• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
Citrix Developer Network

C3 Cloud Bridge

Added by Craig Ellrod, last edited by Craig Ellrod on Oct 08, 2009  (view change)

C3 Cloud Bridge Blueprint

This blueprint documents how Citrix is using the Citrix C3 lab to demonstrate the feasibility of application virtualization and data delivery from the cloud. The datacenter or premise infrastructure is located at Citrix Labs in Santa Clara. The Citrix C3 lab is running in Amazon Web Services EC2. A Vyatta site-to-site SSL VPN connects the two. Citrix Branch Repeater/WANScaler makes the data delivery fast, Vyatta makes it secure. The mechanics and workflow are documented in the blueprint below.

This page describes the Citrix technologies used to create this demo environment and is a compelling example of how ISV's and Enterprises can setup similar demo environments using Citrix XenApp in the cloud.

Technical Overview

In this scenario, there are a number of key requirements/problems to solve.

  • Deliver data, stored at the home datacenter or premise, to the application in the cloud, quickly and securely.
  • Deliver data & applications from the cloud, quickly and securely.
  • Leverage as many Citrix cloud enabling technologies as possible.

This blueprint demonstrates a complete end-to-end network from the datacenter to the cloud. Citrixlabs in Santa Clara is built on XenServer technology, while Amazon EC2 runs on Xen. Between the datacenter and the Amazon EC2 cloud is a site-to-site SSL VPN built with Vyatta. On the XenApp server in the cloud runs the Citrix Accelerator which connects back to the Citrix Branch Repeater/WANScaler at the datacenter, to accelerate data connections. The Citrix Accelerator makes cloud computing fast, Vyatta makes it secure.

At the core of the demo environment is Citrix XenApp. All of the demo applications that the end user accesses remotely are delivered from XenApp in the cloud. The data, stored on premise at the datacenter, is delivered securely across the SSL VPN to the application, and then back out to the user.

In this particular demo, a 5Mb file is pulled from the datacenter, delivered to the application in the cloud and back out to the end user, in 3 seconds.

Locating and Starting Citrix AMI's:

The Citrix AMI's can be located in Elasticfox, by navigating to "Images." Enter "Citrix" in the images field. The Citrix C3 images will be listed. You can launch any of them by performing a right-click and selecting "Launch Instance of this AMI."

Domain Authentication:

This AMI is not a domain controller. You should be able to authenticate to a domain controller in the cloud, or at the datacenter over a VPN.

Computer Name:

The computer name or hostname of this machine is tied to the Citrix XenApp License file, and you should not change the name. You can change the name if you obtain your own license file.

AMI Specifications.

AMI ID:

ami-e0eb0889

Bucket:

citrix-c3-lab

AMI Filename:

XenApp5.0_AGSEClient9.0.68_BRClient4.5.2_32bit_v1.3

Platform:

Windows Server 2003 Service Pak 2, 32 bit. This AMI is based on or built on the Amazon base AMI ami-db4daab2, a windows authenticated platform that allows you to use authentication port numbers with the image.

Credentials:

Username: Administrator
Password: Citrix123
Domain: CTXSlic1

Citrix Components:

  • XenApp 5.0 for Windows Server 2003
  • Hotfix Rollup 4
  • Web Interface 5.1.1
  • Citrix License Server 11.6.1
  • Citrix Branch Repeater Client 4.5.2
  • Citrix Access Gateway Client 9.0.68

Citrix Configurations

Because Amazon EC2 uses NAT, in order to get the XenApp server to work with clients outside of EC2, the following will need to be performed.

Launch the Citrix Access Management Console in the XenApp server. In the Citrix Access Management Console, navigate to Citrix Resources -> Web Interface -> http://<public-server-address>/Citrix/XenApp.

For external client access:
Select Manage secure client access -> Edit secure client access settings.
Set the Default access method to "Alternate".

Run "Altaddr" from a command prompt.
Open a command prompt on the Windows Server.
Type if "Altaddr /SET x.x.x.x" <return>, where x.x.x.x is the External IP Address of the XenApp server.

For internal client access:
Select Manage secure client access -> Edit secure client access settings.
Set "Add". Type in the Client IP Address, and Mask.
Note: An entry will need to be made for this XenApp server, and all other machines on the cloud internal network, if they want to access this XenApp server through the Web Interface.

Port Numbers:
Make sure the Amazon Security Group, in addition to your firewall and Router allows the following ports to pass through:
Tcp port 1494 citrix ica
Tcp port 2598 citrix session reliability
Tcp port 80 http
Tcp port 443 https
Tcp port 3389 rdp

Configuration Tips & Tricks

The below sections provide Tips and Tricks on the configuration and setup of the Citrix C3 Cloud components used in this solution.

Its fast

A Citrix Branch Repeater/WanScaler appliance in located at Citrixlabs. The XenApp server in the cloud is running the Citrix Accelerator client. The client connects back to the BR/WS appliance to make data delivery blazing fast.

Its secure

The reason for using Vyatta site-to-site SSL VPN between the datacenter and Amazon EC2 cloud is there needs to be a secure network between the two for the transfer of data. At the datacenter and in the Amazon cloud the Vyatta is running on XenServer as a virtual appliance. The Vyatta AMI (Amazon Machine Image) can also function as a complete router and firewall. The Vyatta SSL VPN router provides security with scalability.

Vyatta

Vyatta is open source and free, which makes it an excellent complement to XenServer. It's not that hard to configure either. Vyatta can operate as a full blown firewall or router. In this demo we used it as a site-to-site SSL VPN to connect the Citrixlabs datacenter to the Citrix C3 lab in Amazon.

XenServer

XenServer is free and runs on baremetal - no other virtualization platform does this. We are running XenServer on a Dell 2950 III at Citrixlabs. The Citrix C3 lab in Amazon EC2 is built on top of Xen. Within XenServer we can run as many virtual appliances, operating systems and applications desired.

XenApp

XenApp, which used to be called Citrix Presentation Server or MetaFrame, runs on Windows Server. Windows Server is, of course, running as a virtual machine in the Citrix C3 lab in Amazon EC2.

Data

The data at rest is stored within a Windows Server running as a virtual machine on XenServer at Citrixlabs. Data in motion is transferred from Citrixlabs to XenApp in the Citrix C3 lab in Amazon over the SSL VPN. XenApp then sends this data, as part of the application to the end user.

Branch Repeater/WANScaler/Accelerator

Data going from datacenter to cloud to user - slow you say? Not so. In fact it is blazing fast. We have a Branch Repeater/WANScaler hardware appliance at Citrixlabs, and we are running the Citrix Acceleration client on the XenApp in the cloud. When the two connect, it screams. No need for fat pipes. A 5Mb document is delivered to the end user in 3 seconds. This is faster than most websites.

Amazon Networking

To their credit, the Amazon EC2 is relatively simple, only one interface allowed, which is NAT'd to the outside world. Changing the ip address, and default gateway is of no use. To connect the XenApp server in Citrix C3 lab to the Vyatta SSL VPN router/gateway, we installed an OpenVPN client for Windows on the XenApp server. This provides direct networking connectivity from XenApp to the Vyatta SSL VPN router inside the cloud, and secures the data transfer at the same time. Our XenApp VPN client is configured for split tunneling, but can be configured with split tunnel off to completely isolate the XenApp server from the outside world.

Dell Server

The XenServer at Citrixlabs is running on a Dell 2950 III server. It supports virtualization, and we had one laying around from a prior project, we just fired up another Windows Server and installed the Vyatta virtual appliance.

Watch This

Enter tags to add to this page:
Please wait 
Looking for a tag? Just start typing.
Related Links
Citrix Developer Network
Citrix Ready Products
Community Verified
Citrix Blogs
Geek Speak
Citrix CTP
Citrix Support