Deploying XenApp and XenDesktop with BIG-IP Michael Koyfman – Solution Architect F5’s Dynamic Control Plane Architecture Application and Data Delivery Network Users Availability •Scale •HA / DR •Bursting •Load-Balancing Optimization •Network •Application •Storage •Offload Security •Network •Application •Data •Access Management • Integration • Visibility • Orchestration Resources Private Physical Virtual Multi-Site DCs Public Cloud 2 What does F5 have to do with Citrix? • Citrix recommends an application delivery controller to maximize XenDesktop and XenApp – – – – Providing secure remote access Supporting shared resources Ensuring best performance Protecting against attacks 3 Key Points about F5 Citrix Solution Loadbalancing XenApp and XenDesktop – – – Pre-built deployment templates and deployment guides for XenApp and XenDesktop TCP optimizations and SSL offload improve user experience and provide server offload Provides High Availability to Web Interface and XML broker infrastructure Remote Access to XenApp and XenDesktop – Transparent implementation that requires no special Gateway Direct configurations – Single policy and configuration setup, and SSO for all clients: desktop ICA, PNAgent, Receiver – Eliminates the need for Secure Ticket Authority for remote access – Eliminates the need for Citrix Access Gateway for remote access – Removes troubleshooting complexity and consolidates all remote access troubleshooting to a single point only – F5. – Accelerates ICA data delivery of WAN links 4 5 XenApp/XenDesktop Delivery with Citrix • Overly complex to setup and manage • Requires three separate components to function: Access Gateway, Web Interface instance, and STA Authentication STA Internal Users Separate Web Interface instances for internal and external users Mobile Users Netscaler + Access Gateway Authorization XenApp Farm XML Brokers Active Directory F5 Networks, Confidential5 6 XenApp/XenDesktop Remote Access with F5 • Customer can use the same Web Interface instance for internal and external users • STA integration and failures are eliminated • Remote Access troubleshooting is consolidated in one place – F5 Authentication Internal Users Single Web Interface instance for both internal and external users Local Traffic Manager + Access Policy Manager Mobile Users Authorization Active Directory XenApp Farm XML Brokers F5 Networks, Confidential6 7 Simplified Access for Citrix XenApp • Manage access from consolidated solution • Eliminate Web Interface Servers • Replace Web Interface with Portal Mode Auth Mgmt Internal Users XML Brokers F5 Local Traffic Manager + Access Policy Manager Mobile Users XenApp Farm Directory F5 Networks, Confidential7 8 Simplified Access for Other Applications • Manage access from consolidated solution • Leverage Credential Caching and Single Sign On • Present OWA, VMWare View next to Citrix Apps in a dynamic Webtop. Internal Users BIG-IP Local Traffic Manager + Access Policy Manager Mobile Users Directory F5 Networks, Confidential8 Dynamic Webtop for Users • Dynamically present Citrix Apps and Desktops • Can be used for internal and external users. • Unified End User Experience • Fully Supporting Industry Standard VDI as well as Applications Sharepoint Exchange MS RDP Citrix VM View F5 Networks, Confidential9 Deploying XenApp Loadbalancing First…. 10 Deploying XenApp Remote Access 11 Only ADC with Geolocation Access Rules VPE – Geolocation Rules Custom session variables Custom notification messages Logging Client locations Reporting F5 Networks, Confidential 12 Deploying Citrix Globally with GTM Geolocation Services BIG-IP Local Traffic Manager L-DNS BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager Monitoring BIG-IP Local Traffic Manager o Global Traffic Manager improves Citrix performance • Xen App/Desktop users sent to best datacenter • Continuous monitoring of entire infrastructure including network and application health • Automatic failover during outages • Persistence prevents broken sessions F5 Networks, Confidential 13 Optimizing ICA traffic for WAN users • F5’s unique TCP Express stack is key to offering best possible TCP performance on the market. • ICA protocol is TCP-based – thus it most directly benefits from TCP Express optimizations • Customer testing showed F5 ICA proxy be able to sustain near full T1 link utilization for a single ICA connection with 200 ms latency and 1% packet loss. 14 Citrix Deployment Guides on F5.com F5 Networks, Confidential 15 DevCentral Citrix Group F5 Networks, Confidential 16 Questions. F5 Networks, Confidential 17 Summary • Highest availability • Dramatically increase server capacity • Cross-site availability and resilience • Pre-authenticate users in the perimeter network • Seamless integration with systems management 18 Citrix related resources • F5 Solution page for Citrix Solutions – http://www.f5.com/solutions/citrix/xenapp • F5 DevCentral Community Group: Citrix / F5 Solutions – http://devcentral.f5.com/Community/Citrix • F5 Deployment Guide for XenDesktop – http://www.f5.com/pdf/deployment-guides/citrix-xendesktop-dg.pdf • F5 Deployment Guide for XenApp – http://www.f5.com/pdf/deployment-guides/citrix-xenapp-iapp-dg.pdf • Application Delivery Controller Performance Reports – http://www.f5.com/pdf/reports/f5-performance-report.pdf • 5 minutes or less video: BIG-IP APM and XenApp – http://devcentral.f5.com/weblogs/psilva/archive/2011/01/24/in-5-minutes-or-less-videobig-ip-apm-amp.aspx • Press Release - F5 Simplifies and Centralizes Access Management for Citrix Applications – http://www.f5.com/news-press-events/press/2010/20101214.html 19