daniel künzli branch repeater

Branch Repeater HDX WAN Optimization

•Quality

•Performance

•QoS

The release we’ve been waiting for…

v6.1

Signed SMB (with multi domain support)

Encrypted MAPI (with multi domain support)

BR-VPX on Hyper-V

WCCP Mask enhancements to support low end routers

ShowTechSupport - Diagnostic Data Collections - UI enhancements

Support for WCCP -L2 with NSLB on all platforms (SDX and general BR appliances)

List of key features in Delos release

…but there are optimizations that cannot occur at the

server farm

Citrix ICA is highly optimized for a WAN…

1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011

Data Compression

Speed Screen

Video Transcoding

Acceleration

Plug-in

TCP Flow Control

Data De-duplication

QoS / Traffic Shaping

Remote Repeater

Optimized WAN Datacenter Repeater

Frankfurt Datacenter

20 ms

London

Brussels

Madrid

Boston

Hyderabad

Hong Kong

30 ms 150 ms 200 ms

Sydney

New York

San Francisco

250 ms

Rome

RTT Latency

Key Data Points Repeater Sizing

• Bandwidth

○ Consider the sites that do not have Repeater

○ Make the customer aware of the BW requirements of XD and XA

○ Network conditions

• TCP Connections

○ Get the concurrent ICA connection count

• Network Diagram

○ Stop installation issues before they happen

• Application List

○ Find out what the business critical applications are

Repeater Branch Repeater

WAN

Adaptive TCP Flow Control

Adaptive Compression

Adaptive Protocol

Acceleration

Smart Acceleration

WAN Optimization

Initial Configuration

• Click the Licensing node in the

Configuration menu.

• Chose the License Server tab if

your license requires using a

stand alone Citrix License server.

• Retail (Appliance, Plug-in, Crypto)

• XenDesktop Platinum Entitlement

• Chose the Local Licenses tab if

your license type required local

installation.

• Evaluation License

• Not for Re-sale

• Express

Branch Repeater Licensing

Policy Based Routing

• Reconfigure the router to forward inbound and outbound WAN traffic to

the WANScaler.

• Route inbound traffic from the WAN interface to the WANScaler.

LAN Traffic

IngressWAN Traffic

Ingress

WANScaler

Source IP: 10.200.1.203

Destination IP: 172.16.5.23

Source IP: 172.16.5.23

Destination IP: 10.200.1.203

ip next-hop

<WANScaler IP>

WCCP

Switch Router

WANScaler

WCCP Mode

To WANTo LAN

GRE Tunnel

Citrix Confidential - Do Not Distribute

WCCP

Inline Mode

• All link traffic passes through the WANScaler appliance.

• Traffic cannot bypass the appliance.

• Deployed at the LAN/WAN boundary.

Server

WAN RouterWANScaler

WANWAN Router

WANScaler

ClientServer

WAN RouterWANScaler

WANWAN Router

WANScaler

Client

• Branch Repeater 6.x needs to know

where the LAN and WAN are.

• Determine and remember which

accelerated pair port is connected to

the WAN and which to the LAN.

(inline mode)

• Either port can be connected to

either side using the proper cables.

First things first… apA1 apA2

apA1 apA2 apA1 apA2

•Switch •DSL Modem •Cable Modem

Straight Through Cable

•Router •Direct to Server •Direct to Client

Crossover Cable

Quality of Service Link Definition

• Define Links

• By Accelerated Port

• By Source or Destination Network

• By WCCP Service Group

• By Source or Destination MAC Address

• By VLAN Tag

• By default link definitions are automatically

created for each adapter port.

• The number of supported links are limited by

Branch Repeater model:

• 83xx, 85xx = 5 links

• 88xx = 10 links

• VPX = up to 5 links

• If Links are misconfigured there will be

compression values less than 1:1.

• Click on the Links node in the

Configuration menu.

• Click the Edit button for the first pre-

defined apA link.

• Configure the link according to

network it is connected to; • Link Type (LAN of WAN side)

• Bandwidth In

• Bandwidth Out

• Descriptive Link Name (optional)

• Click Save.

• Repeat this configuration on both the

apA1 and apA2 links.

Must configure the default apA links

Signed SMB / Secure Partner configuration

• Branch Repeater 5.7 and earlier

supported compression and

acceleration of unsigned SMB1

traffic only.

• If enabled, Signed SMB had to be

turned off on servers and clients via

group policy to enable acceleration.

• Connections from Vista and Win7

clients had SMB2 connections rolled

back to SMB1.


SMB Support in v5.7

• There are three SMB acceleration

scenarios you may observe when

monitoring SMB CIFS connections.

• Unaccelerated SMB 1 or 2 Connections

• Accelerated SMB 1 or 2 Connections

• Accelerated Signed SMB 1 or 2 Connections


SMB Acceleration in v6.0

• There are three SMB acceleration

scenarios you may observe when

monitoring SMB CIFS connections.

• Unaccelerated SMB 1 or 2 Connections

• Accelerated SMB 1 or 2 Connections

• Accelerated Signed SMB 1 or 2 Connections


SMB Acceleration Requirements

Connection Type Secure Partner

Windows Domain Member

NTLMv1 Required

SMB 1 No No No

SMB 2 No No No

Signed SMB 1 Yes Yes Yes

Signed SMB 2 Yes Yes Yes

• Domain membership is only required on

the server-side Branch Repeater.

• Once joined, the appliance or VPX

should now have a machine account in

the specified domain.

• NOTE: Signed SMB is not enabled yet!


• A secure connection must be

established between Branch

Repeaters (secure partners).

• SSL credentials (cert and key) are

used for authentication and trust

between Branch Repeaters.

• The SSL Key Store must be enabled

to hold the SSL credentials used by

the Branch Repeaters.

• A Crypto license is required to enable

the SSL feature set.



• SSL Support must be enabled by

clicking the SSL Encryption node

under Configuration.

• Trusted SSL credentials must be

installed and used to authenticate all

Branch Repeaters and create a

secure data channel between them.



• The Secure Partner connection is

configured on a per appliance basis.

• A signaling mechanism is used to

provide discovery and communication

between trusted appliances.



MultiStream ICA (MSI)

The Single Stream ICA Problem

compressed and encrypted ICA data

•The user creates an ICA session.

•User interface traffic is tagged with a priority bit of zero (thin wire).

•Branch Repeater identifies the priority tags in real time and applies QoS appropriately.

Session Bandwidth



•The user then starts a print job within the ICA session.

•Print traffic is tagged with a priority bit of three (real time).

•Branch Repeater identifies the new priority tags in real time and applies QoS appropriately.

Session Bandwidth



•The user then either returns to the app’s user interface or starts a second application. (thin wire)

•The new observed priority bits of the session cause the session to be QoS’ed as a priority zero.

•Prioritization of printing traffic is now lost.

Session Bandwidth

Multistream ICA in Action


•Application UI performance level is maintained.

•Printing traffic does not adversely affect this or any other WAN users.

Session 1 GUI Session 1 Printing Session 2 GUI

Maintain the user experience

Repeater Product Overview

Mobile User

Integrated Windows Services

Branch Repeater with Windows Server 100 / 200 / 300

Repeater

Plug-in

Branch Repeater 100 / 200 / 300

Repeater 8520 Repeater 8540

Repeater 8810 Repeater 8820

Branch Office (1-10 Mbps)

Regional HQ (10-45 Mbps)

Med. Data Center (45-155 Mbps)

Repeater310 on NetScaler SDX 10505

Branch Repeater

VPX-2 / 10

Branch Repeater

VPX-20 / 45

Repeater 1000 on NetScaler SDX 13505

Large Data Center (500Mbps-1.5Gbps)




XL Data Center <2 Gbps)


Branch Repeater Capacity: Industry Leading

Feature Repeater 500 on NetScaler 11505

Repeater 1000 on NetScaler

13505

Repeater 1500 on NetScaler SDX

17555


19555

Total accelerated WAN throughput (mixed traffic, 3.5:1 compression)

500 Mbps 1.0 Gbps 1.5 Gbps 2.0 Gbps

Estimated total QoS and compression throughput

TBD TBD 2.0 Gbps* 3.0 Gbps*

Simultaneous HDX Sessions 1,200 2,500 3,500 5,000

Total active sessions 60,000 120,000 120,000 160,000

New Hardware Overview

Feature Repeater 310

Total Throughput 310 Mbps

ICA Sessions 750

CPU 2 X Intel 6 core 2.4 GHz

RAM 48 GB

SSD 4 x 600 GB, 1x 256 GB

HDD 1 x 1 TB HDD

Interfaces 4 x 10 GigE, 8 x 1 GigE

Hot swappable power supplies 2

Rack unit height 2


daniel künzli branch repeater

Technology

wan interface

outbound wan traffic

destination ip

citrix license server

wccp citrix confidential

license server tab

destination network

wccp l2