The release we’ve been waiting for… • Quality • Performance v6.1 • QoS
List of key features in Delos releaseSigned SMB (with multi domain support)Encrypted MAPI (with multi domain support)BR-VPX on Hyper-VWCCP Mask enhancements to support low end routersShowTechSupport - Diagnostic Data Collections - UI enhancementsSupport for WCCP -L2 with NSLB on all platforms (SDX and general BR appliances)
Citrix ICA is highly optimized for a WAN……but there are optimizations that cannot occur at theserver farm Remote Optimized WAN Datacenter Repeater Repeater 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 Acceleration TCP Flow Control Data Compression Plug-in Data De-duplication Speed Screen QoS / Traffic Shaping Video Transcoding
Rome Boston San Francisco London Sydney Frankfurt Datacenter BrusselsHong Kong Madrid Hyderabad New York250 ms 200 ms 150 ms 30 ms 20 ms RTT Latency
Key Data Points Repeater Sizing• Bandwidth ○ Consider the sites that do not have Repeater ○ Make the customer aware of the BW requirements of XD and XA ○ Network conditions• TCP Connections ○ Get the concurrent ICA connection count• Network Diagram ○ Stop installation issues before they happen• Application List ○ Find out what the business critical applications are
WAN Optimization AdaptiveAdaptive TCP Adaptive Smart ProtocolFlow Control Compression Acceleration Acceleration WAN Branch Repeater Repeater
Branch Repeater Licensing• Click the Licensing node in the Configuration menu.• Chose the License Server tab if your license requires using a stand alone Citrix License server. • Retail (Appliance, Plug-in, Crypto) • XenDesktop Platinum Entitlement• Chose the Local Licenses tab if your license type required local
Policy Based Routing • Reconfigure the router to forward inbound and outbound WAN traffic to the WANScaler. • Route inbound traffic from the WAN interface to the WANScaler. LAN Traffic WAN Traffic Ingress Ingress Source IP: 10.200.1.203 Source IP: 172.16.5.23 Destination IP: 172.16.5.23 Destination IP: 10.200.1.203 ip next-hop <WANScaler IP> WANScaler
WCCP To LAN To WAN Switch Router GRE Tunnel WANScaler WCCP Mode
Inline Mode• All link traffic passes through the WANScaler appliance.• Traffic cannot bypass the appliance.• Deployed at the LAN/WAN boundary. WANScaler WANScaler WAN Router WAN Router WAN Server Client
First things first… apA2 apA1• Branch Repeater 6.x needs to know where the LAN and WAN are.• Determine and remember which accelerated pair port is connected to the WAN and which to the LAN. •Switch Straight Through Crossover •Router (inline mode) •DSL Modem Cable Cable •Direct to Server •Cable Modem •Direct to Client• Either port can be connected to either side using the proper cables. apA1 apA2 apA1 apA2
Quality of ServiceLink Definition• Define Links • By Accelerated Port • By Source or Destination Network • By WCCP Service Group • By Source or Destination MAC Address • By VLAN Tag• By default link definitions are automatically created for each adapter port.• The number of supported links are limited by Branch Repeater model: • 83xx, 85xx = 5 links • 88xx = 10 links • VPX = up to 5 links• If Links are misconfigured there will be compression values less than 1:1.
Must configure the default apA links• Click on the Links node in the Configuration menu.• Click the Edit button for the first pre- defined apA link.• Configure the link according to network it is connected to; • Link Type (LAN of WAN side) • Bandwidth In • Bandwidth Out • Descriptive Link Name (optional)• Click Save.• Repeat this configuration on both the apA1 and apA2 links.
SMB Support in v5.7• Branch Repeater 5.7 and earlier supported compression and acceleration of unsigned SMB1 traffic only.• If enabled, Signed SMB had to be turned off on servers and clients via group policy to enable acceleration.• Connections from Vista and Win7 clients had SMB2 connections rolled back to SMB1. Citrix Confidential - Do Not Distribute
SMB Acceleration in v6.0• There are three SMB acceleration scenarios you may observe when monitoring SMB CIFS connections. • Unaccelerated SMB 1 or 2 Connections • Accelerated SMB 1 or 2 Connections • Accelerated Signed SMB 1 or 2 Connections Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements• There are three SMB acceleration scenarios you may observe when Connection Type Secure Windows NTLMv1 Partner Domain Required monitoring SMB CIFS connections. Member • Unaccelerated SMB 1 or 2 Connections SMB 1 No No No • Accelerated SMB 1 or 2 Connections • Accelerated Signed SMB 1 or 2 Connections SMB 2 No No No Signed SMB 1 Yes Yes Yes Signed SMB 2 Yes Yes Yes Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements• Domain membership is only required on the server-side Branch Repeater.• Once joined, the appliance or VPX should now have a machine account in the specified domain.• NOTE: Signed SMB is not enabled yet!
SMB Acceleration Requirements• A secure connection must be established between Branch Repeaters (secure partners).• SSL credentials (cert and key) are used for authentication and trust between Branch Repeaters.• The SSL Key Store must be enabled to hold the SSL credentials used by the Branch Repeaters.• A Crypto license is required to enable the SSL feature set. Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements• SSL Support must be enabled by clicking the SSL Encryption node under Configuration.• Trusted SSL credentials must be installed and used to authenticate all Branch Repeaters and create a secure data channel between them. Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements• The Secure Partner connection is configured on a per appliance basis.• A signaling mechanism is used to provide discovery and communication between trusted appliances. Citrix Confidential - Do Not Distribute
The Single Stream ICA Problem compressed and encrypted ICA data •The user creates an ICA session. •User interface traffic is tagged with a priority bit of zero (thin wire). •Branch Repeater identifies the priority tags in real time and applies QoS appropriately.Session Bandwidth
The Single Stream ICA Problem compressed and encrypted ICA data •The user then starts a print job within the ICA session. •Print traffic is tagged with a priority bit of three (real time). •Branch Repeater identifies the new priority tags in real time and applies QoS appropriately.Session Bandwidth
The Single Stream ICA Problem compressed and encrypted ICA data •The user then either returns to the app’s user interface or starts a second application. (thin wire) •The new observed priority bits of the session cause the session to be QoS’ed as a priority zero. •Prioritization of printing traffic is now lost.Session Bandwidth
Multistream ICA in Action compressed and encrypted ICA data •Application UI performance level is maintained. •Printing traffic does not adversely affect this or any other WAN users. Maintain the user experience Session 1 GUI Session 1 Printing Session 2 GUI