Solutions for Citrix in Ent.
Download
Report
Transcript Solutions for Citrix in Ent.
Solutions for Citrix in
the Enterprise Network
Allot Communications
Empowering Networks for Business
1
www.allot.com
Market Trends
Increased reliance on Internet and IP (private, public,
VPN) for business critical traffic
Diversity of applications with different networking
requirements and business criticality
Citrix
Oracle
VoIP, Video conferencing
Entertainment traffic – music (P2P), shopping, stocks, multi-media
Email, VPN and large file transfers
Increased malicious traffic attacks on networks & servers
Budget shrinks
2
Improve rather than build
Save on bandwidth costs
QoS in the Enterprise – The
Need
Guarantee performance of business critical
applications – Video, VoIP, ERP (SAP),
Citrix Applications, Oracle – and protect from
DoS attacks
Limit bandwidth-hungry, non-business
applications
P2P, music
Web surfing
3
Monitor
performance
Record IP sessions stats
Citrix Solution –
The Need for QoS
Citrix based network needs QoS because:
IP network works on “best effort” basis – first comes first
served – no guarantees
Without QoS, bandwidth-hungry applications (like FTP or Peerto-Peer) steals the Citrix resources (bandwidth)
Without minimum bandwidth, Citrix users suffer from
unpredictable response time
Without QoS Citrix applications suffer from “un-assured”
performance
There is no differentiation between applications and users
4
Policy Based Networking - a
Complete Solution
Policy and SLA Management
Define policies
Translate policies to network
actions
User directory/CCB management
5
Monitoring and Accounting
Policy monitoring
User accounting and billing
Event management
Capacity planning
Service management
Enforcement
Shaping and conditioning
QoS tagging (gateway)
Server balancing
Cache enforcement
Content filtering
Preventing DoS attacks
Product - The NetEnforcer
Bandwidth management (e.g.,
manage WAN link to remote
offices)
Traffic management/shaping
Performance guarantee (e.g.,
for Citrix)
Traffic monitoring – real-time,
long-term
Auto discover and auto create
policy (e.g., prioritize Citrix)
High availability models (with
dual power supplies)
Redundancy and bypass
High performance
6
Up to 155 Mbps (Gigabit I/F)
256,000 connections
28,000 policies
NetEnforcer
Enterprise Product Line
7
Model
Bandwidth Pipes
VCs
Connections
AC101/128
128 Kbps
64
1,024
1,000
AC101/512
512 Kbps
128
1,024
1,000
AC201/2M
2 Mbps
256
2,048
12,000
AC201/10M
10 Mbps
256
2,048
12,000
AC301
100 Mbps
1024
4,096
64,000
NetEnforcer
Service Provider Product Line
8
Model
Bandwidth Pipes
VCs
Connections
AC201/10M
10 Mbps
256
2,048
12,000
AC301
100 Mbps
1024
4,096
64,000
AC401
100 Mbps
2,048
12,000 128,000
AC601
100 Mbps
4,096
28,000 256,000
AC701
155 Mbps
4,096
28,000 256,000
Music download
(Peer to Peer) takes
more than 100Mbps
The Allot Effect
Not enough bandwidth
for Browsing and Citrix
180
160
140
120
The Allot effect:
Add NetEnforcer to
the network
100
80
Browsing
Citrix
Music (P2P)
60
40
20
0
10:00
9
10:10
10:20
10:30
10:40
10:50
11:00
Browsing and Citrix get full capacity while
Music is limited to 10Mbps
Using the NetEnforcer to
Control Bandwidth
Example: Set Max Bandwidth to 85Kbps
10
Without QoS:
With QoS enforcement:
• BW abuse on short period of time
• BW usage control
• Bursty pattern
• Predictable pattern
• Retransmission ?
• Efficient transfer
• One Customer takes all bandwidth!
• Fair Access
Application Prioritization
Example
Low-priority P2P traffic
monopolizes connection
Network with Email,
HTTP/P2P and Citrix
IP offers only “best
effort” service
Apply QoS and
guarantee
performance to
Citrix applications
Switch
Router
Citrix application
bandwidth is now wider
Email
HTTP/P2P
11
NetEnforcer
Citrix
Medium priority
Low priority
Business-Critical
Classifying Citrix with the
NetEnforcer
Classify Citrix traffic by Application Name and User Name
12
Select Citrix from a library of protocols/ applications
Policy Example – Citrix
Performance Assurance
Citrix performance is assured with “Business Critical”
QoS level (very high priority and BW guarantee
13
Other applications are getting different priorities and
bandwidth allocations while Usenet is blocked
Monitoring Applications
in Real Time
View min/max bandwidth
View WAN bandwidth
View Protocol BW Usage
Top Users
Top servers
Utilization
WAN Link
NetEnforcer
14
Diagnose Network
Performance
Nearly 28% of all traffic is
from the Web.
15
Who are the top users?
Get Historical Traffic Analysis
From Policy usage
distribution
… and
localization
16
To Advanced
Graphical options
… and longer and
filtered history (e.g.
working hours only)
NetAccountant –
Optional Accounting Package
17
Collect information about
usage – including client,
server, application inbound
and outbound traffic
counters
Includes a report
generator – ideal
tool for network
capacity planning
and internal
budgeting
Allows access by
external application
using ODBC
Managing Bandwidth in
Enterprise Environment
Policy Table (v4.1)
Pipe 1 – 192.11.12.x to Any Max (128kbps)
SAP – Min 64 kbps
FTP – Max 56 kbps
Pipe 2 – 192.11.13.x to Any Max (256 kbps)
SAP – Min 128 kbps
(Set Eternal Bandwidth to 384kbps)
Branch 1
192.11.12.x
Web
Email,
FTP Servers
Switch
NetEnforcer
Router
SAP
Set QoS to Max. 256
128 Kbps ?
No:
No:Exceeds
Wastes capacity
capacityof
of
Branch 1
2
Corporate Headquarters
18
Manage Multiple Links
Branch 2
192.11.13.x
Allot’s Citrix-QoS Solution –
Benefits to the customer
High ROI (return on investment)
Citrix can be used on the Internet (public network)
Citrix and other IP traffic share same WAN
Citrix bandwidth requirement is pre-defined and
therefore less bandwidth overall is required
Citrix performance is guaranteed and enhanced
Citrix applications get “the right attention” in the
network
Better management of traffic
Allow capacity planning and troubleshooting
19
Protect against DoS (denial of service) attacks
Allot’s Citrix-QoS Solution –
NetEnforcer’s Advantages
NetEnforcer Per Flow Queuing permits assignment of QoS
per Citrix application or per user
NetEnforcer enables prioritizing Citrix over other traffic
(such as Email and file transfer)
Batch traffic (like FTP) can still run but won’t “freeze” Citrix
20
Mark Applications with Differentiated Service (DiffServ)
Levels for end-to-end QoS
Limit and control Print jobs and file transfers so they don’t
affect other Citrix users
NetEnforcer/NetAccountant allows for detailed monitoring
and application and IP accounting
NetEnforcer enables protection for DoS attacks and other
malicious traffic flows
Enhancing Security:
Preventing a DoS Attack with
the NetEnforcer
1.
2.
3.
21
Attacker sends
Broadcast ICMP
with Victim’s
spoofed address
Unwitting
accomplices send
ICMP Echo Reply
Attacker
(with
1
Victim’s address)
NetEnforcer detects
high number of new
ICMP connections
and blocks them.
NetEnforcer
2
Unwitting
Accomplices
3
Victim’s
Internal
Network
Selected Enterprise Customers
Banking / Finance
Education
Corporations
(Italy)
Government
Aeroporto de Portugal
Norway National RR
22
Why Allot ?
Ease of use – easiest way to have your QoS up and
running – simple, intuitive and graphically pleasing
Application recognition – including Citrix
Application performance enhancement
Real-time and historical traffic monitoring and allsession IP accounting
Complete policy-based IP traffic management including
traffic redirection to cache and server load balancing
High performance and high availability
23
155 mbps, supports highest number of policies in the industry
Ideal for enterprise and data centers
Fail safe operation
Contact Details
Europe, Middle East and Africa
World Trade Center
1300, Route Des Cretes
Americas
250 Prairie Center Drive #355
Eden Prairie, MN 55344
Tel (952) 944-3100
BP 255 Sophia Antipolis Cedex
France 06905
Tel 33-(0)4-92-38-80-27
Fax 33-(0)4-92-38-80-33
Japan
Nishi Ginza Bldg 2F
5-5-9 Ginza Chuo-ku,
Tokyo 104-0061, Japan
Tel: 81 3 5537-7114
Fax: 81 3 5537-5281
Fax (952) 944-3355
Asia Pacific
9 Raffles Place,
www.allot.com
[email protected]
International HQ
Hod-Hasharon, 45800
Israel
Tel 972-(0)9-761-9200
Fax 972-(0)9-744-3626
24
Republic Plaza #27-01
Singapore 048619
Tel: 65-832-5663
Fax: 65-832-5662