2. The release we’ve been waiting for…
• Quality
• Performance
v6.1
• QoS
3. List of key features in Delos release
Signed SMB (with multi domain support)
Encrypted MAPI (with multi domain support)
BR-VPX on Hyper-V
WCCP Mask enhancements to support low end routers
ShowTechSupport - Diagnostic Data Collections - UI enhancements
Support for WCCP -L2 with NSLB on all platforms (SDX and general BR appliances)
4. Citrix ICA is highly optimized for a WAN…
…but there are optimizations that cannot occur at the
server farm Remote Optimized WAN Datacenter
Repeater Repeater
1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011
Acceleration TCP Flow Control Data Compression
Plug-in Data De-duplication Speed Screen
QoS / Traffic Shaping Video Transcoding
5. Rome
Boston
San Francisco
London
Sydney
Frankfurt Datacenter
Brussels
Hong Kong
Madrid
Hyderabad
New York
250 ms 200 ms 150 ms 30 ms 20 ms
RTT Latency
6. Key Data Points Repeater Sizing
• Bandwidth
○ Consider the sites that do not have Repeater
○ Make the customer aware of the BW requirements of XD and XA
○ Network conditions
• TCP Connections
○ Get the concurrent ICA connection count
• Network Diagram
○ Stop installation issues before they happen
• Application List
○ Find out what the business critical applications are
7. WAN Optimization
Adaptive
Adaptive TCP Adaptive Smart
Protocol
Flow Control Compression Acceleration
Acceleration
WAN
Branch Repeater Repeater
9. Branch Repeater Licensing
• Click the Licensing node in the
Configuration menu.
• Chose the License Server tab if
your license requires using a
stand alone Citrix License server.
• Retail (Appliance, Plug-in, Crypto)
• XenDesktop Platinum Entitlement
• Chose the Local Licenses tab if
your license type required local
10. Policy Based Routing
• Reconfigure the router to forward inbound and outbound WAN traffic to
the WANScaler.
• Route inbound traffic from the WAN interface to the WANScaler.
LAN Traffic
WAN Traffic
Ingress Ingress
Source IP: 10.200.1.203 Source IP: 172.16.5.23
Destination IP: 172.16.5.23 Destination IP: 10.200.1.203
ip next-hop
<WANScaler IP>
WANScaler
11. WCCP
To LAN To WAN
Switch Router
GRE Tunnel
WANScaler
WCCP Mode
14. Inline Mode
• All link traffic passes through the WANScaler appliance.
• Traffic cannot bypass the appliance.
• Deployed at the LAN/WAN boundary.
WANScaler WANScaler
WAN Router WAN Router
WAN
Server Client
15. First things first… apA2
apA1
• Branch Repeater 6.x needs to know
where the LAN and WAN are.
• Determine and remember which
accelerated pair port is connected to
the WAN and which to the LAN.
•Switch Straight Through Crossover •Router
(inline mode) •DSL Modem Cable Cable •Direct to Server
•Cable Modem •Direct to Client
• Either port can be connected to
either side using the proper cables.
apA1 apA2 apA1 apA2
16. Quality of Service
Link Definition
• Define Links
• By Accelerated Port
• By Source or Destination Network
• By WCCP Service Group
• By Source or Destination MAC Address
• By VLAN Tag
• By default link definitions are automatically
created for each adapter port.
• The number of supported links are limited by
Branch Repeater model:
• 83xx, 85xx = 5 links
• 88xx = 10 links
• VPX = up to 5 links
• If Links are misconfigured there will be
compression values less than 1:1.
17. Must configure the default apA links
• Click on the Links node in the
Configuration menu.
• Click the Edit button for the first pre-
defined apA link.
• Configure the link according to
network it is connected to;
• Link Type (LAN of WAN side)
• Bandwidth In
• Bandwidth Out
• Descriptive Link Name (optional)
• Click Save.
• Repeat this configuration on both the
apA1 and apA2 links.
19. SMB Support in v5.7
• Branch Repeater 5.7 and earlier
supported compression and
acceleration of unsigned SMB1
traffic only.
• If enabled, Signed SMB had to be
turned off on servers and clients via
group policy to enable acceleration.
• Connections from Vista and Win7
clients had SMB2 connections rolled
back to SMB1.
Citrix Confidential - Do Not Distribute
20. SMB Acceleration in v6.0
• There are three SMB acceleration
scenarios you may observe when
monitoring SMB CIFS connections.
• Unaccelerated SMB 1 or 2 Connections
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections
Citrix Confidential - Do Not Distribute
21. SMB Acceleration Requirements
• There are three SMB acceleration
scenarios you may observe when Connection Type Secure Windows NTLMv1
Partner Domain Required
monitoring SMB CIFS connections. Member
• Unaccelerated SMB 1 or 2 Connections
SMB 1 No No No
• Accelerated SMB 1 or 2 Connections
• Accelerated Signed SMB 1 or 2 Connections SMB 2 No No No
Signed SMB 1 Yes Yes Yes
Signed SMB 2 Yes Yes Yes
Citrix Confidential - Do Not Distribute
22. SMB Acceleration Requirements
• Domain membership is only required on
the server-side Branch Repeater.
• Once joined, the appliance or VPX
should now have a machine account in
the specified domain.
• NOTE: Signed SMB is not enabled yet!
23. SMB Acceleration Requirements
• A secure connection must be
established between Branch
Repeaters (secure partners).
• SSL credentials (cert and key) are
used for authentication and trust
between Branch Repeaters.
• The SSL Key Store must be enabled
to hold the SSL credentials used by
the Branch Repeaters.
• A Crypto license is required to enable
the SSL feature set.
Citrix Confidential - Do Not Distribute
24. SMB Acceleration Requirements
• SSL Support must be enabled by
clicking the SSL Encryption node
under Configuration.
• Trusted SSL credentials must be
installed and used to authenticate all
Branch Repeaters and create a
secure data channel between them.
Citrix Confidential - Do Not Distribute
25. SMB Acceleration Requirements
• The Secure Partner connection is
configured on a per appliance basis.
• A signaling mechanism is used to
provide discovery and communication
between trusted appliances.
Citrix Confidential - Do Not Distribute
27. The Single Stream ICA Problem
compressed and encrypted ICA data
•The user creates an ICA session.
•User interface traffic is tagged with a
priority bit of zero (thin wire).
•Branch Repeater identifies the priority
tags in real time and applies QoS
appropriately.
Session Bandwidth
28. The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then starts a print job within the
ICA session.
•Print traffic is tagged with a priority bit of
three (real time).
•Branch Repeater identifies the new
priority tags in real time and applies QoS
appropriately.
Session Bandwidth
29. The Single Stream ICA Problem
compressed and encrypted ICA data
•The user then either returns to the app’s user
interface or starts a second application. (thin wire)
•The new observed priority bits of the session cause
the session to be QoS’ed as a priority zero.
•Prioritization of printing traffic is now lost.
Session Bandwidth
30. Multistream ICA in Action
compressed and encrypted ICA data
•Application UI performance level is maintained.
•Printing traffic does not adversely affect this or any
other WAN users.
Maintain the user experience
Session 1 GUI Session 1 Printing Session 2 GUI