© 2014 Citrix

Agenda

•NetScaler 10.5 Overview and Features Update

•5min break

•CloudBridge 7.3 and the Windows Server appliances

NetScaler Release 10.5

Overview and Features Update

Simeon Bosshard, Systems Engineer

Citrix Systems International GmbH

09.02.2015

© 2014 Citrix

Overview

•NetScaler major release, 2014

•Over 100 features in Beta 1

•New feature highlights

ᵒ NetScaler MobileStream™

ᵒ Core

• Policy Variables, TCP Optimizations, Traffic Domains, Link Redundancy

ᵒ Load Balancing

© 2014 Citrix

Datacenter Enhancements

NetScaler MobileStream

TMNetwork

Virtualization

Release 10.5

Citrix NetScaler 10

© 2014 Citrix

Announcement Highlights MPTCP SPDY v3 AAA External

SupportSSL

EnhancementsOWA Force

Session Timeout

Minification Lazy Image Loading

Mobile Micro VPN

Link redundancy AAA Session Stickiness

RISE Integration ACI Integration SVM Managed API

HTML Views (not Java)

Client Cert Passthrough

GatewayEnhancements

BIC and CUBIC TCP

SSL Elliptical Curve

Optimization

Simplified File Operations

LLDP Support

Dynamic routingEnhancements

Traffic Domains Domain Sharding Forms Based SSO Enhancements

Ethernet JumboFrames

© 2014 Citrix

New Licensed Features

Feature Platinum

Enterprise Standard

NetScaler MobileStream™ ✔ ✔

Policy Variables ✔ ✔ ✔

Traffic Domains ✔ ✔ ✔

LLDP ✔ ✔ ✔

Link Redundancy ✔ ✔ ✔

Application Firewall ✔ *

Cisco: RISE* ✔ ✔

Cisco: vPath* ✔ ✔ ✔

NetScaler MobileStream™

Platinum Enterprise Standard

SPDYv3, MPTCP, BIC TCP, CUBIC, TCP Westwood

✔ ✔ ✔

Domain Sharding, Prefetch, Image Opt, CSS & JS Opt, Lazy loading

✔ ✔

MicroVPN for Mobile Devices (NetScaler Gateway)

✔ ✔ ✔

* Note: Only RISE or vPath can be enabled at one time per NetScaler instance* Available as an a-la-cart feature

NetScaler MobileStream™Front End Optimization (FEO)

© 2014 Citrix

Importance Of Mobile User Acceleration

FEOEvery device unique

Firmware different

Screen size different

Retina displays Web

browser different

Connectivity location different

Network speed

different

• Optimization historically focused on optimizing and reducing load at the backend.

• With current trend of Mobility NetScaler Focuses on faster and efficient web content delivery by optimizing the web page components most dependent on client side processing.

Mobile Acceleration Improves Your Mobile Clients’ Experience

© 2014 Citrix

• Transport layer protocol

• Coexist with TCP

• Provides fault tolerance and path failover

• Increase throughput by using multiple paths

• Availabilityᵒ RFC 6824

ᵒ Linux distribution (Standard & Android)

ᵒ BSD in development

Establish secure token on first subflow (SF #1)

Subsequent subflowsuse the secure token from SF #1 to connect

What is MPTCP?

TCP Options

MPTCP

SSL

HTTPApplication/Session

Presentation

Transport

TCP-2 TCP-nTCP-1

MP_CAPABLE

© 2014 Citrix

High-Speed Enablement

SPDYv3

Next Generation HTTP

•Proposed as HTTP 2.0

BIC TCP

For High Speed Variable Latency

Networks

Send large amounts of data quickly over long

distances

CUBIC

For High Speed Unreliable &

Lossy Networks

Simplified window control

•RTT window size

© 2014 Citrix

How NetScaler Optimizes The Front-End

• Change embedded URLs to use sub-domains and trick the browser to open more connections

Domain Sharding

• Remove unnecessary characters & space

• Simplify processing & reduce download time to client device

• Move CSS & JS objects to end of HTML body

• Inline Download

Minimize & Optimize Order of CSS & JS

• JPG optimize, Convert GIF to PNG, Image Lazy load, Image shrink to display attributes of the user-device

Image Optimization

Core

© 2014 Citrix

•1000s of Views now only in HTML5

•Load time reduced by over 50%

• Improved user efficiency

•Following areas will be converted in a 10.5 maintenance release•AppFW, Visualizer, Diagnostics

Conversion from Java to HTML5

© 2014 Citrix

Core Feature

Watch This

• Policy Variablesᵒ Store a token (data) from the request or response in a system variable

ᵒ Reference stored data for• Fully customized session persistence

• Internal computation

• Policy processing

© 2014 Citrix

LLDP Support

• Allow stations attached to an

IEEE 802 LAN to advertise

System Information. Helps to

create network topology.

• System information

advertisedᵒ Capabilities

ᵒ Management addresses

ᵒ Connectivity information

Dst MAC01-80-C2-00-00-0E

Src MAC Ether Type88-CC

LLDP Info

LLDP Info consist of multiple TLVs

TLVs must be in following sequence

© 2014 Citrix

Ethernet jumbo frames

Big Payloads

Increased

Throughput and

Goodput

Fewer Packets

Less Packet

switching

Reduced

Network I/O

Lowered CPU

Usage

Reduced

Protocol

Processing

© 2014 Citrix

What is Admin Partition?

• Logical separation of NetScaler into multiple units

• Functions like an independent Netscaler.

• Provides isolation of configuration and data/traffic

• Provides multi-tenancy, but without separation of

system resources, like., CPU, Memory, etc.

• Consists of Application resources (services, vservers,

policies, monitors, etc.)

© 2014 Citrix

Highlights of Admin Partition (Contd…)

• Separate GUI/CLI/Monitoring/Report

• IP overlapping

• External Auth - AAA

• No inter partition routing

• No read/write access to others

• Overall System security

• HA – Connection Mirror

© 2014 Citrix

Partition Definition

• System admin defines partition

• Associates partition admins

• Defines IP space for partition

• Vlan and other Network config

Partition Admin

• Defines the App

• Service creation

• Vserver creation

• Policies/Profiles

• Access common resources

• Creates SNIPs

• Networking resources

System Expectation

• Config file

• Sh run

• Save config

• Clear config

• SSL cert/keys

Manageability Expectation

• Config UI

• Reporting

• Dashboard

• SNMP

• AppFlow/Insight

Admin Partition Workflow

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

© 2014 Citrix

Link Redundancy

• LR Trigger for LACP channelsᵒ Set a minimum bandwidth for dynamic

channels. When throughput falls below

threshold, a link failover is triggered to

make another channel.

ᵒ For HA pair, when all channels reach

threshold, trigger HA failover.

• LR Trigger for generic channelsᵒ Fail to another channel (to a redundant

switch) when threshold reached

One of the active link fails –

Min threshold is hit

How it works?

Key 1 Key 2 Key 3

At any point of time

only one channel

will be active.

Switch

X

Switch

Y

Switch

Z

When one of the

active link fails, and

lrMinThroughput is

hit, we select a

subchannel with

high throughout and

make it active by

reseting all other

interfaces

LCAP Key 4

Key 1 Key 2 Key 3

Switch

X

Switch

Y

Switch

Z

LCAP Key 4

© 2014 Citrix

Orchestration

• NITRO API SDK in Python for better server side scripting. Python SDK will be available and supported with python 2.7 and 3+.Python SDK

• NITRO API support for routing protocols. Changes sync to all peers.Dynamic Routing

• NITRO APIs for Upload, Download, Write and Read methods. Key functional requirements like SSL certkey will be able to get the benefits.

File Operations

• NITRO APIs and commands for better system manageability

• Tech Support, batch, source, show nstrace, start nstrace, stop nstrace

Other Commands

© 2014 Citrix

Service Supporting Features

• Content Switchingᵒ Multi-port CS

• Configure a CS vserver on a combination of ports

ᵒ DNS_TCP Support• DNS_TCP protocol is now supported with a Content Switching Vserver

• Audit Loggingᵒ Ability to distinguish whether the command is executed from CLI or the GUI

• AAA Session Stickinessᵒ LDAP, RADIUS, & TACACS: We now stick to the server where last session was

successful.

© 2014 Citrix

Service Supporting Features (cont)

• AAA-TMᵒ Custom error strings

ᵒ Backend HTTP Web-Form Authentication

ᵒ Strong Encryption Support in KCD/Kerberos (AES-256, RC4-HMAC)

• OWA Force Session Timeoutᵒ Forced timeout on long-lived connections that are open for monitoring

• Client Certificate Pass-throughᵒ In XenMobile deployments, a client-certificate is required to be passed to Storefront.

Now send the client-certificate any Application server. No configuration needed.

• Forms Based SSO – Relative URLsᵒ NS can take relative URL and processed for Form based SSO

© 2014 Citrix

SDX SVM Manageability & 3rd Party Software

• CLI Support

• File management via NITRO

• AAA Supportᵒ Use LDAP/TACACS/RADIUS for

SVM accessᵒ Authorization & Audit log supportᵒ Password expiration supportᵒ For more details refer : AAA edocs

• Ethernet Jumbo Frames Support with SR-IOV

• Central SSL Cert & Key Management

Open service delivery

platform for

3rd party services

Load Balancing

© 2014 Citrix

TM & DNS

LB: Increased number of service groups to 8000

DNS LB: CNAME record caching in Proxy mode

• NetScaler to use DNS caching module to cache CNAME record and send it from NS than fetching it every time

DNS: NAPTR

• NAPTR support on NS along with SRV records.

GSLB: Static proximity sync

• Auto sync of static proximity db

© 2014 Citrix

SSL

• ECC Cipher Supportᵒ More secure & faster ciphers available on N3-based MPX, SDX, & VPX

• ECDHE-RSA-RC4-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA

• Common Name Check• Server Auth configuration is enhanced to accept “commonName” check. This

check will be performed on SSL certificates received from backend server

• SSL Profilesᵒ SSL profiles added for frontend and backend communication

• SSL Cert Chainᵒ Helps identify the certificates belonging to a chain and suggest if a cert is

missing in the chain.

Q&A

CloudBridge 7.3 and the

Windows Server Appliances

Simeon Bosshard, Systems Engineer

Citrix Systems International GmbH

19.02.2015

© 2014 Citrix

Usability & Manageability

Enhanced Optimization

Release 7.3

Visibility Field-enabler tools

© 2014 Citrix

Visibility with CloudBridge

Exporter Collectors

AppFlow

HDX InsightXenDesktop

DirectorCloudBridge

© 2014 Citrix

HDX Insight for CloudBridge

ICA Analytics

DC & WAN

LatencyActive

/Inactive Session

Data

ICA RTT

Host Delay

Client/ Server IP

Virtual Channels• Provide HDX insight support for

branch users

• Insignificant load on CB appliance

• Roadmap: hop-by-hop

information, support of multiple

protocols

© 2014 Citrix

HDX Insight value proposition: Scenario 1

Issue Identified: Host Delay

© 2014 Citrix

HDX Insight value proposition: Scenario 2

Issue Identified High App Launch Duration

© 2014 Citrix

Optimize RPC over HTTPS

• Default protocol with Exchange 2013

Configure SSL certificate and service class

Compression benefits similar to MAPI

© 2014 Citrix

Deploying XD 7.5 on AWS? Optimize with CloudBridge !

TraditionalDatacenter

Storage

Authentication

Seamless,

Secure,

Optimized

© 2014 Citrix

Video Caching enhancements

Video caching

Pre-populationScheduled Pre-population

Centralized management

© 2014 Citrix

Auto-Configuration using Command Center

Configuration profile 1

Configuration profile 2

© 2014 Citrix

Hardware installation

IP address, Netmask & gateway

Command Center IP

Map configuration profiles to SN or IP

Create configuration profiles

Registration request

Push configuration for CloudBridge

DHCP-based configuration

DNS look-up for CC alias

© 2014 Citrix

Usability enhancements

• Factory image updated to 7.2.2: Pay-grow new CB 4000 & CB 5000 with just

license change

• Eliminated need for loopback cable

10/1

10/2

10/3

10/4

0/1

Mgmt

0/2

AUXInterfaces:

MGMT

Network

CloudBridge 5000

LOM

LOM 10/5

10/6

10/7

10/8

Loopback

cable

10/1

10/2

10/3

10/4

0/1

Mgmt

0/2Interfaces:

MGMT

Network

CloudBridge 4000

1/1 1/5

LOM

LOM

1/2 1/6

1/3 1/7

1/4 1/8

Loopback

cable

© 2014 Citrix

Catalog of Validated Designs: PBR & WCCP Validated Design

The CloudBridge - Windows Server

Platforms

New

© 2014 Citrix

CloudBridge 2000WS and 1000WS Branch Platforms

• 6 to 50 Mbps of accelerated

throughput

• Windows Server 2012 R2 Standard

Edition fully installed, licensed

configured and supported by Citrix

• 60 to 300 concurrent HDX sessions

• Up to 200 Mbps QoS throughput

• 10,000 to 20,000 TCP sessions

• Beta response score 8.5 out of 10 –

100% would recommend

© 2014 Citrix

Configurations: CloudBridge 2000 CloudBridge 1000

CPU E3-12754 core, 3.4 GHz

E3-1105C v24 Core 1.8GHz

Memory 24 GB 32 GB

Storage Intel 600 GB SSD(WAN opt)

2 x 1 TB HDD(Windows)

Intel 300GB SSD (WAN opt)

Seagate 1TB HDD (Windows)

Recovery Disk boot partition 16GB Internal eUSB

Network Interface 2 pair w/bypass 10/100/1000

2 pair w/bypass 10/100/1000

Cooling Fans 4 high speed N+1 redundant)

3 low speed(N+1 redundant)

© 2014 Citrix

Citrix Extensible Appliance Architecture

• Hypervisor-based

architecture

• Secure: all VMs

fully isolated from

the others

• Guaranteed

acceleration

bandwidth

XenServer Hypervisor

Mgmt

VMWAN Optimization

VM

Windows Server

2012 R2 Std.

Interface

0/1 MgmtAUX

WindowsapA LAN Acceleration

apA

WAN Acceleration

apB LAN Acceleration

apB

WAN Acceleration

192.168.100.0/16

WAN

Local Network

192.168.100.1 192.168.100.40

© 2014 Citrix

CloudBridge 1000WS

• License levels: 6 / 10 / 20 Mbps

• Pay Grow available

• HDX Sessions: 60 / 100 / 200

• TCP Sessions: 10,000

• Full-featured, advanced WAN

optimization

• Full Windows Server domain

controller / server functionalityᵒ AD, DNS, DHCP, RODC, LDS

ᵒ File & Print

Up to 200 ICA sessions

CloudBridge CSX

© 2014 Citrix

CloudBridge CSX: Extend the cloud to the

branch

XenServer

WAN OptimizationServices

Storage Video XD-Print

✔ ✔ ✔

© 2014 Citrix

ThinPrint + CloudBridge = Easy Branch Office Printing

Full ThinPrint print optimization and innovation in the branch

CloudBridge replaces all ThinPrint related hardware in the branch

Remote Print Server on CloudBridge adds flexibility for branch offices

Simple, centralized management of all ThinPrint components

Virtual DesktopsThinPrint on

Central Print Server

ThinPrint on Remote

Print Server on Citrix

Cloud Bridge 2000WS

Print Optimize Manage Deliver> > > > > > > >

Branch Printers

Branch Consolidation

© 2014 Citrix

The morphing branch

Traditional DC Apps and Data

Collaboration and File Sharing

Marketing & Merchandising Video

Video and “Egocasting”

Helper Apps

© 2014 Citrix

Branch storage convergence

• Citrix approachᵒ Fully installed, configured and licensed

Windows Server 2012 R2

ᵒ Supported by Citrix

ᵒ Everything’s included

ᵒ Supports standard MS file handling

including DFS

ᵒ Key partners for • Printer management

• Video stream splitting

• File Collaboration

• “Others” approachᵒ Preconfigured virtual machines –

Riverbed 5, Cisco 2

ᵒ Customer installs, configures and

manages

ᵒ Cisco & Riverbed charge for VM

support

ᵒ Cisco Office-in-a-box

ᵒ …or you can use Granite – now called

SteelFusion

Q&A