Important – Webinar Audio The audio for this webinar is available over VoIP.
Download
Report
Transcript Important – Webinar Audio The audio for this webinar is available over VoIP.
Important – Webinar Audio
The audio for this webinar
is available over VoIP. Just
select the ‘Use Mic &
Speakers’ option to listen to
the webinar through your
computers speakers.
Optimising network delivery
of virtual desktops
Jason Poole
Business Development Manager, EMEA (Cloud Networking)
Michael Aldridge
To listen using your
telephone select the
‘Use Telephone’ option.
For local numbers click
the ‘additional numbers’
link.
Senior System Engineer, EMEA (Cloud Networking)
4th October 2012
The webinar will start at 3:00pm (BST)
You will need to use
the Access Code and
Audio PIN.
Industry trends and IT resources
Centralisation of Resources
Multiple devices
Distributed workforce
Work and play from any device, anywhere
Why Implement a Desktop Virtualisation Solution?
• Cost reduction
• Business Agility
• Improved security
• Improved compliance
• Ease of management
Change everything… but wait, consideration?
Considerations for a successful Desktop
Virtualisation
• Centralisation is a single point of failure
• Benefits of Desktop Virtualisation are realised through centralisation
• Branch office workers might experience poor experience
• 80% of employees are located away from the HQ and the data centre
• How to provide the access to the virtual desktop
• More and more users are bringing their own devices
• Requirement for remote access and maintaining security
Remote Access
HDX SmartAccess
Delivers simple and seamless secure access
Anywhere Access
Allows users to securely access desktops and
applications using any device in any location,
including home computers and mobile devices.
HDX SmartAccess
Delivers simple and seamless secure access
Anywhere Access
Network and device roaming
Enables users’ sessions to transparently and securely move
between networks and devices by dynamically adapting
access.
HDX SmartAccess
Delivers simple and seamless secure access
Anywhere Access
Network and device roaming
Single sign-on
Improves the user’s experience by reducing unnecessary
authentication prompts and the number of passwords users
need to remember.
HDX SmartAccess
Delivers simple and seamless secure access
Anywhere Access
Network and device roaming
Single sign-on
Granular Action Control
Allows the administrators to define capabilities within
application to which users have access.
Availability
High Availability
• Goal: Network Infrastructure Fault tolerance
• Roadblocks:
• Virtual desktop hosting
platform
• Operating system delivery
• Application and desktop
delivery
• Desktop controllers
• Application controllers
Datacenter – High Availability
DHCP Servers
TFTP Servers
Web Interface
XenDesktop
Controllers
Web Interface
XenServer Pool
Bootstrap Redundancy
Provisioning Services High-Availability
Provisioning
Services
Microsoft DFS
Application Hub
XenApp Load Balancing
NetScaler Load Balancing
NetScaler Load Balancing
NetScaler Load Balancing
NetScaler Load Balancing
Built-in Redundancy
NetScaler Load Balancing
DHCP Built-In Redundancy
Data Collector
XenApp
Members
HQ Office
XenDesktop Farm
Personalization
XenServer Resource Pool
Virtual Desktop 1
Personalization: User A
File Share
User
A
User
B
User
C
User
D
User
E
Apps: Office
Desktop
Delivery
Controller
Remote User
Branch Office
NetScaler
Desktop
Delivery
Controller
Firewall
Firewall
Secure Access
Applications
OS: Vista
Virtual Desktop 2
Personalization: User B
Data
Collector
Web
Interface
XenApp
Controller
Apps: Office
OS
OS: XP
Virtual Desktop 3
Personalization:
Home Office
Strong SLAs
Apps:
Tablet
Active
Directory
OS:
Data Store
License
Server
DHCP
Infrastructure
Vista
Provisioning
Server
Windows
XP
Windows
7
HQ Office
Personalization
XenServer Resource
Pool
XenDesktop
Farm
Virtual Desktop 1
HQ Office
Personalization: User A
Remote User
File Share
User User User User User
A
B
C
D
E
Apps: Office
Desktop
Delivery
Controller
Applications
XenDesktop Farm
OS: Vista
NetScaler
Desktop
Delivery
Controller
Firewall
Firewall
Branch Office
Virtual Desktop 2
Virtual Desktop 1
XenApp
Controller
Personalization: User B
Data
Collector
Apps: Office
Web
Interf
ace
OS
Remote User
Provision
ing
Server
Firewall
Secure Access
Apps:
Active
Directory
Data
Store License
DHCP
Server
Infrastructu
re
NetScaler
OS:
XenDesktop
Farm
Virtual Desktop 2
Personalization: User B
User
HomeRemote
Office
Tablet
NetScaler
Firewall
Firewall
Strong SLAs
File Share
User User User User User
A
B
C
D
E
Applications
Active
Directory
Apps: Office
OS: XP
Virtual Desktop 3
XenApp
Controller
Personalization:
OS:
Data
OS
Store
DHC
License
P
Server
Infrastructure
Vista
Personalization:
Home Office
Apps:
Tablet
Data
Store License
DHCP
Server
Infrastructu
re
Global
Availability
XenApp
Controller
Virtual Desktop 3
Apps:
Web
Interf
ace
User
E
OS
Virtual Desktop 2
Personalization: User B
Active
Directory
Apps: Office
OS: Vista
Data
Collector
User
D
XenServer Resource
Pool
Apps: Office
Desktop
Delivery
Controller
User
C
OS: XP
Personalization: User A
Branch Office
User
B
Personalization
Virtual Desktop 1
Desktop
Delivery
Controller
User
A
Applications
OS: Vista
Data
Collector
Web
Interface
HQ Office
Windows Windows
XP
7
Desktop
Delivery
Controlle
r
Firewall
Tablet
File Share
Apps: Office
Vista
Desktop
Delivery
Controlle
r
Personalization:
Branch Office
Personalization: User A
OS: XP
Virtual Desktop 3
Home Office
Personalization
XenServer Resource
Pool
OS:
Provision
ing
Server
Windows Windows
XP
7
Vista
Provisioning
Server
Windows
XP
Windows
7
Data Proximity
North America
WAN
EMEA
• Data may not be replicated to all sites
GSLB with Site Roaming
North America
WAN
EMEA
• Ensure that only ICA traverses the WAN
User Experience
Deployment across a WAN
Applications are designed for the LAN
• Sexy interface – graphic intensive
• Chatty protocols
• Testing labs
• Gigabit connectivity
• 0 ms Latency
Deployed across a WAN? Slow? = “that’s a network issue. You fix it.”
Citrix Confidential - Do Not Distribute
HDX
ICA protocol is an
underlying
technology for HDX
(High-Definition User
Experience)
Bandwidth Allocation for ICA
• How much bandwidth is
enough?
• It depends on:
• Other network traffic
• Application bandwidth
requirements
• Number of users
• User behavior
• And more!
vs.
Insufficient Bandwidth Causes . . .
• ICA sessions to drop
• Users experience choppy
typing or screen paints
• Session Reliability to be
invoked (if enabled)
• User sees application but can’t use
it
Dear Mr. Templeton,
I love Citrix XenApp!
How can I purchase
more licenses?
ICA Compression
• Already highly compressed and optimized
• Automatically tunes itself to further compress when less
bandwidth available
• Single session bandwidth testing not valid!
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA
Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
ICA Session
WAN Optimisation
for Desktop Virtualisation
What is ICA Optimization?
•
•
•
•
•
Enhancements to Repeater compression engine
ICA Encryption/Decryption
The ICA Parser
ICA Intra-Session Compression enhancements
ICA Cross-Session Compression
Branch Staging of
Streamed Apps
Branch Caching of
Hosted Apps
Adaptive TCP
Flow Control
Adaptive
Compression
Adaptive
Protocol
Acceleration
Traffic
Prioritization
ICA Parser
• Acts as an intermediate for decryption/encryption
• Can decrypt all ICA encryption except for SSL.
• No cert installed on the acceleration pair
• Supports Basic, RC-40, RC-56 and RC-128 encryption levels
• Re-encrypts on WAN, transparently to the client.
De-crypt, then either disk based
or memory based compression
histories are used, then reencrypt.
Client is relieved of ICA
decompression tasks
Decrypt,
ICA Parser looks for ICA/CGP
Signature, Re-encrypt.
WAN
LAN
Branch Repeater
Branch Client
WS/CBR Compressed Traffic
ICA Connection
initialization
LAN
Repeater or
Branch Repeater
XenApp Farm
ICA Parser
• ICA compression requests Server/Client are disabled
• Parsing only occurs on accelerated connections.
• When a connection is established the ICA handshake is detected.
• At that point it is determined if it is ICA or CGP (detected in the connection
payload).
De-crypt, then either disk based
or memory based compression
histories are used, then reencrypt.
Client is relieved of ICA
decompression tasks
Decrypt,
ICA Parser looks for ICA/CGP
Signature, Re-encrypt.
WAN
LAN
Branch Repeater
Branch Client
WS/CBR Compressed Traffic
ICA Connection
initialization
LAN
Repeater or
Branch Repeater
XenApp Farm
ICA Parser
• Separates headers from payload and bulk from interactive
• Print/File/Multimedia
• Bulk traffic goes to disk (DBC)
• ThinWire graphics commands
• Interactive goes to memory (MBC)
• Header data goes to the small matcher (Nano)
De-crypt, then either disk based
or memory based compression
histories are used, then reencrypt.
Client is relieved of ICA
decompression tasks
Decrypt,
ICA Parser looks for ICA/CGP
Signature, Re-encrypt.
WAN
LAN
Branch Repeater
Branch Client
WS/CBR Compressed Traffic
ICA Connection
initialization
LAN
Repeater or
Branch Repeater
XenApp Farm
ICA Compression - Cross session Compression
•Subsequent packets are compared to the compression history on the sending
side.
•Payload matches are substituted with a token in lieu of the whole packet.
•The server still sends, and the client still received what they expect to.
Either disk based or memory
based compression histories
are used.
Client is relieved of ICA
decompression tasks
WS/CBR Compressed Traffic
WS/CBR turns off XA
compression and enables
WS compression during
negociation.
WAN
LAN
Branch Repeater
Native ICA
Compression enabled by
default
LAN
Repeater or
Branch Repeater
XenApp Farm
ICA Compression - Cross session Compression
•After the histories are populated, if a second client requests the same data in
his/her ICA session, a second match can occur.
•Tokens are sent and the payload is pulled from the client side compression
history.
•The more users of the same application, the better.
Either disk based or memory
based compression histories
are used.
Client is relieved of ICA
decompression tasks
WS/CBR Compressed Traffic
WS/CBR turns off XA
compression and enables
WS compression during
negociation.
WAN
LAN
Branch Repeater
Native ICA
Compression enabled by
default
LAN
Repeater or
Branch Repeater
XenApp Farm
Use Case – ICA Compression of Display Traffic
Repeatable vs. Unique Data
Unique data
Repeatable data
• Repeatable data bitmaps
can be reused for
subsequent requests
• Cross-session
compression enhanced
Use Case - ICA Optimization of Print Traffic
• Repeater compresses using disk (disk-based compression)
ᵒ Minus the headers
ᵒ Second pass of the same print job
• ~70:1 compression
ᵒ Small modifications followed by a print-job resend
• Compresses well (35-40:1)
ICA Review – Virtual Channels
• What is an ICA Virtual Channel?
A Citrix Independent Computing Architecture (ICA) virtual channel is a
bidirectional connection for the exchange of generalized packet data
between a Citrix XenApp/XenDesktop Server and a ICA compliant client.
Virtual channels correspond to virtual drivers; each providing a specific
function. Some are required for normal operation, and others are optional.
Virtual drivers operate at the presentation layer protocol level. There can
be a number of these protocols active at any given time by multiplexing
channels.
There are a total of 64 virtual channels in the ICA protocol. However for
most user sessions, between 8 -12 are usually utilized.
ICA QoS Single Stream
ICA Priority Packet Tagging allows
prioritization of ICA sessions based on
the virtual channel data being
transmitted. (what the user is doing within the app/session)
This is done by associating each virtual
channel’s two-bit priority to a packet
priority.
The two priority bits combine to form
four priority values:
00 (0) - High Priority
01 (1) - Medium Priority
10 (2) - Low Priority
11 (3) - Background Priority
These priority bits can then be assigned to Branch
Repeater Quality of Service queues to allow dynamic
QoS.
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user creates an ICA session.
•User interface traffic is tagged with a
priority bit of zero (thin wire).
•Branch Repeater identifies the priority
tags in real time and applies QoS
appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then starts a print job within the
ICA session.
•Print traffic is tagged with a priority bit of
three (real time).
•Branch Repeater identifies the new
priority tags in real time and applies QoS
appropriately.
Session Bandwidth
The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then either returns to the app’s user
interface or starts a second application. (thin wire)
•The new observed priority bits of the session cause
the session to be QoS’ed as a priority zero.
•Prioritization of printing traffic is now lost.
Session Bandwidth
Virtual Channels
ICA Stream #1(Very High)
ICA Stream #2(High)
ICA Stream #3(Medium)
ICA Stream #4(Low)
Channel Name
CTXTW
Default Priority
Description
0
Remote Session Screen Update (THINWIRE)
Virtual Driver
vdtw30n.dll
CTXTWI
0
Seamless Windows Screen Update (THINWIRE)
vdtwin.dll
CTXTWN
0
Winstation
wfica32.exe
CTXEUEM
0
End User Experience Monitoring
vdeuemn.dll
CTXZLFK
0
Local Text Echo and Keyboard Feedback
vdzlcn.dll
CTXZLC
0
Speed Screen Latency Reduction - Screen
vdzlcn.dll
CTXZLFK
0
Speed Screen Latency Reduction - Fonts
vdfon30n.dll
CTXCTL
0
ICA Session Control
vdctln.dll
CTXFLSH
1
Multimedia - Flash
vdflash.dll
CTXGUSB
1
USB Redirection
vdgusbn.dll
CTXMM
1
Multimedia - Streaming
vdmmn.dll
CTXCLIP
1
Client Clipboard Mapping
vdclipn.dll
CTXCAM
1
Client Audio Mapping
vdcamN.dll
CTXLIC
1
License Management
wfica32.exe
CTXVFM
1
Video Server – (no longer used)
n/a
CTXPN
1
Program Neighborhood
vdpnn.dll
CTXCCM
2
Client COM Port Mapping
vdcom30N.dll
CTXCDM
2
Client Drive Mapping
vdcdm30n.dll
CTXPASS
2
Transparent Key Pass-Through
vdkbhook.dll
CTXCPM
3
Printer Mapping for Spooling Clients
vdcpm30N.dll
CTXCM
3
Client Management (Auto-Update)
vdcmN.dll
CTXLPT1
3
Legacy LP1 Port Mapping
wfica32.exe
CTXLPT2
3
Legacy LPT2 Port Mapping
wfica32.exe
CTXCOM1
3
Legacy COM1 Port Mapping
wfica32.exe
CTXCOM2
3
Legacy COM2 Port Mapping
wfica32.exe
Multi-Stream ICA Terminology
• Single-port, Multi-stream ICA (MSI Default)
ᵒ 4 random ports at client, 1 primary port on server
ᵒ Automatically enabled on ICA server by Branch Repeater 6.0.
• Multi-port, Multi-stream ICA
ᵒ 4 random ports at client, 1 primary and up to 3 secondary ports on server
ᵒ Most common deployment if used without Branch Repeater
• Single-port, Single-stream ICA
ᵒ 1 random port at client, 1 primary port on server
ᵒ The pre-MSI default connection type
ᵒ If any Branch Repeater on the link vetos MSI, or old versions used
How Does Branch Repeater Optimize ICA?
Adaptive orchestration with XenDesktop and XenApp
Print
Thinwire
CDM
Repeater
WAN
Print
Thinwire
CDM
Branch
Repeater
Unprecedented visibility into XenDesktop and XenApp traffic
Custom acceleration modes for print, video and file traffic
Minimum changes to underlying XenDesktop or XenApp infrastructure
Branch Repeater with ICA
CTX124457: Data Analysis
• Branch Repeater reduces the
bandwidth consumed per
session by up to 89%
• Branch Repeater can double
the number of users on the
same WAN connection
• Branch Repeater reduces
session launch times by up to
40% and print spooling times
by up to 60%
Citrix-on-Citrix: 56 Branch Repeaters Deployed
Stockholm
Toronto
Redmond
Chicago
Bedford
New York City
Bethesda
Santa Clara
Santa Barbara
Atlanta (DR)
Dallas
Cambridge
Dublin
Chalfont
Copenhagen
Schaffhausen
Munich
Paris Vianen
Tokyo
Madrid
Hong Kong
Fort Lauderdale
Miami
Mexico City
Bangalore
Singapore
Location
Data center office
Regional headquarters
Regional offices
Disaster recovery
Branch Repeater
Model
Main data centers
8820
Regional/sales offices
8540
Sydney
Summary
• Industry trends are driving desktop virtualisation as a solution
• The same trends mean there are considerations for successful deployments
• Networks must be optimised to ensure Availability and User experience
• Citrix has the components to ensure Enterprises can realise the benefits of
Centralisation, Consumerisation and Geographical dispersion
Desktop virtualisation is a solution not a product
43
Follow us…
• Citrix blog
• Desktop Virtualisation community
http://blogs.citrix.com/author/patricki/
• @patrick_irwin
• Citrix Web Community
Work better. Live better.