Tim Greene over at Network World has just posted a great article titled The ABCs of WAN Optimization Savings. The article walks through the various functions of today's WAN optimization devices and how these technologies add up to big savings for IT. Citrix is singled out in the article for our dominance in speeding up virtual desktops and applications, something we have offered since delivering ICA acceleration with Branch Repeater 5 back in February.

As part of the HDX technology framework, Branch Repeater includes a suite of WAN optimization technologies that have been adapted for virtual environments. Since the underlying WAN optimization technologies are discussed in the Network World article, I will explain how Branch Repeater is unique in applying these to accelerate and optimize virtual desktops and applications.

Compression and caching - By default, XenApp compresses all ICA traffic to optimize individual user sessions. Branch Repeater automatically negotiates with XenApp to disable the native ICA compression in order to cache common graphics and data locally in the branch and compress traffic across multiple user sessions. Branch Repeater is the only WAN optimization solution that can inspect the ICA virtual channel to help determine whether to store cached data objects in memory or on disk. This helps to minimize latency for interactive traffic (screen updates, mouse movements) while maximizing compression ratios for bulk transfers within ICA (printing, file transfers).

TCP acceleration - Like any TCP-based traffic, ICA performance can suffer due to high latency and packet loss common on long distance WAN connections. Branch Repeater overcomes these issues with adaptive TCP flow control that senses these conditions and responds by optimizing TCP behavior.

QoS and traffic prioritization - In many networks, ICA shares the wire with other bandwidth hungry applications. Network congestion can 'starve out' ICA traffic causing slow and inconsistent performance. Branch Repeater prioritizes traffic and allocates bandwidth to ensure reliable, high-performance for virtual desktops and applications. However, not all data transmitted within ICA should receive equal priority. For instance, interactive screen data should be prioritized above print jobs. To address such conflicts, Branch Repeater provides the only ICA-aware QoS engine that can granularly allocate bandwidth based on virtual channel priority tags.

Branch Repeater ICA acceleration goes beyond optimizing each of these core technologies for virtual desktop and application delivery. Virtual environments tend to be far more dynamic and flexible than traditional enterprise applications. For this reason, Branch Repeater is fully integrated with XenApp and other HDX technologies to apply the right mix of optimizations for every scenario over any network. And since many of the techniques involve peering inside the ICA session, Branch Repeater works with native ICA encryption (Basic and Advanced RC-5) so there is no compromise to end-to-end security.

The Network World article wraps up by suggesting that businesses consider WAN optimization gear when deploying new applications. Rolling the cost of WAN optimization into a larger IT project - such as desktop virtualization - can be a cost-effective way to pay for the solution. So if you are considering deploying virtual desktops (VDI) in your organization, be sure to include Branch Repeater as part of your plans.

Oracle EBS 12.1 runs on XenApp

Citrix XenApp™, a member of the Citrix Delivery Center™ product family, is the industry's de facto standard for delivering Windows-based applications with the best performance, security and cost savings. XenApp is the most complete application virtualization system available with the ability to virtualize applications on both the client side and server side, delivering them on demand based on the user, the application or the location (online or offline).

By centralizing applications and data in secure datacenters, IT can reduce the costs of management and support, increase data security and facilitate business continuity. XenApp Platinum Edition adds critical capabilities for application performance monitoring, secure remote access, WAN optimization and single-sign-on application security.

Citrix XenApp is compatible with Oracle E-Business Suite 12.1. Organizations of any size can deploy XenApp on industry standard servers anywhere in the datacenter, on a single server or across all cloud computing datacenters. This simple integration takes Enterprise applications into the virtual realm, allowing customers to run Oracle on Virtual Machines, within XenServer, delivered to the end user through XenApp.

Tap into the power of AppExpert!

Oracle EBS 12.1 is integrated with Citrix NetScaler

Deployed in front of Web servers, NetScaler application delivery controller models combine load balancing and content switching. Potential benefits include application acceleration, content caching, SSL acceleration, network optimization, and application performance monitoring in a single built-for-purpose hardware platform. Unlike other approaches that require multiple point products, NetScaler is an all-in-one appliance that is easy to deploy, configure, and operate with AppExpert Visual Policy Builder GUI-based tools, AppExpert Templates, and multiple wizards.

NetScaler 9.1 is available in both hardware-based (NetScaler MPX) and application-based deployments (NetScaler VPX). All deployment options available in version 9.1 are compatible with Oracle E-Business Suite 12.1. Organizations of any size can deploy NetScaler VPX on industry standard servers anywhere in the datacenter. NetScaler VPX enables load balancing, application acceleration, application security and server offload to become virtual appliance-based services that can be easily and dynamically deployed; on-demand and anywhere in the datacenter. Whether installed on a single server or across all cloud computing datacenters.

Download the Citrix NetScaler, Oracle EBS 12.1 Deployment Guide.

Download the Citrix NetScaler, Oracle EBS 12.1 Data Sheet.

Tap into the power of AppExpert!

Cloud Networking is fast

You can create a complete end-to-end network from the datacenter to the cloud. All cloud servers communicate securely over SSL VPN.

Between the datacenter and the Amazon EC2 cloud is a site-to-site SSL VPN built with Vyatta. On the XenApp server in the cloud runs the Citrix Accelerator which connects back to the Citrix Branch Repeater/WANScaler at the datacenter, to accelerate data connections. The Citrix Accelerator makes cloud computing fast, Vyatta makes it secure.

The reason for using Vyatta site-to-site SSL VPN between the datacenter and Amazon EC2 cloud is there needs to be a secure network between the two for the transfer of data. The Vyatta AMI (Amazon Machine Image) can also function as a complete router and firewall. The Vyatta SSL VPN router provides security with scalability.

As you can see from the network diagram and video, complete routing from the datacenter to the Amazon cloud network is seamless. Data resides at the datacenter and is accessed, over the SSL VPN, by the Application running in XenApp. The remote user connects to XenApp, runs the application, and the application delivers the data to the remote user, quickly and securely.

To get your own cloud, go here.

Configurations used

Vyatta SSL VPN (V1) - Datacenter Configuration
Vyatta SSL VPN (V2) - Cloud Configuration
Windows VPN Client - Cloud Configuration

Links for this solution

Vyatta - go here
Amazon EC2 - go here
XenServer is Free! - go here
XenApp - go here
XenApp VPN Client - go here
Dell Server - go here
IP Addresses - go here

Watch This

Read more news like this.

Its powerful AppExpert!

HDX MediaStream does a fantastic job of reducing the network bandwidth requirements for streamed video compared with rending the video on the server. When using HDX MediaStream your bandwidth requirements roughly equal the bit rate of the source video file. For lower quality clips, like those found on YouTube, this is around 256Kbps. For full HD content the bandwidth requirements can be as high as 8Mbps.

While this works great over a high speed LAN, trying to push that amount of data over typical branch office T-1 is another story. This problem is magnified even more when you have multiple users in the branch office who are repeatedly pulling down the same video content. In this situation, the video quality suffers and other business applications can be impacted. This issue has nothing to do with XenApp or XenDesktop. It is purely a function of the size of video file and the limited amount of available network bandwidth.

What can you do about this? Well if the culprit is the latest viral video making its way around the Internet you could attempt to block access to sites like YouTube. However, what if the video is for legitimate business purposes? I talked to one customer at Synergy who is rolling out a corporate compliance training video to their entire company using XenApp but is worried about the impact to network bandwidth.

Enter Citrix Branch Repeater and HDX IntelliCache. With Branch Repeater 5 we now participate in the ICA session and accelerate the ICA virtual channel used by HDX MediaStream. The first time the video is streamed to the branch office, Branch Repeater caches the content locally. The next time the video is requested, Branch Repeater serves the content from its local cache rather than pulling it across the WAN. Using branch caching, you can reduce the bandwidth requirements for on-demand videos by up to 90%.

Don't just take my word for it. You can see a demo if this in action on the latest edition of Brian Madden TV. (If you don't want to watch the entire episode you can jump ahead to 5:49 into the clip).

NetScaler Virtual Machine

Today, Citrix announced a virtual appliance version of their NetScaler Application Delivery Controller - the NetScaler VPX, the first of its kind. All of the functions that traditionally were performed in the datacenter can now be performed in the domain of virtual machines. Load balancing, application acceleration, security and offload functionality are now available as a XenServer virtual appliance.

Industry's first Virtual Load Balancer

No other vendor offers this type of software as a Virtual Appliance. By making advanced web application delivery functionality available as a virtual appliance, NetScaler VPX drives convergence of virtualization and networking. In the continued movement toward simple and affordable convergence, NetScaler VPX makes sophisticated application delivery functionality available to any size organization. This breaks down deployment barriers for all types of organizations.

What used to run on a proprietary piece of hardware now runs on any hardware that supports virtualization. Because there is no physical appliance to ship, install or move VPX can be installed at a moment's notice, on any server running XenServer.

The challenge

• Check out The Great NetScaler VPX challenge and get $10,000.
• The Tech Preview will be downloadable from citrix on May 18th.
• If you are running VMWare, you need to run Xen - and why wouldn't you, Xen is free.
  

NetScaler VPX

It's powerful - AppExpert!

Integrating IWSVA 3.1 with Citrix NetScaler

Trend Micro InterScan Web Security Virtual Appliance 3.1 (IWSVA 3.1) is both a horizontally scalable (increasing capacity through additional servers) and vertically scalable (increasing capacity through CPU / memory or disk improvements) product and thus has clear options for increasing capacity and lowering latency.

However, IWSVA 3.1 does not offer built-in load balancing or high availability functionality in the standalone product. Customers desiring this functionality in the standalone IWSVA 3.1 solution must incorporate a third-party product to meet these needs.

The Citrix NetScaler is a powerful solution that matches the performance capabilities of the IWSVA 3.1 application while providing the key business continuity and load distribution functionality that enterprise environments require. Here are some recommended configurations when using IWSVA 3.1 with Citrix NetScaler:

• Citrix NetScaler placed in Transparent mode. This configuration does not require any endpoint browser modifications. This simplifies deployments.

• Trend Micro IWSVA 3.1 in Forward Proxy Mode. Although Citrix NetScaler in transparent mode provides endpoint transparency, you must still place IWSVA 3.1 in forward proxy mode for this functionality to work. This means that all upstream devices will see the MAC and IP addresses of the scanning IWSVA 3.1, not those of the endpoint. This may affect some gateway firewall rules or other applications. Citrix requires an identifying path to distribute load and so cannot aggregate traffic across multiple IWSVA 3.1s while the IWSVA 3.1 cluster is in Forward Proxy mode.

• Citrix NetScaler using "Source IP" persistence. Persistence takes precedence over a configured Load Balancing policy. This ensures that specific endpoints pass through to the same IWSVA when state information is available.

• Citrix NetScaler using the "Least Connections with LRTM" load balancing algorithm. If your environment does not require specific state continuity (in other words, it is acceptable to allow endpoints to pass through any available IWSVA 3.1 for scanning), this algorithm monitors the current number of connections on all IWSVA instances and forwards the incoming requests to the IWSVA with the fewest busy connections.

Read more here...

Its powerful AppExpert!

Monitoring the Wanscaler This is the fouth video in the four part series of configuring a Wanscaler environment for FTP demonstrations. The first in this series is Configuring the W2K3 machine. The second is configuring the XPclient, third is configuring the Linktropy Wan simulator, and fourth is monitoring the Wanscaler

Configuring the Linktrophy. This is the third video in the four part series of configuring a Wanscaler environment for FTP demonstrations. The first in this series is Configuring the W2K3 machine. The second is configuring the XPclient, third is configuring the Linktropy Wan simulator, and fourth is monitoring the Wanscaler

Configuring the XPclient. This is the second video in the four part series of configuring a Wanscaler environment for FTP demonstrations. The first in this series is Configuring the W2K3 machine. The second is configuring the XPclient, third is configuring the Linktropy Wan simulator, and fourth is monitoring the Wanscaler

Configuring the W2K3 server for FTP transfer. This is the first video in the four part series of configuring a WanScaler environment for FTP demonstrations. The first in this series is Configuring the W2K3 machine. The second is configuring the XPclient, third is configuring the Linktropy Wan simulator, and fourth is monitoring the Wanscaler.

This is the second video in a two part series showing CIFS acceleration over a WAN link using Wanscaler. This video will demonstrate the amount of CIFS optimization that occurs in a Wanscaler environment. 

 Here is a video demonstration of Microsoft CIFS acceleration over WanScaler. Equipment used for this demo were Microsoft W2K3 server, an XP client, and a Linktrophy Apposite WAN simulator.

Although, the demonstration seems very simplistic CIFS acceleration represents a milestone in WAN acceleration and data networking, in general. CIFS is the protocol that is used by Microsoft Servers and clients to exchange information. The protocol was originally designed to function over a LAN environment with a minimum of 10 Mbps throughput, half-duplex. As enterprises began expanding their data services to remote offices CIFS, designed for a LAN was being used over low bandwidth, high latency WAN's. Performance and end-user experience vary greatly in this enviornment, and the protocol provides a very high, inefficient overhead. With an accelerator between the remote and central office, TCP transmissions are optimized and thus the protocol is streamlined. Users can now experience LAN like performance while being thousand's of miles away from HQ.

h.1 Watch this videotip

As web applications grow in complexity, the art of accelerating them seems to remain the same. This art is performed by applying some basic concepts to the application; that is, Caching, Compression, Load Balancing, Global Server Load Balancing, SSL Offload & Acceleration, Content Switching, TCP Multiplexing and SSL Session Reuse.

Citrix® is a leader in Gartners magic quadrant for Application Delivery with their flagship appliance NetScaler®. NetScaler accelerates web application performance by leveraging multiple acceleration technologies and innovative TCP optimizations.

Whether you are building out a new datacenter and architecting it the right way, or retrofitting an existing datacenter, Citrix NetScaler will perform and keep costs down. Whether you are looking to accelerate legacy enterprise applications such as Oracle or SAP, or building a new web 2.0 social community, Citrix NetScaler contains all of the tools to get you there.

Citrix NetScaler web application delivery solutions are purpose built appliances that accelerate application performance, while simultaneously reducing datacenter costs and improving web application security. Platforms range from the entry level 7000 to the latest MPX-series appliances that provide an industry-leading 15 Gbs of throughput at Layers 4 through 7.

There's more here: Case Studies, White Papers, Analysts , Datasheets

Check out the new MPX!

Buy it here!

Tap into the power of AppExpert!

Becoming an Application Expert means that you can profile an application and quickly determine how it can be architected or re-constructed for higher performance. Of course, we want you to use the Citrix Application Switch as part of the architecture. In Part 1, we learned how to profile an application to learn what it looks like as the traffic flows through the Citrix Application Switch. Now we will determine what parts of an application are cacheable and what parts are non-cacheable.

By Application Profiling we can determine which parts of the application are cacheable and non-cacheable just by looking at the Request and Response headers. The application will sometimes tell you through it's "Cache-Control" header directives. Some content that we just know is static and doesn't ever change, we can consider cacheable as static content. Content that changes, such as reports, are often considered non-cacheable but with the help of Selectors and Dynamic Content Groups in the Citrix NetScaler, this content can be cached. As a proof of concept, we deployed the Citrix NetScaler Application Switch in the front of Oracle E-Business Suite v12 application and implemented caching policies for both static and dynamic content. As it turns out, alot of static content is cached by default policies and setting up dynamic policies is not that difficult. To see how, read the Caching Deployment Guide for Oracle E-Business Suite v12.

Watch this Caching Tip:

Tap into the power of AppExpert!

Application Profiling

Introduction:

I can turn you into an Application expert in 5 minutes by reading this post.  Just do what the experts do, or even the not-so-experts.  They pay meticulous attention to the requests from clients and the responses from servers, both headers and body content.  You do this the old fashioned way by taking a trace.  There are better tools out there, some free, some not-so-free.

Running a trace:

Running a trace will help you 'profile' the application. It is recommended that you do this before placing the Citrix Application Switch in-line of the Application traffic. This will gather important information about the Application that will help you understand it's basic operation at Layer 7, and help you begin to understand what it is that needs to be accelerated - cached, compressed, load balanced, ssl offloaded, etc.

Running a trace exposes the flow of transactions between all points of interest. Traces are especially helpful when digging in to find what is contained within the headers being exchanged between the client and the application.

Taking a trace with wireshark:

The free network protocol analyzer called wireshark, http://www.wireshark.org, will capture packets for you on the localhost, whether it's windows or linux. By filtering the stream of packets by IP Address, right clicking and selecting 'Follow TCP Stream' inside of wireshark, you can see the headers for both requests and responses.

Wireshark tip 1 Find the first 'SYN' in the stream, right click, 'Follow TCP Stream'.

Wireshark tip 2 Client requests are in Red, Server responses are in Blue.

Taking a trace with the Citrix Application Switch:

If the Citrix Application Switch is already in place, a trace can be run directly on the Citrix Application Switch. Running a trace will expose the flow of transactions between all points of interest, especially the client, load balancing VIPs and backend servers. Traces are especially helpful when digging in to find out if the proper headers are being exchanged between client & VIP and VIP & backend servers. A trace can be run directly on the Citrix Application Switch. Once downloaded this file can be opened and request and response headers read with Wireshark, a free network trace utility, http://www.wireshark.org. From the Citrix Application Switch GUI, navigate to NetScaler -> System -> Diagnostics -> New Trace -> Run. 

Viewing headers with Paros:

Paros was originially written for web security, but has value when viewing request and response headers, cookies and the like. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted. There is an additional option of trapping and modifying data before sending it on to the server, or client. Paros can be found at http://parosproxy.org. Free.

Viewing headers with Live HTTP Headers:

Live HTTP Headers, http://livehttpheaders.mozdev.org/, was developed for use with the Firefox web browser. It is a free add-on and allows you to view HTTP header information in real time. Free.

Viewing headers with IE Analyzer:

IEInspector HTTP Analyzer, http://www.ieinspector.com, is a tool that allows you to monitor, trace, debug and analyze HTTP/HTTPS traffic in real-time. It works with Microsoft Internet Explorer. Not-Free.

Viewing headers with IE Watch:

IEWatch, http://www.iewatch.com, is another plug-in for Microsoft Internet Explorer that helps you profile your web applications. You can use this tool to dig deep into the inner workings of web applications to find hidden issues. Not-Free.

Watch this Application Profiling Tip:

Tap into the power of AppExpert

The SAP Enterprise Service Oriented Architecture (SOA) provides a blueprint for services-based, enterprise scale business solutions that are adaptable, flexible, and open. Enterprise Services Architecture takes the concept of service-oriented architecture to a new level by transforming Web services into enterprise services. Bringing Citrix and SAP Enterprise Services Architecture together reduces the dependence on customized applications, and increases flexibility and reduces time to deployment while reducing operational expenses.

Watch this Load Balancing Tip:

Tap into the power of AppExpert

We recently had a meeting with a large partner of ours and they handed down some hefty requirements.  An average of 100 partners using their portal on any given month to access their development environments on the backend.  It was clear that NetScaler could scale, but the question was how to keep all of those partners separated from each other, without them peeking into each others traffic. It turned out to be easier than we thought using the NetScaler as an SSL VPN with the addition of some policies bound to each partner's user group.  The following is an overview of the network diagram, and there are some deployment guides to walk you through these installations.