daniel künzli branch repeater
TRANSCRIPT
![Page 1: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/1.jpg)
Branch Repeater HDX WAN Optimization
![Page 2: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/2.jpg)
•Quality
•Performance
•QoS
The release we’ve been waiting for…
v6.1
![Page 3: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/3.jpg)
Signed SMB (with multi domain support)
Encrypted MAPI (with multi domain support)
BR-VPX on Hyper-V
WCCP Mask enhancements to support low end routers
ShowTechSupport - Diagnostic Data Collections - UI enhancements
Support for WCCP -L2 with NSLB on all platforms (SDX and general BR appliances)
List of key features in Delos release
![Page 4: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/4.jpg)
…but there are optimizations that cannot occur at the
server farm
Citrix ICA is highly optimized for a WAN…
1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011
Data Compression
Speed Screen
Video Transcoding
Acceleration
Plug-in
TCP Flow Control
Data De-duplication
QoS / Traffic Shaping
Remote Repeater
Optimized WAN Datacenter Repeater
![Page 5: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/5.jpg)
Frankfurt Datacenter
20 ms
London
Brussels
Madrid
Boston
Hyderabad
Hong Kong
30 ms 150 ms 200 ms
Sydney
New York
San Francisco
250 ms
Rome
RTT Latency
![Page 6: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/6.jpg)
Key Data Points Repeater Sizing
• Bandwidth
○ Consider the sites that do not have Repeater
○ Make the customer aware of the BW requirements of XD and XA
○ Network conditions
• TCP Connections
○ Get the concurrent ICA connection count
• Network Diagram
○ Stop installation issues before they happen
• Application List
○ Find out what the business critical applications are
![Page 7: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/7.jpg)
Repeater Branch Repeater
WAN
Adaptive TCP Flow Control
Adaptive Compression
Adaptive Protocol
Acceleration
Smart Acceleration
WAN Optimization
![Page 8: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/8.jpg)
Initial Configuration
![Page 9: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/9.jpg)
• Click the Licensing node in the
Configuration menu.
• Chose the License Server tab if
your license requires using a
stand alone Citrix License server.
• Retail (Appliance, Plug-in, Crypto)
• XenDesktop Platinum Entitlement
• Chose the Local Licenses tab if
your license type required local
installation.
• Evaluation License
• Not for Re-sale
• Express
Branch Repeater Licensing
![Page 10: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/10.jpg)
Policy Based Routing
• Reconfigure the router to forward inbound and outbound WAN traffic to
the WANScaler.
• Route inbound traffic from the WAN interface to the WANScaler.
LAN Traffic
IngressWAN Traffic
Ingress
WANScaler
Source IP: 10.200.1.203
Destination IP: 172.16.5.23
Source IP: 172.16.5.23
Destination IP: 10.200.1.203
ip next-hop
<WANScaler IP>
![Page 11: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/11.jpg)
WCCP
Switch Router
WANScaler
WCCP Mode
To WANTo LAN
GRE Tunnel
![Page 12: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/12.jpg)
Citrix Confidential - Do Not Distribute
WCCP
![Page 13: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/13.jpg)
Citrix Confidential - Do Not Distribute
WCCP
![Page 14: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/14.jpg)
Inline Mode
• All link traffic passes through the WANScaler appliance.
• Traffic cannot bypass the appliance.
• Deployed at the LAN/WAN boundary.
Server
WAN RouterWANScaler
WANWAN Router
WANScaler
ClientServer
WAN RouterWANScaler
WANWAN Router
WANScaler
Client
![Page 15: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/15.jpg)
• Branch Repeater 6.x needs to know
where the LAN and WAN are.
• Determine and remember which
accelerated pair port is connected to
the WAN and which to the LAN.
(inline mode)
• Either port can be connected to
either side using the proper cables.
First things first… apA1 apA2
apA1 apA2 apA1 apA2
•Switch •DSL Modem •Cable Modem
Straight Through Cable
•Router •Direct to Server •Direct to Client
Crossover Cable
![Page 16: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/16.jpg)
Quality of Service Link Definition
• Define Links
• By Accelerated Port
• By Source or Destination Network
• By WCCP Service Group
• By Source or Destination MAC Address
• By VLAN Tag
• By default link definitions are automatically
created for each adapter port.
• The number of supported links are limited by
Branch Repeater model:
• 83xx, 85xx = 5 links
• 88xx = 10 links
• VPX = up to 5 links
• If Links are misconfigured there will be
compression values less than 1:1.
![Page 17: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/17.jpg)
• Click on the Links node in the
Configuration menu.
• Click the Edit button for the first pre-
defined apA link.
• Configure the link according to
network it is connected to; • Link Type (LAN of WAN side)
• Bandwidth In
• Bandwidth Out
• Descriptive Link Name (optional)
• Click Save.
• Repeat this configuration on both the
apA1 and apA2 links.
Must configure the default apA links
![Page 18: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/18.jpg)
Signed SMB / Secure Partner configuration
![Page 19: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/19.jpg)
• Branch Repeater 5.7 and earlier
supported compression and
acceleration of unsigned SMB1
traffic only.
• If enabled, Signed SMB had to be
turned off on servers and clients via
group policy to enable acceleration.
• Connections from Vista and Win7
clients had SMB2 connections rolled
back to SMB1.
Citrix Confidential - Do Not Distribute
SMB Support in v5.7
![Page 20: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/20.jpg)
• There are three SMB acceleration
scenarios you may observe when
monitoring SMB CIFS connections.
• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
SMB Acceleration in v6.0
![Page 21: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/21.jpg)
• There are three SMB acceleration
scenarios you may observe when
monitoring SMB CIFS connections.
• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
Connection Type Secure Partner
Windows Domain Member
NTLMv1 Required
SMB 1 No No No
SMB 2 No No No
Signed SMB 1 Yes Yes Yes
Signed SMB 2 Yes Yes Yes
![Page 22: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/22.jpg)
• Domain membership is only required on
the server-side Branch Repeater.
• Once joined, the appliance or VPX
should now have a machine account in
the specified domain.
• NOTE: Signed SMB is not enabled yet!
SMB Acceleration Requirements
![Page 23: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/23.jpg)
• A secure connection must be
established between Branch
Repeaters (secure partners).
• SSL credentials (cert and key) are
used for authentication and trust
between Branch Repeaters.
• The SSL Key Store must be enabled
to hold the SSL credentials used by
the Branch Repeaters.
• A Crypto license is required to enable
the SSL feature set.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
![Page 24: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/24.jpg)
• SSL Support must be enabled by
clicking the SSL Encryption node
under Configuration.
• Trusted SSL credentials must be
installed and used to authenticate all
Branch Repeaters and create a
secure data channel between them.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
![Page 25: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/25.jpg)
• The Secure Partner connection is
configured on a per appliance basis.
• A signaling mechanism is used to
provide discovery and communication
between trusted appliances.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
![Page 26: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/26.jpg)
MultiStream ICA (MSI)
![Page 27: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/27.jpg)
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user creates an ICA session.
•User interface traffic is tagged with a priority bit of zero (thin wire).
•Branch Repeater identifies the priority tags in real time and applies QoS appropriately.
Session Bandwidth
![Page 28: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/28.jpg)
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then starts a print job within the ICA session.
•Print traffic is tagged with a priority bit of three (real time).
•Branch Repeater identifies the new priority tags in real time and applies QoS appropriately.
Session Bandwidth
![Page 29: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/29.jpg)
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then either returns to the app’s user interface or starts a second application. (thin wire)
•The new observed priority bits of the session cause the session to be QoS’ed as a priority zero.
•Prioritization of printing traffic is now lost.
Session Bandwidth
![Page 30: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/30.jpg)
Multistream ICA in Action
compressed and encrypted ICA data
•Application UI performance level is maintained.
•Printing traffic does not adversely affect this or any other WAN users.
Session 1 GUI Session 1 Printing Session 2 GUI
Maintain the user experience
![Page 31: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/31.jpg)
Repeater Product Overview
![Page 32: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/32.jpg)
Mobile User
Integrated Windows Services
Branch Repeater with Windows Server 100 / 200 / 300
Repeater
Plug-in
Branch Repeater 100 / 200 / 300
Repeater 8520 Repeater 8540
Repeater 8810 Repeater 8820
Branch Office (1-10 Mbps)
Regional HQ (10-45 Mbps)
Med. Data Center (45-155 Mbps)
Repeater310 on NetScaler SDX 10505
Branch Repeater
VPX-2 / 10
Branch Repeater
VPX-20 / 45
Repeater 1000 on NetScaler SDX 13505
Large Data Center (500Mbps-1.5Gbps)
Repeater 500 on NetScaler SDX 11505
Repeater 2000 on NetScaler SDX 19555
Repeater 1500 on NetScaler SDX 17555
XL Data Center <2 Gbps)
![Page 33: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/33.jpg)
Citrix Confidential - Do Not Distribute
Branch Repeater Capacity: Industry Leading
Feature Repeater 500 on NetScaler 11505
Repeater 1000 on NetScaler
13505
Repeater 1500 on NetScaler SDX
17555
Repeater 2000 on NetScaler SDX
19555
Total accelerated WAN throughput (mixed traffic, 3.5:1 compression)
500 Mbps 1.0 Gbps 1.5 Gbps 2.0 Gbps
Estimated total QoS and compression throughput
TBD TBD 2.0 Gbps* 3.0 Gbps*
Simultaneous HDX Sessions 1,200 2,500 3,500 5,000
Total active sessions 60,000 120,000 120,000 160,000
![Page 34: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/34.jpg)
New Hardware Overview
Feature Repeater 310
Total Throughput 310 Mbps
ICA Sessions 750
CPU 2 X Intel 6 core 2.4 GHz
RAM 48 GB
SSD 4 x 600 GB, 1x 256 GB
HDD 1 x 1 TB HDD
Interfaces 4 x 10 GigE, 8 x 1 GigE
Hot swappable power supplies 2
Rack unit height 2
Repeater 310 on NetScaler SDX
![Page 35: Daniel künzli branch repeater](https://reader034.vdocuments.us/reader034/viewer/2022051016/55a4e48d1a28ab36748b4642/html5/thumbnails/35.jpg)