Submit Search
Upload
Citrix adc technical overview
•
Download as PPTX, PDF
•
0 likes
•
660 views
Roshan Dias
Follow
Citrix Application Delivery Controller overview
Read less
Read more
Software
Report
Share
Report
Share
1 of 150
Download now
Recommended
NetScaler ADC - Customer Overview
NetScaler ADC - Customer Overview
Michelle Guerrero Montalvo
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment Guide
Citrix
CloudStack Architecture
CloudStack Architecture
CloudStack - Open Source Cloud Computing Project
Drive into calico architecture
Drive into calico architecture
Anirban Sen Chowdhary
Nutanix
Nutanix
rosslili
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
Maichino Sepede
Netflix Global Cloud Architecture
Netflix Global Cloud Architecture
Adrian Cockcroft
Hashicorp Corporate Pitch Deck Stenio_v2
Hashicorp Corporate Pitch Deck Stenio_v2
Stenio Ferreira
Recommended
NetScaler ADC - Customer Overview
NetScaler ADC - Customer Overview
Michelle Guerrero Montalvo
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment Guide
Citrix
CloudStack Architecture
CloudStack Architecture
CloudStack - Open Source Cloud Computing Project
Drive into calico architecture
Drive into calico architecture
Anirban Sen Chowdhary
Nutanix
Nutanix
rosslili
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
VxRail Appliance - Modernize your infrastructure and accelerate IT transforma...
Maichino Sepede
Netflix Global Cloud Architecture
Netflix Global Cloud Architecture
Adrian Cockcroft
Hashicorp Corporate Pitch Deck Stenio_v2
Hashicorp Corporate Pitch Deck Stenio_v2
Stenio Ferreira
AWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - Slides
TobyWilman
A cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
NF101: Nutanix 101
NF101: Nutanix 101
NEXTtour
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
Atif Raees
Cloud governance - theory and tools
Cloud governance - theory and tools
Antti Arnell
Api observability
Api observability
Red Hat
Cloud Native In-Depth
Cloud Native In-Depth
Siva Rama Krishna Chunduru
FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611
FSLogix
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...
KCDItaly
Integrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source Tools
All Things Open
Monitoring modern applications using Elastic
Monitoring modern applications using Elastic
Elasticsearch
Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail
Jürgen Ambrosi
Terraform
Terraform
Pathum Fernando ☁
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Zabbix
Hybridcloud & Multicloud with GCP Anthos.pptx
Hybridcloud & Multicloud with GCP Anthos.pptx
HARSH MANVAR
KEDA Overview
KEDA Overview
Jeff Hollan
Monitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & Insights
Synergetics Learning and Cloud Consulting
An Introduction to VMware NSX
An Introduction to VMware NSX
Scott Lowe
Kubernetes Security
Kubernetes Security
Karthik Gaekwad
Creating AWS infrastructure using Terraform
Creating AWS infrastructure using Terraform
Knoldus Inc.
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
Citrix
More Related Content
What's hot
AWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - Slides
TobyWilman
A cloud readiness assessment framework
A cloud readiness assessment framework
Carlo Colicchio
NF101: Nutanix 101
NF101: Nutanix 101
NEXTtour
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
Atif Raees
Cloud governance - theory and tools
Cloud governance - theory and tools
Antti Arnell
Api observability
Api observability
Red Hat
Cloud Native In-Depth
Cloud Native In-Depth
Siva Rama Krishna Chunduru
FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611
FSLogix
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...
KCDItaly
Integrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source Tools
All Things Open
Monitoring modern applications using Elastic
Monitoring modern applications using Elastic
Elasticsearch
Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail
Jürgen Ambrosi
Terraform
Terraform
Pathum Fernando ☁
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Zabbix
Hybridcloud & Multicloud with GCP Anthos.pptx
Hybridcloud & Multicloud with GCP Anthos.pptx
HARSH MANVAR
KEDA Overview
KEDA Overview
Jeff Hollan
Monitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & Insights
Synergetics Learning and Cloud Consulting
An Introduction to VMware NSX
An Introduction to VMware NSX
Scott Lowe
Kubernetes Security
Kubernetes Security
Karthik Gaekwad
Creating AWS infrastructure using Terraform
Creating AWS infrastructure using Terraform
Knoldus Inc.
What's hot
(20)
AWS vs Azure vs Google (GCP) - Slides
AWS vs Azure vs Google (GCP) - Slides
A cloud readiness assessment framework
A cloud readiness assessment framework
NF101: Nutanix 101
NF101: Nutanix 101
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
Cloud governance - theory and tools
Cloud governance - theory and tools
Api observability
Api observability
Cloud Native In-Depth
Cloud Native In-Depth
FSLogix 2.0 Explained 20150611
FSLogix 2.0 Explained 20150611
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo: Getting Rid of Your Clusters Keeping Them...
Integrating Linux Systems with Active Directory Using Open Source Tools
Integrating Linux Systems with Active Directory Using Open Source Tools
Monitoring modern applications using Elastic
Monitoring modern applications using Elastic
Hyper-Converged Infrastructure Vx Rail
Hyper-Converged Infrastructure Vx Rail
Terraform
Terraform
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Hybridcloud & Multicloud with GCP Anthos.pptx
Hybridcloud & Multicloud with GCP Anthos.pptx
KEDA Overview
KEDA Overview
Monitor Cloud Resources using Alerts & Insights
Monitor Cloud Resources using Alerts & Insights
An Introduction to VMware NSX
An Introduction to VMware NSX
Kubernetes Security
Kubernetes Security
Creating AWS infrastructure using Terraform
Creating AWS infrastructure using Terraform
Similar to Citrix adc technical overview
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
Citrix
WVD Partner Event 17 feb 2020 - Citrix Slides
WVD Partner Event 17 feb 2020 - Citrix Slides
kiefter
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Lee Bushen
Keeping Pace with Citrix XenApp and XenDesktop 7.x Evolution
Keeping Pace with Citrix XenApp and XenDesktop 7.x Evolution
eG Innovations
eG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix Workspaces
eG Innovations
Enabling the Future of Work with SD-WAN
Enabling the Future of Work with SD-WAN
Xylos
2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...
Citrix
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix
Citrix solutions - How on earth, as in heaven
Citrix solutions - How on earth, as in heaven
MarketingArrowECS_CZ
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
Kim Jensen
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Lee Bushen
CloudExpo NYC - Citrix Cloud Platforms Best Practices for Architecting Your C...
CloudExpo NYC - Citrix Cloud Platforms Best Practices for Architecting Your C...
mormullins
Citrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud Plattform
Digicomp Academy AG
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Digicomp Academy AG
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securely
David Ayoub
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
Zivaro Inc
Presentation cloud, the whole offer
Presentation cloud, the whole offer
xKinAnx
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco Canada
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Cisco Canada
Similar to Citrix adc technical overview
(20)
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Synergy 2014 - Syn227 Architecting your private cloud infrastructure f...
Citrix Cloud Master Class June 2014
Citrix Cloud Master Class June 2014
WVD Partner Event 17 feb 2020 - Citrix Slides
WVD Partner Event 17 feb 2020 - Citrix Slides
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Citrix Desktop Master Class - Dec 2016 - Moving to Citrix Cloud
Keeping Pace with Citrix XenApp and XenDesktop 7.x Evolution
Keeping Pace with Citrix XenApp and XenDesktop 7.x Evolution
eG Express Cloud for Citrix Workspaces
eG Express Cloud for Citrix Workspaces
Enabling the Future of Work with SD-WAN
Enabling the Future of Work with SD-WAN
2014 08-21 Citrix cloud works with a single management platform technical web...
2014 08-21 Citrix cloud works with a single management platform technical web...
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix Synergy 2014 - Syn228 What's new in Citrix CloudPlatform
Citrix solutions - How on earth, as in heaven
Citrix solutions - How on earth, as in heaven
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
Desktop Master Class - Migrating to Citrix Cloud - Sept 2017
CloudExpo NYC - Citrix Cloud Platforms Best Practices for Architecting Your C...
CloudExpo NYC - Citrix Cloud Platforms Best Practices for Architecting Your C...
Citrix Day 2014: Cloud Plattform
Citrix Day 2014: Cloud Plattform
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
Citrix Day 2013: CloudPlatform & Cloud Portal Business Manager
A10 Networks: Delivering Data Center to Data Center communications securely
A10 Networks: Delivering Data Center to Data Center communications securely
Support Software Defined Networking with Dynamic Network Architecture
Support Software Defined Networking with Dynamic Network Architecture
Presentation cloud, the whole offer
Presentation cloud, the whole offer
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Gain Insight and Programmability with Cisco DC Networking
Gain Insight and Programmability with Cisco DC Networking
Recently uploaded
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
SelfMade bd
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
masabamasaba
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
masabamasaba
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
masabamasaba
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
Jhone kinadey
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
masabamasaba
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
Shrmpro
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
aagamshah0812
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
masabamasaba
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Jim McKeeth
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Bert Jan Schrijver
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
Recently uploaded
(20)
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Citrix adc technical overview
1.
1 © 20177Citrix
| Confidential Citrix ADC TDM JULY 1, 2020 © 2017 Citrix | Confidential
2.
2 © 20177Citrix
| Confidential Citrix is unifying our portfolio Throughout 2018, you will see exciting changes as we unify our product portfolio. As we make it easier to use Citrix products, we're also making it easier to understand the value of our solutions with new names. We’re devoted to simplifying the way you experience Citrix Digital Workspace, Citrix Networking, and Citrix Analytics solutions to deliver secure and personalized experiences with the choice and flexibility that fit your business needs. Content may contain both former and new names in key locations, in an effort to familiarize you with the new portfolio. To learn more about name and product transitions, visit this product guide on Citrix.com. Our Goal Create awareness and understanding of portfolio changes to gain adoption of our new solutions, while preserving the equity of old names as long as necessary. Strategy Connect new names to the new experience, using old names as reassurance and touchstone, until the new map of Citrix is so compelling we’ve moved beyond the old names. Key changes: Citrix ADC transitioning from NetScaler ADC Citrix SD-WAN transitioning from NetScaler SD-WAN Citrix Application Delivery Management transitioning from NetScaler Management and Analytics System (MAS) Citrix Secure Web Gateway transitioning from NetScaler Secure Web Gateway Citrix Web App Firewall transitioning from NetScaler App Security and NetScaler App Firewall. Citrix Gateway transitioning from NetScaler Unified Gateway and NetScaler Access Gateway Citrix Workspace app a new mobile, web, and desktop experience bringing together all the apps and files you need to work Citrix Virtual Apps transitioning from XenApp Citrix Virtual Desktops transitioning from XenDesktop Citrix Content Collaboration transitioning from ShareFile Citrix Endpoint Management transitioning from XenMobile
3.
3 © 20177Citrix
| Confidential Agenda • Introduction • HA and Clustering • SDX • Admin Partitions • Traffic Management • SSL • Networking • Optimization • Action Analytics
4.
© 2019 Citrix
| Confidential Performance Offload SecurityAvailability What is Citrix ADC Citrix ADC has been powering Enterprise and Ecommerce applications since 2002. Load Balancing Acceleration Security SSL Optimization Availability Performance
5.
© 2019 Citrix
| Confidential The Details Platforms Pay-As-You-Grow Editions Standard, Advanced, Premium SDX MPX VPX CPX BLX Citrix ADC IAAS VIP SAAS gateway S1 S2 S3Citrix ADC CG CB FTP SQL HTTP HTTPS DNS TCP UDP AD Es PwO A1 A2 A3 Citrix ADC Optimization SSL Offload TCP Offload TCP Buffering Surge Protection Compression Caching Web Logging HTTP 2.0 Client Keep-Alive SACK/Nagles TCP Westwood+ Security SSL Offload L4-7 ACL Network ACLs DoS Protections Rewrite + Responder Rate Limiting SSL VPN AAA for App Traffic Application Firewall Citrix Gateway Availability Load Balancing (SLB) N+1 Clustering L4-7 Request Switching Advanced Health Checks Content Switching Cache Redirection Global Load Balancing (GSLB) Dynamic Routing / PBR HTTP Callout Citrix ADC DataStream Management & Visibility CLI/GUI Nitro REST API PowerShell MSSCVMM/MSSCOM AppFlow Syslog SNMP AppExpert Policies Citrix ADC DataStream
6.
© 2019 Citrix
| Confidential ScaleUp Scale Out Elasticity with Pay-As-You-Grow Simplicity with Many-In –One Expandability with Add-and-Go Clustering “Grow capacity upto 5x. No New Hardware.” “Better HA than HA. Scalability toTbps.” “80:1footprint reduction. No Compromises.”
7.
© 2015 Citrix
| Confidential High Availability & Clustering
8.
© 2019 Citrix
| Confidential Clustering for High Availability “Need to upgrade a server or Citrix ADC?” …with no downtime?
9.
© 2019 Citrix
| Confidential Traditional HA An Active/Passive Pair of Citrix ADC’s CitrixADC CitrixADC Primary Secondary External Network Internal Network
10.
© 2019 Citrix
| Confidential Citrix ADC High Availability (HA) Essentials • HA is only Active/Standby – The Citrix ADC GUI and CLI refers to this as Primary/Secondary • Citrix ADC supports 2 Modes – Configuration Synchronization. Configs are synched at device start and prior to state change. – Command Propagation. Commands are synchronized at time of execution from Primary to Secondary unit • Communication – HA communication is on UDP port 3003 and 5 UDP packets are sent every second – Communication ONLY happens between the NSIPs of both Citrix ADC’s – Both Citrix ADC’s must be of same build (both Major and Minor) for Synchronization and Propagation – HA communication is on all Enabled Interfaces. Turn -hamon OFF on all unused Interfaces
11.
© 2019 Citrix
| Confidential Citrix ADC HA Tips and Tricks • HA Selection Criteria – If state is the same, select lower IP address as Primary – If state is different (i.e. UP vs Not UP) go with UP as Primary – Best Practice: Add secondary node as Not Up (i.e. have unconnected interfaces Enabled with HAMON ON) • Layer 2 on a Failover – In the event of a fail-over the new Primary will send a Gratuitous ARP – Virtual MACs can be configured on the Citrix ADC – Best Practice: Use Virtual-Macs (VMACs), a floating MAC between both devices • Other Useful Information – A command can be used to force a preemption, or, to mark a unit primary or secondary – Additionally, a failover or synchronization can be force with a command from a Citrix ADC
12.
© 2019 Citrix
| Confidential Why Clustering? • Efficient utilization • Elegant solution to scale up traffic • Dynamic capacity • Ease of management and configuration • Satisfies same requirements as HA – Configuration replication – Fault tolerance 0010010001110100100100010001110101001001 ACTIVE PASSIVE 32X ACTIVE
13.
© 2019 Citrix
| Confidential Citrix ADC Cluster Facts Cluster of Citrix ADC nodes Can be formed with 2 to 32 nodes Single system image for end user Built on Citrix ADC nCore architecture No Chassis or new hardware required Dynamic changes permitted Benefits Provides Linear Scalability Higher Throughput Configuration Scalability Built-in Fault Tolerance Active-Active Support Active-Standby Support
14.
© 2019 Citrix
| Confidential Clustering Scale: Performance + Redundancy Any Form-factor: Cluster VPX, MPX, or SDX True Clustering: Data and Management Plane Scale for Speed Scale for Redundancy App App App App App App App App App App App App App App App App App App App App App App App App App App App App App App App App App App Virtual Appliance Hardware Appliance Multi-tenant Appliance
15.
© 2019 Citrix
| Confidential Cluster logical topology
16.
© 2019 Citrix
| Confidential CCO: Configuration coordinator • Syncs configuration • Propagates commands • Syncs files CCO • Owned by CCO • Used for management Cluster IP
17.
17 © 2017
Citrix | Confidential Clustering Deployment Types
18.
© 2019 Citrix
| Confidential ECMP VIP/32: Node0 VIP/32: Node1 VIP/32: Node2 VIP/32: Node3 Flow receiver Flow processor
19.
© 2019 Citrix
| Confidential CLAG ARP request: CIP:CMAC -> VIP:broadcast ARP reply: VIP:CLAGMAC - > CIP:CMAC CLAG MAC: 02-00-6f-<cluster ID>-00-00
20.
© 2019 Citrix
| Confidential CLAG cont.
21.
© 2019 Citrix
| Confidential LinkSet ARP request: CIP:CMAC -> VIP:broadcast ARP reply: VIP:ARP_OWNER_MAC -> CIP:CMAC
22.
© 2019 Citrix
| Confidential ECMP Link Sets CLAG Upstream device connectivity All nodes must be connected. It can be used in combination with Link Sets Does not require all nodes to be connected All nodes must be connected. It can be used in combination with Link Sets Upstream device configuration YES NO YES Pros Best traffic distribution Transparent to upstream device Better traffic distribution Cons Routes are limited to maximum number supported by router Potential bottleneck. Each VIP is initially handled by only one node Number of switch ports used can be a limitation Distribution Mechanisms Comparisons
23.
© 2019 Citrix
| Confidential Upgrading the Cluster How is that possible? • Upgrade one node at a time Wouldn’t that take down the cluster? • No. Different versions can join the cluster • Node reboots – sessions redistributed • Command propagation disabled Is this documented? • Yes. http://bit.ly/1QBqbp0
24.
© 2019 Citrix
| Confidential • Graceful Handling – Remove a node without affecting the existing connections – Take a node out of the cluster for operational purposes – Add a new node to the cluster. Without impacting existing connections. • Forwarding Session process-local Support & Additional Process-local – configuration – add/set forwardingSession <name> [-processLocal ( ENABLED | DISABLED )] – Traffic hitting particular forwarding session will *NOT* be steered – Deployment guarantees that return traffic lands on the same node • IPv6readylogo • VRRP6 Clustering: Graceful Handling – Node Leave & Join
25.
© 2019 Citrix
| Confidential SDX
26.
© 2019 Citrix
| Confidential Citrix ADC SDX • Multi-tenant Citrix ADC – Up to 115 instances – Version independent – Zero performance loss • Customer Value – Network consolidation – Hardware sensibilities; virtualization benefits – Support for 3rd party components
27.
© 2019 Citrix
| Confidential PCI DSS validation “When properly deployed… Citrix ADC SDX will meet the following PCI DSS version 2.0 requirements, including deployments with in-scope and out-of-scope VPX instances running on the same SDX appliance.”
28.
© 2019 Citrix
| Confidential Citrix ADC SDX • Complete appliance instance per tenant – Complete CPU, memory, and SSL isolation – Independent entity spaces – Independent versioning – Independent maintenance schedule • Complete Network Isolation • No performance degradation
29.
© 2019 Citrix
| Confidential SDX Device-level Resource Pools • Define SDX device resource pools – Set CPU, SSL, Memory, Network – Create pool administrators • Pool administrators – Only have access to their pools – Can create/delete instances as they see fit – Can allocate pool resources as they see fit – Have visibility only into their pools
30.
© 2019 Citrix
| Confidential Details Full ADC Functionality – Citrix ADC SDX supports 100 percent of the ADC functionality available with both hardware-based Citrix ADC MPX appliances and software-based Citrix ADC VPX virtual appliances. This enables Citrix ADC SDX to consolidate all existing ADC deployments without any policy constraints. Complete ADC Isolation – All critical system resources, including memory, CPU and SSL processing capacity are assigned to individual Citrix ADC instances. This ensures resource demands made by one tenant does not negatively impact other tenants’ performance running on the same physical system. It also provides greater security for each ADC instance by providing full separation of traffic flows. Each Citrix ADC instance on SDX has its isolation provided by virtualization technologies – We use Citrix Hypervisor, which isolates CPU, Memory… For hardware acceleration for both Networking and for crypto, we use SRIOV technology that provide similar isolation in hardware. Cavium N3 Devices, don’t have Standard Mailbox for VF-PF communication but use Cavium proprietary mailbox method which implements randomly generated 15 bit signature unique per VF, thus making VF-PF communication highly secure. Pay-As-You-Grow – The Pay-As-You-Grow option delivers on-demand elasticity enabling organizations to easily scale ADC capacity to keep pace with application traffic growth. And because it leverages a software- based architecture, Citrix ADC SDX can scale performance and capacity with a simple software key, eliminating expensive hardware purchases and upgrades.
31.
© 2019 Citrix
| Confidential Simplified Image Upgrade
32.
© 2019 Citrix
| Confidential User Experience - Initial Configuration
33.
© 2019 Citrix
| Confidential User Experience - New Dashboard
34.
© 2019 Citrix
| Confidential User Experience - Provision Citrix ADC
35.
© 2019 Citrix
| Confidential Comparative summary of Citrix ADC Solutions Citrix ADC MPX Citrix ADC VPX Citrix ADC SDX Form Factor Hardened network appliance Software-base virtual appliance Hardened network appliance ADC Density 1 1 Up to 115 Performance Up to 200 Gbps Up to 100 Gbps Up to 200 Gbps Full ADC Functionality ✔ ✔ ✔ Pay-As-You- Grow ✔ ✔ ✔
36.
© 2019 Citrix
| Confidential VPX Scaling • Motivation – Enable HW RSS for Fortville interfaces – Enable users to provision VPX using maximum resources from SDX • Solution – SVM allows VPX with 16 and 10 cores on 25xxx 40G and 14xxx 40G appliances – SVM enables VPX to use cores from both the sockets
37.
© 2019 Citrix
| Confidential Admin Partitions
38.
© 2019 Citrix
| Confidential Key Use Cases Enterprise • IP overlapping • Virtual Routing • Entity space separation • 1 admin – multiple Partitions • Inter partition access • Authentication Service Provider • GUI/CLI/API/Mon Separation • Config/SNMP/Logs Separation • Conn/Tput/Mem Separation • Entity space Separation • RBAC within Partition • IP overlapping Cloud • Most Others • API driven definition • Integration with Orchestration layer
39.
© 2019 Citrix
| Confidential Citrix ADC Without Partition
40.
© 2019 Citrix
| Confidential Citrix ADC With Partition App No 512
41.
© 2019 Citrix
| Confidential
42.
© 2019 Citrix
| Confidential User Plane Data Plane Network Plane Citrix Confidential - Do Not Complete Separation AdminPart Citrix ADC.conf Auditlogs SNMP Debugging File System
43.
© 2019 Citrix
| Confidential Traffic Management
44.
© 2019 Citrix
| Confidential • High availability • Geographical failover for disaster recovery • Secure remote access • Increased performance and efficiency through server offload, caching and compression Citrix ADC – Meets traditional ADC needs
45.
© 2019 Citrix
| Confidential Load balancing and GSLB with Citrix ADC 45 • Load Balancing – Smooths out demand across all available servers – Health monitoring of local resources – Provides high availability if a server fails – Sessions seamlessly transferred to alternative server • Global Server Load Balancing – Allows for disaster recovery - provides HA between sites – Load balancing across geo locations – Optimizes performance across locations sending users to best-performing source Requests Requests
46.
© 2019 Citrix
| Confidential • Provides the intelligence to always direct each request to the right server resource • Continuously monitors the health of application and web servers Layer 7 load balancing Present different content to different users Can be based on IP range, geographical area, language, or device used Balancing Switching Citrix ADC “Airgap” Citrix ADC
47.
© 2019 Citrix
| Confidential Load Balancing • Source IP • Cookie • SSL Session ID • Server-ID in URL Query • Customer Server-ID • Token (header or body) Maintaining User Sessions Distributing Traffic • Least Connections • Lowest Response Time • SNMP-based • IBM SASP • Hash-based • Many more… Monitoring Server Health and Availability • TCP Connection • HTTPS Connection • Extended Content Verification • Scriptable Health Checks TCP and UDP Client Requests
48.
© 2019 Citrix
| Confidential L7 Content Switching HTTP Requests • Anything in request body • Device Type • Language • Cookie • Browser Capability • XML XPath support Client Attributes • Any TCP Request • HTTP Get • HTTP Post Request Protocol Request Method • Any TCP payload value • Any HTTP payload value • Domain • Wildcard URL
49.
© 2019 Citrix
| Confidential • Operates under same general principles as Load Balancing • Load balance traffic between multiple data centers • Evaluate server health to distribute traffic • Works via DNS Global Server Use Case: Maintain business continuity during site level disasters Citrix ADC
50.
© 2019 Citrix
| Confidential Remote Public or Private B2B Global Server Load Balancing P2P Site B Site A Site B Site A B2C
51.
© 2019 Citrix
| Confidential Content Switching Virtual Server Support for GSLB Introduction • Current GSLB Deployment Limitations: – Cannot limit the number of GSLB service for selection – Limited support for Selecting service on basis of traffic – Separate GSLB backupVserver for subset of GSLB service • Feature Support: – Limiting number of service on the basis of CS policy/traffic type – Can defined separate backup vserver for every GSLB vserver
52.
© 2019 Citrix
| Confidential Citrix ADC and SQL • Citrix ADC allows better scalability – Scale-out rather than Scale-up • Lower costs by using more, smaller servers • Improved availability of data • Intelligent load balancing and content switching – Citrix ADC can parse SQL • Reduced CPU usage = lower license costs • Citrix ADC reduces CPU usage of SQL Servers • Caching means fewer requests need to go to the SQL Servers • Citrix ADC handles the encryption, taking load off the servers • Improved user experience from reduced data retrieval latency
53.
© 2019 Citrix
| Confidential DataStream App Server App Server App Server App Server App Server App Server App Server App Server App Server App Server App Server App Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server 1. SQL-intelligent load balancing 2. Offloads database connections 3. Up to 20x increase in performance 4. HA and Disaster Recovery 5. MS SQL Server and MySQL support Citrix Exclusive. Competition offer no policy controls, no performance improvements. SQL Server
54.
© 2019 Citrix
| Confidential Delivering Microsoft Applications • Business critical applications • Availability is enhanced through load balancing • ‘Improved security • Secure access required over SSL – often internally as well • Application firewall protection • Simple deployment via templates, including Hyper-V • Small deployments benefit from VPX • Mobile access to email via native apps • Reduced load on server – do more with existing servers
55.
© 2019 Citrix
| Confidential Why Citrix ADC for Exchange 2013? Availability Performance User ExperienceSecurity
56.
© 2019 Citrix
| Confidential Reduced Load on Servers Supports greater user capacity and more apps with minimal investment SSL EMPLOYEES PARTNERS CUSTOMERS • SSL Offload • TCP Multiplexing and Buffering • Static and Dynamic Caching • HTTP Compression
57.
© 2019 Citrix
| Confidential • Protocol Extensions - the feature to provide custom protocol support on Citrix ADC using extensions. • Extensions on Citrix ADC refers to the high level scripting infrastructure available on Citrix ADC. • Support for TCP based protocols • To add a custom protocol to Citrix ADC, users need to write extension code to implement the applicable behaviors. L7 SLB Extensions Citrix ADC.se nd() Citrix ADC.pi pe() Citrix ADC.tc p.strea m() Sample Code API Commands
58.
© 2019 Citrix
| Confidential w/ MQTT Citrix ADC
59.
© 2019 Citrix
| Confidential Message Based Load Balancing – Parse the first MQTT Connect packet/message and do LB based on – Client ID – Token based LB – Session Persistence – User defined session persistence SSL – Acceleration/Offloading – Backend re-encryption or end-to-end encryption – Client authentication, certificate status check (revocation lists, OCSP) Features In Citrix ADC Deployment Models
60.
© 2019 Citrix
| Confidential MQTT Example Topology
61.
© 2019 Citrix
| Confidential SSL
62.
© 2019 Citrix
| Confidential Auto Detection of CertKey Encoding • Citrix ADC can now auto-detect the encoding type and load the certificate and key. – No need to figure out and give the “–inform” option. • Supported Formats: PEM, DER, PFX/PKCS#12 • For PFX, with “–bundle” option of “add certkey” command. – Citrix ADC will parse the PFX file. – Load the server-cert and server-key – Load all the Intermediate-CA certs present in the PFX file – Link the certificates.
63.
© 2019 Citrix
| Confidential • SSL Handshake reset by server when SHA 384/512 server or intermediate cert used on Microsoft IIS servers • Earlier added signature extensions (11.0 65.31) – RSA-MD5 – RSA-SHA1 – RSA-SHA256 SSL Signature Extension
64.
© 2019 Citrix
| Confidential SSL OCSP Stapling Use Case: Certificate Revocation Status Check OCSP Responder Server Clients connects to secure SSL VIP Citrix ADC checks revocation status of server certificate Citrix ADC staple OCSP response along with certificate • Improve the overall TLS handshake performance by offloading clients from finding certificate revocation status.
65.
© 2019 Citrix
| Confidential • Improve TLS session resumption by offloading servers from storing session details in its memory • With TLS session ticket, clients store session details. In client hello, they send the session ticket which is used for session resumption. Session Tickets Use Case Client Random TLS Session Ticket Client and Citrix ADC have same session key and thus encrypted session can begin Shortened SSL handshake System Profiles SSL Profile ns_default_ssl_profile_frontend
66.
© 2019 Citrix
| Confidential • Missing ciphers are prioritized for H2 ‘17. Cipher support matrix Cipher/Protocol Near Future MPX/SD X VPX FIPS 9700 series FIPS 14000 series TLS 1.1/1.2 Frontend TLS 1.1/1.2 Backend ECDHE Frontend ECDHE Backend GCM, SHA2 Frontend GCM, SHA2 Backend ECDSA Frontend ECDSA Backend Legends Supported In 12.0 For complete details, see - http://docs.citrix.com/en- us/netscaler/11- 1/ssl/cipher_protocl_support_matri x.html
67.
© 2019 Citrix
| Confidential DEFAULT Cipher Alias Re-ordering (Front-end) • Give preference to AES/AES-GCM/ECDHE ciphers. • De-prioritize RC4 ciphers. • No ciphers dropped. New Cipher Re-Order List TLS1-AES-256-CBC-SHA (0x0035) TLS1-AES-128-CBC-SHA (0x002f) TLS1.2-AES-256-SHA256 (0x003d) TLS1.2-AES-128-SHA256 (0x003c) TLS1.2-AES256-GCM-SHA384 (0x009d) TLS1.2-AES128-GCM-SHA256 (0x009c) TLS1-ECDHE-RSA-AES256-SHA (0xc014) TLS1-ECDHE-RSA-AES128-SHA (0xc013) …………...... ……………… ……………… 28 ciphers… Old Cipher Re-Order List SSL3-RC4-MD5 (0x0004) SSL3-RC4-SHA (0x0005) SSL3-DES-CBC3-SHA (0x000a) TLS1-AES-256-CBC-SHA (0x0035) TLS1-AES-128-CBC-SHA (0x002f) SSL3-EDH-DSS-DES-CBC3-SHA (0x0013) TLS1-DHE-DSS-RC4-SHA (0x0066) TLS1-DHE-DSS-AES-256-CBC-SHA (0x0038) …………...... ……………… ………………28 ciphers…
68.
© 2019 Citrix
| Confidential Cipher Re-ordering (Back-end) • Give preference to AES/AES-GCM/ECDHE ciphers. • RC4-SHA still on top. – Internal network. – Legacy servers. • No ciphers dropped. New Cipher Re-Order List TLS_RSA_WITH_RC4_128_SHA (0x0005) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_RSA_WITH_RC4_128_MD5 (0x0004) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) TLS_DHE_DSS_WITH_RC4_128_SHA (0x0066) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) …………...... ……………… ……………… 55 ciphers… Old Cipher Re-Order List TLS_RSA_WITH_RC4_128_MD5 (0x0004) TLS_RSA_WITH_RC4_128_SHA (0x0005) TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003) TLS_RSA_WITH_DES_CBC_SHA (0x0009) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064) TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 (0x0060) ………………. ……………… ……………… 55 ciphers…
69.
© 2019 Citrix
| Confidential69 SSL Manageability Improvement • Default SSL Profile – Convenient adding/removing/reordering ciphers and cipher groups – Better control over SSL parameters • SSL Certificate management improvement – Minimum steps; maximum usecase coverage – Least possibility of error Reporting and Debugging Improvements • SSL N3 chip utilization reporting on MPX appliances • TLS 1.1/1.2 session and connection reporting • Client authentication counter at VIP level Citrix ADC
70.
© 2019 Citrix
| Confidential SSL Profile * • Profile – container object which represents a combination of several SSL attribute objects. • All settings on SSL vserver, global SSL parameters (*)– are available on profile. • Changes to a profile is directly reflected to all vserver it is bound to. • New Changes: • Global and per vserver SSL profile. • Global Default Profile. • Enabled via “set ssl parameter” command • Newly created SSL vserver inherits the default profile. • Only one profile bound to a vserver.
71.
© 2019 Citrix
| Confidential ECDHE Rocks Elliptic Curve Cipher DH Key Exchange Perfect Forward Secrecy • Uses smaller keys • Requires less CPU and memory • ECC is faster • ECC is more secure • Best key exchange mechanism • No exchange of pre- master secret • Future protection of data • ECC compensates the cost of PFS in ECDHE
72.
© 2019 Citrix
| Confidential SNI Host multiple domains on a single IP • Server Name Indication allows multiple applications to run on one IP address and port • Bind multiple certificates to one server; one for each application • Enables a server to host a group of domain names • Client indicates which hostname to connect in client hello • Most browsers support SNI; its time for servers now Client hello Requesting site1.com Server hello Site1 Certificate Site1 cert Site2 cert Site3 cert
73.
© 2019 Citrix
| Confidential SAN One certificate, multiple domains • Subject Alternative Names allows various values for fields within a certificate • More powerful than wildcard certificates • Great when protecting alternate domains with the same website • Ex. site1.com and site1.org • Improves certificate management across multiple servers
74.
© 2019 Citrix
| Confidential Citrix ADC FIPS Solutions MPX SDX MPX/SDX 14000 FIPS
75.
© 2019 Citrix
| Confidential Thales nShield SDX VPX MPX Tamper response mechanisms - mechanisms that wipe out keys and “critical security parameters” if the cover is opened or if physical probing is detected • Network-attached hardware security module (HSM) • FIPS 140-2 Level 3 and Common Criteria EAL 4+ certified • Protects and manages private keys • Identity-based authentication mechanisms • Strong separation of duties FIPS 140-2 Level 3
76.
© 2019 Citrix
| Confidential • HSTS can now be enabled in both SSL Profiles & in VServers – HSTS is how web servers inform clients to always use SSL – Uses HTTP response header field "Strict-Transport-Security“ https://tools.ietf.org/html/rfc6797 HSTS (HTTP Strict Transport Security) C L I E N T SERVER HTTP GET / Redirect HTTPS:// GET / HTTPS GET / HTTP GET / Redirect HTTPS:// GET / HTTPS GET / C L I E N T SERVER Redirect HTTPS:// GET / HTTPS GET / HTTP GET / HTTPS GET / HTTPS GET / Without HSTS With HSTS
77.
© 2019 Citrix
| Confidential Qualys SSL Labs Report: Citrix ADC MPX/SDX/VPX http://blogs.citrix.com/2015/05/22/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-the-sequel/
78.
© 2019 Citrix
| Confidential How to get that “Awesomeness” Disable SSL 3.0 TLS 1.2 must be enabled RC4 ciphers must be removed Implement Strict Transport Security Both server certificate and intermediate certificates should be SHA2 signed Cipher list to prefer ECDHE Servers should support TLS_FALLBACK_SCSV http://blogs.citrix.com/?p=174211630
79.
© 2019 Citrix
| Confidential SSL ECC Optimization –On MPX - Observed 2x to 9x improvements** for ECDHE-RSA2K • Depending on the MPX Platform configurations (No. of Cores and No. Of Cavium Cards) • Refer to official specs for ECDHE numbers on various platforms –On VPX – 2x-6x improvements** over current ECDHE-RSA2K numbers –Available in Oban (12.0); Also released in 11.1- MR/Q4 2016 –* Refer to official specs for per-core numbers –On MPX/SDX Platforms* (ECDHE-RSA2K) • Hybrid ECDH Approach (CPU + Card processing) • Offload ECC operations* to Software/ CPU (to configured CPU quota) • Additional ECC operations* done on card • RSA Operations done on card • Hybrid ECC Feature - DISABLED by default • ENABLE by configuring “Software Crypto acceleration CPU Threshold” SSL Parameter • E.g. “set ssl parameter -softwareCryptoThreshold 90” –On VPX Platforms (ECDHE-RSA2K) • 64bit Optimized ECC in 32bit PE (via far-call) and 64bit PE (native) SSL TPS (VPX) 1 PE (12.0/Oban) 1PE (11.0) ECDHE-RSA2K (256 Curve) 1100* * - with AVX2 support on Citrix Hypervisor 7.0 180
80.
© 2019 Citrix
| Confidential – More Optimizations on VPX Platforms for RSA – Integrated substantial improvements (algorithmic and processor specific optimizations) for RSA operations from latest OpenSSL (contributed by Intel) – Observed 2x-3.5x improvements in RSA per-core TPS numbers compared to 11.x numbers. – Refer to official specs for per-core numbers SSL RSA Optimization for Citrix ADC VPX – For RSA-2K more optimization available on processors supporting AVX2 instruction set (Haswell onwards) – NSPPE determines at run-time if AVX2 is supported by underlying processor/hardware – Requires underlying Hypervisor support to determine AVX2 support – Citrix Hypervisor 7.0 and VMWare VSphere 6.5 SSL TPS 1PE (12.0/Oban) 1 PE (11.0) RSA-2K 1300* * - with AVX2 support on Citrix Hypervisor 7.0 370* * base 64bit farcall optimization only
81.
© 2019 Citrix
| Confidential Networking
82.
© 2019 Citrix
| Confidential Highlights Full proxy IPv6-IPv4 Server Load Balancing Full featured WAF for IPv6 Static and Dynamic Routing support Best IPv6 / IPv4 performance ratio Feature parity with IPv4 NAT64, NAT46, DNS64 ACL, RNAT, INAT Full featured WAF for IPv6 Static and Dynamic Routing support No additional license fee for IPv6 IPv6 management
83.
© 2019 Citrix
| Confidential Citrix Confidential – For NDA IPv6 Features Summary • Routing • Dynamic (OSPF, RIP, BGP) & Static • Neighbor Discovery • Address Resolution, DAD, Neighbor Unreachability, Router Discovery • Path MTU discovery • VLANs • Port Based • Prefix Based • VMACs • DNS Networking • ACLs • RNAT • PBR • Application Firewall • DDoS Protection • HDOSP • Surge Protection • Sure Connect • Priority queuing Security • Mixed mode deployments • IPv4 and IPv6 coexistence • Layer 4/7 Load Balancing • SSL Offload • IPv6 monitors • DSR and USIP • LLB Load Balancing / Performance • Dual-Stack support • IPv4-IPv6 and IPv6- IPv4 NAT • Prefix Based Translation • Host Header Modification Migration IPv6 addresses for NSIPs (SNIPs, VIPs) IPv6 Protocols (TCP6, UDP6, ICMP6) Ping6, Telnet6, SSH6 SNMP and CVPN for IPv6 HA Management • Integrated Caching • Compression • Rewrite • Responder • Rate Limiting • AAA-TM Application Layer Support
84.
© 2019 Citrix
| Confidential • Clients Migration – Mix of IPv4 and IPv6 clients – IPv6 clients access IPv4 servers • Slow Server Migration – Mix of IPv4 and IPv6 servers – IPv4 clients access IPv6 servers • Test IPv6 Ready Applications without upgrading the entire infrastructure to IPv6 Use Cases
85.
© 2019 Citrix
| Confidential • Make your IPv4 web applications available to external IPv6 users • No changes to existing server infrastructure • Performance, Availability, Reliability and Security of application preserved SLB64 – Internet Edge IPv6 Internet IPv4 Internet IPv4 Network IPv6 VIPs exposed to IPv6 users
86.
© 2019 Citrix
| Confidential • SLB for IPv6 applications (e.g. Microsoft DA / UAG) • Make IPv6 applications available to IPv4 and IPv6 clients • Feature parity with IPv4 for advanced ADC functions IPv6 Application Load Balancing IPv6 Internet IPv4 Internet IPv6 Network IPv4 Network
87.
© 2019 Citrix
| Confidential Client facing (Virtual IP) Server facing (SNIP) IPv4 IPv4 IPv6 IPv4 IPv4 IPv6 IPv6 IPv6 Citrix Confidential – For NDA Support matrix
88.
© 2019 Citrix
| Confidential IPv6 Connection Mirroring • An active Citrix ADC vserver can now sync its IPv6 connection table to the standby Primary Active Secondary Stand-by Primary Active
89.
© 2019 Citrix
| Confidential NAT • SLB NAT • Layer 3 NAT • INAT • RNAT • Prefix based IPv6-IPv4 NAT
90.
© 2019 Citrix
| Confidential –SLB NAT is used when server responses don't automatically pass through the Citrix ADC One-Arm mode Servers and the Citrix ADC are in different subnets –SLB NAT is performed only when USIP is DISABLED SLB NAT 10.102.1.21 10.102.1.25 - 30 10.102.1.11 10.102.1.15 – 20 10.102.1.1 10.102.1.5 – 10 Sales Server Server Eng Server Server Manf Server Server Citrix ADC performing SLB NAT
91.
© 2019 Citrix
| Confidential –SNIP/MIP used as source IP for backend communication –Network profiles used for selecting source IP (SNIP/MIP) –Network profiles can be associated with service/vserver SLB NAT – Network profile 10.102.1.21 10.102.1.25 - 30 10.102.1.11 10.102.1.15 – 20 10.102.1.1 10.102.1.5 – 10 Sales Server Server Eng Server Server Manf Server Server Network Profiles for selecting source IP
92.
© 2019 Citrix
| Confidential • Use Source IP (USIP) Enabled – Client IP is always used for backend communication • Network Profile and USIP disabled – Network Profile bound to service is used – Network Profile bound to servicegroup is used – Network Profile bound to vserver is used • Network Profile and Monitoring – Network Profile bound to monitor is used – Network Profile bound to service is used – Network Profile bound to servicegroup is used Network Profile – order of selecting source IP
93.
© 2019 Citrix
| Confidential • Adding a Network Profile – add netprofile salesNetPro -srcIp 10.102.1.1 • Adding Network Profile with IPSET – add netprofile salesNetPro –srcIp rangeIP • Setting a Network Profile – set netprofile salesNetPro -srcIp 192.168.1.1 • Binding a Network Profile – set lb vserver salesVs –netProfile salesNetPro – set service salesSvc –netProfile salesNetPro – set servicegroup salesSvcGrp –netProfile salesNetPro – set monitor sales_mon –netProfile salesNetPro Network Profile – Configuration
94.
© 2019 Citrix
| Confidential • Apple want to choose source IP for Syslog traffic • Source IP now can be used to identify syslog traffic • Firewalls can be configured for the specific source IP Use case for NetProfile
95.
© 2019 Citrix
| Confidential INAT Citrix ADC replaces the destination IP address 1. Types of L3 NAT – INAT
96.
© 2019 Citrix
| Confidential • Destination IP translation • Supported Scenarios: IPv4-IPv4 Mapping IPv4-IPv6 Mapping IPv6-IPv4 Mapping IPv6-IPv6 Mapping INAT – Destination NAT
97.
© 2019 Citrix
| Confidential INAT – Source IP Selection Is USIP Enabled Use Client IP Yes No Is Proxy IP Configured Use Proxy IP Yes No Is USNIP Enabled Use SNIP Yes No Is MIP Configured ? Use MIP Yes No Error
98.
© 2019 Citrix
| Confidential • add inat <name> <publicIP> <privateIP> [-tcpproxy ( ENABLED | DISABLED )] [-ftp (ENABLED | DISABLED )] [-usip ( ON | OFF )] [-usnip ( ON | OFF )] [- proxyIP <ip_addr|ipv6_addr>] [-tftp (ENABLED | DISABLED )] [-mode (ENABLED | DISABLED )] – Public IP can be one of the Citrix ADC owned VIPs – Private IP – Translation IP – TCP Proxy: Useful for security reasons to mitigate DoS / DDoS attacks – Enabled: Maintains the TCP session state – Disabled: Does not maintain the TCP session state • rm inat <name> • show inat [<name>] INAT - Configuration
99.
© 2019 Citrix
| Confidential 2. Types of L3 NAT – RNAT RNAT Citrix ADC replaces the source IP address
100.
© 2019 Citrix
| Confidential • Address based translation: NATing is performed for all packets matching the address • Extended ACL based translation: NATing is performed for all packets matching the configured ACL • NAT IP address used in translation: – SNIP or MIP – Unique IP configured as part of the NAT rule (-natip option) • RNAT takes precedence over USIP mode if configured RNAT – Source NAT
101.
© 2019 Citrix
| Confidential • NATIP is always used when configured • If NATIP is not configured – Based on the destination – source IP is selected from – VIP – If explicitly configured using NATIP – SNIP – If USNIP is ON – MIP – For rest of the cases • For RNAT in LLB – source IP selection is based on the router (Check LLB documentation for more details) Citrix Confidential – For NDA RNAT – Source IP Selection
102.
© 2019 Citrix
| Confidential RNAT – Example Scenario Blue Colored Flow: 1. Packet generated by server: Src = 192.168.2.1; Dst = 100.100.100.1 2. Packet Received by client: Src = 200.200.200.202; Dst = 100.100.100.1 3. Response from client: Src = 100.100.100.1; Dst = 200.200.200.202 4. Response received by server: Src = 100.100.100.1; Dst = 192.168.2.1 Red Colored Flow: 1. Packet generated by server: Src = 192.168.1.1; Dst = 100.100.100.1 2. Packet Received by client: Src = 200.200.200.201; Dst = 100.100.100.1 3. Response from client: Src = 100.100.100.1; Dst = 200.200.200.201 4. Response received by server: Src = 100.100.100.1; Dst = 192.168.1.1
103.
© 2019 Citrix
| Confidential • set rnat <IPAddress> <netmask> – MIP or SNIP will be used for translation • set rnat IPAddress <netMask> -natip <NATIPAddress> – Provide a single IP or a range in < NATIPAddress> – NATIP will be used for translation • set rnat <aclname> [-redirectPort <port>] – MIP or SNIP will be used for translation for packets matching the ACL – rediectPort – destination port to which traffic is redirected • set rnat <aclname> [-redirectPort <port>] -natIP <NATIPAddress> – Provide a single IP or a range in < NATIPAddress> – NATIP will be used for translation for packets matching the ACL – rediectPort – destination port to which traffic is redirected • show rnat Citrix Confidential – For NDA RNAT Configuration
104.
© 2019 Citrix
| Confidential Source: 2001::1 Destination: 3ffe::74.125.91.105 IPv6 Packet Source:202.12.46.10 [Citrix ADC] Destination: 74.125.91.105 IPv4 Packet • IPv6 to IPv4 translation based on the matching prefix • Destination IP is translated based on the configured prefix – last 32 bits are used as the IPv4 address • Configuration – set ipv6 [-natprefix <ipv6_addr|*>] – show ipv6 Prefix based IPv6-IPv4 translation Citrix ADC NS1
105.
© 2019 Citrix
| Confidential NAT Summary Scenario INAT RNAT SLB NAT 1:1 Provide a Private IP corresponding to the public IP Provide only one IP in the rule with configured NATIP Address Combination of Listen rule and Net Profile with one IP attached to Vserver N:1 Provide same Private IP in different INAT rules Provide a subnet in the RNAT rule Net Profile with one IP attached to Vserver M:N NA Provide a subnet in the RNAT rule and a range in NATIP Addresses Net Profile with range / subnet IP attached to Vserver
106.
© 2019 Citrix
| Confidential • Protocols Supported – Routing Information Protocol (RIP) version 2 – Open Shortest Path First (OSPF) version 2 – Border Gateway Protocol (BGP) – Routing Information Protocol next generation (RIPng) for IPv6 – Open Shortest Path First (OSPF) version 3 for IPv6 – ISIS Protocol • Protocols uses industry standard ZebOS Dynamic Routing
107.
© 2019 Citrix
| Confidential Dynamic Routing Protocol Command Reference Guide Unsupported Commands OSPF OSPF Command Reference •Domain-id command •Graceful restart related commands •OSPF-TE related commands •OSPF-VPN related commands •CSPF-TE related commands •ip ospf resync-timeout command •capability opaque command •enable ext-ospf-multi-inst command IPv6 OSPF (OSPFv3) OSPF Command Reference •Graceful restart related commands •OSPF-TE related commands BGP BGP Command Reference •VPN/VRF related commands •Graceful restart related commands •MPLS related commands •6PE commands (IPv6 provider edge) •MD5 authentication related commands •Multicast options •set-overload-bit command IS-IS IS-IS Command Reference •capability cspf command •enable-cspf command •mpls traffic-eng command •mpls traffic-eng router-id command •multi-topology for ipv6 address family related commands RIP and IPv6 RIP (RIPng) - •neighbor command Dynamic Routing
108.
© 2019 Citrix
| Confidential • Use Case – Ability to send across larger frame size on network which helps with large file transfer and content download use cases. • Feature – Receiving and transmitting jumbo frames containing up to 9216 bytes of IP data – Jumbo Frames support for following protocols – TCP – UDP – HTTP – SIP – Radius – nCore is being validated in 10.5 Jumbo Frames
109.
© 2019 Citrix
| Confidential Standard Ethernet Frame vs Jumbo Frame Application Data (8500 bytes) H D R Application Data 1500 bytes H D R Application Data 1500 bytes H D R Application Data 1500 bytes H D R Application Data 1500 bytes H D R Applicati on Data <1500 bytes H D R Application Data 1500 bytes H D R Application Data HDR + 8500 bytes Say, Transferring a file of size 8500 bytes Standard Ethernet Frame Jumbo Frame
110.
© 2019 Citrix
| Confidential Benefits of Ethernet jumbo frames Big Payloads Increased Throughput and Goodput Fewer Packets Less Packet switching Reduced Network I/O Lowered CPU Usage Reduced Protocol Processing
111.
© 2019 Citrix
| Confidential VXLAN Support • Virtualization has placed increased demands on the physical networking infra • VMs may be grouped according to their Virtual LAN, limit of 4096 is inadequate • Need to host multiple tenants, each with their own isolated networking domain • Each tenant may independently assign mac-addresses and VLAN IDs. • Need for overlay network which is used to carry MAC traffic from individual VMs in an encapsulated format over logical “tunnel”
112.
© 2019 Citrix
| Confidential Multi-tenancy (Server reachability over VxLAN only) add partition p1 add partition p2 add vxlan 1000 add vxlan 2000 bind partition p1 –vxlan 1000 bind partition p2 –vxlan 2000 add bridgetable -mac 00:00:00:00:00:00 -vxlan 1000 -vtep 10.216.1.1 add bridgetable -mac 00:00:00:00:00:00 -vxlan 2000 -vtep 10.216.1.2 Switch partition p1 bind vxlan 1000 –ipAddress 192.168.1.10 255.255.255.0 Switch partition p2 bind vxlan 2000 –ipAddress 192.168.1.10 255.255.255.0 SERVER A SERVER B CLIENT A CLIENT B Partition1 Partition2 Citrix ADC CLIENT IP : 123.1.1.1 VIP : 65.1.1.1 SERVER IP : 192.168.1.11 vtep 1 vtep 2 VTEP : 10.216.1.1 VTEP : 10.216.1.2 SERVER IP : 192.168.1.11
113.
© 2019 Citrix
| Confidential Multi-tenancy( Server reachability over VLAN/stretched VxLAN) add partition p1 add partition p2 add vxlan 1000 –vlan 100 add vxlan 2000 -vlan 200 bind partition p1 –vlan 100 bind partition p2 –vlan 200 add bridgetable -mac 00:00:00:00:00:00 -vxlan 1000 -vtep 10.216.1.1 add bridgetable -mac 00:00:00:00:00:00 -vxlan 2000 -vtep 10.216.1.2 Switch partition p1 bind vlan 100 –ipAddress 192.168.1.10 255.255.255.0 Switch partition p2 bind vlan 200 –ipAddress 192.168.1.10 255.255.255.0 SERVER A SERVER B CLIENT A CLIENT B Partition1 Partition2 Citrix ADC CLIENT IP : 123.1.1.1 VIP : 65.1.1.1 SERVER IP : 192.168.1.11 vtep1 vtep2 VTEP : 10.216.1.1 VTEP : 10.216.1.2 SERVER SUBNET VLAN 100 SERVER SUBNET VLAN 200 SERVER IP : 192.168.1.11
114.
© 2019 Citrix
| Confidential Bridging between VLAN and VXLAN VTEP SERVER 2 VLAN 2 VXLAN 20000 SERVER 1 enable Citrix ADC mode L2 add vxlan 20000 –vlan 2 add ipTunnel tun1 224.0.0.7 255.255.255.255 * -protocol vxlan bind vxlan 20000 –tunnel tun1
115.
© 2019 Citrix
| Confidential Citrix ADC VXLAN Capabilities • Server / client reachability over VXLAN tunnels • Bridge traffic between VLAN and VXLAN segments • Two types of VXLANs – VXLANs that stretch / extend existing VLAN – VXLANs as independent Layer 3 entities - scale beyond the limit of 4K vlans • Unicast and Multicast VXLAN tunnels – No support for IGMP as yet – VTEPs should be one hop away when tunnel is multicast • VXLAN port configurable (default 4789) • Identical VXLAN configuration on HA nodes • Scaling – 4K vlan extensions and 2K layer 3 configurations
116.
© 2019 Citrix
| Confidential • Bridge table learns VNID, VTEP • VNID, VTEP configurable for static ARP/ND6 • ACL, ACL6, PBR, PBR6 policies to match VXLAN • Policy expressions to match VXLAN • VXLANs can be bound to traffic domains • IPv4 / v6 address can be bound to VXLANs • VXLAN stat / snmp support Citrix ADC VXLAN Capabilities
117.
© 2019 Citrix
| Confidential Bidirectional Forwarding Sessions • BGP Neighbor fall-over feature • Bidirectional Forwarding Detection (BFD) is a network protocol used to detect faults between two forwarding engines connected by a link
118.
© 2019 Citrix
| Confidential Optimization
119.
© 2019 Citrix
| Confidential Caching AppCache • Reduce Server workloads by removing repeatable content • Caching allows content to be held on the Citrix ADC • Prepopulation or policy driven should content become popular • Improved user experience • Less strain on server infrastructure
120.
© 2019 Citrix
| Confidential AppCompress • Advanced compression capability to reduce transmitted data to user • Improved user experience combining compression capabilities of browser • Reduces server overheads • Eliminates bandwidth bottlenecks & improves application performance significantly Compression
121.
© 2019 Citrix
| Confidential • Use Case: Add support for high speed TCP congestion control algorithms which can help with: – Minimizing bandwidth stolen – Ensure that co-existing flows with different RTT are treated fairly – Ensure efficient usage of available bandwidth • Feature: 2 new TCP congestion control algorithm supported – BIC – CUBIC TCP Congestion Control
122.
© 2019 Citrix
| Confidential • BIC: – Focus is on High Speed Networks, bandwidth up to 10 Gbps – Ability to transfer large amount of data over long distance in short amount of time – TCP Fairness – ability to share bandwidth with TCP Connections on low-speed networks • CUBIC: – Enhanced BIC – Maintain BIC’s scalability & stability – Simplify the window control – Improve BIC’s friendliness – Two competing CUBIC flows will converge to fair share windows – Use real-time, rather than ACK-clocked, updates to window – The window growth rate is time dependent and RTT Independent, allowing for a fairer sharing BIC and CUBIC
123.
© 2019 Citrix
| Confidential MobileStreamTM • Mobile protocol acceleration for best performance over lossy and high latency links • Intelligent multi-path networking to seamlessly leverage wireless and cellular connectivity • Optimized web content streaming for faster download and rendering • Per app and user access management for end-to-end secure delivery • Built-in protocol and app visibility for compliance • Extensible policies for mobile threat and malware protection Multi-layer application optimizations with granular security and control Citrix ADC
124.
© 2019 Citrix
| Confidential Citrix ADC MobileStream™ Citrix ADC MobileStream
125.
© 2019 Citrix
| Confidential Content Layout 125 Browser and client cache can be better utilized JS & Image dominate page content PNG is still not mainstream Avg Response size is increasing. Pages are becoming heavier. Top 1000 sites (http://httparchive.org/interesting.php)
126.
© 2019 Citrix
| Confidential Introduction 126 • JS/CSS and images comprise most part of the web content. • FEO focuses on faster and efficient web content delivery by optimizing these components. • Along with this , FEO tries to leverage the client cache.
127.
© 2019 Citrix
| Confidential Optimization Techniques 12 • External Script/stylesheet minification • CSS & JS inlining • Small image inlining • Combine CSS • Image GifToPNG • Image Resizing • Jpeg Image Weakening • Image to Jxr/Webp • Moving CSS in front/Convert import to link • Defer JS loading • Lazy loading of images Embedded object download Content Generation Page Rendering • Domain sharding • Cache extension Initial connection setup Stages in Web Page Delivery
128.
© 2019 Citrix
| Confidential How does FEO work? First Request: 1. Citrix ADC receives the response from the server and forwards it to the client. 2. Client parses the info, and sends a request for the first embedded object. 3. Citrix ADC sends the request to the server, server sends the processed content. 4. Citrix ADC optimizes the content, saves it in cache. 5. Citrix ADC sends the original image to client. Subsequent Requests: 1. Citrix ADC receives the response from the server. 2. Citrix ADC parses the HTML page and checks for the optimized content and sends the optimized content to the client. 3. Client sends a request to the optimized content. 4. Citrix ADC fetches the content from the cache and sends the optimized content to the client.
129.
© 2019 Citrix
| Confidential Demo COP No- COP
130.
© 2019 Citrix
| Confidential FEO –Video Optimization for Mobile Networks • Citrix ADC Video Optimization feature detects and optimizes Adaptive Bit Rate (ABR) traffic over mobile networks • Ability to present an insight of video traffic & apply a an optimization rate control to ABR video • Supported in Admin Partitions
131.
© 2015 Citrix
| Confidential HTTP 2.0
132.
© 2019 Citrix
| Confidential Problem with HTTP/1.1 • Suboptimal use of TCP – Average number of TCP connections per page used in popular sites: 37 – Slow Start – Good for Network, Bad for Client experience – TCP connections per domain : 6 (common in most of the browsers)
133.
© 2015 Citrix
| Confidential© 2015 Citrix | Confidential • Increase in transfer size and number of objects per page Problem with HTTP/1.1
134.
© 2019 Citrix
| Confidential • Protocol overhead – Duplicate headers – No header compression GET /frameworks/barlesque/2.83.4/orb/4/script/orb/api.min.js HTTP/1.1 Host: static.bbci.co.uk Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 DNT: 1 Referer: http://www.bbc.co.uk/ Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8,ne;q=0.6 Problem with HTTP/1.1 GET /locator/0.119.7/script/locator.js HTTP/1.1 Host: static.bbci.co.uk Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 DNT: 1 Referer: http://www.bbc.co.uk/ Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8,ne;q=0.6
135.
© 2019 Citrix
| Confidential • Spriting • Inlining • Concatenation • Sharding HTTP/1.1 Solutions
136.
© 2019 Citrix
| Confidential HTTP/2: HTTP/1.1 Protocol Fix • HTTP/2 Goals – Backward compatibility – Header compression – Server push – Substantially and measurably improve end-user perceived latency – Address the "head of line blocking" problem – Not require multiple connections to a server to enable parallelism – improving its use of TCP, especially regarding congestion control
137.
© 2019 Citrix
| Confidential HTTP/2 summary • Binary Protocol • Opens single TCP Connection per domain • Multiple requests are streamed into one connection • Streams are – Multiplexed – Prioritized – flow controlled • Header Compression • Change in wire format, no change in semantics Transport TLS Binary Framing Physical Network HTTP/2 Application
138.
© 2019 Citrix
| Confidential Citrix ADC HTTP/2 Architecture – ION Release: Citrix ADC supports HTTP/2 Gateway – Front-End HTTP/2, Back-End HTTP/1.1 HTTP/2 Browser Single TCP connection with Request Multiplexing Citrix ADC HTTP/2 Gateway HTTP/1.1 Server Farm Caching AGEE/VPN AppFirewall TCP Optimization Compression Content Optimization Cache Redirection Persistency
139.
© 2019 Citrix
| Confidential Citrix ADC HTTP/2 Architecture HTTP/2 Browser Single TCP connection with Request Multiplexing Citrix ADC HTTP/2 Proxy HTTP/1.1 Server Farm Client PCB Stream Session 1 Server PCB Stream Session 3 Server PCB Stream Session 5 Server PCB Stream Session 7 Server PCB
140.
© 2019 Citrix
| Confidential Action Analytics
141.
© 2019 Citrix
| Confidential How do Action Analytics Impact the Network? Dynamic Configuration & Flexibility
142.
© 2019 Citrix
| Confidential • Framework to collect statistics of run time objects • Statistics collected can be used to take run-time decisions • Statistics collected per object include – Total No. of Requests – Bandwidth – Response Time – Current Connections Action Analytics 142 Citrix ADC (Citrix ADCMPX-15000)
143.
© 2019 Citrix
| Confidential Action Analytics 143 • Uses rate limiting framework & structures to measure traffic. • Counter results are exposed to the Policy Engine. • Two components to measuring traffic objects: 1. Selector 2. Stream Identifier • Selector: Defines a ‘click’. • Stream Identifier: Measurement intervals.
144.
© 2019 Citrix
| Confidential Action Analytics – Stream Selector 144 • Citrix ADC comes with some pre-defined selectors Citrix ADC
145.
© 2019 Citrix
| Confidential Action Analytics – Stream Identifier 145 • Citrix ADC comes with predefined Identifiers • Defines the selector used. • Time interval in minutes • Sample Rate
146.
© 2019 Citrix
| Confidential Action Analytics – Stream Identifier 146 • To start counting, a “No Operation” responder policy must be bound. • These are also predefined. • Stream Analytics will now start counting
147.
© 2019 Citrix
| Confidential Action Analytics - Requirements 147 • Stream Selector • Stream Identifier • Feature Policy configured & bound e.g. add cache policy Cache-Top-URLS -rule "ANALYTICS.STREAM("Top_URL").IS_TOP(10)" -action CACHE - storeInGroup top-requests • Responder Policy Configured and bound
148.
© 2019 Citrix
| Confidential Action Analytics Use Case • Online retailer wants to ensure availability of most frequently viewed items on sale • Ability to cache data objects on Citrix ADC for faster access and free up server resources for processing transactional data
149.
© 2019 Citrix
| Confidential Ensure the highest availability with live clusters – zero downtime, even during upgrades Provide intelligent optimization for superior performance Protect business logic with responsive, dynamic configurations Resiliency + Performance + Flexibility = Invincible Your Invincible Network
150.
© 2019 Citrix
| Confidential Work better. Live better.Work better. Live better.
Download now