16. Была достигнута приемлемая производительность сайта Уже сделано: перевод большинства веб-проектов компании за NetScaler В планах использование NetScaler для сервисов, отличных от HTTP (SIP, LDAP etc.) Результат
32. DDoS ProtectionРазрушение барьера одного ядраАрхитектура ADC следующего поколения 4X Производительность 7X Масштабируемость PE PE PE PE PE PE PE Packet Engine Core3 Core4 Core5 Core6 Core7 Core2 Core1
34. NetScaler nCoreTM: Преимущества в реальном мире Max. Теор.максимум Производительность Real Traffic NetScaler nCoreTM Real Traffic NetScaler Classic
78. NetScaler 9: AppExpert Service Callouts Доступ Интеграция внешней логики в реальном времени Делает сеть более отвечающей изменениям Уменьшает частоту управления изменениями Позволяет использовать внешнюю логику как «черный ящик» Управление идентификацией Формат/ Изменение Запуск внешней логики изнутри политик NetScaler
79. Пример AppExpert Service Callout 3 Scraper tracking Приходит запрос NetScaler отправляет IP Приложение проверяет IP Возвращает "yes" или "no" Политика на NetScaler Пропускает запрос, если “yes” Блокирует запрос, если “no” 2 4 1 NS Policy NS Policy NS Policy 5 Website Users Citrix NS
88. Самый низкий TCO среди ADCMPX 7500 и MPX 9500 MPX 10500 и MPX 12500 New!
89. Итого… NetScaler доступен как устройство или ПО Функциональность NetScaler можно изменять лицензией Разгрузка и управление инфраструктурой удобней с семейством продуктов Citrix NetScaler –это высокопроизводительное устройство, которое может выполнять множество функций без потери производительности Балансёры умерли. ADC – это будущее.
98. Займет около 2-3 часов(в зависимости от вашей скорости : ))
99.
Notas del editor
The NetScaler has the ability to meetthe four key web application delivery requirements: availability, performance, offload and security – all in one highly scalable, flexible and extensible system. NetScaler provides:100% application availability via our world-class L4-L7 load balancing capabilities and intelligent service health monitoring featuresAccelerates application performance by 5x through static and dynamic content caching and compressionAn average of 60% in application infrastructure savings through connection pooling and offloading SSL processing from servers, especially important for Web 2.0 applicationsEnd-to-end application security with integrated Access Gateway Enterprise for secure remote access and an application firewall to protect against application layer attacks
Moore’s Law is still alive and well – the number of transistors that can be placed on an integrated circuit continues to double every two yearsHowever, CPU speed increases have plateaued around 3.5 – 4 GHz range since 2005Software and networking vendors cannot simply ride the CPU speed increase curve to gain additional performanceCPU manufacturers are turning instead to adding additional cores to their processors to provide additional performanceProducts that rely on CPUs for performance gains need to be able to fully leverage multi-core CPUsThis translates to rewriting their SW to take advantage of a multi-threaded, parallel architecture
nCore technology allows us to break the single core performance barrier and to fully leverage the power of multi-core CPUs. With previous versions of NetScaler software, we could only run one Packet Engine. So, we were effectively not utilizing the power of the other available cores. nCore technology allows us to run multiple Packet Engines to fully leverage the processing capacity of additional cores, providing us with a 7X increase in performance and scalability.
Web 2.0 is a technology that is becoming more prevalent on the web today. This technology is also sometimes referred to as Server Push or reverse Ajax. In an essence, what this technology is doing, is updating web content relative to what the user is experiencing at a particular moment.
NetScaler 9 enhances the ability ensure application availability by enabling NetScaler policies to be triggered based upon data rates either coming from a given source or going to a given resource. AppExpert Rate Controls give administrators the ability take actions beyond what basic network rate-shaping or QoS provide, and to govern resources at a far more granular level. By integrating AppExpert Rate Controls into NetScaler’s fully application-aware policy engine, administrators aren’t limited to just throttling traffic based upon IP address and port, but have the full depth and breadth of NetScaler traffic management, acceleration and security functionality at their disposal.There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
NetScaler extensibility is improved by NetScaler 9 via the availability of AppExpert service callouts.AppExpert Service Callouts make NetScaler policies extensible by providing a way to integrate logic or functionality from other applications into NetScaler policies. Specifically, using an AppExpert service callout, a policy can send (over HTTP or HTTPS) any part of an incoming request to an external application or service. The result returned can then be incorporated into the policy evaluation. A simple example of this would be IP blacklisting, where an AppExpert Service Callout passes source IP data to an external database that responds with a decision as to whether or not requests from that IP address should be passed. SPAM evaluation is a similar example. Other possible uses are integration with external AAA or identity management applications, passing data to an external transformation engine or invoking UDDI registries.AppExpert Service Callouts make the most sense whenthe logic for a given policy is so dynamic that statically defining it within a NetScaler policy doesn’t make senseWhen the logic for defining a policy match is complex enough that it doesn’t make sense to use NetScaler expressions to define itIn certain cases, when the action for a policy (e.g., format loading) is easier to achieve by using external functionality rather than using NetScaler’s inherent functionality.
Currently, the most commonly cited use case is for basing NetScaler policy decisions on “source IP address reputation” that is tracked in another application or service. For example, one beta customer has an external application that identifies and tracks IP addresses that are scraping its site’s content. This customer used a service callout to have NetScaler query this application in real-time and then used NetScaler to either pass or drop the request. The same approach could be used to have NetScaler filter spam or other inbound content by using a callout to pass payload information to another application that inspects this content.Other use cases customers have mentioned include:-Passing content to an external transformation engine -Integration with UDDI or other directory services-Geo-targeting or other token-based switching decisions, where the logic for the content switch is available in an external application.
Impact of callouts on NetScaler capacityTo NetScaler, a callout is just another HTTP request/response, since NetScaler doesn’t actually process any logic. Therefore the additional HTTP request traffic that will result from using callouts should be factored into any sizing/capacity decisions. Impact of callouts to application performance/response timePerformance impact of AppExpert service callouts will of course vary from customer to customer and case to case. However, working under the assumption that the NetScaler device has enough capacity to process the additional HTTP requests associated with the callout, impact upon application response time will be impacted by:The network latency between NetScaler and the external applicationThe amount of time it takes the external application to process the calloutHowever, the following should be kept in mind:Callout responses can be cached by NetScaler. This can greatly mitigate both latency and response time impacts, as well as significantly offload the external applicationIn many cases, the “callout” may already be happening, except that it is currently happening between the external application and the origin application rather between NetScaler and the origin application. For example, the back-end application may be dynamically querying an external application to get IP reputation information. In these cases, using NetScaler to perform the callout may improve application response time, especially if callout responses can be cached.
Citrix NetScaler has a solution for any market. Whether you run many applications along with high throughput, there is a model right for you. (click) Previously we have our lower-end MPX 5500 and 7500 that are ideal for XenApp deployments and smaller enterprises along with the mid-range 9500 models for larger enterprises. We also have our high-end range MPX 15000/17000 models for the largest enterprise, Internet-centric, and cloud computing usage; these provide in excess of 15 Gbps. Now(CLICK) we have provided newer mid-higher range solutions. The MPX 10500 is aimed at large enterprises with more throughput needs and demand maximum simultaneous feature usage. The MPX 12500 is for mid-size Internet-centric applications and still larger enterprise needs. With capacity up to 8 Gbps. (CLICK) these two latest models expand on the software upgrade flexibility with the ability to move up from the 10500 to the 12500.