• View Communities
    • Citrix Communities
      Visit the Citrix Communities to get and share technical information and best practices about desktop delivery, datacenter, networking and cloud computing solutions.
    • Citrix Blogs
      Learn the latest from the Citrix employees who are building the future of virtual computing.
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Find related blogs, best practices, code downloads, APIs and more.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
  •  Sign In
Citrix Developer Network

C3 Cloud Bridge

Added by Craig Ellrod , last edited by Craig Ellrod on Mar 24, 2011  (view change)

C3 Cloud Bridge Blueprint

This blueprint documents how Citrix is using the Citrix C3 lab to demonstrate the feasibility of application virtualization and data delivery from the cloud. The datacenter or premise infrastructure is located at Citrix Labs in Santa Clara. The Citrix C3 lab is running in Amazon Web Services EC2. A Vyatta site-to-site SSL VPN connects the two. Citrix Branch Repeater/WANScaler makes the data delivery fast, Vyatta makes it secure. The mechanics and workflow are documented in the blueprint below.

This page describes the Citrix technologies used to create this demo environment and is a compelling example of how ISV's and Enterprises can setup similar demo environments using Citrix XenApp in the cloud.

Technical Overview

In this scenario, there are a number of key requirements/problems to solve.

  • Deliver data, stored at the home datacenter or premise, to the application in the cloud, quickly and securely.
  • Deliver data & applications from the cloud, quickly and securely.
  • Leverage as many Citrix cloud enabling technologies as possible.

This blueprint demonstrates a complete end-to-end network from the datacenter to the cloud. Citrixlabs in Santa Clara is built on XenServer technology, while Amazon EC2 runs on Xen. Between the datacenter and the Amazon EC2 cloud is a site-to-site SSL VPN built with Vyatta. On the XenApp server in the cloud runs the Citrix Accelerator which connects back to the Citrix Branch Repeater/WANScaler at the datacenter, to accelerate data connections. The Citrix Accelerator makes cloud computing fast, Vyatta makes it secure.

At the core of the demo environment is Citrix XenApp. All of the demo applications that the end user accesses remotely are delivered from XenApp in the cloud. The data, stored on premise at the datacenter, is delivered securely across the SSL VPN to the application, and then back out to the user.

In this particular demo, a 5Mb file is pulled from the datacenter, delivered to the application in the cloud and back out to the end user, in 3 seconds.

Locating and Starting Citrix AMI's:

The Citrix AMI's can be located in the Amazon Console (http://console.aws.amazon.com) by navigating to "AMIs" Enter "Citrix" in the Viewing field. The Citrix C3 images will be listed. You can launch any of them by performing a right-click and selecting "Launch Instance of this AMI."

Domain Authentication:

This AMI is not a domain controller. You should, however, be able to authenticate to a domain controller in the cloud, or at the datacenter over a VPN.

Computer Name:

The computer name or hostname of this machine is tied to the Citrix XenApp License file, and you should not change the name.

AMI Specifications:

AMI ID
Bucket
AMI Filename
Credentials
Platform
ami-0254a66b 365636171625 Citrix_XenApp6.0_VyattaOpenVPNClient_W2K8R2_(version) user:Administrator
pass:Citrix123 		W2K8R2
ami-fa897e93 115030565035 VyattaVirt6.1_kernel.org-2.6.35.4 user:root vyatta

Platform:

The XenApp server runs on Windows Server 2008 R2. This AMI is based on or built on the Amazon base AMI. This machine is not part of a domain, and uses a local hostname - XA6.

Citrix Components

The following Citrix components are installed on this Server:

  • XenApp 6.0 for Windows Server 2008R2
  • Web Interface 5.4
  • Citrix license Server 11.6.1
  • Citrix Online Plugin 12.1
  • Citrix Accelerator 5.7
  • Open VPN 2.4

Licenses:

BYOL - Bring Your Own Licenses.

  • You will need a license for Citrix XenApp, this image contains a developer license.
  • You will need a license for Microsoft Terminal Services.

Citrix Configurations

For external client access:
The XenApp server is already setup for external client access. Client's simply need to open a browser, and enter the URL https://<public-server-address>/Citrix/XenApp. Clients will need to import the Certificate into their "Trusted Root Certificate Authorities" in their browser.

For internal client access:
Select Manage secure client access -> Edit secure client access settings.
Set "Add". Type in the Client IP Address, and Mask.
Note: An entry will need to be made for this XenApp server, and all other machines on the cloud internal network, if they want to access this XenApp server through the Web Interface.

Port Numbers:
Make sure the Amazon Security Group, in addition to your firewall and Router allows the following ports to pass through:
Tcp port 1494 citrix ica
Tcp port 2598 citrix session reliability
Tcp port 80 http
Tcp port 443 https
Tcp port 3389 rdp

Configuration Tips & Tricks

The below sections provide Tips and Tricks on the configuration and setup of the Citrix C3 Cloud components used in this solution.

Its fast

A Citrix Branch Repeater/WanScaler appliance is located at Citrixlabs. The XenApp server in the cloud is running the Citrix Accelerator client. The client connects back to the BR/WS appliance to make data delivery blazing fast.

Its secure

The reason for using Vyatta site-to-site SSL VPN between the datacenter and Amazon EC2 cloud is there needs to be a secure network between the two for the transfer of data. At the datacenter and in the Amazon cloud the Vyatta is running on XenServer as a virtual appliance. The Vyatta AMI (Amazon Machine Image) can also function as a complete router and firewall. The Vyatta SSL VPN router provides security with scalability.

Vyatta

Vyatta is open source and free, which makes it an excellent complement to XenServer. It's not that hard to configure either. Vyatta can operate as a full blown firewall or router. In this demo we used it as a site-to-site SSL VPN to connect the Citrixlabs datacenter to the Citrix C3 lab in Amazon.

XenServer

XenServer is free and runs on baremetal - no other virtualization platform does this. We are running XenServer on a Dell 2950 III at Citrixlabs. The Citrix C3 lab in Amazon EC2 is built on top of Xen. Within XenServer we can run as many virtual appliances, operating systems and applications desired.

XenApp

XenApp, which used to be called Citrix Presentation Server or MetaFrame, runs on Windows Server. Windows Server is, of course, running as a virtual machine in the Citrix C3 lab in Amazon EC2.

Data

The data at rest is stored within a Windows Server running as a virtual machine on XenServer at Citrixlabs. Data in motion is transferred from Citrixlabs to XenApp in the Citrix C3 lab in Amazon over the SSL VPN. XenApp then sends this data, as part of the application to the end user.

Branch Repeater/WANScaler/Accelerator

Data going from datacenter to cloud to user - slow you say? Not so. In fact it is blazing fast. We have a Branch Repeater/WANScaler hardware appliance at Citrixlabs, and we are running the Citrix Acceleration client on the XenApp in the cloud. When the two connect, it screams. No need for fat pipes. A 5Mb document is delivered to the end user in 3 seconds. This is faster than most websites.

Amazon Networking

To their credit, the Amazon EC2 is relatively simple, only one interface allowed, which is NAT'd to the outside world. Changing the ip address, and default gateway is of no use. To connect the XenApp server in Citrix C3 lab to the Vyatta SSL VPN router/gateway, we installed an OpenVPN client for Windows on the XenApp server. This provides direct networking connectivity from XenApp to the Vyatta SSL VPN router inside the cloud, and secures the data transfer at the same time. Our XenApp VPN client is configured for split tunneling, but can be configured with split tunnel off to completely isolate the XenApp server from the outside world.

Dell Server

The XenServer at Citrixlabs is running on a Dell 2950 III server. It supports virtualization, and we had one laying around from a prior project, we just fired up another Windows Server and installed the Vyatta virtual appliance.

Watch This

Enter tags to add to this page:
Please wait 
Looking for a tag? Just start typing.
Related Links
Application Delivery Infrastructure
AppExpert
Citrix Ready Products
Citrix Support