Important – Webinar Audio The audio for this webinar is available over VoIP. Just select the ‘Use Mic & Speakers’ option to listen to the webinar through your computers speakers. Optimising network delivery of virtual desktops Jason Poole Business Development Manager, EMEA (Cloud Networking)Michael Aldridge Senior System Engineer, EMEA (Cloud Networking) To listen using your telephone select the ‘Use Telephone’ option. For local numbers click the ‘additional numbers’ link. 4th October 2012 You will need to use the Access Code and Audio PIN. The webinar will start at 3:00pm (BST)
Industry trends and IT resources Centralisation of Resources Multiple devices Distributed workforce Work and play from any device, anywhere
Why Implement a Desktop Virtualisation Solution? • Cost reduction • Business Agility • Improved security • Improved compliance • Ease of management Change everything… but wait, consideration?
Considerations for a successful Desktop Virtualisation • Centralisation is a single point of failure • Benefits of Desktop Virtualisation are realised through centralisation • Branch office workers might experience poor experience • 80% of employees are located away from the HQ and the data centre • How to provide the access to the virtual desktop • More and more users are bringing their own devices • Requirement for remote access and maintaining security
HDX SmartAccess Delivers simple and seamless secure access • Anywhere Access • Allows users to securely access desktops and applications using any device in any location, including home computers and mobile devices.
HDX SmartAccess Delivers simple and seamless secure access Anywhere Access Network and device roaming Enables users’ sessions to transparently and securely move between networks and devices by dynamically adapting access.
HDX SmartAccess Delivers simple and seamless secure access Anywhere Access Network and device roaming Single sign-on Improves the user’s experience by reducing unnecessary authentication prompts and the number of passwords users need to remember.
HDX SmartAccess Delivers simple and seamless secure access TCP ICA DRIVE PRINTING COM SPEEDSCREEN VIDEO AUDIO CLIPBOARD Anywhere Access Network and device roaming Single sign-on Granular Action Control Allows the administrators to define capabilities within application to which users have access.
High Availability • Goal: Network Infrastructure Fault tolerance • Roadblocks: • Virtual desktop hosting platform • Operating system delivery • Application and desktop delivery • Desktop controllers • Application controllers
High Availability in Action HQ Office Personalization XenDesktop Farm XenServer Resource Pool Virtual Desktop 1 Personalization: User A File Share Apps: Office User A User B User C User D User E Desktop Delivery Controller Applications OS: Vista Remote User Virtual Desktop 2 Desktop Delivery Controller XenApp Controller Personalization: User B DataCollector Apps: Office NetScaler OS OS: XP Branch Office Secure Access F i r e w a l l F i r e w a l l Virtual Desktop 3 Vista Windows XP Windows 7 Provisioning Server Personalization: Apps: Tablet WebInterface Strong SLAs Active Directory OS: Data Store License Server Home Office DHCP Infrastructure
HQ Office HQ Office HQ Office Personalization Personalization Personalization XenDesktop Farm XenServer Resource Pool XenServer Resource Pool XenServer Resource Pool XenDesktop Farm XenDesktop Farm Virtual Desktop 1 Virtual Desktop 1 Virtual Desktop 1 User A User B User C User D User E Global Availability User A User A User B User B UserC UserC UserD UserD UserE UserE Personalization: User A Personalization: User A Personalization: User A File Share File Share File Share Apps: Office Apps: Office Apps: Office Desktop Delivery Controller Desktop Delivery Controller Desktop Delivery Controller Applications Applications Applications OS: Vista OS: Vista OS: Vista Remote User Remote User Remote User Virtual Desktop 2 Virtual Desktop 2 Virtual Desktop 2 Desktop Delivery Controller Desktop Delivery Controller Desktop Delivery Controller Branch Office Branch Office Branch Office XenApp Controller XenApp Controller XenApp Controller Secure Access Personalization: User B Personalization: User B Personalization: User B F i r e w a l l F i r e w a l l F i r e w a l l F i r e w a l l F i r e w a l l F i r e w a l l DataCollector Strong SLAs Apps: Office Apps: Office Apps: Office DataCollector DataCollector NetScaler NetScaler NetScaler OS OS OS WebInterface WebInterface WebInterface OS: XP OS: XP OS: XP Virtual Desktop 3 Virtual Desktop 3 Home Office Home Office Home Office Virtual Desktop 3 Vista Vista Windows XP Windows XP Windows 7 Windows 7 Vista Windows XP Windows 7 Provisioning Server Provisioning Server Provisioning Server Personalization: Personalization: Personalization: Apps: Apps: Apps: Tablet Tablet Tablet Active Directory Active Directory Active Directory OS: OS: OS: Data Store License Server Data Store License Server Data Store License Server DHCP DHCP DHCP Infrastructure Infrastructure Infrastructure
Data Proximity North America • Data may not be replicated to all sites WAN EMEA
GSLB with Site Roaming North America • Ensure that only ICA traverses the WAN WAN EMEA
User Experience Deployment across a WAN
Applications are designed for the LAN • Sexy interface – graphic intensive • Chatty protocols • Testing labs • Gigabit connectivity • 0 ms Latency Deployed across a WAN? Slow? = “that’s a network issue. You fix it.” Citrix Confidential - Do Not Distribute
HDX ICA protocol is an underlying technology for HDX (High-Definition User Experience)
Bandwidth Allocation for ICA • How much bandwidth is enough? • It depends on: • Other network traffic • Application bandwidthrequirements • Number of users • User behavior • And more! vs.
Insufficient Bandwidth Causes . . . • ICA sessions to drop • Users experience choppy typing or screen paints • Session Reliability to be invoked (if enabled) • User sees application but can’t use it Dear Mr. Templeton, I love Citrix XenApp! How can I purchase more licenses?
ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Session ICA Compression • Already highly compressed and optimized • Automatically tunes itself to further compress when less bandwidth available • Single session bandwidth testing not valid! ICA Session
WAN Optimisation for Desktop Virtualisation
What is ICA Optimization? • Enhancements to Repeater compression engine • ICA Encryption/Decryption • The ICA Parser • ICA Intra-Session Compression enhancements • ICA Cross-Session Compression Branch Staging of Streamed Apps Adaptive TCP Flow Control Adaptive Compression Adaptive Protocol Acceleration Traffic Prioritization Branch Caching of Hosted Apps
ICA Parser • Acts as an intermediate for decryption/encryption • Can decrypt all ICA encryption except for SSL. • No cert installed on the acceleration pair • Supports Basic, RC-40, RC-56 and RC-128 encryption levels • Re-encrypts on WAN, transparently to the client. De-crypt, then either disk based or memory based compression histories are used, then re-encrypt. Decrypt, ICA Parser looks for ICA/CGP Signature, Re-encrypt. ICA Connection initialization Client is relieved of ICA decompression tasks WS/CBR Compressed Traffic WAN LAN LAN Repeater or Branch Repeater Branch Repeater Branch Client XenApp Farm
ICA Parser • ICA compression requests Server/Client are disabled • Parsing only occurs on accelerated connections. • When a connection is established the ICA handshake is detected. • At that point it is determined if it is ICA or CGP (detected in the connection payload). De-crypt, then either disk based or memory based compression histories are used, then re-encrypt. Decrypt, ICA Parser looks for ICA/CGP Signature, Re-encrypt. ICA Connection initialization Client is relieved of ICA decompression tasks WS/CBR Compressed Traffic WAN LAN LAN Repeater or Branch Repeater Branch Repeater Branch Client XenApp Farm
ICA Parser • Separates headers from payload and bulk from interactive • Print/File/Multimedia • Bulk traffic goes to disk (DBC) • ThinWire graphics commands • Interactive goes to memory (MBC) • Header data goes to the small matcher (Nano) De-crypt, then either disk based or memory based compression histories are used, then re-encrypt. Decrypt, ICA Parser looks for ICA/CGP Signature, Re-encrypt. ICA Connection initialization Client is relieved of ICA decompression tasks WS/CBR Compressed Traffic WAN LAN LAN Repeater or Branch Repeater Branch Repeater Branch Client XenApp Farm
ICA Compression - Cross session Compression • Subsequent packets are compared to the compression history on the sending side. • Payload matches are substituted with a token in lieu of the whole packet. • The server still sends, and the client still received what they expect to. WS/CBR turns off XA compression and enables WS compression during negociation. Native ICA Compression enabled by default Either disk based or memory based compression histories are used. WS/CBR Compressed Traffic Client is relieved of ICA decompression tasks WAN LAN LAN Repeater or Branch Repeater Branch Repeater XenApp Farm
ICA Compression - Cross session Compression • After the histories are populated, if a second client requests the same data in his/her ICA session, a second match can occur. • Tokens are sent and the payload is pulled from the client side compression history. • The more users of the same application, the better. WS/CBR turns off XA compression and enables WS compression during negociation. Native ICA Compression enabled by default Either disk based or memory based compression histories are used. WS/CBR Compressed Traffic Client is relieved of ICA decompression tasks WAN LAN LAN Repeater or Branch Repeater Branch Repeater XenApp Farm
Use Case – ICA Compression of Display Traffic Repeatable data bitmaps can be reused for subsequent requests Cross-session compression enhanced Repeatable vs. Unique Data Unique data Repeatable data
Use Case - ICA Optimization of Print Traffic • Repeater compresses using disk (disk-based compression) • Minus the headers • Second pass of the same print job • ~70:1 compression • Small modifications followed by a print-job resend • Compresses well (35-40:1)
ICA Review – Virtual Channels • What is an ICA Virtual Channel? TCP ICA • A Citrix Independent Computing Architecture (ICA) virtual channel is a bidirectional connection for the exchange of generalized packet data between a Citrix XenApp/XenDesktop Server and a ICA compliant client. • Virtual channels correspond to virtual drivers; each providing a specific function. Some are required for normal operation, and others are optional. • Virtual drivers operate at the presentation layer protocol level. There can be a number of these protocols active at any given time by multiplexing channels. • There are a total of 64 virtual channels in the ICA protocol. However for most user sessions, between 8 -12 are usually utilized. DRIVE PRINTING COM SPEEDSCREEN VIDEO AUDIO CLIPBOARD
ICA QoS Single Stream • ICA Priority Packet Tagging allows prioritization of ICA sessions based on the virtual channel data being transmitted. (what the user is doing within the app/session) • This is done by associating each virtual channel’s two-bit priority to a packet priority. • The two priority bits combine to form four priority values: • 00 (0) - High Priority • 01 (1) - Medium Priority • 10 (2) - Low Priority • 11 (3) - Background Priority • These priority bits can then be assigned to Branch Repeater Quality of Service queues to allow dynamic QoS.
The Single Stream ICA Problem compressed and encrypted ICA data • The user creates an ICA session. • User interface traffic is tagged with a priority bit of zero (thin wire). • Branch Repeater identifies the priority tags in real time and applies QoS appropriately. Session Bandwidth
The Single Stream ICA Problem compressed and encrypted ICA data • The user then starts a print job within the ICA session. • Print traffic is tagged with a priority bit of three (real time). • Branch Repeater identifies the new priority tags in real time and applies QoS appropriately. Session Bandwidth
The Single Stream ICA Problem compressed and encrypted ICA data • The user then either returns to the app’s user interface or starts a second application. (thin wire) • The new observed priority bits of the session cause the session to be QoS’ed as a priority zero. • Prioritization of printing traffic is now lost. Session Bandwidth
Virtual Channels ICA Stream #1(Very High) ICA Stream #2(High) ICA Stream #3(Medium) ICA Stream #4(Low)
Multi-Stream ICA Terminology • Single-port, Multi-stream ICA (MSIDefault) • 4 random ports at client, 1 primary port on server • Automatically enabled on ICA server by Branch Repeater 6.0. • Multi-port, Multi-stream ICA • 4 random ports at client, 1 primary and up to 3 secondary ports on server • Most common deployment if used without Branch Repeater • Single-port, Single-stream ICA • 1 random port at client, 1 primary port on server • The pre-MSI default connection type • If any Branch Repeater on the link vetos MSI, or old versions used
How Does Branch Repeater Optimize ICA? Adaptive orchestration with XenDesktop and XenApp Print Print Thinwire Thinwire CDM CDM Repeater Branch Repeater • Unprecedented visibility into XenDesktop and XenApp traffic • Custom acceleration modes for print, video and file traffic • Minimum changes to underlying XenDesktop or XenApp infrastructure WAN
CTX124457: Data Analysis • Branch Repeater reduces the bandwidth consumed per session by up to 89% • Branch Repeater can double the number of users on the same WAN connection • Branch Repeater reduces session launch times by up to 40% andprint spooling times by up to 60%
Citrix-on-Citrix: 56 Branch Repeaters Deployed Stockholm Cambridge Copenhagen Dublin Toronto Schaffhausen Chalfont Munich Redmond Chicago Vianen Paris Bedford New York City Bethesda Santa Clara Tokyo Madrid Atlanta (DR) Santa Barbara Dallas Hong Kong Fort Lauderdale Miami Mexico City Bangalore Singapore • Data center office • Regional headquarters • Regional offices • Disaster recovery Sydney
Summary • Industry trends are driving desktop virtualisation as a solution • The same trends mean there are considerations for successful deployments • Networks must be optimised to ensure Availability and User experience • Citrix has the components to ensure Enterprises can realise the benefits of Centralisation, Consumerisation and Geographical dispersion Desktop virtualisation is a solution not a product
Follow us… • Citrix blog • Desktop Virtualisation community • @patrick_irwin • Citrix Web Community http://blogs.citrix.com/author/patricki/