1 / 48

Citrix NetScaler Overview

Citrix NetScaler Overview. Domagoj Toš Network & Virtualization Engineer domagoj.tos@itipo.hr. Citrix NetScaler Overview Making Applications Run 5x Better. Cloud Infrastructure. Availability. Performance. Offload. Security. SSL VPN Application firewall.

vina
Download Presentation

Citrix NetScaler Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Citrix NetScaler Overview Domagoj Toš Network & Virtualization Engineer domagoj.tos@itipo.hr

  2. Citrix NetScaler OverviewMaking Applications Run 5x Better Cloud Infrastructure Availability Performance Offload Security • SSL VPN • Application firewall • World-classload balancing • Health monitoring • Caching • Compression • Optimization • TCP Connection Management • SSL processing Enterprise Datacenter

  3. Market Leadership Citrix NetScaler Strengths • Citrix NetScaler has shown a comprehensive application delivery vision that rivals F5's, and it has backed this up with the first virtual ADC offering from a major supplier. • Citrix has a reputation for delivering high-performance ADCs with increasingly rich sets of advanced features. • With its traditional software business, Citrix has a good understanding of the applications environment. • Citrix is in a solid financial position, with an increasing share in the ADC market (13% as of 2Q10).

  4. NetScaler 10 with Citrix TriScale™ Technology

  5. 3 Scale Today’s Cloud Evolution Requires a Scale Revolution

  6. Citrix Confidential - Do Not Distribute Revolutionary Scale Scale Up Scale In Elasticity Scale Out Expandability Simplicity

  7. Citrix Confidential - Do Not Distribute Introducing Citrix TriScaleTMTechnology “End Appliance Sprawl” “Buy only what you need” Simplicitywith Many-In-One Elasticitywith Pay-As-You-Grow Scale Up “Start Small. Grow Forever” Scale In Expandability Scale Out

  8. *Vservers + services together have a maximum limit of 60000

  9. NetScaler Clusters

  10. Introducing TriScale Clustering ACTIVE ACTIVE SingleVIP • Add capacity as needed • Scale-out to 32x • Highly efficient - eliminating idle resources • Highly fault tolerant - alternative to HA pair • Eliminate “Forklift Upgrade” - no network downtime ACTIVE 100% Customers agree ACTIVE ACTIVE ACTIVE PASSIVE

  11. A group of NetScalers, working as one… Single System configured and managed as a single system Scalable scales with number of boxes Fault Tolerant handles box failure, addition Unified Configuration View Unified Operational View Scales throughput as boxes are added Scales Single VIP capacity Loss of nodes loses capacity, not functionality Proportional Loss Rule:loss of k out of N nodes should cause detectable failure of no more than k/N transactions, connections, sessions.

  12. Why Clustering? • Limitations of existing solutions • HA • One node active and the other passive. HA operates at single node capacity and hence offers only availability, no scalability • Active-Active/RHI • Gives both scalability and availability, but no co-ordination among nodes and hence doesn’t support • Doesn’t provide single system image, ie, no config propagation/synchronization, no consolidated reporting etc • Stateful persistence is not supported. • Connection mirroring not support • Savings on power consumption • Savings on rack space

  13. Communication Channels • Heartbeats • UDP port 7000 • Cluster protocol • TCP port 7002 • Paxos based consensus protocol • Can handle N/2 failures where N is the cluster size (Exception: 2 node) • Reconciliation • TCP port 7003 • For synchronization

  14. Cluster Configuration Configuration CCO • Config Coordinator (CCO) owns Cluster IP address

  15. New Load Balancing features

  16. New LB features in Kos • DBS Auto-scaling ServiceGroup • String based Custom server-id persistence. • Rule persistence support for TCP/SSL_TCP • DNS TXT RR support • Preferred backup list for Static Proximity. • Rewrite NXDOMAIN response with configured IP • Vserver Level Slow Start fine tuning • Flush SurgeQ without disabling Service. • SIP

  17. DBS Auto-scaling ServiceGroup • Background: Prior to KOS rel. DBS ServiceGroups will process the first IP address of the DNS response and install it as member if server is reachable. • Use-case/Customer Requirement: Dynamically shrink/expand service group members based on DNS responses. • New Feature: All the IPs received in the DNS response will be used to populate serviceGroup member based on server reachability. • CLI • add servicegroup sg1 TCP • bind servicegroup sg1 s1 80 -autoScale YES

  18. String based Custom server-id persistence • Background: Prior to Kos release to enable CUSTOM-SERVER-ID persistence, server id can be configured only in Integer. • Use-case/Customer Requirement: Allow String based id to have meaningful/readable server ids. • New Feature: String based Server ID support. • CLI: • add lbvs v1 http 10.10.10.10 80 –persistencetypecustomserverid –rule “urlquery contains sid=” • add service s1 10.102.81.176 http 80 –customserveridIndia • add servicegroup sg1 http • bind servicegroup sg1 10.102.81.175 80 -customserverid India123

  19. Rule persistence support for TCP/SSL_TCP • Use-case/Customer Requirement: Ability to define persistence for TCP/SSL_TCP protocol based on TCP/IP protocol data, Layer 2 information. • New Feature : Persistence is supported for TCP/SSL_TCP via Rule persistence. • User can define persistence based on : • CLIENT.TCP.PAYLOAD(100).BEFORE_STR("ccc").AFTER_STR("aaa") • CLIENT.TCP.PAYLOAD(100).HASH • MAC/VLAN/Interface/Srcport/Dest port

  20. DNS TXT RR support • From Kos release NS DNS implementation supports DNS TXT Record type. • Use-Case : TXT RRs are used to hold descriptive text.  The semantics of the text depends on the domain where it is found. • CLI: • add dnstxtRec n1.com "text record for n1.com"

  21. Preferred backup list for Static Proximity • Background: Prior to KOS rel. for Static Proximity based GSLB, if the primary location SVC is DOWN, then GSLB does RR among all the configured SVC. • Use-case/Customer Requirement: Ability to define list of backup locations if primary location SVC is DOWN. • New Feature: Allow user to specify list of preferred backup locations when the primary location SVC is DOWN. User need to configure DNS Policy & Action • CLI • add dns action dns_default_act_PrefLoc_1 GslbPrefLoc -preferredLocList "*.UK.*.*.*.*" "*.HK.*.*.*.*" "*.US.*.*.*.*" •   add dns policy UK_CLNT "CLIENT.IP.SRC.MATCHES_LOCATION(\"*.UK.*.*\")" dns_default_act_PrefLoc_1 •   bind dns global UK_CLNT 1

  22. Rewrite NXDOMAIN response with config. IP • New Feature: In DNS Proxy mode if backend returns NXDOMAIN response, NS can be configured to return a user defined IP(s). Supported for A/AAAA DNS queries. • CLI • add dns action act1 Rewrite_Response -IPAddress 10.102.112.234 200::1/0 • add dns policy dnspol1 "DNS.RES.HEADER.RCODE.EQ(nxdomain)" act1 • bind dns global dnspol1 1 -gotoPriorityExpression END -type RES_DEFAULT

  23. Vserver Level Slow Start fine tuning • Background: For metric based LB methods (eg.,LeastConn ) when a new SVC is bounded to the vserver, LB method moves to SlowStartphase. • Use-case/Customer Requirement: Ability to control the traffic rate of the newly bounded SVC to protect from traffic surge. • New Feature: Allow user to specify Request rate & Increment Interval for the SVC which turns UP and existing SVC receives traffic as per configured LB. (Default behavior: slow start in RR.)

  24. Flush SurgeQ without disabling Service • Background: MaxClient config @ Service, Surge Protection in action. • Use-case/Customer Requirement: To flush SurgeQ without affecting active client transaction. • New Feature:CLI/GUI option to flush SurgeQ without affecting active client transaction • CLI • flush surgeQ - to Flush SurgeQ for all service entities configured in NS • flush surgeQueue -name [vserver_name/service_name/servicegr_name] - to Flush SurgeQ per-entity

  25. SIP Expression support • Rich policy support • Request and response • SIP URL • SIP headers • Body • Vserver • Regex • Inline with HTTP • Bind points • Vserver • Default • Override • Policylabels

  26. TCP Enhancements

  27. TCP Westwood is Congestion Control for Mobile • Problem: Packet loss is a much larger problem with wireless mobility. • Wifi users drop packets walking around an office or sharing a congested access point • 3G users drop packets when switching between towers and oversubscribed networks • Current solution: When packet loss is detected, cut the congestion window (amount of unacknowledged data a client can receive) in half. • Pro: Works well for broadband users as the NetScaler finds the new rate it should send data to minimize expensive packet loss and recovery. • Con: When packet loss is frequent (such as with mobile users) average performance is not as high as it could be due to limits in how big the congestion window can get. • TCP Westwood: When packet loss is detected, cut the congestion window to reflect the estimated bandwidth instead. • How: Use “agile probes” to keep track of estimated bandwidth • Estimated Bandwidth = (amount of data acknowledged in an interval) / time

  28. Y-axis Outstanding Data in bytes X-axis Time . Red Line : instantaneous outstanding data samples at various points in the lifetime of the connection. Blue Line : averageoutstanding data up to that point. Green Line : weighted average of outstanding data up to that point TCPW TCPW Default Default

  29. HTML based configuration Utility

  30. What has changed? • All Detail Views are HTML based, except the following: • SSL>FIPS • AppExpert > Applications • AppExpert >Access Gateway Applications • AppExpert >Templates • GSLB > LDNS Entries • Integrated Caching > Cache Objects • All Configure Views are Java based, except the following: • PBR6 • Linkset • DNS Zones • All SNMP related views • Most of the System>Settings views

  31. CALLHOME

  32. Current Support Model • Data collection involves customers calling Citrix support and raising a service ticket. • Troubleshooting of any customer issue is done after Citrix support is notified of the issue

  33. Callhome Model • Preemptive and proactive service strategy. • Citrix TAAS server • Callhomefunctionality would let appliances detect errors and automatically alert the company’s support. • Upload shtechsupport file.

  34. NetScaler 10Action Analytics Citrix Confidential - Do Not Distribute

  35. Introducing NetScaler Action Analytics • Integrated, easy-to-use application analysis and policy control solution • Complements NetScaler AppFlow with real-time insight into full web application and SQL environment, with: • Real-time monitoringwith Granular statistics • Adaptive policy control

  36. NetScaler Action AnalyticsReal-time Monitoring • Top URLs requested for entire site • Top URLs requested for each application • Top application users (clients) Built-in capabilities for monitoring application traffic

  37. Customer Use Cases Perform statistical analysis of real-time data to gain deeper insight into overall application environment: • How much bandwidth is being consumed by the Top N users to a specific application URL • What are the response times for the most popular web pages. Do I need to add server resources or further optimize my application for better performance? • How many users are accessing my top web pages at any point in time? • What are the most popular referring sites to my application. I want to understand how users get to my site/page SCREEN PLACEHOLDER

  38. NetScaler Adaptive Policy Control Application data can be automatically fed back into the NetScaler policy engine to optimize application delivery in real-time Specific client or application traffic can be targeted to change or create policy including: • Rate limiting when certain peaks occur • Redirection – redirecting requests from the top clients to a different site or data center transparently • Enhanced acceleration (e.g. compression and/or caching data) • Failover to backup vserver based on depth of surge queue Policy Change Runtime Analytic Engine AdaptivePolicyControl

  39. NetScaler 10DataStream Enhancements Citrix Confidential - Do Not Distribute

  40. Citrix DataStream Technology Bringing ADC Benefits to the Data Tier Web/App Tier DB Tier NetScaler Built-in SQL intelligence delivering advanced traffic and connection management to improve database scale, availability, performance Microsoft SQL Server

  41. What’s New in DataStream? New New New

  42. Other Features Citrix Confidential - Do Not Distribute

  43. CEF – Common Event Format • Support for Open Standards Based Application Firewall Log • Improve interoperability of security-related information from different security and network devices and applications • Easier aggregation of data for analysis by management systems • Simple text-based, high-performance format supporting multiple device types

  44. Click to Rule AppFw • Appfw Relaxation rules can now be deployed from the logs • The logs must be in CEF log format • Convenient option to relax a rule blocking a legitimate request

  45. Best XenDesktop Support – Bar None Web Interface on NetScaler Enhancements Citrix Confidential - Do Not Distribute

  46. Enhancements in Windows Interface on NetScaler Configuration Wizard • Further streamlining of WIonNS configuration wizard • Addition of UI Client Address Mode configuration • Native support for Mobile Receivers and Wyse Xenith • Enable case insensitivity for all Site Paths Greater Customization • Ability to directly edit WebInterface.conf parameters via the GUI with Search and Match capabilities • Default language selection • Login page welcome message text branding Greater Performance • 4X-8X more per-platform sustained sessions and support for up to 60K sessions • Reduction in login response times when accessed through AGEE • Support for utilization of Integrated Cache with NS Platform

  47. Even Better Performance and Scale

More Related