/keys
Manageability Expectation
• Config UI
• Reporting
• Dashboard
• SNMP
• AppFlow/Insight
Admin Partition Workflow
© 2014 Citrix
Link Redundancy
• LR Trigger for LACP channelsᵒ Set a minimum bandwidth for dynamic
channels. When throughput falls below
threshold, a link failover is triggered to
make another channel.
ᵒ For HA pair, when all channels reach
threshold, trigger HA failover.
• LR Trigger for generic channelsᵒ Fail to another channel (to a redundant
switch) when threshold reached
One of the active link fails –
Min threshold is hit
How it works?
Key 1 Key 2 Key 3
At any point of time
only one channel
will be active.
Switch
X
Switch
Y
Switch
Z
When one of the
active link fails, and
lrMinThroughput is
hit, we select a
subchannel with
high throughout and
make it active by
reseting all other
interfaces
LCAP Key 4
Key 1 Key 2 Key 3
Switch
X
Switch
Y
Switch
Z
LCAP Key 4
© 2014 Citrix
Orchestration
• NITRO API SDK in Python for better server side scripting. Python SDK will be available and supported with python 2.7 and 3+.Python SDK
• NITRO API support for routing protocols. Changes sync to all peers.Dynamic Routing
• NITRO APIs for Upload, Download, Write and Read methods. Key functional requirements like SSL certkey will be able to get the benefits.
File Operations
• NITRO APIs and commands for better system manageability
• Tech Support, batch, source, show nstrace, start nstrace, stop nstrace
Other Commands
© 2014 Citrix
Service Supporting Features
• Content Switchingᵒ Multi-port CS
• Configure a CS vserver on a combination of ports
ᵒ DNS_TCP Support• DNS_TCP protocol is now supported with a Content Switching Vserver
• Audit Loggingᵒ Ability to distinguish whether the command is executed from CLI or the GUI
• AAA Session Stickinessᵒ LDAP, RADIUS, & TACACS: We now stick to the server where last session was
successful.
© 2014 Citrix
Service Supporting Features (cont)
• AAA-TMᵒ Custom error strings
ᵒ Backend HTTP Web-Form Authentication
ᵒ Strong Encryption Support in KCD/Kerberos (AES-256, RC4-HMAC)
• OWA Force Session Timeoutᵒ Forced timeout on long-lived connections that are open for monitoring
• Client Certificate Pass-throughᵒ In XenMobile deployments, a client-certificate is required to be passed to Storefront.
Now send the client-certificate any Application server. No configuration needed.
• Forms Based SSO – Relative URLsᵒ NS can take relative URL and processed for Form based SSO
© 2014 Citrix
SDX SVM Manageability & 3rd Party Software
• CLI Support
• File management via NITRO
• AAA Supportᵒ Use LDAP/TACACS/RADIUS for
SVM accessᵒ Authorization & Audit log supportᵒ Password expiration supportᵒ For more details refer : AAA edocs
• Ethernet Jumbo Frames Support with SR-IOV
• Central SSL Cert & Key Management
Open service delivery
platform for
3rd party services
© 2014 Citrix
TM & DNS
LB: Increased number of service groups to 8000
DNS LB: CNAME record caching in Proxy mode
• NetScaler to use DNS caching module to cache CNAME record and send it from NS than fetching it every time
DNS: NAPTR
• NAPTR support on NS along with SRV records.
GSLB: Static proximity sync
• Auto sync of static proximity db
© 2014 Citrix
SSL
• ECC Cipher Supportᵒ More secure & faster ciphers available on N3-based MPX, SDX, & VPX
• ECDHE-RSA-RC4-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA
• Common Name Check• Server Auth configuration is enhanced to accept “commonName” check. This
check will be performed on SSL certificates received from backend server
• SSL Profilesᵒ SSL profiles added for frontend and backend communication
• SSL Cert Chainᵒ Helps identify the certificates belonging to a chain and suggest if a cert is
missing in the chain.
CloudBridge 7.3 and the
Windows Server Appliances
Simeon Bosshard, Systems Engineer
Citrix Systems International GmbH
19.02.2015
© 2014 Citrix
Usability & Manageability
Enhanced Optimization
Release 7.3
Visibility Field-enabler tools
© 2014 Citrix
Visibility with CloudBridge
Exporter Collectors
AppFlow
HDX InsightXenDesktop
DirectorCloudBridge
© 2014 Citrix
HDX Insight for CloudBridge
ICA Analytics
DC & WAN
LatencyActive
/Inactive Session
Data
ICA RTT
Host Delay
Client/ Server IP
Virtual Channels• Provide HDX insight support for
branch users
• Insignificant load on CB appliance
• Roadmap: hop-by-hop
information, support of multiple
protocols
© 2014 Citrix
Optimize RPC over HTTPS
• Default protocol with Exchange 2013
Configure SSL certificate and service class
Compression benefits similar to MAPI
© 2014 Citrix
Deploying XD 7.5 on AWS? Optimize with CloudBridge !
TraditionalDatacenter
Storage
Authentication
Seamless,
Secure,
Optimized
© 2014 Citrix
Video Caching enhancements
Video caching
Pre-populationScheduled Pre-population
Centralized management
© 2014 Citrix
Auto-Configuration using Command Center
Configuration profile 1
Configuration profile 2
© 2014 Citrix
Hardware installation
IP address, Netmask & gateway
Command Center IP
Map configuration profiles to SN or IP
Create configuration profiles
Registration request
Push configuration for CloudBridge
DHCP-based configuration
DNS look-up for CC alias
© 2014 Citrix
Usability enhancements
• Factory image updated to 7.2.2: Pay-grow new CB 4000 & CB 5000 with just
license change
• Eliminated need for loopback cable
10/1
10/2
10/3
10/4
0/1
Mgmt
0/2
AUXInterfaces:
MGMT
Network
CloudBridge 5000
LOM
LOM 10/5
10/6
10/7
10/8
Loopback
cable
10/1
10/2
10/3
10/4
0/1
Mgmt
0/2Interfaces:
MGMT
Network
CloudBridge 4000
1/1 1/5
LOM
LOM
1/2 1/6
1/3 1/7
1/4 1/8
Loopback
cable
© 2014 Citrix
CloudBridge 2000WS and 1000WS Branch Platforms
• 6 to 50 Mbps of accelerated
throughput
• Windows Server 2012 R2 Standard
Edition fully installed, licensed
configured and supported by Citrix
• 60 to 300 concurrent HDX sessions
• Up to 200 Mbps QoS throughput
• 10,000 to 20,000 TCP sessions
• Beta response score 8.5 out of 10 –
100% would recommend
© 2014 Citrix
Configurations: CloudBridge 2000 CloudBridge 1000
CPU E3-12754 core, 3.4 GHz
E3-1105C v24 Core 1.8GHz
Memory 24 GB 32 GB
Storage Intel 600 GB SSD(WAN opt)
2 x 1 TB HDD(Windows)
Intel 300GB SSD (WAN opt)
Seagate 1TB HDD (Windows)
Recovery Disk boot partition 16GB Internal eUSB
Network Interface 2 pair w/bypass 10/100/1000
2 pair w/bypass 10/100/1000
Cooling Fans 4 high speed N+1 redundant)
3 low speed(N+1 redundant)
© 2014 Citrix
Citrix Extensible Appliance Architecture
• Hypervisor-based
architecture
• Secure: all VMs
fully isolated from
the others
• Guaranteed
acceleration
bandwidth
XenServer Hypervisor
Mgmt
VMWAN Optimization
VM
Windows Server
2012 R2 Std.
Interface
0/1 MgmtAUX
WindowsapA LAN Acceleration
apA
WAN Acceleration
apB LAN Acceleration
apB
WAN Acceleration
192.168.100.0/16
WAN
Local Network
192.168.100.1 192.168.100.40
© 2014 Citrix
CloudBridge 1000WS
• License levels: 6 / 10 / 20 Mbps
• Pay Grow available
• HDX Sessions: 60 / 100 / 200
• TCP Sessions: 10,000
• Full-featured, advanced WAN
optimization
• Full Windows Server domain
controller / server functionalityᵒ AD, DNS, DHCP, RODC, LDS
ᵒ File & Print
Up to 200 ICA sessions
© 2014 Citrix
CloudBridge CSX: Extend the cloud to the
branch
XenServer
WAN OptimizationServices
Storage Video XD-Print
✔ ✔ ✔
© 2014 Citrix
ThinPrint + CloudBridge = Easy Branch Office Printing
Full ThinPrint print optimization and innovation in the branch
CloudBridge replaces all ThinPrint related hardware in the branch
Remote Print Server on CloudBridge adds flexibility for branch offices
Simple, centralized management of all ThinPrint components
Virtual DesktopsThinPrint on
Central Print Server
ThinPrint on Remote
Print Server on Citrix
Cloud Bridge 2000WS
Print Optimize Manage Deliver> > > > > > > >
Branch Printers
© 2014 Citrix
The morphing branch
Traditional DC Apps and Data
Collaboration and File Sharing
Marketing & Merchandising Video
Video and “Egocasting”
Helper Apps
© 2014 Citrix
Branch storage convergence
• Citrix approachᵒ Fully installed, configured and licensed
Windows Server 2012 R2
ᵒ Supported by Citrix
ᵒ Everything’s included
ᵒ Supports standard MS file handling
including DFS
ᵒ Key partners for • Printer management
• Video stream splitting
• File Collaboration
• “Others” approachᵒ Preconfigured virtual machines –
Riverbed 5, Cisco 2
ᵒ Customer installs, configures and
manages
ᵒ Cisco & Riverbed charge for VM
support
ᵒ Cisco Office-in-a-box
ᵒ …or you can use Granite – now called
SteelFusion