• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Blogs for Chuck Nila [ Blogs | Profile ]
Permalink | Twitter Post to Twitter | Comments (6) | Views (14318) |

27 Jan 2009 09:56 AM EST
Accelerating ICA Using WANScaler and Branch Repeater - New Ways to Improve Your WAN Efficiency
[ Tags:  architecture ,   xenapp ]
posted by Chuck Nila

As everyone is aware, in remote user situations or in installations where corporate branch offices may be located in remote facilities, WAN bandwidth is at a premium. And, in many cases IT departments struggle to make the most efficient use of the available bandwidth because of WAN latency. Citrix WANScaler and Branch Repeater are proven networking appliance solutions for compressing and accelerating traffic across the WAN, and has aided many customers in increasing the overall efficiency of their enterprise networks.

However, questions have always existed regarding ICA performance across the WAN. Although the ICA protocol is very efficient by design, it has been questioned whether ICA traffic could be accelerated or compressed even more by WANScaler, making even better use of limited bandwidth situations.

With help from customer input, Citrix has developed and implemented new technology which greatly improves performance of ICA over the WAN. With upcoming releases of XenApp (in conjunction with future firmware release for WANScaler and Branch Repeater) partners and customers will be able to deploy hosted XenApp applications over the WAN with more predictability and higher performance for end users. By taking advantage of the newly developed compression algorithms in WANScaler and Branch Repeater, designed specifically for ICA, XenApp traffic across the WAN will be greatly enhanced.

Recently, Citrix performed an in-house performance assessment in order to test the upcoming ICA compression enhancements. The purpose of this project was to conduct an assessment of XenApp performance (with and without WANScaler) in order to compile performance data reflecting the increased performance of the latest enhancements. This, in turn, would show the advantage and the increased performance of a network infrastructure that includes either a WANScaler or Branch Repeater in conjunction with a XenApp server farm.

The key findings from the assessment showed impressive ICA performance increases when using WANScaler in conjunction with XenApp servers. These findings include increases in overall amounts of data sent over a fixed-size WAN link, increases in compression rates of ICA traffic, and reduced wait times for the end-user. Ultimately, these results show improvements the overall end-user experience, and show availability for increased user traffic without increasing existing server & bandwidth infrastructure.

With the changes to WANScaler and Branch Repeater, XenApp users accessing hosted apps over the WAN will be more productive with Citrix ICA WAN acceleration. For example, some of the initial test data showed:

  • Improved application startup time by up to 22-39% per user. 
  • Improved file download capabilities via ICA client drive mapping by transferring data 2-6x faster while using an average of 2-20x less bandwidth.
  • Streamlined ICA print jobs over UPD by reducing bandwidth utilization by 3-30x and thus saving bandwidth for higher priority interactive traffic even while improving the speed of remote print spooling.

Over the coming weeks, we'll be talking more about the upcoming enhancements to WANScaler and Branch Repeater.  We'll dive into more details concerning some of the specific assessment testing results, and what they might mean to end-users who already have a Citrix WAN device in place, or are considering the possibility of integrating a device into their existing Citrix infrastructure.

Stay tuned...

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (14) | Views (31997) |

21 Dec 2008 11:59 AM EST
What's On YOUR 2009 "Wish List"?
[ Tags:  netscaler ,   architecture ,   provisioning-server ,   xenapp ,   xendesktop ,   xenserver ,   nonspecific ]
posted by Chuck Nila

As the New Year quickly approaches, we're all thinking of our New Year's resolutions, and I'm sure that on the top of each of your lists is "Improve the Capabilities of my Corporate Citrix Farm".

OK, maybe it's not at the TOP of your list...

But improving the reliability, scalability, and ease of use of your Citrix installations is an issue that most administrators face constantly. And, as the New Year is upon us, it might be a good time to reflect on that "one thing" that you can do to make your farm more productive, more secure, more reliable, and more manageable.

Along those same lines, I think it's a good time for Citrix to ask... What new products or enhancements would you like to see from us? What can WE do to make your job easier? What can we do to make your farm more secure? What can we do to provide you with the tools you need to make your Citrix installation perform in ways you have not been able to achieve?

Feel free to reply with your #1 ITEM (just one, make it your biggest) that you would like Citrix to focus on in the upcoming year. If it's a direction that we're already working towards, and you'd like us to continue, let us know! If there's an area that you think we should look at, we'd like to know that as well! Although I can't personally promise that your suggestion will work it's way to the top of our list, I think that your feedback, as always, is an integral part of our corporate direction, and helps us to plan for the future as well.

So, let the 2009 wishes begin!...

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (2) | Views (8750) |

21 Dec 2008 11:24 AM EST
Not Quite Ready for Access Gateway?
[ Tags:  architecture ,   xenapp ]
posted by Chuck Nila

You Can Still Creating a Secure Portal to Your Applications Using Citrix Secure Gateway!


In a perfect world, all the applications published on a XenApp farm would only need to be accessed internally, behind the firewall, using company equipment. But, unfortunately in today's world, that perfect environment rarely exists. In most instances, applications on the internal network need to be accessed by users outside the firewall. And, these users can range from trusted resources such as remote employees, to non-employee resources such as third-party vendors and outside contractors.

For many, the solution to this problem has been to allow secure access to the internal network via dedicated B-to-B lines or software VPN connections. Although these are solid solutions for allowing internal access, these are also drawbacks. Dedicated B-to-B VPN lines can be expensive, and unless the number of remote users is substantial, in many cases the costs are hard to justify. And for those have had to use software VPN clients, we all know that they are not always the most dependable or user-friendly pieces of software out there! And, unless properly configured, software VPN connections require users to deal with multiple logins.

In many cases, the Citrix Access Gateway (CAG) is the most viable solution to supplying SSL VPN connectivity to remote users. It provides the highest level of security by allowing complete customization, allows for high numbers of concurrent users (up to 10,000 users on a Series 10000 CAG), and provides increased flexibility for a broad range of end-user devices.

However, depending on the needed scalability level of your XenApp farm, the number of users, and other determining factors, you may not NEED all of the benefits that a CAG can offer. But, that does not mean that you need to fall back onto the "same old ways" of providing SSL VPN access to your remote users. With Citrix Secure Gateway (CSG) you can provide secure access to your internal applications for farms not requiring all the features available within CAG.

The Citrix Secure Gateway is an application that runs as a service on a server that is deployed in the DMZ. The server running the Secure Gateway represents a single point of access to the secure, enterprise network. The Secure Gateway acts as an intermediary for every connection request originating from the Internet to the enterprise network.

A CSG is installed in a network's demilitarized zone (DMZ) to form a secure perimeter around the Citrix components in your enterprise network. The CSG authenticates users connecting over the Internet and establishes a secure channel for data exchange between the client device and the Citrix Presentation Server.

The CSG eases firewall traversal and provides a secure Internet gateway between Citrix Presentation Server and client devices. All data traversing the Internet between a remote workstation and the Secure Gateway is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. The CSG transparently encrypts and authenticates all user connections to protect against eavesdropping and data tampering.

The Secure Gateway has features for enhanced security, certificate management, deployment, scalability, logging and instrumentation, and support for networking protocols.

For more information on Citrix Secure Gateway, configuration options, and proposed farm implementations, you can refer to the following Citrix documents:

Citrix Secure Gateway Administrator's Guide

Detailed Description of the Secure Gateway Connection Process (CTX117728) 

Expand Blog Post