WAN Optimierung mit Citrix Branch Repeater

Citrix BranchRepeater Daniel Künzli, Systems Engineer ANG Citrix Systems GmbH, Switzerland

• Inefficient use and bandwidth- hungry applications

• Tradeoffs between data center consolidation and branch user experience

• High cost of branch office IT

Branch Offices Across WAN Present Obstacles

Network costs are a key part of desktop virtualization

Servers 20%

Clients 20%

Networks 30%

Storage 30%

“Networking alone makes desktop virtualization cost-prohibitive”

Citrix Branch Repeater | The Big Picture

Tele-workers Mobile Users

Repeater Plug-in for Citrix Receiver

Branch Repeater with Windows Server

Branch Repeater

Branch Offices

Applications:

XenDesktop

XenApp

Web apps

Email

File Servers

SharePoint

Data Center

Repeater

Redundant Datacenter or

Disaster Recovery Site

Repeater Branch Repeater VPX

WAN

Branch Repeater VPX

Branch Repeater VPX

Flexibility to Meet All Your Needs

Citrix Branch Repeater Product Family

Repeater

Appliances Repeater Plug-in

– Software Client

Branch Repeater with

Windows Server

and

Branch Repeater

Appliances

Branch Repeater VPX

– Virtual Appliance

Software

NEW!

What is Branch Repeater VPX?

… is software that

offers Branch Repeater

functionality in a virtual appliance form factor

…

Branch Repeater

VPX

Branch

Services

Print

Server

… also in Branch Repeater VPX

HDX WAN Optimization in Branch Repeater

Adaptive

Protocol

Acceleration

Adaptive

Compression

Adaptive

TCP Flow

Control

Traffic

Prioritization

And QoS

Accelerate print, video, launch

Deliver a high-definition user experience at the branch

Reduce desktop delivery network costs

Cut bandwidth, energy, power & setup costs

Accelerate XenDesktop traffic across the WAN

Reduce bandwidth consumption

by 89%

Reduce XenDesktop launch times

by 40%

Deliver up to 2X the number of

users on existing bandwidth

Accelerate printing

by 2X

VPX requirements

Citrix Confidential - Do Not Distribute

Requirements


Citrix XenServer

VPX Minimum Requirements

• 1 GB RAM

• 60 GB Disk

• 2 Virtual NICs

• 1 Virtual CPU

Off-the-shelf server

Hyper-V

ESX / ESXi In Tech

Preview!

Grow as you Need!


• 1 GB RAM, 60 GB Disk

• Recommended for VPX Express Express • 1 GB RAM, 100 GB Disk

• Recommended for up to 2 Mbps

• 1000 Accelerated TCP connections, 50 Plug-ins Small



• 15,000 Accelerated TCP connections, 400 Plug-ins Medium



• 25,000 Accelerated TCP connections, 500 Plug-ins Large

One physical NIC with two virtual NICs are required.

Each virtual NIC must be connected to a separate virtual network in XenCenter.

Out of band management can be handled by a third and/or fourth virtual NIC.

The VPX cannot use the fail-to-wire functionality (a dual port card is seen as 2 NICs with no special hardware support)

VPX Sizing and Scaling

Branch Repeater Deployment Simplicity

Branch Repeater Repeater

Branch Office Users

Datacenter

Non-Citrix WAN Op

Non-Citrix WAN Op

Proprietary Tunnel

Full Network Transparency Means Plug-n-play for Any Network

No dials, self-tuning approach to WAN optimization

TCP Flow

Control

Compression

De-duplication

Protocol

Acceleration QoS

AutoOptimizer Engine

Application Mix

Network Conditions

Flexible deployment modes for joining the branch network

LAN Switch Router

Branch Repeater

WAN Inline

• Optional Bypass NIC

Virtual Inline

• WCCPv2

• Policy-based Routing

LAN Switch Router

Branch Repeater

WAN

Modes – Physical Deployments

Inline Mode (most common)

Network will need to go down, while unit is cabled inline directly inline between WAN Router and LAN Switch

Simplest Configuration (no Router/Switch configuration required)

No traffic is allowed to bypass the Branch Repeater appliance

Traffic flows as soon as its cabled (bypass card)

Data flows from one accelerated eth port and is forwarded through a second port (Accelerated Pair A illustrated below)


Virtual Inline Mode

Can be deployed with no network disruption

Uses only one Ethernet port on the BR (apA port)

Requires Router knowledge (utilizes Policy Based Routing, rules to classify traffic and determine how its forwarded).

The router redirects the packets that are destined as outbound WAN traffic

From any LAN port other than the one used by the BR Appliance, then route traffic to the BR Appliance

From the LAN port used by the BR Appliance, then route traffic to the WAN interface of the router

PBR – requires the use of another physical/logical interface on the router (if not available use WCCP)


WCCP – Web Cache Communication Protocol

Can be deployed with no network disruption

Requires Router knowledge (Route Policies to intercept desired traffic, route it to BR on the LAN)

Uses a GRE tunnel (virtual communication link) between the BR and Router

Only requirement is IP connectivity between BR and Router

Mode contains all acceleration features

Uses only one Ethernet port on the BR (apA port)


HA – High Availability

Provides protection in event of failover

Provides two management IP addresses & one VIP address

The subnet of the VIP address is determined by the Management IP address of both WS.

Primary and Secondary – the primary unit handles all incoming and outgoing traffic. The secondary appliance takes over in the even of a failover if the primary fails.

The first to initialize itself becomes the primary


Group Mode

Used for asymmetric networks

Two or more BR inline mode, combined into a single virtual unit

Uses forwarding rules to avoid random router packet assignment

GM units are identified by serial # & IP address

Individual appliances will own particular connections. If non-owning appliance receives a packet it will forward it to the owning appliance via GRE tunnel.

Features

Recent Accomplishments / Updates

• Branch Repeater 5.7 • SSL traffic acceleration and disk history

encryption

• Branch Repeater with Windows Server 2008 R2

• 64-bit Windows 7 Repeater Plug-in

• Branch Repeater 5.5.2 and 5.5.3

• Notice of Status Change • Branch Repeater with Windows Server (2003

only) End of Sale July 31, 2010

• EoM / EoL July 31, 2013

• Branch Repeater VPX released!

• Virtual appliance software on XenServer

• Branch Repeater VPX on Hyper-V R2 in Tech Preview!

Branch Repeater Product Line & Pricing

512Kbps 1 Mbps 2 Mbps 10 Mbps 45 Mbps

Bandwidth

Price $K

155 Mbps 500 Mbps

Branch/Regional office

Large Branch/Data center R 8820HS

$99,500 R 8820

$49,500

$19,500

R 8540

BR 100

$4,000+

BR 200

$6,000+

BR 300

$10,000+

100

50

20

10

6

4

0

VPX-Express

$0

VPX-2

$4000

VPX-10

$7000

VPX-45

$13,000

20 Mbps

$12,000

R 8520


SSL acceleration

What is the SSL Compression and Acceleration?

SSL compression allows standard SSL-based connections (HTTPS traffic, for example) to be compressed using Branch Repeater’s multi-session compression engine as well as other protocol-specific optimizations.

SSL compression utilizes SSL certificate exchange to decrypt and re-encrypt traffic between client and server.

Overview

Standard SSL Connection

SSL Connection

What is the SSL Compression and Acceleration?

SSL compression allows standard SSL-based connections (HTTPS traffic, for example) to be compressed using Branch Repeater’s multi-session compression engine as well as other protocol-specific optimizations.

SSL compression utilizes SSL certificate exchange to decrypt and re-encrypt traffic between client and server.

Client Side

SSL Connection

Server Side

SSL Connection WAN

SSL Tunnel

Accelerated SSL Connection

What is SSL Compression

What is SSL Compression

Client Side

SSL Connection

Server Side

SSL Connection WAN

SSL Tunnel

Accelerated SSL Connection

• Branch Repeater has access to the clear text data of the SSL connection because the sever-side Branch Repeater Appliance acts as a security delegate of the endpoint server(s).

• The appliance is functioning as a security delegate of the server, therefore most configuration is on the server-side Branch Repeater.

What is SSL Compression What is SSL Signaling?

Client Side

SSL Connection

Server Side

SSL Connection

• Signaling refers to the connection, authentication and configuration between two appliances/endpoints.

• The Data Connection refers is the secure connection used to transmit encrypted data between two appliances/endpoints.

SSL Data Connection

Peer Relationship and

SSL Signaling Connection

How SSL Compression Works SSL Split Proxy Mode Overview

• Split Proxy Mode will be used in most deployment scenarios where Temp RSA or Diffie-Hellman key exchange is required.

• The server-side Branch Repeater masquerades as the server to the client and proxies the connection.

• Client authentication is not supported.

SSL Data Connection

The server-side Branch Repeater

is allowed to act on the server’s

behalf.

•SSL Credentials (certificate and

public key) from either an local

enterprise CA or the server itself

are installed on the server-side

Repeater.



How SSL Compression Works SSL Transparent Proxy Mode Overview



• The server-side Branch Repeater acts on behalf of the server, decrypting and re-encrypting on the fly, using the server’s private key(s).

• Client authentication is supported.

• The client sees the connection as if it is connection directly to the server.

•The server’s SSL credentials

(public and private keys)

must be installed on both the

server and the Branch

Repeater.

SSL Data Connection

How SSL Compression Works SSL Transparent Proxy Mode Overview

• Temp RSA and Diffie-Helman key exchange is not supported.

• TLS Session tickets and SSL v2 is not supported in this mode.

• Any session renegotiation will result in a connection termination.

•The server’s SSL credentials

(public and private keys)

must be installed on both the

server and the Branch

Repeater.

SSL Data Connection



WAN Optimierung mit Citrix Branch Repeater

Technology

Transcript of WAN Optimierung mit Citrix Branch Repeater