Download - 4 th October 2012
4th October 2012
Optimising network delivery of virtual desktops
Jason Poole
Business Development Manager, EMEA (Cloud Networking)
Michael Aldridge
Senior System Engineer, EMEA (Cloud Networking)
Important – Webinar Audio
The audio for this webinar is available over VoIP. Just select the ‘Use Mic & Speakers’ option to listen to the webinar through your computers speakers.
To listen using your telephone select the ‘Use Telephone’ option. For local numbers click the ‘additional numbers’ link.
You will need to use
the Access Code and Audio PIN.The webinar will start at 3:00pm (BST)
Industry trends and IT resources
Centralisation of Resources Multiple devices Distributed workforce
Work and play from any device, anywhereWork and play from any device, anywhere
Change everything… but wait, consideration?Change everything… but wait, consideration?
• Cost reduction
• Business Agility
• Improved security
• Improved compliance
• Ease of management
Why Implement a Desktop Virtualisation Solution?
• Centralisation is a single point of failure• Benefits of Desktop Virtualisation are realised through centralisation
• Branch office workers might experience poor experience• 80% of employees are located away from the HQ and the data centre
• How to provide the access to the virtual desktop• More and more users are bringing their own devices• Requirement for remote access and maintaining security
Considerations for a successful Desktop Virtualisation
Remote Access
Anywhere Access Allows users to securely access desktops and applications using any device in any location, including home computers and mobile devices.
HDX SmartAccessDelivers simple and seamless secure access
Network and device roamingEnables users’ sessions to transparently and securely move between networks and devices by dynamically adapting access.
HDX SmartAccessDelivers simple and seamless secure access
Anywhere Access
Single sign-onImproves the user’s experience by reducing unnecessary authentication prompts and the number of passwords users need to remember.
HDX SmartAccessDelivers simple and seamless secure access
Anywhere Access
Network and device roaming
Granular Action ControlAllows the administrators to define capabilities within application to which users have access.
HDX SmartAccessDelivers simple and seamless secure access
Anywhere Access
Network and device roaming
Single sign-on
Availability
• Goal: Network Infrastructure Fault tolerance
• Roadblocks:• Virtual desktop hosting
platform• Operating system delivery• Application and desktop
delivery• Desktop controllers• Application controllers
High Availability
Datacenter – High Availability
DHCP Built-In Redundancy
Xen
App
Loa
d B
alan
cing
Net
Sca
ler L
oad
Bal
anci
ng
Net
Sca
ler L
oad
Bal
anci
ng
Net
Sca
ler L
oad
Bal
anci
ngB
uilt-
in R
edun
danc
y
Net
Sca
ler L
oad
Bal
anci
ng
Microsoft DFS
NetScaler Load Balancing
Bootstrap RedundancyProvisioning Services High-Availability
Web InterfaceXenDesktop Controllers Data CollectorWeb Interface
Provisioning Services
TFTP ServersDHCP Servers
XenServer Pool
Application Hub
XenApp Members
Remote UserBranch Office
Home OfficeTablet
NetScaler
Desktop Delivery
Controller
HQ Office
XenDesktop Farm XenServer Resource Pool
Active Directory
Data Store License Server DHCP
Infrastructure
Virtual Desktop 1Virtual Desktop 1
Personalization: User APersonalization: User A
Apps: OfficeApps: Office
OS: VistaOS: Vista
Virtual Desktop 2Virtual Desktop 2
Personalization: User BPersonalization: User B
Apps: OfficeApps: Office
OS: XPOS: XP
Virtual Desktop 3Virtual Desktop 3
Personalization:Personalization:
Apps:Apps:
OS:OS:
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
Personalization
Applications
OS
Provisioning Server
XenApp Controller
File Share
Desktop Delivery
Controller
DataCollector
Vista Windows XP
Windows 7
User A
User B
User C
User D
User E
WebInterface
Strong SLAs
Secure Access
Remote UserBranch Office
Home OfficeTablet
NetScaler
Desktop Delivery Controlle
r
HQ Office
XenDesktop Farm XenServer Resource Pool
Active Directory
Data Store
License Server
DHCPInfrastructure
Virtual Desktop 1Virtual Desktop 1
Personalization: User APersonalization: User A
Apps: OfficeApps: Office
OS: VistaOS: Vista
Virtual Desktop 2Virtual Desktop 2
Personalization: User BPersonalization: User B
Apps: OfficeApps: Office
OS: XPOS: XP
Virtual Desktop 3Virtual Desktop 3
Personalization:Personalization:
Apps:Apps:
OS:OS:
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
Personalization
Applications
OS
Provisioning Server
XenApp Controller
File Share
Desktop Delivery Controlle
r
DataCollector
Vista Windows XP
Windows 7
User A
User B
User C
User D
User E
WebInterface
Strong SLAs
Secure Access
Remote User
Branch Office
Home Office
Tablet
NetScaler
Desktop Delivery
Controller
HQ Office
XenDesktop Farm
XenServer Resource Pool
Active Directory Data
Store License Server DHCP
Infrastructure
Virtual Desktop 1Virtual Desktop 1
Personalization: User APersonalization: User A
Apps: OfficeApps: Office
OS: VistaOS: Vista
Virtual Desktop 2Virtual Desktop 2
Personalization: User BPersonalization: User B
Apps: OfficeApps: Office
OS: XPOS: XP
Virtual Desktop 3Virtual Desktop 3
Personalization:Personalization:
Apps:Apps:
OS:OS:
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
Personalization
Applications
OS
Provisioning
Server
XenApp Controller
File Share
Desktop Delivery
Controller
DataCollector
Vista Windows XP
Windows 7
User A
User B
UserC
UserD
UserE
WebInterface
GlobalAvailability
Remote User
Branch Office
Home Office
Tablet
NetScaler
Desktop Delivery
Controller
HQ Office
XenDesktop Farm
XenServer Resource Pool
Active Directory Data
Store License Server DHCP
Infrastructure
Virtual Desktop 1Virtual Desktop 1
Personalization: User APersonalization: User A
Apps: OfficeApps: Office
OS: VistaOS: Vista
Virtual Desktop 2Virtual Desktop 2
Personalization: User BPersonalization: User B
Apps: OfficeApps: Office
OS: XPOS: XP
Virtual Desktop 3Virtual Desktop 3
Personalization:Personalization:
Apps:Apps:
OS:OS:
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
F i
r e
w a
l l
Personalization
Applications
OS
Provisioning
Server
XenApp Controller
File Share
Desktop Delivery
Controller
DataCollector
Vista Windows XP
Windows 7
User A
User B
UserC
UserD
UserE
WebInterface
• Data may not be replicated to all sites
Data Proximity
WAN
North America
EMEA
• Ensure that only ICA traverses the WAN
GSLB with Site Roaming
WAN
North America
EMEA
User ExperienceDeployment across a WAN
• Sexy interface – graphic intensive
• Chatty protocols
• Testing labs• Gigabit connectivity• 0 ms Latency
Citrix Confidential - Do Not Distribute
Applications are designed for the LAN
Deployed across a WAN? Slow? = “that’s a network issue. You fix it.”
HDXICA protocol is an
underlying technology for HDX (High-Definition User
Experience)
• How much bandwidth is enough?
• It depends on:• Other network traffic• Application bandwidth
requirements • Number of users• User behavior• And more!
Bandwidth Allocation for ICA
vs.
• ICA sessions to drop
• Users experience choppy typing or screen paints
• Session Reliability to be invoked (if enabled)• User sees application but can’t use
it
Insufficient Bandwidth Causes . . .
Dear Mr. Templeton,
I love Citrix XenApp!How can I purchasemore licenses?
• Already highly compressed and optimized
• Automatically tunes itself to further compress when less bandwidth available• Single session bandwidth testing not valid!
ICA Compression
ICA Session
WAN Optimisationfor Desktop Virtualisation
What is ICA Optimization?• Enhancements to Repeater compression engine• ICA Encryption/Decryption• The ICA Parser• ICA Intra-Session Compression enhancements• ICA Cross-Session Compression
Adaptive TCPFlow Control
Adaptive TCPFlow Control
Adaptive Compression
Adaptive Compression
Adaptive Protocol
Acceleration
Adaptive Protocol
Acceleration
Traffic Prioritization
Traffic Prioritization
Branch Staging of Streamed Apps
Branch Staging of Streamed Apps
Branch Caching of
Hosted Apps
Branch Caching of
Hosted Apps
ICA Parser• Acts as an intermediate for decryption/encryption
• Can decrypt all ICA encryption except for SSL.• No cert installed on the acceleration pair• Supports Basic, RC-40, RC-56 and RC-128 encryption levels
• Re-encrypts on WAN, transparently to the client.
Branch Repeater Repeater orBranch Repeater
XenApp FarmBranch Client
LAN
Client is relieved of ICA decompression tasks
ICA Connection initializationWS/CBR Compressed Traffic
Decrypt, ICA Parser looks for ICA/CGP
Signature, Re-encrypt.
De-crypt, then either disk based or memory based compression
histories are used, then re-encrypt.
WAN LAN
ICA Parser• ICA compression requests Server/Client are disabled
• Parsing only occurs on accelerated connections.• When a connection is established the ICA handshake is detected.• At that point it is determined if it is ICA or CGP (detected in the connection
payload).
Branch Repeater Repeater orBranch Repeater
XenApp FarmBranch Client
LAN
Client is relieved of ICA decompression tasks
ICA Connection initializationWS/CBR Compressed Traffic
Decrypt, ICA Parser looks for ICA/CGP
Signature, Re-encrypt.
De-crypt, then either disk based or memory based compression
histories are used, then re-encrypt.
WAN LAN
ICA Parser• Separates headers from payload and bulk from interactive
• Print/File/Multimedia• Bulk traffic goes to disk (DBC)
• ThinWire graphics commands• Interactive goes to memory (MBC)
• Header data goes to the small matcher (Nano)
Branch Repeater Repeater orBranch Repeater
XenApp FarmBranch Client
LAN
Client is relieved of ICA decompression tasks
ICA Connection initializationWS/CBR Compressed Traffic
Decrypt, ICA Parser looks for ICA/CGP
Signature, Re-encrypt.
De-crypt, then either disk based or memory based compression
histories are used, then re-encrypt.
WAN LAN
ICA Compression - Cross session Compression
Branch Repeater Repeater orBranch Repeater XenApp Farm
LAN
Client is relieved of ICA decompression tasks
Native ICACompression enabled by
defaultWS/CBR Compressed Traffic
WS/CBR turns off XA compression and enables WS compression during
negociation.
Either disk based or memory based compression histories
are used.
WAN LAN
•Subsequent packets are compared to the compression history on the sending side.•Payload matches are substituted with a token in lieu of the whole packet.•The server still sends, and the client still received what they expect to.
ICA Compression - Cross session Compression
Branch Repeater Repeater orBranch Repeater XenApp Farm
LAN
Client is relieved of ICA decompression tasks
Native ICACompression enabled by
defaultWS/CBR Compressed Traffic
WS/CBR turns off XA compression and enables WS compression during
negociation.
Either disk based or memory based compression histories
are used.
WAN LAN
•After the histories are populated, if a second client requests the same data in his/her ICA session, a second match can occur.•Tokens are sent and the payload is pulled from the client side compression history.•The more users of the same application, the better.
Use Case – ICA Compression of Display Traffic
• Repeatable data bitmaps can be reused for subsequent requests
• Cross-session compression enhanced
Repeatable vs. Unique Data
Unique data
Repeatable data
Use Case - ICA Optimization of Print Traffic
• Repeater compresses using disk (disk-based compression)ᵒ Minus the headersᵒ Second pass of the same print job
• ~70:1 compressionᵒ Small modifications followed by a print-job resend
• Compresses well (35-40:1)
• What is an ICA Virtual Channel?A Citrix Independent Computing Architecture (ICA) virtual channel is a bidirectional connection for the exchange of generalized packet data between a Citrix XenApp/XenDesktop Server and a ICA compliant client.
Virtual channels correspond to virtual drivers; each providing a specific function. Some are required for normal operation, and others are optional.
Virtual drivers operate at the presentation layer protocol level. There can be a number of these protocols active at any given time by multiplexing channels.
There are a total of 64 virtual channels in the ICA protocol. However for most user sessions, between 8 -12 are usually utilized.
ICA Review – Virtual Channels
ICA QoS Single StreamICA Priority Packet Tagging allows prioritization of ICA sessions based on the virtual channel data being transmitted. (what the user is doing within the app/session)
This is done by associating each virtual channel’s two-bit priority to a packet priority.
The two priority bits combine to form four priority values:
00 (0) - High Priority01 (1) - Medium Priority10 (2) - Low Priority11 (3) - Background Priority
These priority bits can then be assigned to Branch Repeater Quality of Service queues to allow dynamic QoS.
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user creates an ICA session.
•User interface traffic is tagged with a priority bit of zero (thin wire).
•Branch Repeater identifies the priority tags in real time and applies QoS appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then starts a print job within the ICA session.
•Print traffic is tagged with a priority bit of three (real time).
•Branch Repeater identifies the new priority tags in real time and applies QoS appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then either returns to the app’s user interface or starts a second application. (thin wire)
•The new observed priority bits of the session cause the session to be QoS’ed as a priority zero.
•Prioritization of printing traffic is now lost.
Session Bandwidth
ICA Stream #1(Very High)
ICA Stream #2(High)
ICA Stream #3(Medium)
ICA Stream #4(Low)
Channel Name Default Priority Description Virtual DriverCTXTW 0 Remote Session Screen Update (THINWIRE) vdtw30n.dll
CTXTWI 0 Seamless Windows Screen Update (THINWIRE)
vdtwin.dll
CTXTWN 0 Winstation wfica32.exe
CTXEUEM 0 End User Experience Monitoring vdeuemn.dll
CTXZLFK 0 Local Text Echo and Keyboard Feedback vdzlcn.dll
CTXZLC 0 Speed Screen Latency Reduction - Screen vdzlcn.dll
CTXZLFK 0 Speed Screen Latency Reduction - Fonts vdfon30n.dll
CTXCTL 0 ICA Session Control vdctln.dll
CTXFLSH 1 Multimedia - Flash vdflash.dll
CTXGUSB 1 USB Redirection vdgusbn.dll
CTXMM 1 Multimedia - Streaming vdmmn.dll
CTXCLIP 1 Client Clipboard Mapping vdclipn.dll
CTXCAM 1 Client Audio Mapping vdcamN.dll
CTXLIC 1 License Management wfica32.exe
CTXVFM 1 Video Server – (no longer used) n/a
CTXPN 1 Program Neighborhood vdpnn.dll
CTXCCM 2 Client COM Port Mapping vdcom30N.dll
CTXCDM 2 Client Drive Mapping vdcdm30n.dll
CTXPASS 2 Transparent Key Pass-Through vdkbhook.dll
CTXCPM 3 Printer Mapping for Spooling Clients vdcpm30N.dll
CTXCM 3 Client Management (Auto-Update) vdcmN.dll
CTXLPT1 3 Legacy LP1 Port Mapping wfica32.exe
CTXLPT2 3 Legacy LPT2 Port Mapping wfica32.exe
CTXCOM1 3 Legacy COM1 Port Mapping wfica32.exe
CTXCOM2 3 Legacy COM2 Port Mapping wfica32.exe
Virtual Channels
Multi-Stream ICA Terminology
• Single-port, Multi-stream ICA (MSI Default)ᵒ 4 random ports at client, 1 primary port on serverᵒ Automatically enabled on ICA server by Branch Repeater 6.0.
• Multi-port, Multi-stream ICAᵒ 4 random ports at client, 1 primary and up to 3 secondary ports on serverᵒ Most common deployment if used without Branch Repeater
• Single-port, Single-stream ICAᵒ 1 random port at client, 1 primary port on serverᵒ The pre-MSI default connection typeᵒ If any Branch Repeater on the link vetos MSI, or old versions used
How Does Branch Repeater Optimize ICA?Adaptive orchestration with XenDesktop and XenApp
Branch Repeater
Repeater
PrintThinwire
CDM
PrintThinwire
CDM
Unprecedented visibility into XenDesktop and XenApp traffic
Custom acceleration modes for print, video and file traffic
Minimum changes to underlying XenDesktop or XenApp infrastructure
Branch Repeater with ICA
• Branch Repeater reduces the bandwidth consumed per session by up to 89%
• Branch Repeater can double the number of users on the same WAN connection
• Branch Repeater reduces session launch times by up to 40% and print spooling times by up to 60%
CTX124457: Data Analysis
Santa Barbara
RedmondSchaffhausen
Chicago Bedford
Dallas
Paris
Madrid
Munich
Copenhagen
Vianen
Chalfont
Sydney
Dublin
Miami
Santa Clara
Cambridge
Mexico City
Toronto
Atlanta (DR)
New York CityBethesda
Fort Lauderdale Hong Kong
Tokyo
Singapore
Bangalore
Stockholm
Data center officeRegional headquartersRegional officesDisaster recovery
Citrix-on-Citrix: 56 Branch Repeaters Deployed
Location Branch Repeater Model
Main data centers 8820
Regional/sales offices 8540
Summary
• Industry trends are driving desktop virtualisation as a solution
• The same trends mean there are considerations for successful deployments
• Networks must be optimised to ensure Availability and User experience
• Citrix has the components to ensure Enterprises can realise the benefits of Centralisation, Consumerisation and Geographical dispersion
43
Desktop virtualisation is a solution not a productDesktop virtualisation is a solution not a product
Follow us…
• Citrix blog • Desktop Virtualisation community
• @patrick_irwin • Citrix Web Community
http://blogs.citrix.com/author/patricki/
Work better. Live better.