Post to Twitter
When Citrix first announced NetScaler VPX at Synergy in May, we also announced that we would offer a virtual appliance for Branch Repeater that will be generally available in the first half of 2010. We want to get your input on where, when and how you will use Branch Repeater VPX.
Keep in mind that Branch Repeater is a symmetric solution which means it requires an appliance at both ends of a WAN connection. Today these must be physical appliances but with the upcoming VPX form-factor, one or both could be virtual appliances.
So when, where and how will you use a virtual Branch Repeater? Take our quick poll and then share your comments.
Tim Greene over at Network World has just posted a great article titled The ABCs of WAN Optimization Savings. The article walks through the various functions of today's WAN optimization devices and how these technologies add up to big savings for IT. Citrix is singled out in the article for our dominance in speeding up virtual desktops and applications, something we have offered since delivering ICA acceleration with Branch Repeater 5 back in February.
As part of the HDX technology framework, Branch Repeater includes a suite of WAN optimization technologies that have been adapted for virtual environments. Since the underlying WAN optimization technologies are discussed in the Network World article, I will explain how Branch Repeater is unique in applying these to accelerate and optimize virtual desktops and applications.
Compression and caching - By default, XenApp compresses all ICA traffic to optimize individual user sessions. Branch Repeater automatically negotiates with XenApp to disable the native ICA compression in order to cache common graphics and data locally in the branch and compress traffic across multiple user sessions. Branch Repeater is the only WAN optimization solution that can inspect the ICA virtual channel to help determine whether to store cached data objects in memory or on disk. This helps to minimize latency for interactive traffic (screen updates, mouse movements) while maximizing compression ratios for bulk transfers within ICA (printing, file transfers).
TCP acceleration - Like any TCP-based traffic, ICA performance can suffer due to high latency and packet loss common on long distance WAN connections. Branch Repeater overcomes these issues with adaptive TCP flow control that senses these conditions and responds by optimizing TCP behavior.
QoS and traffic prioritization - In many networks, ICA shares the wire with other bandwidth hungry applications. Network congestion can 'starve out' ICA traffic causing slow and inconsistent performance. Branch Repeater prioritizes traffic and allocates bandwidth to ensure reliable, high-performance for virtual desktops and applications. However, not all data transmitted within ICA should receive equal priority. For instance, interactive screen data should be prioritized above print jobs. To address such conflicts, Branch Repeater provides the only ICA-aware QoS engine that can granularly allocate bandwidth based on virtual channel priority tags.
Branch Repeater ICA acceleration goes beyond optimizing each of these core technologies for virtual desktop and application delivery. Virtual environments tend to be far more dynamic and flexible than traditional enterprise applications. For this reason, Branch Repeater is fully integrated with XenApp and other HDX technologies to apply the right mix of optimizations for every scenario over any network. And since many of the techniques involve peering inside the ICA session, Branch Repeater works with native ICA encryption (Basic and Advanced RC-5) so there is no compromise to end-to-end security.
The Network World article wraps up by suggesting that businesses consider WAN optimization gear when deploying new applications. Rolling the cost of WAN optimization into a larger IT project - such as desktop virtualization - can be a cost-effective way to pay for the solution. So if you are considering deploying virtual desktops (VDI) in your organization, be sure to include Branch Repeater as part of your plans.
Branch Repeater appliances are great for providing application acceleration to your branch offices users. However, what do you do about individual remote users working from home, on the road or out of an office that is not equipped with a Branch Repeater?
Back in 2007 Citrix was one of the first companies to introduce a software-based WAN optimization client to address this need. Initially called WANScaler Client, our software client has evolved and is now called Repeater Plug-in for Citrix Receiver.
As the name implies, the client is now packaged as plug-in for Receiver for Windows. As with all plug-ins, you can use Citrix Dazzle and Citrix Merchandising Server to easily distribute the software to remote users. Once installed, the software appears as the acceleration plug-in under the "Advanced" tab within Receiver and immediately begins accelerating all application traffic.
Not using Citrix Receiver yet? Don't worry. Repeater Plug-in is available as a MSI that can run standalone without Receiver.
Repeater Plug-in for Citrix Receiver supports the same set of acceleration features as the previous WANScaler Client. This includes TCP flow control, compression and application protocol acceleration for CIFS, FTP, HTTP and now MAPI - also added in Branch Repeater 5.5. The plug-in is compatible with leading VPN solutions including Citrix Access Gateway. With Access Gateway we actually accelerate the traffic within the secure SSL tunnel. In fact, just this week we published a performance report showing how you can Turbocharge Access Gateway by up 50x. Check it out.
Take this quick survey to tell us more about the solutions your organization uses to optimize your WAN.
.jpg)
Last year we introduced Branch Repeater with Windows Server -- the industry's first branch-in-a-box. Branch Repeater with Windows Server natively integrates Citrix ICA acceleration, application acceleration and WAN optimization technologies with essential file, print, network and authentication services. Branch Repeater with Windows Server allows you to eliminate dedicated branch office servers and consolidate these services onto an integrated appliance.
The initial version of Branch Repeater with Windows Servers was built on Windows Server 2003R2 -- still the most commonly deployed server OS in branch offices. However, this year Windows Server 2008 adoption will eclipse Windows Server 2003. The release of Branch Repeater 5.5 adds Windows Server 2008 as a new platform choice for Branch Repeater with Windows Server appliances (the 2003R2 version is still available and customers who buy this version will be able to upgrade to 2008 in the future if they have a maintenance agreement).
Just like the 2003R2 version, Branch Repeater with Windows Server 2008 is fully and natively integrated with the Windows Server OS. This means there is a single OS running in the branch office, greatly simplifying remote support and maintenance. Using the provided management pack for Microsoft System Center Operations Manager, you can easily and cost-effectively manage all your remote appliances using existing server management tools.
In terms of supported services, Branch Repeater with Windows Server 2008 includes the same core services and the 2003R2 version - file, print, AD, DHCP, DNS, WINS, & DFS. In addition, I want to highlight a new feature available in Windows Server 2008 called Read-Only Domain Controller (RODC).
In the past many people had concerns about running a full DC in a branch office – and for good reason! RODC eliminates these issues by implementing a read-only AD DS database and unidirectional replication. Any changes or corruption that a malicious user might make at branch locations cannot replicate from the RODC to the rest of the forest.
With RODC you can also delegate local administrative permissions for an RODC to any domain user without granting that user any user rights for the domain or other domain controllers. This permits a local branch user to log on to an RODC and perform maintenance work on the server, such as upgrading a driver. However, the branch user cannot log on to any other domain controller or perform any other administrative task in the domain.
With RODC you can securely deploy a DC in any branch location for faster authentication and logon times. Is anyone out there already using RODC in their branches? If so, what are you experiences so far?
Over the next few weeks I will be blogging about some of the cool new features in Branch Repeater 5.5.
First up -- Exchange (MAPI) acceleration.
Everyone knows that Microsoft Exchange is the dominant enterprise email server commanding over 65% of the market. Most end users connect to their company's Exchange Server using a version of Microsoft Outlook installed on their desktop. MAPI (or Messaging Application Programming Interface) is the application layer protocol that Outlook email clients use to communicate with an Exchange Server.
As businesses have centralized their Exchange Servers in the datacenter, MAPI has become a top protocol operating over the WAN. By its nature MAPI is a "chatty" protocol which means it performs poorly in WAN environments. Branch Repeater 5.5 now automatically detects MAPI connections and responds by pipelining multiple MAPI messages together for transport across the WAN. By eliminating protocol chattiness, Branch Repeater makes Outlook/Exchange significantly faster over high latency connections.
Large email attachments are another cause of poor email performance. Branch Repeater addresses this issue by automatically compressing and de-duplicating email attachments.
The results are nothing short of stunning. In many cases you will see performance improvements of 10, 20 or even 50x.
Beyond accelerating the end-user experience, this feature also has a dramatic impact on reducing network bandwidth consumption. Imagine a user in a branch office emailing a 10MB attachment to ten other people in that office. Without Branch Repeater, the entire 10MB file must be transmitted to the Exchange Server and then transmitted back to the branch office ten times - once for each recipient. With Branch Repeater, the attachment is only transmitted across the WAN once.
Branch Repeater's Exchange (MAPI) acceleration is not just for branch offices. The Repeater Plug-in for Citrix Receiver brings this functionality to individual remote users working from home or on the road. Now you don't have to wait forever to download that large attachment while working in your hotel room.
Earlier I said that most users connect to their company's Exchange server using a locally installed version of Outlook. That makes sense since many users need offline access to their email. But wait a minute... XenApp also provides offline access to applications with application streaming. And guess what? A streamed version of Outlook talks MAPI too. So whether you have locally installed Outlook clients or are streaming Outlook with XenApp -- you need to try out Branch Repeater 5.5 in your network.
Several Citrix products have been nominated for the 2009 Information Security Magazine / SearchSecurity.com Readers Choice Awards:
- NetScaler, Application security: Web application firewall, application/code vulnerability assessment/QA, Web services security
- Access Gateway, Remote access: IPsec, SSL VPNs and other remote access products
- Branch Repeater, Other: Branch optimization/application acceleration solution
Thanks to your support, last year we won the Bronze Award under the 'remote access' category for Citrix Access Gateway and the Bronze Award under the 'application security' category for Citrix App Firewall.
While technically not a security product, Branch Repeater does play a role in building a secure IT infrastructure. Branch optimization allows businesses to centralize applications and data in secure datacenters without sacrificing end-user performance.
Surveys have already gone out to readers of Information Security and SearchSecurity.com via e-mail. If you received one of these surveys please take a few minutes and vote.
HDX MediaStream does a fantastic job of reducing the network bandwidth requirements for streamed video compared with rending the video on the server. When using HDX MediaStream your bandwidth requirements roughly equal the bit rate of the source video file. For lower quality clips, like those found on YouTube, this is around 256Kbps. For full HD content the bandwidth requirements can be as high as 8Mbps.
While this works great over a high speed LAN, trying to push that amount of data over typical branch office T-1 is another story. This problem is magnified even more when you have multiple users in the branch office who are repeatedly pulling down the same video content. In this situation, the video quality suffers and other business applications can be impacted. This issue has nothing to do with XenApp or XenDesktop. It is purely a function of the size of video file and the limited amount of available network bandwidth.
What can you do about this? Well if the culprit is the latest viral video making its way around the Internet you could attempt to block access to sites like YouTube. However, what if the video is for legitimate business purposes? I talked to one customer at Synergy who is rolling out a corporate compliance training video to their entire company using XenApp but is worried about the impact to network bandwidth.
Enter Citrix Branch Repeater and HDX IntelliCache. With Branch Repeater 5 we now participate in the ICA session and accelerate the ICA virtual channel used by HDX MediaStream. The first time the video is streamed to the branch office, Branch Repeater caches the content locally. The next time the video is requested, Branch Repeater serves the content from its local cache rather than pulling it across the WAN. Using branch caching, you can reduce the bandwidth requirements for on-demand videos by up to 90%.
Don't just take my word for it. You can see a demo if this in action on the latest edition of Brian Madden TV. (If you don't want to watch the entire episode you can jump ahead to 5:49 into the clip).