12. Smooth migration from IPv4 to IPv6 with Citrix NetScaler - Daniel Künzli

8,515 views
8,074 views

Published on

Citrix NetScaler is the industry’s leading load balancer and application delivery controller (ADC), powering thousands of enterprise applications and the largest web sites in the world. However, we’re just scratching the surface of its potential. Citrix engineers have been hard at work getting NetScaler ready to tackle the next set of IT and application delivery challenges, such as virtual application, desktop and server availability and security. This technical session will highlight how NetScaler can help to migrate from IPv4 to IPv6 and make applications run better and faster.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
8,515
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
97
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

12. Smooth migration from IPv4 to IPv6 with Citrix NetScaler - Daniel Künzli

  1. 1. Citrix NetSclaerService Delivery Systemsmooth transition from IPv4 to IPv6Daniel Künzli, Systems Engineer NGCitrix Systems GmbH, Switzerland
  2. 2. Agenda• Overview• IPv6 integration and translation• Basic features• NetScaler for Citrix XenApp / XenDesktop• NetScaler for SQL• NetSclaer SDX• Citrix Open Cloud Citrix Confidential – For NDA use only
  3. 3. Secure access to Citrix app and desktop virtualizationAn integrated delivery infrastructure Citrix Branch Access Receiver Repeater Gateway XenApp XenDesktop XenServer NetScaler Delivery Network
  4. 4. Citrix NetScalerDas Schweizer Messer für Ihre IT-Infrastruktur
  5. 5. 5 wesentliche Begriffe zum Load Balancing Der "Full Proxy" Ansatz ermöglicht einen deutlich höheren Full Proxy Funktionumfang! TCP Client TCP Backend1. VServer: Nimmt Anfragen der Clients entgegen (14)2. Service (Backend): Netzwerk Endpunkt an den der NetScaler weiter leitet (17)3. Monitor: Prüft periodisch die Funktion des Backend-Services (29+)4. Load Balancing Methode: Auswahl des Services zur Weiterleitung (15+)5. Persistence (Stickiness): Client wird immer an selben Service geleitet (9+)
  6. 6. IPv6 - NetScaler ist durch und durch ready
  7. 7. IPv4 and IPv6 Mixed Mode
  8. 8. Prefix Based IPv6-IPv4 Translation IPv6 Enterprise IPv4 Server V4IP:30.30.30.30 IPv4 InternetIPv6 IPv6 IPv6 Netscaler NAT prefix: 2000::/96 V4IP: 20.20.20.20 IPv6 DB Server 9900::1 IPv4: 20.20.20.20<->30.30.30.30 IPv6: 9900::1 <->2000::30.30.30.30
  9. 9. Prefix Based IPv6-IPv4 Translation• In 9.3, NS can translate packets sent from private IPv6 servers into IPv4 packets, using an IPv6 prefix configured in the NetScaler appliance.• IPv6 packets addressed to this prefix have to be routed to the NS so that the IPv6-IPv4 translation is done by the NetScaler. The IPv6 servers If there is a match, the The NS compares NS generates an IPv4 embed the destination The first 96 bits of the first 96 bits of packet and sets the IP address of the IPv4 the destination IP the destination IP destination IP address servers or hosts in the address field are address of all the as the last 32 bits of last 32 bits of the set as the IPv6 incoming IPv6 the destination IP destination IP address NAT prefix. packets to the address of the field of the IPv6 configured prefix. matched IPv6 packet. packets. Citrix Confidential – For NDA use only
  10. 10. IPv6 Support in INATThe following Inbound Network Address Translation (INAT) configurations are now supported: IPv6-IPv6 Mapping: A IPv4-IPv6 Mapping: A IPv6-IPv4 Mapping: A public IPv6 address on the public IPv4 address on the public IPv6 address on the NetScaler appliance listens NetScaler appliance listens NetScaler appliance listens to connection requests on to connection requests on to connection requests on behalf of a private IPv6 behalf of a private IPv6 behalf of a private IPv4 server. The NetScaler server. The NetScaler server. The NetScaler appliance translates the appliance creates an IPv6 appliance creates an IPv4 packets public destination IP request packet with the IP request packet with the IP address to the destination IPaddress of the IPv6 server as address of the IPv4 server as address of the server and the destination IP address. the destination IP address. forwards the packet to the server at that address. Citrix Confidential – For NDA use only
  11. 11. IPv6 Support in INAT IPv4 Server 74.125.91.100IPv6 IPv4 Internet IPv6 IPv6 NAT Table 2009::100:1 IPv6 DB Server Public IP Private IP 192.168.1.100 2009:ffff:1000::100 192.168.1.100 2009:ffff:1000::200 3ffe:100::100 74.125.91.105 3ffe:100::100 74.125.91.106 192.168.1.100
  12. 12. IPv6 Support in INAT IPv4 public address to IPv6 private address IPv6 public address to IPv4 private address
  13. 13. Schlüsseltechnologien fürAnwendungsbereitstellung B2C B2B P2P Verfügbarkeit Performance Sicherheit• Load Balancing • Surge Protection + Sure Connect Information auf Layer 3 (IP) / Layer 4 (TCP/UDP) Server arbeiten effektiver: Vermeidung von Lastgrenzen entscheiden, auf welche Services weitergeleitet wird und Warteschlangen (Surge Queue)• Content Switching • Global Server Load Balancing (GSLB) Information auf Layer 7 (HTTP, FTP, DNS, RADIUS, TCP, Verteilung des Verkehrs durch intelligente UDP…) entscheiden auf welche Gruppe von Backend- Namensauflösung des NetScalers Services weitergeleitet wird
  14. 14. NetScaler Surge ProtectionServer arbeiten effektiver: Vermeidung von Lastgrenzen und Warteschlangen (Surge Queue) Ohne NetScaler – Server-Überlastung 100% REQUESTS 0% Mit NetScaler Surge Protection 100% REQUESTS 0% SURGE QUEUE
  15. 15. GSLB – Site Load Distribution“ & „Global Naming” 100% 100% 0% www.abc.de 0% 100% 0% www.abc.de Wenn ein vordefiniertes Traffic Load Limit erreicht wurde, wird der User Traffic an alternative Rechenzentren weitergeleitet.
  16. 16. GSLB – Desaster Recovery www.abc.de www.abc.de Im Falle eines Site-Ausfalls wird der Client an das nächst gelegene Rechenzentrum umgeleitet.
  17. 17. GSLB – Load Balancing von „Incoming Traffic"über Providerzugänge• Incoming Traffic steht dabei für eine User- seitig initiierte Verbindung – wird über das GSLB-Feature realisiert.• Outgoing Traffic hingegen beschreibt eine Server-seitig initiierte Verbindung – wird über das LLB-Feature realisiert.• Funktion: NetScaler antwortet auf eine vom ADNS der Haupt-Domain an ihn "delegierte" DNS-Anfrage mit der VServer-IP des Providers ADNS (gslb.cps.com) A oder B (im Bild A)LLB: Link Load Balancing
  18. 18. Schlüsseltechnologien fürAnwendungsbereitstellung B2C B2B P2P Verfügbarkeit Performance Sicherheit• TCP Offload • Erweiterte TCP-Optimierung Befreit Server vom Verbindungs-Management Wesentlich effizientere Verbindungen durch TCP-Windows Scaling, SACK und TCP-Buffering• HTTP Compression Daten-Komprimierung vor Daten-Auslieferung • SSL Offload Übernimmt CPU intensive Entschlüsselungs-Aufgaben• Integrated Caching für Backend-Server NetScaler als Caching Instanz im Netzwerk
  19. 19. TCP Connection Offload…wird möglich durch die NetScaler Full Proxy Architektur SYN SYN+ACK Bestehender Pool • Interrupts an den Server an Server Verbindungen ACK CPUs werden reduziert GET GET • Server wird vor SYN-Floods Data geschützt (Zombie Data Data Connection Schutz) Data Data • Vorhandene TCP- Data FIN Verbindungen werden ACK „re-used“ FIN ACK • Summe der TCP- Verbindungen am Server werden reduziertClient NetScaler Web Server
  20. 20. Application Templates• Ermöglicht applikationsnahe NetScaler Konfiguration• Funktionen: Import, Export, Create, Endpoint Definition, Match Rule pro App- Unit• Vereinfachung und Portierbarkeit der Konfiguration für 6 Basis Funktionen• Templates z.Z. verfügbar für EasyCall, OWA, Sharepoint, SAP NetWeaver, Oracle, Gereric Web-App• http://community.citrix.com/display/ns/Ap pExpertTemplates
  21. 21. Network Visualizer Grafische Netzwerk- Übersicht Konfiguration und Statistiken
  22. 22. Schlüsseltechnologien fürAnwendungsbereitstellung B2C B2B P2P Verfügbarkeit Performance Sicherheit• Schutz auf Application Layer • Filtering, Rewriting und Responder Schutz vor Datendiebstahl und Ausnutzung von Granularer Filter in Hin- und Rückrichtung. HTTP Inhalte Sicherheitslöchern können modifiziert, direkt beantwortet oder umgeleitet werden – NetScaler als „Simultan Dolmetscher“• DoS-Abwehr DoS-Schutz durch Full-Proxy-Architekur, Verhinderung • SSL-VPN (AGEE) von HTTP-DoS-Angriffen Verschlüsselung, Authentifizierung, Autorisierung und Endgeräte-Scan VOR dem Einlass in das Netzwerk
  23. 23. Warum Sicherheit für Web Applikationen? DATEN SQL Injection • Finanzberichte Information Leakage • Kreditkarten-Infos Cross-Site Scripting • Kundendaten HTTP Response Splitting Path Traversal • Mitarbeiterdaten • PatientendatenWeb App Users Network • Persönliche IDs Internet Firewalls Web Apps … aller Attacken zielen heute 82% auf Schwachstellen von Applikationen - Gartner Optimaler Schutz durch NetScaler Web Application Firewall (WAF) !!!
  24. 24. WAF (Web Application Firewall) - Hybrid Security ModelOptimaler Schutz durch Kombination beider Security Ansätze Positiv Hybrid Negativ •Schutz vor Day-0 Schutz vor bekannten •Schneller aktiver Angriffen und unbekannten Schutz vor •Erfordert Lernen Angriffen mit überbekannten Angriffen der Applikations 1200 "on board"- •Erfordert Pflege von Strukturen Signaturen Signaturen
  25. 25. URL Transformation –vereinfachte Konfiguration beim Rewrite von URLs• Erhöhung der Sicherheit durch Verbergen von internen www.abco.com/corpinfo/ Informationen (vergleichbar www.abco.com/products/ www.abco.com/empl/... einem IP-NAT auf Layer-7)• Wechselnde oder historisch gewachsene Applikations-URLs werden zum Kinderspiel http://OldCo/cgi-bin/... http://mktg/default.asp• User wird unabhängig von http://AbCo/finance/default.asp • Applikations-Änderungen • Infrastruktur-Änderungen
  26. 26. Rewrite – NetScaler als „Simultan Dolmetscher“ inHin-(Request) und Rückrichtung (Response)Mit dem "Rewrite Action Evaluator" wird der Test von von Rewrite Konfigurationen zum Kinderspiel…
  27. 27. NetScaler for All100Gbps SERVICE PROVIDER/TELCO/CLOUD + INTERNET CENTRIC MPX 21500 50 Gb 40Gbps MPX 19500 35 Gb 20Gbps MPX 17500 20 Gb License ENTERPRISENetScaler Performance Upgrade MPX 15500 15 Gb VPX 15000 MPX 12500 10 Gb VPX 8000 10Gbps MPX 10500 6 Gb License SMB (ISV) Upgrade MPX 9500 3 Gb VPX 3000 1Gbps MPX 7500 1 Gb VPX 1000 License Upgrade MPX 5500 500 Mb VPX 200 VPX 10 1 2 3 10 100’s Apps / Multi-tenancy Applications
  28. 28. How NetScaler Adds Value to XenApp andXenDesktop• Huge Scalability• Secure Access• High Availability• DR/BC• Integrated Web Interface option• IPv6 to IPv4 translation
  29. 29. Seamless access through Citrix Receiver •Receiver for Windows •Receiver for Mac •Receiver for Linux •Receiver for iPhone •Receiver for Android (in development) •Receiver for Blackberry (in development) •Receiver for Java Citrix Confidential - Do Not Distribute
  30. 30. Driving Customer Value and Citrix Differentiation HQ Office Personalization XenDesktop Farm XenServer Resource Pool Virtual Desktop 1 User User User User User Personalization: User A File Share A B C D E Apps: Office Desktop Delivery OS: Vista Applications Remote User Controller Branch Office Desktop Virtual Desktop 2 Delivery Firewall Firewall Controller XenApp Personalization: User B Controller Data Apps: Office Secure Gateway Collector OS Web OS: XP Interface Virtual Desktop 3 Vista Windows Windows Provisioning XP 7 Personalization: Server Home Office Tablet Apps: Active OS: Directory Data Store License Server DHCP Infrastructure
  31. 31. HQ Office Personalization XenDesktop Farm XenServer Resource Pool Virtual Desktop 1 User User User User User Personalization: User A File Share A B C D E Apps: Office Desktop Delivery OS: Vista ApplicationsSecure Branch Office Remote User ControllerAccess Desktop Delivery Virtual Desktop 2 Firewall Firewall Controller XenApp Personalization: User B Controller Data Apps: Office NetScaler Collector OS Web OS: XP Interface Virtual Desktop 3 Vista Windows Windows Provisioning XP 7 Personalization: Server Home Office Tablet Apps: Active OS: Directory Data Store License Server DHCP Infrastructure
  32. 32. HQ Office Personalization XenDesktop Farm XenServer Resource Pool Virtual Desktop 1 User User User User User Personalization: User A File Share A B C D E Apps: Office Desktop Delivery OS: Vista Applications Secure Branch Office Remote User Controller Access Desktop Delivery Virtual Desktop 2 Firewall Firewall Controller XenApp Personalization: User B Controller Data Apps: Office NetScaler Collector OS Web OS: XP Interface Virtual Desktop 3 Vista Windows Windows Provisioning XP 7 Personalization: Server Home Office Tablet Apps:Strong SLAs Active Directory Data Store OS: License Server DHCP Infrastructure
  33. 33. Driving Customer Value and Citrix Differentiation HQ Office Personalization XenDesktop XenServer Resource Farm Pool Virtual Desktop 1 User User User User User HQ Office Personalization: User A A B C D E File Share Apps: Office Desktop Applications Personalization Remote User Delivery Controller OS: Vista XenDesktop Farm XenServer Resource Pool Branch Office Desktop Virtual Desktop Delivery 2 Virtual Desktop 1 Firewall Firewall Controller XenApp Personalization: User B Controller Data Collector Apps: Office User User User User User NetScaler OS Personalization: User A Web File Share A B C D E Interf OS: XP ace Virtual Desktop Apps: Office 3 Vista Windows Windows Desktop XP 7 Personalization: Delivery Provision ing OS: Vista Applications Secure Server Home Office Tablet Remote User Apps: Controlle Active Branch Office Directory r Data OS: Global Store License Server DHCP Access Infrastructu Desktop Delivery Virtual Desktop 2 Firewall Firewall re Controlle XenApp Personalization: User B Controller NetScaler r Data Collector Apps: Office Availability OS Web HQ Office OS: XP Interface Personalization XenDesktop XenServer Resource Farm Pool Virtual Desktop 1 User User User User User Virtual Desktop 3 Personalization: User A File Share A B C D E Vista Windows Windows Provisioning XP 7 Desktop Apps: Office Personalization: Delivery Applications Server OS: Vista Controller Home Office Branch Office Remote User Tablet Apps:Strong SLAs Desktop Virtual Desktop Delivery 2 Firewall Firewall Controller Active XenApp Personalization: User B Controller OS: Directory Data Apps: Office Data Collector NetScaler Store OS Web Interf ace OS: XP License DHC Server P Virtual Desktop 3 Infrastructure Vista Windows Windows Provision XP 7 Personalization: ing Server Home Office Tablet Apps: Active Directory Data OS: Store License Server DHCP Infrastructu re
  34. 34. Driving Customer Value and Citrix Differentiation HQ Office Personalization XenDesktop XenServer Resource Farm Pool Virtual Desktop 1 User User User User User Personalization: User A A B C D E File Share Apps: Office Desktop Delivery Applications OS: Vista Remote User Controller Branch Office Desktop Virtual Desktop Delivery 2 Firewall Firewall Controller XenApp Personalization: User B Controller Data Collector Apps: Office NetScaler OS Web Interf OS: XP ace Virtual Desktop 3 Vista Windows Windows Provision XP 7 Personalization: ing Secure Server Home Office Tablet Apps: Active Consolidation Directory Data OS: Global Store License Server DHCP Access Infrastructu re Availability HQ Office Personalization XenDesktop XenServer Resource Farm Pool Virtual Desktop 1 User User User User User Personalization: User A A B C D E File Share Apps: Office Desktop Delivery Applications OS: Vista Remote User Controller Branch OfficeStrong SLAs Desktop Virtual Desktop Delivery 2 Firewall Firewall Controller XenApp Personalization: User B Controller Data Collector Apps: Office NetScaler OS Web Interf OS: XP ace Virtual Desktop 3 Vista Windows Windows Provision XP 7 Personalization: ing Server Home Office Tablet Apps: Active Directory Data OS: Store License Server DHCP Infrastructu re
  35. 35. NetScaler in Database Tier Web/App DB Tier NetScaler Solution Tier TDS Protocol aware Connection Scale-Up Optimal Scale-OutInternet Improved Availability High Native SQL HTTP TCP Availability Simple Scalability Conn Multiplexing HA App Security Content Switching HighHigh Availability Simple Microsoft LB SQL Server Performance TCP Load HTTP ADC NetScaler Balancer ADC
  36. 36. NetScaler Benefits Scale Up Scale Out High-Availability • SQL Multiplexing • Native SQL LB • Automated IP failover  Scale TCP connections  Request Switching  Virtual IP based  Host more DBs on Server  Fast App response  Lower cost HA  Reduce # of SQL Licenses • SQL Conn. Offload • SQL aware policies • Intelligent Monitoring  Spare memory/cpu  Read/Write Split  Faster Query execution  Granular Control  Replication state aware
  37. 37. NetScaler SDX• Instances, not partitions• Complete CPU isolation• Complete memory isolation• Version independence• High availability independence• Lifecycle independence Introducing NetScaler SDX
  38. 38. NetScaler MPX 21500 NetScaler SDX 21500 50 Gb/s 50 Gb/s Single VIP 16 instances Up to 18Gbps per instance 8M packets/second
  39. 39. Citrix Open Cloud
  40. 40. Evolutionary Path Forward to the Cloud Hybrid cloud model to access and manage resources and data that may live on or off premise Traditional Hybrid Private Cloud Public Cloud Datacenter Cloud • On premise • On/off premise • Off premise • High fixed cost • Low utility cost • Low utility cost • Full control • Self-service • Self-service • Known security • Fully elastic • Fully elastic • Trusted security • Corporate control
  41. 41. Choice of Many Cloud Models
  42. 42. So … Design for Any-to-Any Hybrid Architectures Public Cloud Apps Private Cloud Hybrid Public Cloud Managed Infrastructure Cloud
  43. 43. NEW! OpenCloud Bridge in a NetShell Global load balancing improves performance as remote users have their sessions routed to the Optimizes application closest or best performing availability through advanced datacenter. L4-7 load balancing and traffic Network management. X Netscaler MPX / VPX Cloud Bridge A truly network-transparent L2 TunnelWAN optimization solution that Tradition doesn’t rely on disruptive IPSec Tunnel al tunneling techniques. Hybrid Datacent Cloud Branch Repeater VPX er
  44. 44. Multiple user databases.. Difficult to manage ActiveDirectory Cloud Private ActiveDirectory Database ENTERPRISE XENAPP / APPS XENDESKTOP IAAS APPS SAAS APPS…with different apps requiring different identities…
  45. 45. One control point but where?Web Especially when standards.. Aren’t SaaS/Cloud Web ApplicationsiPad It may be impossible Sometimes desktop It’s expensive to to change this. Internet can’t be changed change this.Citrix BYOC makes the desktop tricky Enterprise Web Applications
  46. 46. Citrix Open Cloud Access One Identity SaaS/Cloud Web Applications Remote Corporate ActiveDirectory OpenCloud Access Many Applications SSL-VPN Corporate Enterprise Web Applications

×