Download - WAN Optimierung mit Citrix Branch Repeater
Citrix BranchRepeater Daniel Künzli, Systems Engineer ANG Citrix Systems GmbH, Switzerland
• Inefficient use and bandwidth- hungry applications
• Tradeoffs between data center consolidation and branch user experience
• High cost of branch office IT
Branch Offices Across WAN Present Obstacles
Network costs are a key part of desktop virtualization
Servers 20%
Clients 20%
Networks 30%
Storage 30%
“Networking alone makes desktop virtualization cost-prohibitive”
Citrix Branch Repeater | The Big Picture
Tele-workers Mobile Users
Repeater Plug-in for Citrix Receiver
Branch Repeater with Windows Server
Branch Repeater
Branch Offices
Applications:
XenDesktop
XenApp
Web apps
File Servers
SharePoint
Data Center
Repeater
Redundant Datacenter or
Disaster Recovery Site
Repeater Branch Repeater VPX
WAN
Branch Repeater VPX
Branch Repeater VPX
Flexibility to Meet All Your Needs
Citrix Branch Repeater Product Family
Repeater
Appliances Repeater Plug-in
– Software Client
Branch Repeater with
Windows Server
and
Branch Repeater
Appliances
Branch Repeater VPX
– Virtual Appliance
Software
NEW!
What is Branch Repeater VPX?
… is software that
offers Branch Repeater
functionality in a virtual appliance form factor
…
Branch Repeater
VPX
Branch
Services
Server
… also in Branch Repeater VPX
HDX WAN Optimization in Branch Repeater
Adaptive
Protocol
Acceleration
Adaptive
Compression
Adaptive
TCP Flow
Control
Traffic
Prioritization
And QoS
Accelerate print, video, launch
Deliver a high-definition user experience at the branch
Reduce desktop delivery network costs
Cut bandwidth, energy, power & setup costs
Accelerate XenDesktop traffic across the WAN
Reduce bandwidth consumption
by 89%
Reduce XenDesktop launch times
by 40%
Deliver up to 2X the number of
users on existing bandwidth
Accelerate printing
by 2X
VPX requirements
Citrix Confidential - Do Not Distribute
Requirements
Citrix Confidential - Do Not Distribute
Citrix XenServer
VPX Minimum Requirements
• 1 GB RAM
• 60 GB Disk
• 2 Virtual NICs
• 1 Virtual CPU
Off-the-shelf server
Hyper-V
ESX / ESXi In Tech
Preview!
Grow as you Need!
Citrix Confidential - Do Not Distribute
• 1 GB RAM, 60 GB Disk
• Recommended for VPX Express Express • 1 GB RAM, 100 GB Disk
• Recommended for up to 2 Mbps
• 1000 Accelerated TCP connections, 50 Plug-ins Small
• 4 GB RAM, 250 GB Disk
• Recommended for up to 45 Mbps
• 15,000 Accelerated TCP connections, 400 Plug-ins Medium
• 8 GB RAM, 500 GB Disk
• Recommended for up to 45 Mbps
• 25,000 Accelerated TCP connections, 500 Plug-ins Large
One physical NIC with two virtual NICs are required.
Each virtual NIC must be connected to a separate virtual network in XenCenter.
Out of band management can be handled by a third and/or fourth virtual NIC.
The VPX cannot use the fail-to-wire functionality (a dual port card is seen as 2 NICs with no special hardware support)
VPX Sizing and Scaling
Branch Repeater Deployment Simplicity
Branch Repeater Repeater
Branch Office Users
Datacenter
Non-Citrix WAN Op
Non-Citrix WAN Op
Proprietary Tunnel
Full Network Transparency Means Plug-n-play for Any Network
No dials, self-tuning approach to WAN optimization
TCP Flow
Control
Compression
De-duplication
Protocol
Acceleration QoS
AutoOptimizer Engine
Application Mix
Network Conditions
Flexible deployment modes for joining the branch network
LAN Switch Router
Branch Repeater
WAN Inline
• Optional Bypass NIC
Virtual Inline
• WCCPv2
• Policy-based Routing
LAN Switch Router
Branch Repeater
WAN
Modes – Physical Deployments
Inline Mode (most common)
Network will need to go down, while unit is cabled inline directly inline between WAN Router and LAN Switch
Simplest Configuration (no Router/Switch configuration required)
No traffic is allowed to bypass the Branch Repeater appliance
Traffic flows as soon as its cabled (bypass card)
Data flows from one accelerated eth port and is forwarded through a second port (Accelerated Pair A illustrated below)
Modes – Physical Deployments
Virtual Inline Mode
Can be deployed with no network disruption
Uses only one Ethernet port on the BR (apA port)
Requires Router knowledge (utilizes Policy Based Routing, rules to classify traffic and determine how its forwarded).
The router redirects the packets that are destined as outbound WAN traffic
From any LAN port other than the one used by the BR Appliance, then route traffic to the BR Appliance
From the LAN port used by the BR Appliance, then route traffic to the WAN interface of the router
PBR – requires the use of another physical/logical interface on the router (if not available use WCCP)
Modes – Physical Deployments
WCCP – Web Cache Communication Protocol
Can be deployed with no network disruption
Requires Router knowledge (Route Policies to intercept desired traffic, route it to BR on the LAN)
Uses a GRE tunnel (virtual communication link) between the BR and Router
Only requirement is IP connectivity between BR and Router
Mode contains all acceleration features
Uses only one Ethernet port on the BR (apA port)
Modes – Physical Deployments
HA – High Availability
Provides protection in event of failover
Provides two management IP addresses & one VIP address
The subnet of the VIP address is determined by the Management IP address of both WS.
Primary and Secondary – the primary unit handles all incoming and outgoing traffic. The secondary appliance takes over in the even of a failover if the primary fails.
The first to initialize itself becomes the primary
Modes – Physical Deployments
Group Mode
Used for asymmetric networks
Two or more BR inline mode, combined into a single virtual unit
Uses forwarding rules to avoid random router packet assignment
GM units are identified by serial # & IP address
Individual appliances will own particular connections. If non-owning appliance receives a packet it will forward it to the owning appliance via GRE tunnel.
Features
Recent Accomplishments / Updates
• Branch Repeater 5.7 • SSL traffic acceleration and disk history
encryption
• Branch Repeater with Windows Server 2008 R2
• 64-bit Windows 7 Repeater Plug-in
• Branch Repeater 5.5.2 and 5.5.3
• Notice of Status Change • Branch Repeater with Windows Server (2003
only) End of Sale July 31, 2010
• EoM / EoL July 31, 2013
• Branch Repeater VPX released!
• Virtual appliance software on XenServer
• Branch Repeater VPX on Hyper-V R2 in Tech Preview!
Branch Repeater Product Line & Pricing
512Kbps 1 Mbps 2 Mbps 10 Mbps 45 Mbps
Bandwidth
Price $K
155 Mbps 500 Mbps
Branch/Regional office
Large Branch/Data center R 8820HS
$99,500 R 8820
$49,500
$19,500
R 8540
BR 100
$4,000+
BR 200
$6,000+
BR 300
$10,000+
100
50
20
10
6
4
0
VPX-Express
$0
VPX-2
$4000
VPX-10
$7000
VPX-45
$13,000
20 Mbps
$12,000
R 8520
Citrix Confidential - Do Not Distribute
SSL acceleration
What is the SSL Compression and Acceleration?
SSL compression allows standard SSL-based connections (HTTPS traffic, for example) to be compressed using Branch Repeater’s multi-session compression engine as well as other protocol-specific optimizations.
SSL compression utilizes SSL certificate exchange to decrypt and re-encrypt traffic between client and server.
Overview
Standard SSL Connection
SSL Connection
What is the SSL Compression and Acceleration?
SSL compression allows standard SSL-based connections (HTTPS traffic, for example) to be compressed using Branch Repeater’s multi-session compression engine as well as other protocol-specific optimizations.
SSL compression utilizes SSL certificate exchange to decrypt and re-encrypt traffic between client and server.
Client Side
SSL Connection
Server Side
SSL Connection WAN
SSL Tunnel
Accelerated SSL Connection
What is SSL Compression
What is SSL Compression
Client Side
SSL Connection
Server Side
SSL Connection WAN
SSL Tunnel
Accelerated SSL Connection
• Branch Repeater has access to the clear text data of the SSL connection because the sever-side Branch Repeater Appliance acts as a security delegate of the endpoint server(s).
• The appliance is functioning as a security delegate of the server, therefore most configuration is on the server-side Branch Repeater.
What is SSL Compression What is SSL Signaling?
Client Side
SSL Connection
Server Side
SSL Connection
• Signaling refers to the connection, authentication and configuration between two appliances/endpoints.
• The Data Connection refers is the secure connection used to transmit encrypted data between two appliances/endpoints.
SSL Data Connection
Peer Relationship and
SSL Signaling Connection
How SSL Compression Works SSL Split Proxy Mode Overview
• Split Proxy Mode will be used in most deployment scenarios where Temp RSA or Diffie-Hellman key exchange is required.
• The server-side Branch Repeater masquerades as the server to the client and proxies the connection.
• Client authentication is not supported.
SSL Data Connection
The server-side Branch Repeater
is allowed to act on the server’s
behalf.
•SSL Credentials (certificate and
public key) from either an local
enterprise CA or the server itself
are installed on the server-side
Repeater.
Peer Relationship and
SSL Signaling Connection
How SSL Compression Works SSL Transparent Proxy Mode Overview
Peer Relationship and
SSL Signaling Connection
• The server-side Branch Repeater acts on behalf of the server, decrypting and re-encrypting on the fly, using the server’s private key(s).
• Client authentication is supported.
• The client sees the connection as if it is connection directly to the server.
•The server’s SSL credentials
(public and private keys)
must be installed on both the
server and the Branch
Repeater.
SSL Data Connection
How SSL Compression Works SSL Transparent Proxy Mode Overview
• Temp RSA and Diffie-Helman key exchange is not supported.
• TLS Session tickets and SSL v2 is not supported in this mode.
• Any session renegotiation will result in a connection termination.
•The server’s SSL credentials
(public and private keys)
must be installed on both the
server and the Branch
Repeater.
SSL Data Connection
Peer Relationship and
SSL Signaling Connection