1
Allot CommunicationsAllot Communications
www.allot.com
Solutions for Citrix in the Enterprise
Network
Empowering Networks for Business
2
Market TrendsIncreased reliance on Internet and IP (private, public, VPN) for business critical trafficDiversity of applications with different networking requirements and business criticality
CitrixOracleVoIP, Video conferencingEntertainment traffic – music (P2P), shopping, stocks, multi-mediaEmail, VPN and large file transfers
Increased malicious traffic attacks on networks & serversBudget shrinks
Improve rather than buildSave on bandwidth costs
3
QoS in the Enterprise – The Need
Guarantee performance of business critical applications – Video, VoIP, ERP (SAP), Citrix Applications, Oracle – and protect from DoS attacksLimit bandwidth-hungry, non-business applications
P2P, musicWeb surfing
Monitor performanceRecord IP sessions stats
4
Citrix Solution – The Need for QoS
Citrix based network needs QoS because:IP network works on “best effort” basis – first comes first served – no guaranteesWithout QoS, bandwidth-hungry applications (like FTP or Peer-to-Peer) steals the Citrix resources (bandwidth)Without minimum bandwidth, Citrix users suffer from unpredictable response timeWithout QoS Citrix applications suffer from “un-assured” performance
There is no differentiation between applications and users
5
Policy Based Networking - a Complete Solution
EnforcementShaping and conditioningQoS tagging (gateway)Server balancingCache enforcementContent filteringPreventing DoS attacks
Monitoring and AccountingPolicy monitoringUser accounting and billingEvent managementCapacity planningService management
Policy and SLA ManagementDefine policiesTranslate policies to network actions User directory/CCB management
6
Product - The NetEnforcerBandwidth management (e.g., manage WAN link to remote offices)Traffic management/shapingPerformance guarantee (e.g., for Citrix)Traffic monitoring – real-time, long-termAuto discover and auto create policy (e.g., prioritize Citrix) High availability models (with dual power supplies)Redundancy and bypassHigh performance
Up to 155 Mbps (Gigabit I/F)256,000 connections28,000 policies
7
NetEnforcer Enterprise Product Line
ModelBandwidth
Pipes VCs Connections
AC101/128 128 Kbps 64 1,024 1,000
AC101/512 512 Kbps 128 1,024 1,000
AC201/2M 2 Mbps 256 2,048 12,000
AC201/10M 10 Mbps 256 2,048 12,000
AC301 100 Mbps 1024 4,096 64,000
8
NetEnforcerService Provider Product
Line
ModelBandwidth
Pipes VCs Connections
AC201/10M 10 Mbps 256 2,048 12,000
AC301 100 Mbps 1024 4,096 64,000
AC401 100 Mbps 2,04812,000
128,000
AC601 100 Mbps 4,09628,000
256,000
AC701 155 Mbps 4,09628,000
256,000
9
The Allot Effect
0
20
40
60
80
100
120
140
160
180
10:00 10:10 10:20 10:30 10:40 10:50 11:00
BrowsingCitrixMusic (P2P)
Music download (Peer to Peer) takes more than 100Mbps
Not enough bandwidth for Browsing and Citrix
The Allot effect: Add NetEnforcer to the network
Browsing and Citrix get full capacity Browsing and Citrix get full capacity while Music is limited to 10Mbpswhile Music is limited to 10Mbps
10
Using the NetEnforcer to Control Bandwidth
Example: Set Max Bandwidth to 85Kbps
Without QoS:
• BW abuse on short period of time
• Bursty pattern
• Retransmission ?
• One Customer takes all bandwidth!
With QoS enforcement:
• BW usage control
• Predictable pattern
• Efficient transfer
• Fair Access
11
Medium priority
LowLow priority
Business-CriticalCitrix
HTTP/P2P
Switch Router
Application PrioritizationExample
NetEnforcer
Network with Email, HTTP/P2P and Citrix
IP offers only “best effort” service
Low-priority P2P traffic monopolizes connection
Citrix application bandwidth is now wider
Apply QoS andguarantee performance toCitrix applications
12
Classifying Citrix with the NetEnforcer
Classify Citrix traffic by Application Name and User NameClassify Citrix traffic by Application Name and User Name
Select Citrix from a library of protocols/ applicationsSelect Citrix from a library of protocols/ applications
13
Policy Example – Citrix Performance Assurance
Citrix performance is assured with “Business Critical” QoS level (very high priority and BW guarantee
Citrix performance is assured with “Business Critical” QoS level (very high priority and BW guarantee
Other applications are getting different priorities and bandwidth allocations while Usenet is blocked
Other applications are getting different priorities and bandwidth allocations while Usenet is blocked
14
Monitoring Applications in Real Time
View min/max bandwidth View WAN bandwidth View Protocol BW UsageTop UsersTop serversUtilization
WAN LinkNetEnforcer
16
Get Historical Traffic Analysis
From Policy usage distribution To Advanced
Graphical options
… and localization … and longer and
filtered history (e.g. working hours only)
17
NetAccountant – Optional Accounting
PackageCollect information about usage – including client, server, application inbound and outbound traffic countersIncludes a reportgenerator – ideal tool for network capacity planning and internal budgetingAllows access by external application using ODBC
18
Set QoS to Max. 128 Kbps ?
No: Wastes capacity of Branch 2
Set QoS to Max. 256 Kbps ?
No: Exceeds capacity of Branch 1
Managing Bandwidth inEnterprise Environment
256 Kbps
128 Kbps
Branch 1
Email, FTP Servers
Web
SAP
Corporate Headquarters
NetEnforcer RouterSwitch
Branch 2
Manage Multiple Links Manage Multiple Links
Policy Table (v4.1)Pipe 1 – 192.11.12.x to Any Max (128kbps)
SAP – Min 64 kbps
FTP – Max 56 kbps
Pipe 2 – 192.11.13.x to Any Max (256 kbps)
SAP – Min 128 kbps(Set Eternal Bandwidth to 384kbps)
Policy Table (v4.1)Pipe 1 – 192.11.12.x to Any Max (128kbps)
SAP – Min 64 kbps
FTP – Max 56 kbps
Pipe 2 – 192.11.13.x to Any Max (256 kbps)
SAP – Min 128 kbps(Set Eternal Bandwidth to 384kbps)
192.11.13.x
192.11.12.x
256 Kbps
128 Kbps
19
Allot’s Citrix-QoS Solution – Benefits to the customer
High ROI (return on investment)Citrix can be used on the Internet (public network)Citrix and other IP traffic share same WANCitrix bandwidth requirement is pre-defined and therefore less bandwidth overall is requiredCitrix performance is guaranteed and enhancedCitrix applications get “the right attention” in the network
Better management of trafficAllow capacity planning and troubleshooting
Protect against DoS (denial of service) attacks
20
Allot’s Citrix-QoS Solution – NetEnforcer’s Advantages
NetEnforcer Per Flow Queuing permits assignment of QoS per Citrix application or per userNetEnforcer enables prioritizing Citrix over other traffic (such as Email and file transfer)
Batch traffic (like FTP) can still run but won’t “freeze” Citrix
Mark Applications with Differentiated Service (DiffServ) Levels for end-to-end QoS Limit and control Print jobs and file transfers so they don’t affect other Citrix usersNetEnforcer/NetAccountant allows for detailed monitoring and application and IP accountingNetEnforcer enables protection for DoS attacks and other malicious traffic flows
21
Enhancing Security:Preventing a DoS Attack
with the NetEnforcer1. Attacker sends
Broadcast ICMP with Victim’s spoofed address
2. Unwitting accomplices send ICMP Echo Reply (with Victim’s address)
3. NetEnforcer detects high number of new ICMP connections and blocks them.
Unwitting Accomplices
Attacker
Victim’s InternalNetwork
NetEnforcer
321
22
EducationEducation
Selected Enterprise Customers
Banking / Finance CorporationsCorporations
GovernmentGovernment
Aeroporto de PortugalNorway National RR
(Italy)
23
Why Allot ? Ease of use – easiest way to have your QoS up and running – simple, intuitive and graphically pleasingApplication recognition – including CitrixApplication performance enhancement Real-time and historical traffic monitoring and all-session IP accountingComplete policy-based IP traffic management including traffic redirection to cache and server load balancingHigh performance and high availability
155 mbps, supports highest number of policies in the industryIdeal for enterprise and data centersFail safe operation
24
Contact Details
Americas
250 Prairie Center Drive #355
Eden Prairie, MN 55344
Tel (952) 944-3100
Fax (952) 944-3355
International HQ
Hod-Hasharon, 45800
Israel
Tel 972-(0)9-761-9200
Fax 972-(0)9-744-3626
Japan
Nishi Ginza Bldg 2F
5-5-9 Ginza Chuo-ku,
Tokyo 104-0061, Japan
Tel: 81 3 5537-7114
Fax: 81 3 5537-5281
Europe, Middle East and Africa
World Trade Center
1300, Route Des Cretes
BP 255 Sophia Antipolis Cedex
France 06905
Tel 33-(0)4-92-38-80-27
Fax 33-(0)4-92-38-80-33
Asia Pacific
9 Raffles Place,
Republic Plaza #27-01
Singapore 048619
Tel: 65-832-5663
Fax: 65-832-5662
www.allot.com