Branch Repeater HDX WAN Optimization
•Quality
•Performance
•QoS
The release we’ve been waiting for…
v6.1
Signed SMB (with multi domain support)
Encrypted MAPI (with multi domain support)
BR-VPX on Hyper-V
WCCP Mask enhancements to support low end routers
ShowTechSupport - Diagnostic Data Collections - UI enhancements
Support for WCCP -L2 with NSLB on all platforms (SDX and general BR appliances)
List of key features in Delos release
…but there are optimizations that cannot occur at the
server farm
Citrix ICA is highly optimized for a WAN…
1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011
Data Compression
Speed Screen
Video Transcoding
Acceleration
Plug-in
TCP Flow Control
Data De-duplication
QoS / Traffic Shaping
Remote Repeater
Optimized WAN Datacenter Repeater
Frankfurt Datacenter
20 ms
London
Brussels
Madrid
Boston
Hyderabad
Hong Kong
30 ms 150 ms 200 ms
Sydney
New York
San Francisco
250 ms
Rome
RTT Latency
Key Data Points Repeater Sizing
• Bandwidth
○ Consider the sites that do not have Repeater
○ Make the customer aware of the BW requirements of XD and XA
○ Network conditions
• TCP Connections
○ Get the concurrent ICA connection count
• Network Diagram
○ Stop installation issues before they happen
• Application List
○ Find out what the business critical applications are
Repeater Branch Repeater
WAN
Adaptive TCP Flow Control
Adaptive Compression
Adaptive Protocol
Acceleration
Smart Acceleration
WAN Optimization
Initial Configuration
• Click the Licensing node in the
Configuration menu.
• Chose the License Server tab if
your license requires using a
stand alone Citrix License server.
• Retail (Appliance, Plug-in, Crypto)
• XenDesktop Platinum Entitlement
• Chose the Local Licenses tab if
your license type required local
installation.
• Evaluation License
• Not for Re-sale
• Express
Branch Repeater Licensing
Policy Based Routing
• Reconfigure the router to forward inbound and outbound WAN traffic to
the WANScaler.
• Route inbound traffic from the WAN interface to the WANScaler.
LAN Traffic
IngressWAN Traffic
Ingress
WANScaler
Source IP: 10.200.1.203
Destination IP: 172.16.5.23
Source IP: 172.16.5.23
Destination IP: 10.200.1.203
ip next-hop
<WANScaler IP>
WCCP
Switch Router
WANScaler
WCCP Mode
To WANTo LAN
GRE Tunnel
Citrix Confidential - Do Not Distribute
WCCP
Citrix Confidential - Do Not Distribute
WCCP
Inline Mode
• All link traffic passes through the WANScaler appliance.
• Traffic cannot bypass the appliance.
• Deployed at the LAN/WAN boundary.
Server
WAN RouterWANScaler
WANWAN Router
WANScaler
ClientServer
WAN RouterWANScaler
WANWAN Router
WANScaler
Client
• Branch Repeater 6.x needs to know
where the LAN and WAN are.
• Determine and remember which
accelerated pair port is connected to
the WAN and which to the LAN.
(inline mode)
• Either port can be connected to
either side using the proper cables.
First things first… apA1 apA2
apA1 apA2 apA1 apA2
•Switch •DSL Modem •Cable Modem
Straight Through Cable
•Router •Direct to Server •Direct to Client
Crossover Cable
Quality of Service Link Definition
• Define Links
• By Accelerated Port
• By Source or Destination Network
• By WCCP Service Group
• By Source or Destination MAC Address
• By VLAN Tag
• By default link definitions are automatically
created for each adapter port.
• The number of supported links are limited by
Branch Repeater model:
• 83xx, 85xx = 5 links
• 88xx = 10 links
• VPX = up to 5 links
• If Links are misconfigured there will be
compression values less than 1:1.
• Click on the Links node in the
Configuration menu.
• Click the Edit button for the first pre-
defined apA link.
• Configure the link according to
network it is connected to; • Link Type (LAN of WAN side)
• Bandwidth In
• Bandwidth Out
• Descriptive Link Name (optional)
• Click Save.
• Repeat this configuration on both the
apA1 and apA2 links.
Must configure the default apA links
Signed SMB / Secure Partner configuration
• Branch Repeater 5.7 and earlier
supported compression and
acceleration of unsigned SMB1
traffic only.
• If enabled, Signed SMB had to be
turned off on servers and clients via
group policy to enable acceleration.
• Connections from Vista and Win7
clients had SMB2 connections rolled
back to SMB1.
Citrix Confidential - Do Not Distribute
SMB Support in v5.7
• There are three SMB acceleration
scenarios you may observe when
monitoring SMB CIFS connections.
• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
SMB Acceleration in v6.0
• There are three SMB acceleration
scenarios you may observe when
monitoring SMB CIFS connections.
• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
Connection Type Secure Partner
Windows Domain Member
NTLMv1 Required
SMB 1 No No No
SMB 2 No No No
Signed SMB 1 Yes Yes Yes
Signed SMB 2 Yes Yes Yes
• Domain membership is only required on
the server-side Branch Repeater.
• Once joined, the appliance or VPX
should now have a machine account in
the specified domain.
• NOTE: Signed SMB is not enabled yet!
SMB Acceleration Requirements
• A secure connection must be
established between Branch
Repeaters (secure partners).
• SSL credentials (cert and key) are
used for authentication and trust
between Branch Repeaters.
• The SSL Key Store must be enabled
to hold the SSL credentials used by
the Branch Repeaters.
• A Crypto license is required to enable
the SSL feature set.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
• SSL Support must be enabled by
clicking the SSL Encryption node
under Configuration.
• Trusted SSL credentials must be
installed and used to authenticate all
Branch Repeaters and create a
secure data channel between them.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
• The Secure Partner connection is
configured on a per appliance basis.
• A signaling mechanism is used to
provide discovery and communication
between trusted appliances.
Citrix Confidential - Do Not Distribute
SMB Acceleration Requirements
MultiStream ICA (MSI)
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user creates an ICA session.
•User interface traffic is tagged with a priority bit of zero (thin wire).
•Branch Repeater identifies the priority tags in real time and applies QoS appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then starts a print job within the ICA session.
•Print traffic is tagged with a priority bit of three (real time).
•Branch Repeater identifies the new priority tags in real time and applies QoS appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then either returns to the app’s user interface or starts a second application. (thin wire)
•The new observed priority bits of the session cause the session to be QoS’ed as a priority zero.
•Prioritization of printing traffic is now lost.
Session Bandwidth
Multistream ICA in Action
compressed and encrypted ICA data
•Application UI performance level is maintained.
•Printing traffic does not adversely affect this or any other WAN users.
Session 1 GUI Session 1 Printing Session 2 GUI
Maintain the user experience
Repeater Product Overview
Mobile User
Integrated Windows Services
Branch Repeater with Windows Server 100 / 200 / 300
Repeater
Plug-in
Branch Repeater 100 / 200 / 300
Repeater 8520 Repeater 8540
Repeater 8810 Repeater 8820
Branch Office (1-10 Mbps)
Regional HQ (10-45 Mbps)
Med. Data Center (45-155 Mbps)
Repeater310 on NetScaler SDX 10505
Branch Repeater
VPX-2 / 10
Branch Repeater
VPX-20 / 45
Repeater 1000 on NetScaler SDX 13505
Large Data Center (500Mbps-1.5Gbps)
Repeater 500 on NetScaler SDX 11505
Repeater 2000 on NetScaler SDX 19555
Repeater 1500 on NetScaler SDX 17555
XL Data Center <2 Gbps)
Citrix Confidential - Do Not Distribute
Branch Repeater Capacity: Industry Leading
Feature Repeater 500 on NetScaler 11505
Repeater 1000 on NetScaler
13505
Repeater 1500 on NetScaler SDX
17555
Repeater 2000 on NetScaler SDX
19555
Total accelerated WAN throughput (mixed traffic, 3.5:1 compression)
500 Mbps 1.0 Gbps 1.5 Gbps 2.0 Gbps
Estimated total QoS and compression throughput
TBD TBD 2.0 Gbps* 3.0 Gbps*
Simultaneous HDX Sessions 1,200 2,500 3,500 5,000
Total active sessions 60,000 120,000 120,000 160,000
New Hardware Overview
Feature Repeater 310
Total Throughput 310 Mbps
ICA Sessions 750
CPU 2 X Intel 6 core 2.4 GHz
RAM 48 GB
SSD 4 x 600 GB, 1x 256 GB
HDD 1 x 1 TB HDD
Interfaces 4 x 10 GigE, 8 x 1 GigE
Hot swappable power supplies 2
Rack unit height 2
Repeater 310 on NetScaler SDX