Deploying XenApp and XenDesktop with
BIG-IP
Michael Koyfman – Solution Architect
F5’s Dynamic Control Plane Architecture
Application and Data
Delivery Network
Users
Availability
•Scale
•HA / DR
•Bursting
•Load-Balancing
Optimization
•Network
•Application
•Storage
•Offload
Security
•Network
•Application
•Data
•Access
Management
• Integration
• Visibility
• Orchestration
Resources
Private
Physical
Virtual
Multi-Site DCs
Public
Cloud
2
What does F5 have to do with Citrix?
• Citrix recommends an application delivery controller to
maximize XenDesktop and XenApp
–
–
–
–
Providing secure remote access
Supporting shared resources
Ensuring best performance
Protecting against attacks
3
Key Points about F5 Citrix Solution
 Loadbalancing XenApp and XenDesktop
–
–
–
Pre-built deployment templates and deployment guides for XenApp and
XenDesktop
TCP optimizations and SSL offload improve user experience and provide server
offload
Provides High Availability to Web Interface and XML broker infrastructure
 Remote Access to XenApp and XenDesktop
– Transparent implementation that requires no special Gateway Direct
configurations
– Single policy and configuration setup, and SSO for all clients: desktop
ICA, PNAgent, Receiver
– Eliminates the need for Secure Ticket Authority for remote access
– Eliminates the need for Citrix Access Gateway for remote access
– Removes troubleshooting complexity and consolidates all remote access
troubleshooting to a single point only – F5.
– Accelerates ICA data delivery of WAN links
4
5
XenApp/XenDesktop Delivery with Citrix
• Overly complex to setup and manage
• Requires three separate components to function: Access Gateway,
Web Interface instance, and STA
Authentication
STA
Internal Users
Separate Web
Interface instances
for internal and
external users
Mobile Users
Netscaler +
Access Gateway
Authorization
XenApp Farm
XML Brokers
Active Directory
F5 Networks, Confidential5
6
XenApp/XenDesktop Remote Access with F5
• Customer can use the same Web Interface instance for internal and
external users
• STA integration and failures are eliminated
• Remote Access troubleshooting is consolidated in one place – F5
Authentication
Internal Users
Single Web Interface
instance for both
internal and external
users
Local Traffic Manager
+ Access Policy Manager
Mobile Users
Authorization
Active Directory
XenApp Farm
XML Brokers
F5 Networks, Confidential6
7
Simplified Access for Citrix XenApp
• Manage access from consolidated solution
• Eliminate Web Interface Servers
• Replace Web Interface with Portal Mode
Auth Mgmt
Internal Users
XML Brokers
F5 Local Traffic Manager
+ Access Policy Manager
Mobile Users
XenApp Farm
Directory
F5 Networks, Confidential7
8
Simplified Access for Other Applications
• Manage access from consolidated solution
• Leverage Credential Caching and Single Sign On
• Present OWA, VMWare View next to Citrix Apps in a dynamic
Webtop.
Internal Users
BIG-IP
Local Traffic Manager
+ Access Policy Manager
Mobile Users
Directory
F5 Networks, Confidential8
Dynamic Webtop for Users
• Dynamically present Citrix Apps and Desktops
• Can be used for internal and external users.
• Unified End User Experience
• Fully Supporting Industry Standard VDI as well as
Applications
Sharepoint
Exchange
MS RDP
Citrix
VM View
F5 Networks, Confidential9
Deploying XenApp Loadbalancing First….
10
Deploying XenApp Remote Access
11
Only ADC with Geolocation Access Rules





VPE – Geolocation Rules
Custom session variables
Custom notification messages
Logging Client locations
Reporting
F5 Networks, Confidential
12
Deploying Citrix Globally with GTM
Geolocation
Services
BIG-IP Local Traffic Manager
L-DNS
BIG-IP Global Traffic Manager
BIG-IP Local Traffic Manager
Monitoring
BIG-IP Local Traffic Manager
o Global Traffic Manager improves Citrix performance
• Xen App/Desktop users sent to best datacenter
• Continuous monitoring of entire infrastructure including network and
application health
• Automatic failover during outages
• Persistence prevents broken sessions
F5 Networks, Confidential
13
Optimizing ICA traffic for WAN users
• F5’s unique TCP Express stack is key to offering best
possible TCP performance on the market.
• ICA protocol is TCP-based – thus it most directly benefits from
TCP Express optimizations
• Customer testing showed F5 ICA proxy be able to sustain
near full T1 link utilization for a single ICA connection with 200
ms latency and 1% packet loss.
14
Citrix Deployment Guides on F5.com
F5 Networks, Confidential
15
DevCentral Citrix Group
F5 Networks, Confidential
16
Questions.
F5 Networks, Confidential
17
Summary
• Highest availability
• Dramatically increase server capacity
• Cross-site availability and resilience
• Pre-authenticate users in the perimeter network
• Seamless integration with systems management
18
Citrix related resources
•
F5 Solution page for Citrix Solutions
– http://www.f5.com/solutions/citrix/xenapp
•
F5 DevCentral Community Group: Citrix / F5 Solutions
– http://devcentral.f5.com/Community/Citrix
•
F5 Deployment Guide for XenDesktop
– http://www.f5.com/pdf/deployment-guides/citrix-xendesktop-dg.pdf
•
F5 Deployment Guide for XenApp
– http://www.f5.com/pdf/deployment-guides/citrix-xenapp-iapp-dg.pdf
•
Application Delivery Controller Performance Reports
– http://www.f5.com/pdf/reports/f5-performance-report.pdf
•
5 minutes or less video: BIG-IP APM and XenApp
– http://devcentral.f5.com/weblogs/psilva/archive/2011/01/24/in-5-minutes-or-less-videobig-ip-apm-amp.aspx
•
Press Release - F5 Simplifies and Centralizes Access Management for Citrix
Applications
– http://www.f5.com/news-press-events/press/2010/20101214.html
19