Enabling the Future of Work with SD-WAN

Citrix Hybrid Multi Cloud
and Networking -
brief introduction
Arnoud van Lent
Networking Partner Manager, Benelux
JUNE 6, 2019

2 © 2019 Citrix | Confidential
74%
Of Enterprises have Hybrid /
Multi-cloud strategy today 62%
Of Public cloud users have
more than 2 environments
Hybrid multi cloud is where most business is today
This is happening and it is here today!

Why do companies embrace HMC?

• Avoiding Cloud Lock-In
• Cleaning Up The Cloud Mess
• Integration with On Premises
Customer challenges with HMC

CITRIX CLOUD
Web
Apps
Cloud-native
Apps
Identity
& Access ADC SD-WAN
Federated Identity
& Access
VPN, SSO, Gateway
Orchestrator
App Firewall
Traffic Mgmt
DNS
ACCESS
SERVICES
APP
SERVICES
SD-WAN
ADC
BYO
Remote
Corporate
Contract Emp
Branch Office
App Del Mgmt
Geo-located
Users
SD-WAN
Citrix Networking ensures experience, security, and choice
across hybrid multi-cloud environments
Multi-Cloud
Multi- SaaS
Multi-Datacenter
Customers and Partners
Digital business
Workspace
Multi-device and
any location

Citrix Networking HMC Benefits
• Future proofs your cloud investments by avoiding
cloud lock-in (cloud portability)
• Consistent user experience and increased productivity
irrespective of the environment
• Quicker time to resolution with centralized security &
performance monitoring and management
• Citrix is market leader for 30 years in L4-L7
Application Networking

Enabling the Future of
Work with Citrix SD-
WAN
Karl Brown
Senior Director
SD-WAN Product Management Team
JUNE 6, 2019

The Future of IT: Diversity
of Apps, Devices, and Work
Styles
Cloud / Mobile Era
On-Premise + ERP Apps
Company-Issued
Desktops
Office Workers
Datacenter On-Premise
App + Network Traffic
Within Datacenter
On-Site Data Multiple Cloud Storage Zones
SaaS and Mobile Apps
PC’s, Laptops, Tablets,
Smartphones, Connected Things
Work Anywhere, Contractors,
Multi-Generational Workforce
Branch Operations, and
Hybrid-Multi Cloud

“Infrastructure and operations
leaders often fail to select the
best match between WAN
connectivity and public cloud
services, causing poor
performance at scale”
Gartner
Use Gartner’s Connectivity Strategy to Optimize Cloud
Performance and Cost
Gartner: Market Guide for Application Delivery Controllers, Nov 2017

“Existing internet
connectivity to Office
365 will not be ‘good
enough’ for most
Office 365 usage
scenarios”
Gartner
Network Design Best Practices for Office 365, August 2016

“Customers deploying VDI and
DaaS should consider
deploying SD-WAN to increase
useful capacity and resilience.”
Gartner
VDI and DaaS Demand That Enterprise Architects Rethink Their
Network Architecture, 2016
Gartner: VDI and DaaS Demand the
Enterprise Architects Rethink Their Network
Architectures

Legacy WAN architectures
assume applications reside
in the data center
SD-WAN is an Integral Part of the Future of IT
Eliminate downtime and
application performance
issues
Reduce the cost and
complexity of managing
remote locations
Cloud and
SaaS
Migration
Branch
Network
Simplicity
Application
Resiliency
and
Reliability

Best in class solution for Enterprise IT
Why Citrix SD-WAN
Citrix SD-WAN
Application
Experience
Best performance for
SaaS, cloud, and virtual apps
& desktops
Comprehensive
Security
Comprehensive protection:
apps, network, and cloud
Cloud
Choice
Most flexibility to automate
cloud connectivity

NaturErhvervstyrelsen: Denmark’s Fish
and Agriculture Regulatory Agency
Challenges & Opportunities
• Agencies patrol vessels were using expensive satellite connectivity to augment 4G/LTE
services for file access, file uploads, and crew welfare (i.e. email) activities
• The vessels had separate 4G/LTE connections from different mobile providers, but coverage
was not consistent
• While executing their mission patrol vessels often switched among the mobile and satellite
networks impacting operations
Why Citrix SD-WAN
• The SD-WAN solution enabled applications to seamlessly migrate among mobile connections
without disruption or sacrificing security, minimizing satellite use.
• When using satellite, the QoS capabilities ensured that mission critical data was prioritized
over other applications.
Results
• Uninterrupted connectivity, without sacrificing security by combining services from multiple
mobile providers. Management GUI helps with troubleshooting connections.
• Improved throughput for applications by combining available network bandwidth
https://youtu.be/0xooZ7BVflU

HMS Host: Provider of food and
retail services for travelers
• Had mainly T1 circuits and needed more bandwidth while maintaining redundancy
• Prioritizing traffic with a homegrown solution and it was difficult to manipulate
protocols manually
Why Citrix SD-WAN
• Adding 4G for more bandwidth didn't always work well (e.g., VPN)
• Needed more intelligent load balancing of circuits and in-depth centralized monitoring
• Chose Citrix SD-WAN for Citrix Support and SE relationship and investment protection
• Benefit from use of Citrix legacy CloudBridge boxes for WAN Optimization - “>80%
reduction in PoS traffic and 60% reduction in CIFS traffic”
• SD-WAN provides seamless integration between firewall and WAN, on-demand link for
4G (e.g. based on conditions like bandwidth threshold), and adaptive bandwidth
detection (for links that fluctuate due to congestion
Results
• Deployed 160 sites in 2 months! Continuing to add more locations and moving to the
cloud
• Template-based site cloning makes adding sites easier, more consistent and reduces
troubleshooting

Belgian Reference: Logistics – ECS 2XL - Citrix
SD-WAN
• Consolidation & merger between ECS and 2XL
• Limited connectivity options and long lead times for WAN services to warehouses
across Europe
• Configuration overhead of manually managing primary and backup links
(especially during brown-outs).
Why Citrix SD-WAN
• Centralized configuration and management to ease changes and rollout
• Always-on connectivity across all types of links (DSL, 4G, Microwave, …)
• Effective bi-directional quality of service which properly prioritizes business
critical traffic over internet.
Results
• Centralized new architecture with Citrix Apps & Desktop 7.17 and SD-WAN.
• Immediately available connectivity, using SD-WAN and 4G always branches to be
up and running before other connections are delivered (for example; Dourges was
running on 4G for weeks before fiber was deployed)
• Visibility of link availability and quality. During POC the SD-WAN appliance covered
for an unexpected microwave outage during the night.
• Proper voice over IP quality over internet

Citrix SD-WAN Can Identify Over 4,000 Applications
App Classification Engine What Other Solutions See
With Citrix SD-WAN
4,000+ applications and key
components
Known protocols and port numbers
Compare port numbers and protocol messages against
known applications and application components
1
2 Search for known binary patterns or packet characteristics
in traffic flows
Payload Characteristics
Read name of service in SSL/TLS certificate or in Server
Name Indication
Security Certificate Details
3
DNS Matching and Known IP Addresses
Inspect DNS queries and session initialization sequences
for known IP addresses
4
API Calls to SaaS Providers
Query APIs of SaaS providers to gather current URLs and
steering policies
5

Citrix SD-WAN Creates a software defined overlay …
Logical tunnel created by encapsulating in UDP
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
Virtual logical path is
created from diverse links
Internet
LTE/Satellite
MPLS

… with the understanding of line conditions
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
With every packet in each path and in both directions,
measure the latency, loss, jitter and congestion
Internet
LTE/Satellite
MPLS
latency loss jitter cong.

…To detect WAN problems quickly
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
Inspect packets to detect brownouts
such as latency or loss spikes.
Internet
LTE/Satellite
MPLS
Detect link failures within
just couple packets

…and directs traffic to the best path
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
Identify each application and direct it
to the best path with priority given to
critical applications.
Internet
LTE/Satellite
MPLS

Intelligently use rated links
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
Internet
MPLS
LTE/Satellite
Multiple rated links can be supported, with
business logic applied to when each type of link
is used and in which order

Ensure critical applications have bandwidth
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
Internet
LTE/Satellite
MPLS
BANDWIDTH
CONTROL

Single-Ended QoS Has Pitfalls
• Quality of service configuration is fairly static
• No proactive or reactive actions taken to prevent far-end congestion
• Lack of last-mile awareness (destination is a choke point, wasted potential
utilization)
WAN
10Mbps
Received
10Mbps
10Mbps
0Mbps
0Mbps
0Mbps
Received
Site A
Site B
Site C
Site D

End-to-End QoS Ensures Delivery and Efficiency
• QoS configuration configured globally from a single source, highly customizable
• Proactively prevent loss with duplication, react to network conditions with
retransmission and/or redirection
• Last-mile awareness prevents oversubscription and wasted utilization
WAN
10Mbps
Received
5Mbps
5Mbps
2.5Mbps
2.5Mbps
5Mbps
Received
Site A
Site B
Site C
Site D

Can optionally duplicate packets
SD-WAN SD-WAN
Data Center
Branch
Cloud
Branch
SD-WAN
SD-WAN
LTE/Satellite
MPLS
PACKET DUPLICATION
Internet

Citrix SD-WAN makes all links active
MPLS
Internet
LTE/Satelliate
Citrix SD-WAN
Logical tunnel created by encapsulating in UDPBOND MULTIPLE LINKS
Even use multiple links for a single
session
Data Center
Branch
Cloud
SD-WAN
SD-WAN
SD-WAN

The Best Experience for Citrix Virtual Apps & Desktops
Granular awareness to the HDX (High Definition Experience)
protocol allows for reliable and efficient application
performance across the WAN and cloud
Printing
Multimedia
Redirection
Branch, Clinic,
Store, Campus
workspace users
Citrix
SD-WAN
In-Band Audio
Display
Remoting
HDXtraffic
Background
Interactive
Real-time
Bulk

Enhancing Standard Edition for Better HDX Delivery
• New HDX Parser to recognize HDX in all delivery forms: ICA/CGP/SSL/Websockets etc
• Automatically switches sessions to multi-stream ICA for session-level QoS
• Adapt to network conditions and deliver each stream on the right link with the right quality
Clipboard
File Transfer
Mobile sensors
Clipboard
HDX
Printing
Smartcard
Audio
Graphics
Media
MPLS EF Queue
MPLS Default Queue
Internet
Citrix SD-WAN Citrix SD-WAN
With Citrix SD-WAN
Clipboard
File Transfer
Mobile sensors
Clipboard
HDX
Printing
Smartcard
Audio
Graphics
Media
MPLS EF Queue
MPLS Default Queue
Internet
Other SD-WAN Other SD-WAN
Without Citrix SD-WAN

Fairness at the Session Level for HDX
Citrix SD-WAN Citrix SD-WAN
With Citrix SD-WAN
HDX Traffic
HDX Session 1
HDX Session 2
HDX Session N
Other SD-WAN Other SD-WAN
Without Citrix SD-WAN
HDX Traffic
HDX Session 1
HDX Session N
HDX Session 2

Enhanced HDX Reporting
• Delivered through SD-WAN Center
• No need for the customer to have a NetScaler or Gateway appliance
• Minimum XA/XD 7.17 is required
Q3’19

Direct breakout for
trusted traffic
Automated
security
• Deploy Citrix ICSA-certified firewall or
3rd party next-gen firewall (2Q19)
• Allow sanctioned SaaS to exit from branch
• Enable global path encryption – branch to
data center and cloud
• Leverage key security partner integrations
with automated integration through Citrix
SD-WAN Orchestrator
Branch, Clinic,
Store, Campus
workspace users
SaaS
Citrix
SD-WAN
SD-WAN
Orchestrator
FW
Citrix Offers Advanced Security with Automation
Easy to protect applications, network, and cloud

Automating Connections to Zscaler Secure Internet
Gateway
• Deliver comprehensive
Internet and Web security
to your users at all locations
• Point & click setup from SD-
WAN Orchestrator
• Simplified connections
between Citrix SD-WAN and
Zscaler Enforcement Nodes

Comprehensive Perimeter Security with Palo Alto Networks
• Secure web gateway cloud service
for next-generation security
• Unified policy management with
Panorama
• Easy setup from Citrix SD-WAN
Orchestrator
Prisma Cloud Service
• NGFW VM for lateral threats and
internet security
• Hosted on Citrix SD-WAN appliance
• Managed via Panorama
• Provision via SD-WAN Orchestrator
Branch Security
Consolidation
Q3’19

• 8 Core CPU, 24GB memory, 480 GB SSD
• Available interfaces
– 5 x 10/100/1000BaseTX (Two FTW pairs)
– 2 x 1 SFP or 10/100/1000BaseTx Ports
– 2 x PoE+ ports or 10/100/1000BaseTx ports
• Desktop form factor
• Release plans:
– November 2018: Standard and Premium Editions
• 3Q19: Support for 3rd party VNFs, starting with Palo
Alto NG FW.
Citrix SD-WAN 1100
Branch consolidation with separate management to
fulfill NetOps/SecOps requirements
Appeal to enterprises who already have a security
vendor of choice
Best of Breed SD-WAN + Best of Breed Security
Why 3rd party VNFs?

Efficient On-Ramps to Hybrid and Multi-Cloud Environments
Most flexibility to automate cloud connectivity
Citrix
SD-WAN
Branch, Clinic,
Store, Campus
workspace users
Virtual
WAN
Cloud Backbone
Cloud Exchange
Data Center
Hybrid Cloud
Multi-Cloud
• High performance for mission-
and business-critical applications
• Automated provisioning using
Citrix orchestration service

SD-WAN VPX in cloud
• SD-WAN virtual appliance available in AWS and
Azure
• Up to 2 Gbps bidirectional throughput in both
AWS and Azure
• Available in both BYOL and pay as you go models
• Can be deployed in High Availability mode

Citrix SD-WAN for Google Cloud Platform
Citrix
SD-WAN
• Citrix SD-WAN VPX Available on GCP Marketplace
• High availability, secure connections to Google VPCs
via Citrix orchestration service
• App control, deep packet inspection, auto QoS, WAN
optimization
Branch, Clinic
Store, Campus
workspace users
2Q19

Citrix Offers Point & Click On-Ramp to Azure Virtual WAN
• Bring new locations online quickly,
securely via simplified provisioning
• Leverage network backbone across
54 worldwide regions
• Unified policy management: Azure
Resource Center and Citrix
Orchestrator

Office 365—Traditional Enterprise Approach
Data CenterBranch
• All traffic is backhauled to the data center resulting in a poor experience
• All traffic has to be fully inspected for security
• High latency (per Microsoft, latency must be <30 ms to O365 front door)
MPLS
ISP
Backhauling through the data center?
User complaints or performance issues?

Office 365 connectivity principles
Differentiate traffic
Identify and differentiate Office
365 traffic using Microsoft
published endpoints data
aka.ms/o365ip
Egress connections
Egress Office 365 data
connections as close to the
user as practical with
matching DNS resolution
Optimize route length
Avoid network hairpins and
optimize connectivity
directly into the nearest
entry point into Microsoft’s
network
Assess network security
Assess bypassing proxies,
traffic inspection devices
and duplicate security
which is available in Office
365
Internet

Citrix SD-WAN Provides an Onramp to Office 365
Front
door
Data CenterBranch SD-WAN
Untrusted traffic
ISP
SWG
• Direct break-out to Office 365 from the branch
• Complies with O365 Network Connectivity Principles
• Optimizes latency by directing traffic to the nearest Microsoft POP
Faster Uploads
Faster
Downloads
Faster
Opening documents
Call Quality

SD-WAN for Citrix Managed Desktops and CVAD on Azure
Branch, Clinic,
Store, Campus
workspace users
• Simple, automated configuration
• Always-on connectivity
➢ to Enterprise DC
➢ to office workers
➢ To Office365 and all SaaS
Citrix Managed Desktops
Windows Virtual Desktops
Citrix Virtual App & Desktops
Data Center
Hybrid Cloud
Citrix
SD-WAN
Citrix
SD-WAN
Citrix
SD-WAN
SD-WAN
Orchestrator

Citrix
SD-WAN
Citrix SD-WAN Cloud Direct: Resiliency and Performance for SaaS
Enterprise-grade private network to bypass public internet
Citrix Cloud Direct Services
• Link bonding
• Last mile optimization, sub-second failover
• Bidirectional QoS and connection load balancing
• Automated provisioning from Citrix orchestration service
workspace users
Branch, Clinic,
Store, Campus
SD-WAN
Orchestrator
3Q19

Simplicity with SD-WAN Orchestrator Service
Available for Enterprises and
Service Providers
• Part of Citrix Cloud
• Faster deployment
• Insightful reporting
• Cross-service analytics
• No servers, storage to
manage
• Globally available

Summary

Citrix SD-WAN Accelerates Your Digital Transformation
Powers always-on workspace experience
Best performance for delivery of SaaS, cloud,
and virtual apps & desktops
• Application Control Engine
• Networking Controls
• Orchestration and automation
Comprehensive protection: apps, network, and cloud
• Branch firewall
• NGFW, SWG
• Automation
Application
Experience
Security
Most flexibility to automate cloud connectivity
• Cloud On-Ramps
• DIY, provider-managed
Cloud
Choice

Enabling the Future of Work with SD-WAN

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Enabling the Future of Work with SD-WAN

Similar a Enabling the Future of Work with SD-WAN (20)

Más de Xylos

Más de Xylos (20)

Último

Último (20)

Enabling the Future of Work with SD-WAN