citrix day 2014: netscaler 10.5

of 39 /39
NetScaler Release 10.5 Overview and Features Update Simeon Bosshard, Systems Engineer Citrix Systems International GmbH 06.11.2014

Author: digicomp-academy-ag

Post on 04-Jul-2015




4 download

Embed Size (px)


Slides der Präsentation von Simeon Bosshard, Citrix, am Citrix Day 2014 von Digicomp. Das HTML 5 GUI im Release 10.5 des NetScaler ist eine Neuerung, aber nicht die einzige. Erfahren Sie mehr über die wichtigsten Änderungen wie etwa MobileStream, Cisco RISE und ACI Integration sowie die Erweiterungen im Authentication-Bereich. Natürlich kommen die Neuerungen in den Core-Bereichen Loadbalancing, SSL Offloading etc. ebenfalls nicht zu kurz.


  • 1. NetScaler Release 10.5Overview and Features UpdateSimeon Bosshard, Systems EngineerCitrix Systems International GmbH06.11.2014

2. 2014 CitrixOverviewNetScaler major release, 2014Over 100 features in Beta 1New feature highlightsNetScaler MobileStreamCorePolicy Variables, TCP Optimizations, Traffic Domains, Link RedundancyLoad Balancing 3. 2014 CitrixDatacenter EnhancementsNetScaler MobileStreamTMNetwork VirtualizationRelease 10.5Citrix NetScaler 10 4. 2014 CitrixAnnouncement HighlightsMPTCPSPDYv3AAA External SupportSSL EnhancementsOWA Force Session TimeoutMinificationLazy Image LoadingMobile Micro VPNLink redundancyAAA Session StickinessRISE IntegrationACI IntegrationSVM Managed APIHTML Views (not Java)Client Cert PassthroughGatewayEnhancementsBICand CUBIC TCPSSL Elliptical Curve OptimizationSimplified File OperationsLLDP SupportDynamic routingEnhancementsTraffic DomainsDomain ShardingForms Based SSO EnhancementsEthernet JumboFrames 5. 2014 CitrixNew Licensed FeaturesFeaturePlatinumEnterpriseStandardNetScaler MobileStreamPolicy VariablesTraffic DomainsLLDPLink RedundancyApplicationFirewall*Cisco: RISE*Cisco: vPath*NetScaler MobileStreamPlatinumEnterpriseStandardSPDYv3, MPTCP, BIC TCP, CUBIC, TCP WestwoodDomain Sharding, Prefetch, Image Opt, CSS & JS Opt, Lazy loadingMicroVPNfor Mobile Devices (NetScaler Gateway)* Note: Only RISE or vPathcan be enabled at one time per NetScaler instance* Available as an a-la-cart feature 6. NetScaler MobileStreamFront End Optimization (FEO) 7. 2014 CitrixImportance Of Mobile User AccelerationFEOEvery device uniqueFirmware differentScreen size differentRetina displaysWeb browser differentConnectivity location differentNetwork speed differentOptimization historically focused on optimizing and reducing load at the backend.With current trend of Mobility NetScaler Focuses on faster and efficient web content delivery by optimizing the web page components most dependent on client side processing.Mobile Acceleration Improves Your Mobile Clients Experience 8. 2014 Citrix Transport layer protocol Coexist with TCP Provides fault tolerance and path failover Increase throughput by using multiple paths Availability RFC 6824 Linux distribution (Standard & Android) BSD in developmentEstablish securetoken on firstsubflow (SF #1)Subsequent subflowsuse the secure tokenfrom SF #1 to connectWhat is MPTCP?TCP OptionsMPTCPSSLApplication/Session HTTPPresentationTransportTCP-1 TCP-2 TCP-nMP_CAPABLE 9. 2014 CitrixHigh-Speed EnablementSPDYv3Next Generation HTTPProposed as HTTP 2.0BIC TCPFor High Speed Variable Latency NetworksSend large amounts of data quickly over long distancesCUBICFor High Speed Unreliable & LossyNetworksSimplified window controlRTT window size 10. 2014 CitrixHow NetScaler Optimizes The Front-EndChange embedded URLs to use sub-domains and trick the browser to open more connectionsDomain ShardingRemove unnecessary characters & spaceSimplify processing & reduce download time to client deviceMove CSS & JS objects to end of HTML bodyInline DownloadMinimize & Optimize Order of CSS & JSJPG optimize, Convert GIF to PNG, Image Lazy load, Image shrink to display attributes of the user-deviceImage Optimization 11. Core 12. 2014 Citrix1000s of Views now only in HTML5Load time reduced by over 50%Improved user efficiencyFollowing areas will be converted in a 10.5 maintenance releaseAppFW, Visualizer, DiagnosticsConversion from Java to HTML5 13. 2014 CitrixCore FeatureWatch ThisPolicy VariablesStore a token (data) from the request or response in a system variableReference stored data forFully customized session persistenceInternal computationPolicy processing 14. 2014 CitrixLLDP SupportAllow stations attached to an IEEE 802 LAN to advertise System Information. Helps to create network topology.System information advertisedCapabilitiesManagement addressesConnectivity informationDstMAC01-80-C2-00-00-0ESrcMACEther Type88-CCLLDPInfoLLDP Info consist of multiple TLVsTLVs must be in following sequence 15. 2014 CitrixEthernet jumbo framesBig PayloadsIncreased Throughput and GoodputFewer PacketsLess Packet switchingReduced Network I/OLowered CPU UsageReduced Protocol Processing 16. 2014 CitrixTraffic DomainsInter-Domain RoutingInternally communicate across traffic domains. Virtual server and services can now be in different traffic domainRate Limiting per traffic domainLimit the Number of requests per second from clientsNumber of Active Client ConnectionsMaximum BandwidthRates can beSMOOTH -# of requests in a given interval of time spread evenly across the time sliceBURSTY -# of permitted requests allowed to exceed the quota within the time slicePolicies can be combined with others to create complex policy setsVMAC SupportMap Traffic Domain by destination MAC instead of incoming VLANVLANs can be shared across traffic domains 17. 2014 CitrixLink RedundancyLR Trigger for LACP channelsSet a minimum bandwidth for dynamic channels. When throughput falls below threshold, a link failover is triggered to make another channel.For HA pair, when all channels reach threshold, trigger HA failover.LR Trigger for generic channelsFail to another channel (to a redundant switch) when threshold reachedOne of the active link fails Min threshold is hitHow it works?Key 1Key 2Key 3At any point of time only one channel will be active.Switch XSwitch YSwitch ZWhen one of the active link fails, and lrMinThroughputis hit, we select a subchannelwith high throughout and make it active by resetingall other interfacesLCAP Key 4Key 1Key 2Key 3Switch XSwitch YSwitch ZLCAP Key 4 18. 2014 CitrixOrchestrationNITRO API SDK in Python for better server side scripting. Python SDK will be available and supported with python 2.7 and 3+.Python SDKNITRO API support for routing protocols. Changes sync to all peers.Dynamic RoutingNITRO APIs for Upload, Download, Write and Read methods. Key functional requirements like SSL certkey will be able to get the benefits.File OperationsNITRO APIs and commands for better system manageabilityTech Support, batch, source, show nstrace, start nstrace, stop nstraceOther Commands 19. 2014 CitrixService Supporting FeaturesContent SwitchingMulti-port CSConfigure a CS vserveron a combination of portsDNS_TCP SupportDNS_TCP protocol is now supported with a Content Switching VserverAudit LoggingAbility to distinguish whether the command is executed from CLI or the GUIAAA Session StickinessLDAP, RADIUS, & TACACS: We now stick to the server where last session was successful. 20. 2014 CitrixService Supporting Features (cont)AAA-TMCustom error stringsBackend HTTP Web-Form AuthenticationStrong Encryption Support in KCD/Kerberos (AES-256, RC4-HMAC)OWA Force Session TimeoutForced timeout on long-lived connections that are open for monitoringClient Certificate Pass-throughIn XenMobiledeployments, a client-certificate is required to be passed to Storefront. Now send the client-certificate any Application server. No configuration needed.Forms Based SSO Relative URLsNS can take relative URL and processed for Form based SSO 21. 2014 CitrixSDX SVM Manageability & 3rdParty SoftwareCLI SupportFile management via NITROAAA SupportUse LDAP/TACACS/RADIUS for SVM accessAuthorization & Audit log supportPassword expiration supportFor more details refer : AAA edocsEthernet Jumbo Frames Support with SR-IOVCentral SSL Cert & Key ManagementOpen service delivery platform for 3rdparty services 22. Load Balancing 23. 2014 CitrixTM & DNSLB: Increased number of service groups to 8000DNS LB: CNAME record caching in Proxy modeNetScaler to use DNS caching module to cache CNAME record and send it from NS than fetching it every timeDNS: NAPTRNAPTR support on NS along with SRV records.GSLB: Static proximity syncAuto sync of static proximity db 24. 2014 CitrixSSLECC Cipher SupportMore secure & faster ciphers available on N3-based MPX, SDX, & VPXECDHE-RSA-RC4-SHA, ECDHE-RSA-DES-CBC3-SHA,ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHACommon Name CheckServer Authconfiguration is enhanced to accept commonName check. This check will be performed on SSL certificates received from backend serverSSL ProfilesSSL profiles added for frontend and backend communicationSSL Cert ChainHelps identify the certificates belonging to a chain and suggest if a cert is missing in the chain. 25. 2014 CitrixDatabase Deployment SupportMSSQLAlwaysOn HA: 1 service can join now 2 groups and be primary in one and secondary in the otherSpecial Query Handling: queries can change either global or local properties of the server or connection. use db can be changed by NetScaler to reduce server-side connections.MYSQLTransparent Deployment Mode: Audit log, AppFlow, & stream analytics transparently for DB connectionsDatabase-Specific LB: A database can be online or offline independent of others on the same server. New monitor enables DB state awareness. 26. Q&A 27. 2014 CitrixWhat is Admin Partition?Logical separation of NetScaler into multiple unitsFunctions like an independent Netscaler.Provides isolation of configuration and data/trafficProvides multi-tenancy, but without separation of system resources, like., CPU, Memory, etc.Consists of Application resources (services, vservers, policies, monitors, etc.) 28. 2014 CitrixHighlights of Admin PartitionEntity space separationData or traffic separationResource management using granular user rolesAudit/web loggingStatistics and historical dataManagement through SNMPSeparate config storage and file systemTraffic rate limit100s of partitions1 admin multiple partitions 29. 2014 CitrixHighlights of Admin Partition (Contd)Separate GUI/CLI/Monitoring/ReportIP overlappingExternal Auth -AAANo inter partition routingNo read/write access to othersOverall System securityHA Connection Mirror 30. 2014 CitrixPartition DefinitionSystem admin defines partitionAssociates partition adminsDefines IP space for partitionVlan and other Network configPartition AdminDefines the AppService creationVserver creationPolicies/ProfilesAccess common resourcesCreates SNIPsNetworking resourcesSystem ExpectationConfig fileSh runSave configClear configSSL cert/keysManageability ExpectationConfig UIReportingDashboardSNMPAppFlow/InsightAdmin Partition Workflow 31. 2014 Citrix 32. 2014 Citrix 33. 2014 Citrix 34. 2014 Citrix 35. 2014 Citrix 36. 2014 Citrix 37. 2014 Citrix 38. 2014 Citrix