Post to Twitter
Not very long ago I published a series on how to become an Application Expert. Citrix NetScaler 9.0 makes it easier with AppExpert Templates. NetScaler AppExpert Templates - introduced in NetScaler 9.0 - provide an application-centric view of the NetScaler system's policy configurations. From a single place within the GUI (AppExpert -> Applications) NetScaler administrators can: 1) Configure the various AppExpert features the NetScaler is fronting, 2) View which NetScaler functional modules (e.g., compression, caching, application firewall) are optimized and active for a given application unit.
Additionally, AppExpert Templates allow you to drill down and see which individual NetScaler policies are active, and what policies are inactive but available, by application component and NetScaler module. From this same view, individual policies can be created, activated and deactivated.
AppExpert Templates can be downloaded, imported, modified and exported AppExpert Templates page of the Citrix Community Website. Administrators can download AppExpert Templates built by Citrix, Citrix Partners and members of the NetScaler community from the Citrix Community Website. These templates are easily imported into any NetScaler running NetScaler 9.0 or higher, jump starting the configuration and deployment process. Templates developed in-house can be easily exported and shared within your organization, or posted back to the Citrix Community Website for others to view and improve.
See the new AppExpert Templates page here!
Tap into the power of AppExpert!
One of the long awaited new features in NetScaler 9.0 is XML security. In 2007, Citrix acquired QuickTree, a small privately-held software technology provider on the forefront of addressing the key security and performance challenges of XML, web services and Web 2.0. With Netscaler 9.0 the XML security capabilities acquired from QuickTree are fully integrated into the Netscaler web application delivery appliance.
Some the XML Security Features available in the new NetScaler release:
What's New
This release provides many enhancements to the policy infrastructure, including:
• Policies for analyzing the traffic rate
• Policies for sending queries to an external application
• Graphical tools for easier creation of policies (see the enclosed video tip for a demo)
• Configuration of policy labels and policy banks
• Policy expression parameters for analyzing new types of data, including IPv6 addresses.
• New documentation for policies and expressions.
Policies to Analyze the Traffic Rate
You can configure policies that parse the request rate or bandwidth usage. The most popular uses for policies based on traffic rate include limiting access to virtual servers or any other user-defined entity, and preventing network overload. You can configure NetScaler features to perform any other supported action based on the traffic rate, for example, redirecting traffic if the rate exceeds a particular threshold.
In this release, you can configure rate-based policies based on the following:
• The number of HTTP requests that the NetScaler intercepts.
• The number of DNS requests that the NetScaler intercepts.
• The bandwidth usage.
Policies to Send HTTP Requests to Remote Applications
You can configure HTTP callout policies to obtain information from external applications and parse the responses. For example, if a server makes a request, you can use an HTTP callout request to determine if this server is on a "deny access" list. The HTTP callout request can send the requesting server's domain to an application that looks up bad domains from a list. When the application sends a response to the NetScaler, the HTTP callout policy can extract the "allowed" or "denied" determination from the response.
To deploy the HTTP callout policy, you also create an agent in front of the application to format the HTTP callout request for the application. When the application returns a response, the agent formats the response for the NetScaler, so that the callout policy can extract data of interest from the response.
You can invoke HTTP callout policies from any other type of NetScaler advanced policy using the expression prefix SYS.HTTP_CALLOUT. For example, you can invoke an HTTP callout policy from a rewrite action and insert the value that is returned by the callout in an HTTP response header.
Policy Banks and Policy Labels
This release introduces new methods for configuring collections of advanced policies known as policy banks. Policy banks are groups of polices that share the same bind point:
• Built-in bind points are global or specific to a virtual server.
• A user-defined bind point is known as a policy label.
After you create a policy label and bind policies to it, you invoke the policy label (and its associated policies) from one of the built-in bind points. If you bind policies to a virtual server, you can also invoke the virtual server's policy bank from any other policy bank. You can invoke a policy label or policy bank using when binding a policy or by specifying a new "NOPOLICY" place-holder that performs invocation without processing a rule.
As part of policy bank configuration you can also create an arbitrary evaluation order by specifying Goto expressions.
A new graphical tool called the Policy Manager simplifies configuration of policy banks and invocation of policy labels.
Policy Manager and Other Usability Enhancements
In this release, some applications provide a specialized Policy Manager in the NetScaler configuration utility to simplify the binding of policies to an invocation point or a user-defined policy label, assigning policy priorities to policies, viewing the different policy banks that are configured in the feature. The Policy Manager also enables you to find and delete policies and actions that are not being used. As of release 9.0, the Policy Manager is available for the Rewrite, Integrated Caching, and Responder features.
In addition, the configuration utility simplifies the task of viewing policy bindings to vservers. A Visualizer in the Load Balancing and Content Switching features enables you to view policy bindings as well as service and monitor bindings.
See the enclosed video tip for a demo of the Policy Manager.
New Parameters for Classic and Advanced Expressions
New expression parameters have been provided for parsing additional types of data, including:
• IPv6 addresses
• String sets (comparisons with any or all strings in a set)
• Caching headers
• Dates and times
• File system information (files, directories, file system commands)
Policy Configuration and Reference Guide
A new policy guide provides comprehensive information on all the available parameters for advanced and classic policies and configuration instructions. This guide is available from the Documentation tab in the NetScaler configuration utility.
Video Tips
Video tip 1: Using the Policy Manager to add the first policy in a policy bank:
Video tip 2: Using the Policy Manager to add a second policy and order the policies in the bank:
NetScaler 9 is officially here. Well, actually, it's officially announced. It won't be officially available to download from mycitrix.com until November 27th. Yes, I know that's Thanksgiving. However, Citrix is a global company, and what better way to prove it than to post the NetScaler 9 code on a major US holiday? And, there is a chance that it might show up a day or two before the 27th.
NetScaler 9 is a pretty big release. Looking at the detailed feature tracker, it contains over 350 new features and feature enhancements. I'm not going to go through all of them in this post, because that's what release notes are for. However, I do want to highlight some of the major new features that folks seem to be most excited about, and point you to some additional resources on this site that go into a bit more detail on some of them.
I like to think that NetScaler acts as the bridge between the network and the applications that run on it, making each of them work better with the other. NetScaler 9 furthers this. A lot of the new capabilities and features making NetScaler more application-saavy than it already is. This is not to say that there aren't any hardcore networking enhancements in NetScaler 9, because there are a lot of them. These include everything from end-to-end support for IPv6 to enhancements to our GSLB functionality to the ability to tunnel IP within IP.
But in the end our networks are there to run applications, and it's the new AppExpert features in NetScaler 9 that seem to be generating the most interest.
AppExpert Templates make a given application the "first class citizen" within NetScaler. They do this by encapsulating everything about a NetScaler configuration that is specific to a given application, including:
- The different application components (e.g., pages, files, archives, Web Services) NetScaler is managing
- The various NetScaler entities and settings (e.g., VServers/VIPs, load-balancing algorithms, health checks, persistence methods, SSL offload settings) defined for these application components
- The specific NetScaler policies (e.g., caching, compression, application firewall, rewrite) used for the application
All of this is presented in a way that puts the application front and center, and configuration and policy changes can be made from there as well. So, while today understanding the entire NetScaler configuration for Microsoft SharePoint (for example) involves moving around between the various NetScaler GUI tabs, with AppExpert Templates everything is centralized in one place.
AppExpert Templates can be imported and exported as well, so they make it pretty easy to move app-specific configurations between different systems. More broadly, several folks have told us that this, and the general look and feel of AppExpert Templates, will help with knowledge transfer within their organizations. You can see an example of the Microsoft SharePoint template being imported and then applied here.
If you go here when NetScaler 9 becomes available in a couple of weeks, you'll be able to download AppExpert Templates we've already built. And, as you'll quickly notice, AppExpert Templates aren't static. The underlying infrastructure makes it really easy for you tweak a template to your own specific needs, or to improve the template by adding to it. Hopefully, you'll all post any improvements and modifications you make back to the community site so that others can benefit. And definitely look for additional AppExpert Templates to be made available by us, but Citrix partners, and hopefully by other NetScaler users.
With AppExpert rate controls, we've integrated the concept of data rate into the core NetScaler policy infrastructure. This allows building policies that are only triggered when a defined data rate is exceeded. And since it's integrated with the core policy infrastructure, it can be used with the various NetScaler functional modules (e.g., content switching, responder), so you're not limited to just dropping traffic as an action.
There's a number of ways folks have told us they're going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) isn't overwhelmed by requests is another. Two specific examples are:
- One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn't overwhelm the website and degrade the site's performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren't overwhelmed by any particular partner's use of the API.
- Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don't drown out other SharePoint (or other application) activity.
AppExpert service callouts make NetScaler policies extensible, and will allow you to integrate logic or functionality available in other systems and applications into NetScaler policies. Specifically, using an AppExpert service callout, a policy can send (over HTTP or HTTPS) any part of an incoming request to an external service. The result returned by the external service is then used like any other policy evaluation result.
As an example, one beta customer has an application that identifies and tracks IP addresses that are scraping its site's content. No, this is not the same customer that is interested in AppExpert rate controls. In earlier case, scraping is encouraged, they just needed to control it. In this case, the scraping of content amounts to theft, and the customer want to prevent as much of it as possible. Unfortunately, the IP addresses doing scraping change constantly (hence the reason they had to build an app), so statically defining them within the policy itself isn't practical. However, a service callout can query the application in real-time, and NetScaler then uses the response to either pass or drop the request.
Other use cases customers have mentioned include:
- Passing content to an external transformation engine
- Integration with UDDI or other directory services
- Geo-targeting or other token-based switching decisions, where the logic for the content switch is available in an external application
NetScaler 9 has the first availability of the XML technology we acquired from QuickTree last year. New XML protections in the NetScaler Application Firewall module will now be able to inspect and protect XML as well as HTML traffic. In addition to protecting XML-based applications from attack, this can also be used to ensure that incoming XML traffic conforms to various standards (e.g., XML syntax, schema, WSDL validation). With XML, sometimes "bad" traffic isn't malicious but is just a mistake. Either way, the XML capabilities in the app firewall will catch it.
We've had the ability to rewrite payloads within the TCP header or payload since NetScaler 8.0. However, in NetScaler 9.0 we've added a URL transformation 'mini-module' to our generalized rewrite functionality specifically for rewriting HREFs. While this function is often thought of in the context of either SSL VPN or application firewall, it has uses beyond these as well. For example, onboarding apps acquired through M&A activity, simplifying change management or "Akamai-zing" graphics content.
Again, NetScaler 9.0 is big release. There is a lot more than the app-centric things mentioned above. There is a pretty comprehensive What's New in NetScaler 9 writeup here for those of you that want a more comprehensive overview.
Updated November 12, 2008:
I received a question via comments asking about Access Gateway Enterprise enhancements. As many of you know, Access Gateway Enterprise is in essence another module in NetScaler. So, all Access Gateway Enterprise functionality is included in NetScaler, which is why NetScaler is such a great solution for Citrix XenApp and XenDesktop. There are definitely enhancement to Access Gateway Enterprise in NetScaler 9. At a high level, they are:
- Support for IPv6 XenApp Client Connections
- Single sign-on to file shares, so your users won't get get as annoyed by as many authentication prompts (unless you want them to be)
- Full clientless access to Microsoft SharePoint 2003 and 2007 so users can access SharePoint sites from any browser
- Historical charting which allows you to see trend data on system activity
Sean Whetstone, Head of IT Services at Reed Managed Services in the UK, is a big fan of going green. By using a combination of Citrix XenApp, NetScaler and XenDesktop, Reed Managed Services was able to reduce operating expenses by over 20%, centralize and secure data from over 300 offices, and reduce their carbon footprint by 2500 tons. According to the post on Sean's blog, Reed Managed Services was able to cut utility usage by 5,500,000 kilowatt hours to save over 100,000 pounds as a result of this project.
Sean recently posted a video interview he did at a Citrix event in London on his blog.
You can view Sean's presentation on this topic here.
Citrix Systems is closing the gap on the Number 1 Load Balancer for Web Applications. They are certainly a leader and not going to relent on the pace. Check out the Gartner Magic Quadrant. Further proving a commitment to Application Delivery, Citrix teamed with Akamai to extend Application Delivery from the datacenter into the cloud. Combining Akamai's efficiency in the cloud with Citrix's efficiency in the datacenter provides the ultimate in global acceleration of applications.
Citrix & Akamai Load Balancing Deployment Guide.
Tap into the power of AppExpert!
Read about the Citrix Load Balancer here.
Buy the Citrix Load Balancer here.
Citrix Education just announced the rollout of its redesigned certification program. The new certification structure, developed in collaboration with Citrix customers, offers candidates more choices such as certification tracks by role and specialization, as well as streamlined update paths that make it easier for IT professionals to stay current. The certification changes support IT professionals' need to demonstrate specialized knowledge in key server, desktop and application virtualization technologies.
The next generation of Citrix certifications deliver:
1. Certification by job level
Three levels of IT professional certification are offered, which allow candidates to match their certification path to their job role:
- Administrator Series - Consists of the Citrix Certified Administrator™ (CCA), which has been expanded to include tracks supporting Platinum product editions. Also offered is the new Citrix Certified Advanced Administrator™ (CCAA) certification, which takes the CCA one step further with in-depth product specialization.
- Engineer Series - Consists of the new Citrix Certified Enterprise Engineer™ (CCEE), which offers seasoned IT professionals the opportunity to validate their ability to combine the coordination of operational planning efforts with 'tactical design' expertise and integration know-how.
- Architect Series - Consists of a re-vamped Citrix Certified Integration Architect™ (CCIA) certification, which allows IT professionals to hone real world skills with a range of technologies to design strategic approaches to application and workload delivery.
2. Certification by solution
Various paths, including Application Virtualization, Desktop Virtualization, Server Virtualization and Application Networking, are available, so that IT professionals can align their certifications to the technology solutions most relevant to their job role.
3. Certification by product specialization
IT professionals can achieve specific designations for the latest Citrix products, such as Citrix XenApp™, Citrix® NetScaler®, Citrix XenDesktop™, Citrix XenServer™, and others, to prove their competency and skills on the latest enterprise products.
4. Simplified certification update paths
With the release of the next generation certification programs, update paths to the newest CCEE and CCIA certifications will be available for current advanced certification holders. These update paths will significantly reduce requirements by focusing on the domains, features and technologies that are most required to advance to the next generation CCEE and CCIA certifications.
For more information on the next generation certification structure, visit www.citrixeducation.com > Certifications.
Citrix EasyCall provides a simple and intuitive way communication enabling your existing applications with the flexibility of using any telephone.
EasyCall enables:
- Click-to-Call from any application
- Any telephone (mobile, office, home)
- Click-to-Call enabled directory & call-log
The embedded presentation below reviews the features of Citrix EasyCall.
Click here to view the presentation in full screen at Slide Share.
Here is a short demo video that covers how to use EasyCall and reviews briefly how it works.
EasyCall Demo video
EasyCall is a standard feature on:
- Citrix XenApp Platinum Edition
- Citrix NetScaler Platinum Edition
- Citrix XenDesktop Platinum Edition
You can find the EasyCall Administrator's Guide here and the Getting Started Guide here. The EasyCall User Guide is at this link.
There are several Systems Integrators Guide for various phone systems -
Nortel
Avaya
Bandwidth.com
Citrix technologies have been around for almost 20 years, we have helped other companies to stay on their feet during time of economic crisis by implementing access and application virtualization technologies that not only helped them succeed with their business needs but also reduced their operational costs.
With the economy outlook looking so obscure, companies have begun seeking for new ways to reduce costs while challenged to provide their customers with unchanged level of services and products.
Understanding what technologies to invest in times like this can be crucial decision; while researching some market trends I stumbled upon a recent post on ZDNet by Dan Kusnetzky with the title "Can virtualization help when times get tough?"
After a brief analysis Dan pointed our six ways virtualization can help a company financially, here they are:
- Access virtualization, such as that offered by Citrix and Microsoft, can make it possible for administrative and operational cost reductions while still making needed applications available in a secure, reliable way.
- Application virtualization, such as that offered by Citrix, Microsoft and many others, can make it possible for applications to be made available to staff members in a reliable way and even make it easier to update these applications without having to visit each and every laptop or desktop computer.
- Processing virtualization, such as that offered by Citrix, IBM, HP, Microsoft, Oracle, Sun, Virtual Iron and many others can either allow many machines to work together to get tasks done more quickly to optimize staff member's time or consolidate tasks onto a smaller number of physical machines. This approach can result in hardware, software, operational and administrative cost reductions.
- Network virtualization can make it possible to reduce the costs of administrative and operating costs.
- Storage virtualization can do for storage what processing virtualization does for processing.
- Management and security software for virtualized environments may be the area having the biggest opportunity for cost reduction.
Citrix was mentioned not once or twice, but at least 3 times and shows how we've managed to grow exponentially our portfolio; Citrix is now more than ever the ONLY end-to-end virtualization company from Network (NetScaler, WanScaler), Server (XenServer, Provisioning Server), Application (XenApp) all the way to Desktop (XenDesktop).
To compliment the great work done by Dan pointing out the values of virtualization, I will list below some extra reading that can help you define the best strategy to save money while using virtualization technologies:
The Economic Impact of Provisioning Server Streaming Platform
This study describes the financial impact of moving from a traditional datacenter environment, where individual servers are dedicated to specific functions, to an environment where applications and content are streamed to an individual server that exists in a pool of shared servers dynamically using Provisioning Server.
Virtual Desktop ROI Calculator
Calculate your savings with a desktop delivery solution you can take to the bank!
Green IT: Reducing Your Carbon Footprint with Citrix
This white paper explains how Citrix solutions can help bring environmental and organizational objectives into alignment, by alleviating the energy impact of equipment needed to serve both the datacenter and the desktop.
For more, visit: Citrix.com/Solutions
Best,
Gus
PS. Sorry if some of the links require a sign up; I hate signing up for stuff, but these docs are totally worth it...
...And don't forget to check out Chris Fleck's posts about Cloud Economics:
I recently recorded a video session with Tim Bardzil and Eric Wolf, two team members of the Citrix Wanscaler Product Marketing group. The video is a Frequently Asked Questions session on the Citrix Systems Branch Repeater. This video can be used to address some of the common hardware and feature capabilities of the Branch Repeater.
Watch this video tip
You are planning for a WANScaler implementation in your datacenter. For redundancy, you have multiple physical WAN Links and are planning to use the WANScalers in the simple "in-line" deployment in each one of the links.
While the WANScaler supports this configuration natively with the "group mode" feature set, network architects may wish to use an external link load balancing method instead. Depending on your network architecture, group mode can lead to additional traffic on the LAN side as network architects may not have the luxury of a separate network to handle the group mode related traffic .
This is where Citrix NetScaler can come to the rescue in a powerful way. NetScaler supports link load balancing capabilities that are well described in the product documentation. However, when designing for link load balancing with WANScaler in the picture, it is critical to ensure that the WANScaler appliances see all TCP segments associated with a connection in both directions. Therefore, special considerations need to be taken when designing link load balancing for WANScaler implementations:
(a) For connections initiated in the datacenter, it is critical that all TCP segments of the connections keep flowing over the same WAN link in both directions. This can be achieved by ensuring certain settings are applied (such as destination IP based persistency and the RNAT switch).
(b) For connections initiated from a branch office or a mobile user, the link load balancing decision must be made prior to the connection being actually established. This can be done by leveraging the DNS-based selection of NetScaler's Global Server Load Balancing capability (although we're not load balancing data centers in this example). Furthermore, once a selection is made by GSLB, the return packets must not be link load balanced, but must stick to the path selected in the GSLB step.
Sounds complicated? It's not too bad and to make it easier for you, you can read all about it in the Consulting Solutions design considerations article published here.
This is the second blog in my series on Wan Optimization and Distributed Storage.
Remote Copy provides a powerful and flexible method for reproducing data and keeping that replicated data available for disaster recovery, business continuance, backup and recovery, data migration and data mining. For example in figure 1 the accounting department in Chicago runs a corporate accounting application and stores the resulting data. The designated backup site is in San Francisco. Nightly at 11:00 p.m., accounting updates are copied to the San Francisco facility using Remote Copy. Remote copying follows a three-step process.
1. Creation of a primary snapshot at the Chicago facility - this is called the primary snapshot, 2. Creation of a remote volume at the San Francisco office. Then you create a remote copy of the primary snapshot to the remote volume. 3. The system then copies data from the primary snapshot to the remote snapshot.
So, you ask "what is a snapshot?" A storage snapshot is a set of reference markers, or pointers to data stored on a storage area network (SAN). A snapshot is something like a detailed table of contents, but it is treated as a complete data backup.There are two types of snapshots - the first being the copy-on-write which creates a snapshot of changes to existing data every time the data is modified or new data is added to the volume. The second is split-mirror which creates a snapshot of all the existing data including the new and updated data. Copy-on-write involves the transfer of less amounts of data than the split-mirror method.
In a typical Distributed Storage environment Copy-on-write snapshots are scheduled for daily or weekly copies from primary to remote sites. These snapshots transfer data over a Wide Area Network and by utilizing Wanscaler Wan Optimization devices at both sites these data transfers are accelerated the time of complete transfer of the data is greatly reduced. In my next blog I will demonstrate Remote Copying within a Distributed Storage environment both with and without Wan Optimization to show the dramatic decrease in transfer times.
In my next blog I will demonstrate remote copying and snapshots both with and without Wan Optimization via a video capture highlighting the results.
WAN Load Balancing by Elfiq Networks is a perfect fit for the Citrix WanScaler WAN Optimization Engine product. The Citrix NetScaler already performs Server Load Balancing on inbound connections, and can even perform Link Load Balancing on outbound connections. However, when it comes to managing link resiliency directly at the WAN Links, at layer 2, this is where Elfiq shines. The Elfiq Layer 2 implementation allows the insertion of the Elfiq unit between the firewall and the primary link router without any change to their configuration for an easy deployment. For private WAN Links, Elfiq will redirect packets to all links at Layer 2 on a per session basis. Another great advantage with Elfiq is the low price point to get this type of functionality. When connectivity is being deployed to multiple sites with multiple links, Elfiq SitePathMTPX can be used with IPSec VPN Tunnels and VoIP along side of enterprise applications for greater performance and resilience.
Citrix & Elfiq Networks Deployment Guide!
WAN Failover Video Tip:
WAN Load Balancing Video Tip:
Hello Mac Users
First I would like to thank all of you for downloading version 1.0 of our blogs widget. We currently have 1400+ downloads, and this goes to show that the Citrix community has indeed a large number of Mac users.
I also would like to thank those users who sent us their feedback, this version of the widget is here because of you, so keep sending your feedback and comments.
Meet the Citrix Blogs Widget
Version 1.0:
- The latest 30 Citrix Blog posts
- Adjust view from Full to Summary
- Collaborate with your comments
- Open posts on Safari or Firefox
- Spotlight Search (Instant search)
- Push updates (no refresh required)
- Watch blogged videos
- Check for updates
- Send feedback
Version 1.2:
- Widget Resizing
- Bug Fixes
Requirements:
- Mac OS X 10.4 or greater
Download:
Citrix Blogs Widget
The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed.
With NetScaler:
We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications.
The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting.
With XenApp:
The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.
Citrix & St.Bernard Deployment Guide!
Network Diagram:
Watch this video tip:
Get an in-depth look at the upcoming XenApp release in our first Citrix Delivery Center Live virtual event. Attend keynote sessions with live Q&A, chat live with Citrix product experts, participate in forums, network with other attendees, visit the expo hall, view content online and download information. Think of this event as a virtual Synergy for XenApp. Register for this worldwide virtual event happening on September 9th 2008.
This event will explore the following topics
• How XenApp liberates applications and the end user
• What's new with XenApp 5
• XenApp and Windows Server 2008
• Leveraging XenApp to reduce IT TCO
• When to add XenDesktop to XenApp
• What XenServer can do for XenApp
• How NetScaler optimizes XenApp
Welcome to my blog!
I've been at Citrix for about 6 months now and my team and I have been hard at work to bring you the revamped Citrix Community site. I'm calling this version of the site "Citrix Community 2.0" to emphasize the fact that it's a new version of the site and that the site incorporates many of the Web 2.0/Enterprise 2.0 technologies that you see written or filmed about so often in the media. I tend to think that a lot of Web 2.0 is overhyped (are there really this many Web 2.0 companies??), but I found this definition that I really like "Web 2.0 is linking people...people sharing, trading, and collaborating" If you have 4 minutes, I really suggest checking out the video - plus it's got a great soundtrack.
The whole purpose of updating our site is to really allow people with an interest in virtualization and application delivery to share and learn ideas. In fact, you'll see our tagline is "Discover, Connect, Participate". The new site allows you to all of that and more!
So, let's get down to the details. What is new about the site?
The Citrix Community site is a new multi-media, launching pad to reach your favorite Citrix communities. It is the location to discover what is hot around application delivery and virtualization; connect with Citrix product teams, customers and industry pundits; and participate through sharing of opinions, thoughts and knowledge in blogs, forums and code sharing.
New capabilities include better description and easier navigation to Citrix communities, ties to our extended communities in the industry (Hello Citrix CTPs!), enhanced multi-media/video support and real time blog feeds from across the blogosphere, all on a completely redesigned look and feel. In addition, we have made it easier for Citrites (that's what we call ourselves) and non-Citrites (that would be you!) to participate and create content. Check out our Video Tip Factory if you don't believe me.
Of course, one of the key communities is the Citrix Developer Network, which has undergone quite a dramatic change itself...
The Citrix Developer Network is the place for open, unfiltered, straight talk on Citrix products. The goal of the Citrix Developer Network is to provide access to technical information for all aspects of our community, from Network Architects to IT Professionals, to Data Center Architects to Developers.
Based on your requests, forum posts and support calls, we have expanded the products covered, while simplifying access to the information. We now have specific Developer Networks for XenApp, XenDesktop, NetScaler, XenServer and one of our newest (and coolest) products, Workflow Studio. Interested in multiple products? Never fear, due to tagging technology, blogs, discussion and content relevant to multiple products will be available wherever relevant (example, server virtualization is key to both XenServer and XenDesktop).
New capabilities available in per-product flavors include RSS feeds for our forums (I know, duh - this should have been there long ago), best practices pages, multi-media centers, wiki articles, code snippets and SDK examples.
Last but not least, the Citrix Blogs platform has some simple to use, yet powerful enhancements, including "window shade" views of blogs to allow you to see more content in less real estate and the simplification of our group blogs to ensure you can find the content you are looking for.
Today's launch of the revamped Citrix Community site is the first phase of multiple updates occurring in the next few months. It is the result of a lot of hard work from the team, but also from the community. Many of the changes and planned changes come directly from you, our community. We are not done yet and I hope you aren't either.
Please provide us feedback in the forms of responses to this blog, emails, or better yet post a video.
Thanks for taking the time to check out the new Citrix Community site... and I have one last request...
Discover, Connect, Participate
John
AppExpert is now a useful tag used by Citrix Systems, Inc., to qualify articles and content on the web as that which pertains to the art of delivering applications to an end user. Becoming an "Application Expert" is not only an art, but as with anything else in the internet industry, takes time to learn. Becoming an Application Expert and using the knowledge takes time, drive and patience. In an effort to make this art easier, Citrix embarked on a series of product enhancements targeted toward the Application Expert, which started with the use of the NetScaler Policy Engine.
The first in many enhancements directed toward making application delivery easier for the individual using the product. Other product nomenclature was created for other features such as "AppCompress" and "AppCache", but "AppExpert" seemed to stick and a community website was born to promote the development of policies and expressions used in the course of business on the NetScaler at customer sites, by partners and in the labs at Citrix Systems.
The concept of the community site grew with favor as a much needed interactive forum for the exchange of ideas, policies, blogs, video tips and information to expand the knowledge of those using the Citrix products. Thus, the AppExpert community site was born to express this direction of growth in knowledge.
In an effort to create a community site that is both practical and useful for our customers, and in keeping aligned with the principles of ease of use and name recognition, the community site formerly named "AppExpert", has been renamed to "NetScaler Developer Network" to allow for a more easier fit among other Citrix product lines, as the Citrix community continues to grow.
NetScaler Developer Network!
The #1 Web Filter by St.Bernard is now Citrix Ready. The Highest Performance Web Application Solution from Citrix Systems can now be deployed with the the #1 Web Filter by St. Berdard. IDC ranked them #1, SC Magazine gives them high ratings, and you will agree when you plug this thing in. The Citrix Web Application Firewall protects inbound traffic destined to Web and Application Servers without degrading throughput or response time. Now, with St.Bernard's iPrism h-Series high performance appliances, you can also do outbound Web filtering, IM/P2P filtering, and antivirus detection. The iPrism Web Filter is optimized for the datacenter infrastructure and sits behind the firewall while it monitors traffic. St. Bernard's platforms are hybrid so that Web filtering, antivirus and IM/P2P filtering are all contained within one box - unlike other point solutions.
St.Bernard's iPrism Web Filter is easy to use and easy to manage. If fact, it's so easy, we had the device up and running in Proxy mode and then in Bridge mode in a matter of seconds. The management software auto-discovers the box, so you don't have to plug in a console cable - very nice!
It is far better than a transparent proxy because St.Bernard has engineered their filtering technology at the kernel level, so their bridge mode really is a bridge between interfaces, and not just a transparent proxy like other solutions in the market.
We deployed the iPrism Web Filter behind our NetScaler, and had the NetScaler perform NAT (Reverse NAT) for outbound connections to the Internet. The iPrism Web Filter adds another level of security that IT organizations sometimes look for to complement their existing base of high-performance Citrix Gear.
Citrix & St.Bernard Deployment Guide!
You can try this product for free.
The product demo is awesome.
As a hybrid unit, this is a steal.
NetScaler Developer Network!
This video TIP will demonstrate how to disable SMB signing within a CIFS environment. The Citrix WanScaler optimizes the Microsoft CIFS protocol, this protocol which was designed for a LAN environment has a very high overhead and is bandwidth intensive. CIFS deployed over a WAN environment may provide unpredictable performance and user experience.
SMB signing digitally signs the CIFS protocol between two Micosoft servers. When SMB signing is enabled then the WanScaler cannot inspect the signed CIFS traffic. One must note, that even with SMB enabled the WanScaler will acccelerate layer 4 TCP traffic and some performance improvement will be seen. If an administrator wishes to experience the high gains of actually optimizing CIFS you must disable SMB.
Watch this Video Tip: