Citrix Net Scaler Preso

1,611 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,611
On SlideShare
0
From Embeds
0
Number of Embeds
781
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The NetScaler has the ability to meetthe four key web application delivery requirements: availability, performance, offload and security – all in one highly scalable, flexible and extensible system. NetScaler provides:100% application availability via our world-class L4-L7 load balancing capabilities and intelligent service health monitoring featuresAccelerates application performance by 5x through static and dynamic content caching and compressionAn average of 60% in application infrastructure savings through connection pooling and offloading SSL processing from servers, especially important for Web 2.0 applicationsEnd-to-end application security with integrated Access Gateway Enterprise for secure remote access and an application firewall to protect against application layer attacks
  • Moore’s Law is still alive and well – the number of transistors that can be placed on an integrated circuit continues to double every two yearsHowever, CPU speed increases have plateaued around 3.5 – 4 GHz range since 2005Software and networking vendors cannot simply ride the CPU speed increase curve to gain additional performanceCPU manufacturers are turning instead to adding additional cores to their processors to provide additional performanceProducts that rely on CPUs for performance gains need to be able to fully leverage multi-core CPUsThis translates to rewriting their SW to take advantage of a multi-threaded, parallel architecture
  • nCore technology allows us to break the single core performance barrier and to fully leverage the power of multi-core CPUs. With previous versions of NetScaler software, we could only run one Packet Engine. So, we were effectively not utilizing the power of the other available cores. nCore technology allows us to run multiple Packet Engines to fully leverage the processing capacity of additional cores, providing us with a 7X increase in performance and scalability.
  • Web 2.0 is a technology that is becoming more prevalent on the web today. This technology is also sometimes referred to as Server Push or reverse Ajax. In an essence, what this technology is doing, is updating web content relative to what the user is experiencing at a particular moment.
  • NetScaler 9 enhances the ability ensure application availability by enabling NetScaler policies to be triggered based upon data rates either coming from a given source or going to a given resource. AppExpert Rate Controls give administrators the ability take actions beyond what basic network rate-shaping or QoS provide, and to govern resources at a far more granular level. By integrating AppExpert Rate Controls into NetScaler’s fully application-aware policy engine, administrators aren’t limited to just throttling traffic based upon IP address and port, but have the full depth and breadth of NetScaler traffic management, acceleration and security functionality at their disposal.There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
  • There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
  • NetScaler extensibility is improved by NetScaler 9 via the availability of AppExpert service callouts.AppExpert Service Callouts make NetScaler policies extensible by providing a way to integrate logic or functionality from other applications into NetScaler policies. Specifically, using an AppExpert service callout, a policy can send (over HTTP or HTTPS) any part of an incoming request to an external application or service. The result returned can then be incorporated into the policy evaluation. A simple example of this would be IP blacklisting, where an AppExpert Service Callout passes source IP data to an external database that responds with a decision as to whether or not requests from that IP address should be passed. SPAM evaluation is a similar example. Other possible uses are integration with external AAA or identity management applications, passing data to an external transformation engine or invoking UDDI registries.AppExpert Service Callouts make the most sense whenthe logic for a given policy is so dynamic that statically defining it within a NetScaler policy doesn’t make senseWhen the logic for defining a policy match is complex enough that it doesn’t make sense to use NetScaler expressions to define itIn certain cases, when the action for a policy (e.g., format loading) is easier to achieve by using external functionality rather than using NetScaler’s inherent functionality.
  • Currently, the most commonly cited use case is for basing NetScaler policy decisions on “source IP address reputation” that is tracked in another application or service. For example, one beta customer has an external application that identifies and tracks IP addresses that are scraping its site’s content. This customer used a service callout to have NetScaler query this application in real-time and then used NetScaler to either pass or drop the request. The same approach could be used to have NetScaler filter spam or other inbound content by using a callout to pass payload information to another application that inspects this content.Other use cases customers have mentioned include:-Passing content to an external transformation engine -Integration with UDDI or other directory services-Geo-targeting or other token-based switching decisions, where the logic for the content switch is available in an external application.
  • Impact of callouts on NetScaler capacityTo NetScaler, a callout is just another HTTP request/response, since NetScaler doesn’t actually process any logic. Therefore the additional HTTP request traffic that will result from using callouts should be factored into any sizing/capacity decisions. Impact of callouts to application performance/response timePerformance impact of AppExpert service callouts will of course vary from customer to customer and case to case. However, working under the assumption that the NetScaler device has enough capacity to process the additional HTTP requests associated with the callout, impact upon application response time will be impacted by:The network latency between NetScaler and the external applicationThe amount of time it takes the external application to process the calloutHowever, the following should be kept in mind:Callout responses can be cached by NetScaler. This can greatly mitigate both latency and response time impacts, as well as significantly offload the external applicationIn many cases, the “callout” may already be happening, except that it is currently happening between the external application and the origin application rather between NetScaler and the origin application. For example, the back-end application may be dynamically querying an external application to get IP reputation information. In these cases, using NetScaler to perform the callout may improve application response time, especially if callout responses can be cached.
  • Citrix NetScaler has a solution for any market. Whether you run many applications along with high throughput, there is a model right for you. (click) Previously we have our lower-end MPX 5500 and 7500 that are ideal for XenApp deployments and smaller enterprises along with the mid-range 9500 models for larger enterprises. We also have our high-end range MPX 15000/17000 models for the largest enterprise, Internet-centric, and cloud computing usage; these provide in excess of 15 Gbps. Now(CLICK) we have provided newer mid-higher range solutions. The MPX 10500 is aimed at large enterprises with more throughput needs and demand maximum simultaneous feature usage. The MPX 12500 is for mid-size Internet-centric applications and still larger enterprise needs. With capacity up to 8 Gbps. (CLICK) these two latest models expand on the software upgrade flexibility with the ability to move up from the 10500 to the 12500.
  • Citrix Net Scaler Preso

    1. 1. Нестандартное использование аппаратных решенийв высоконагруженных проектах<br />Николай Шадрин<br />
    2. 2. Содержание<br />Краткое содержание пред. серий<br />Case Study<br />Что появилось нового?<br />Демо<br />Планы на завтра<br />
    3. 3. Краткое содержание предыдущих серий<br />
    4. 4.
    5. 5. Доставка приложений с помощью NetScaler<br />B2C<br />B2B<br /><ul><li>Caching
    6. 6. Compression
    7. 7. Connection pooling
    8. 8. SSL processing
    9. 9. Access Gateway SSL VPN
    10. 10. Application firewall
    11. 11. World-classL4-L7 load balancing
    12. 12. Intelligent service health monitoring</li></ul>Offload <br />Security<br />Availability<br />Performance<br />P2P<br />
    13. 13.
    14. 14. Обеспечение работы личного кабинета<br />Высокая нагрузка в «часы пик»<br />Ограниченные возможности по масштабированию<br />Цейтнот<br />Задача<br />
    15. 15. Connection pooling<br />Кэширование<br />Rate Limiting<br />SSL Offload<br />Настройка – менее 24ч<br />Решение - NetScaler<br />
    16. 16. Была достигнута приемлемая производительность сайта<br />Уже сделано: перевод большинства веб-проектов компании за NetScaler<br />В планах использование NetScaler для сервисов, отличных от HTTP (SIP, LDAP etc.)<br />Результат<br />
    17. 17. Новинки за этот год<br />
    18. 18. 2009<br />2007<br />2008<br />Gartner Magic Quadrant<br />
    19. 19.
    20. 20.
    21. 21.
    22. 22.
    23. 23. NetScaler 9.1 представляеттехнологию nCore™<br />
    24. 24. Барьер скорости CPU<br />100000<br />10000<br />1000<br />100<br />10<br />1<br />0.1<br />0.01<br />0.001<br />0.0001<br />0.00001<br />Транзисторы<br />x 10000<br />Частота (MHz)<br />Ядра<br />
    25. 25. <ul><li>Packet Processing
    26. 26. Load Balancing
    27. 27. SSL Processing
    28. 28. Content Switching
    29. 29. Compression
    30. 30. Content Filtering
    31. 31. Policy Evaluation
    32. 32. DDoS Protection</li></ul>Разрушение барьера одного ядраАрхитектура ADC следующего поколения<br />4X Производительность<br />7X Масштабируемость<br />PE<br />PE<br />PE<br />PE<br />PE<br />PE<br />PE<br />Packet Engine<br />Core3<br />Core4<br />Core5<br />Core6<br />Core7<br />Core2<br />Core1<br />
    33. 33. Преимущества масштабируемости и производительности<br />7X<br />18<br />Gbps<br />15<br />Gbps<br />4X<br />340K<br />MPX 17000<br />MPX 15000<br />
    34. 34. NetScaler nCoreTM: Преимущества в реальном мире<br />Max.<br />Теор.максимум<br />Производительность<br />Real Traffic NetScaler nCoreTM<br />Real Traffic NetScaler Classic<br />
    35. 35. NetScaler VPX<br />
    36. 36. ACCELERATION<br />AVAILABILITY<br />SECURITY<br />OFFLOAD<br />18 Gbps<br />1,500,000 RPS<br />60,000 TPS<br />NetScaler <br />
    37. 37. Критичныесайты<br />Большинство приложений<br />
    38. 38. Дополнение к семейству NetScaler<br />ACCELERATION<br />AVAILABILITY<br />SECURITY<br />OFFLOAD<br />NetScalerVPX<br />NetScalerMPX<br />
    39. 39. Полная функциональность<br />Простота устройства<br />Гибкость ПО<br />Дешевизна<br />Единое использование<br />Critical<br />Apps<br />Majority of Apps<br />
    40. 40. <br /><br /><br /><br /><br /><br /><br /><br />*Мскс. производительность VPX зависит от сервера<br />
    41. 41. Users<br />NetScalerVPX<br />NetScalerVPX<br />NetScalerVPX<br />NetScalerVPX<br />NetScalerVPX<br />NetScalerMPX<br />Масштабирование веб-фермы<br />
    42. 42. NetScalerVPX<br />Free<br />
    43. 43. NetScaler Push<br />
    44. 44.
    45. 45. App Tier<br />Data Tier<br />Web Tier<br />Users<br />
    46. 46. Reverse Ajax – это возможность получения данных в броузер без прямого взаимодействия с пользователем<br />Модель &quot;Publish-Subscribe&quot;<br />Клиент подписывается на получение информации<br />Сервер доставляет новую информацию при необходимости<br />Много названий и методик<br />HTTP Server Push<br />HTTP Streaming<br />COMET (Server Push + Long Polling)<br />Long Polling<br />BOSH (Bidirectional-streams Over Synchronous HTTP )<br />Web 2.0 - Server Push или Reverse Ajax<br />© The Coding Machine<br />
    47. 47. NetScaler Web 2.0 Push – Итоги<br />Приносит ценность ADC в мир Web 2.0<br />Первый в мире ADC с поддержкой Web 2.0<br />Необходимость принудительной отправки данных без взаимодействия с пользователем<br />Клиент подписывается на обновление<br />Сервер принудительно отправляет новую информацию<br /><ul><li>Расширение рынка ADC для приложений нового поколения</li></ul>Уменьшает необходимость расширения<br />Уменьшает использование серверов в 5-10 раз; увеличивает уровень использования серверов<br />Уменьшает время отклика приложения<br />Обзор<br />Переносит нагрузку Web 2.0 приложенийна устройство NetScaler<br />Доступно: с марта 2009 года<br />
    48. 48. NetScaler 9.1: Rate Limiting<br />
    49. 49. NetScaler 9: AppExpert Rate Controls<br /><ul><li>Правильный пользователь получает соответствующее количество ресурсов
    50. 50. Неправильный пользователь ничего не получает
    51. 51. Один пользователь не отберет все ресурсы
    52. 52. Встроен в ядро NetScaler
    53. 53. Используется во МНОГИХ модулях NetScaler</li></ul>Partners<br />Lines of Business<br />Customers<br />Spiders, botnets, scrapers, etc.<br />
    54. 54. AppExpert Rate Controls<br />ü<br />Action<br />User(s)<br />Object<br />Time<br />Rate<br /><ul><li>Зажать
    55. 55. Исполнить
    56. 56. Responder
    57. 57. Rewrite
    58. 58. Cache
    59. 59. etc.
    60. 60. Сообщить
    61. 61. Log
    62. 62. Trap
    63. 63. IP Address
    64. 64. IP Range/Subnet
    65. 65. Cookie Value
    66. 66. Wildcards
    67. 67. любой заголовокили содержимое…
    68. 68. Vserver IP
    69. 69. URL/URI
    70. 70. Image
    71. 71. File
    72. 72. любой заголовокили содержимое…
    73. 73. Измеряется в мс
    74. 74. Запросы
    75. 75. Пакеты
    76. 76. Полоса</li></ul>Изолируйте критичные объекты или ресурсы<br />
    77. 77. NetScaler 9.1: AppExpert Service Callout<br />
    78. 78. NetScaler 9: AppExpert Service Callouts<br />Доступ<br />Интеграция внешней логики в реальном времени<br />Делает сеть более отвечающей изменениям<br />Уменьшает частоту управления изменениями<br />Позволяет использовать внешнюю логику как «черный ящик»<br />Управление идентификацией<br />Формат/<br />Изменение<br />Запуск внешней логики изнутри политик NetScaler<br />
    79. 79. Пример AppExpert Service Callout<br />3<br />Scraper<br />tracking<br />Приходит запрос<br />NetScaler отправляет IP<br />Приложение проверяет IP<br />Возвращает &quot;yes&quot; или &quot;no&quot;<br />Политика на NetScaler<br />Пропускает запрос, если “yes”<br />Блокирует запрос, если “no”<br />2<br />4<br />1<br />NS Policy<br />NS Policy<br />NS Policy<br />5<br />Website<br />Users<br />Citrix NS<br />
    80. 80. Влияние AppExpert Service Callout на производительность<br />
    81. 81.
    82. 82. NetScaler 9.0<br />NS 9.1 Classic<br />NS 9.1 nCore<br />NS 9.1 VPX<br />Новые ветки программного обеспечения<br />
    83. 83. Решения NetScaler для любого рынка<br />100Gbps<br />SERVICE PROVIDER/TELCO/CLOUD + INTERNET CENTRIC<br />40Gbps<br />20Gbps<br />Средние – Большиепредприятия<br />MPX 17000<br />Software<br />Upgrade<br />18Gb<br />Производительность<br />10Gbps<br />MPX 15000<br />15Gb<br />Software<br />Upgrade<br />SMB/XenApp<br /> MPX 12500<br />1Gbps<br />MPX 10500<br />8 Gb<br />MPX 9500<br />5 Gb<br />3Gb<br />MPX 7500<br />Сотни приложений<br />10<br />1<br />2<br />3<br />Приложения<br />1Gb<br />MPX5500<br />500Mb<br />
    84. 84. Пять новых MPX-устройств<br />MPX 5500<br /><ul><li>Наилучшее соотношение цена/производительность
    85. 85. Полное одновременное использование всех модулей в платиновой редакции
    86. 86. Гранулированное предложение по трафику: от500 Mbps до8 Gbps
    87. 87. Максимальная масштабируемость с nCore
    88. 88. Самый низкий TCO среди ADC</li></ul>MPX 7500 и MPX 9500<br />MPX 10500 и MPX 12500<br />New!<br />
    89. 89. Итого…<br />NetScaler доступен как устройство или ПО<br />Функциональность NetScaler можно изменять лицензией<br />Разгрузка и управление инфраструктурой удобней с семейством продуктов Citrix <br />NetScaler –это высокопроизводительное устройство, которое может выполнять множество функций без потери производительности<br />Балансёры умерли. ADC – это будущее.<br />
    90. 90. Завтра Мастер-Класс<br /><ul><li>Сконфигурировать NetScaler
    91. 91. Настроить модули
    92. 92. Балансировки
    93. 93. Распределения запросов
    94. 94. Сжатия
    95. 95. Rate Limiting
    96. 96. App Firewall
    97. 97. Покопаться в системе
    98. 98. Займет около 2-3 часов(в зависимости от вашей скорости : ))
    99. 99. Берите свой ноутбук!</li></li></ul><li>На стенде: исходникиPush-клиента, новые функции NetScaler вживую, раздача бесплатных VPX<br />Завтра: Мастер-класс, возможность попробовать и настроить NetScaler своими руками<br />Дома: Скачайте NetScaler VPX (90 дней Platinum ed.)<br />Вопросы – nshadrin@citrix.com, +7 (495) 937 82 49<br />А дальше?<br />

    ×