Branch Repeater 5.6, 5.7 & VPX Technical Presentation High Definition Experience Needs Optimization and Orchestration Across the Entire Delivery System Receivers 2 1 3 Client Network Server Repeaters Gateways Citrix Confidential - Do Not Distribute Controllers Our Arrow ECS Labs Setup Client Receivers on Wifi Network 172.32.1.0/24 Router WAN emulator 1Mbps Repeater VPX 172.32.1.250 Repeater VPX 192.168.1.254 XenServer Citrix Confidential - Do Not Distribute Server XenDesktop XenApp CIFS HTTP MAPI 192.168.0.0/20 Citrix Branch Repeater | The Big Picture Citrix Repeater Plug-in for Citrix Receiver Mobile Users Tele-workers Data Center Repeater Branch Offices Applications: XenApp XenDesktop File Servers Exchange Email SharePoint ERP/CRM Branch Repeater Repeater Redundant Datacenter or Disaster Recovery Site Acceleration for any user, anywhere Repeater appliances Branch Repeater with Windows Server, and Branch Repeater Repeater Plug-in What’s new in Branch Repeater 5.x & VPX Exchange (MAPI) Acceleration • Features • • • • • • Protocol acceleration (similar to CIFS) Compression & de-duplication of attachments Cross-application and multi-user optimization Supports Exchange Server 2003 and 2007 Supports MS Outlook 2003 and 2007 Available on all appliances and Repeater Plug-in • Benefits • Up to 50 times faster sending/receiving emails • Reduces bandwidth consumption Outlook Exchange Branch Repeater running Windows Server 2008 • Features • Natively integrated Windows Server 2008 Standard Edition OS • File, print, DHCP, DNS, WINS, DFS • Read-only Domain Controller (RODC) • MMC, WMI, SCOM manageability • Benefits • Simplify IT by consolidating servers in the branch • Leverage existing Windows management tools and expertise WAN Optimization Read-Only Domain Controller (RODC) • Features • Read-only AD DS database • Unidirectional replication • Credential caching • Administrator role separation • Read-only Domain Name System (DNS) • Benefits • Securely deploy a local DC in any branch location • Faster authentication and logon times for branch users • Centralized IT management and control Command Center Enhancements • Features • Now supports all Branch Repeater appliances (Linux and Windows) • Benefits • Easy and cost-effective management of large number of remote sites Citrix Branch Repeater Key Features HDX Broadcast & HDX IntelliCache Repeater Plug-in for Citrix Receiver Plug-n-Play for Any Network Integrated Windows Services Flexible & Centralized Management HDX Broadcast & HDX IntelliCache HDX IntelliCache and HDX Broadcast HDX Broadcast Adaptive TCP Flow Control Adaptive Compression Adaptive Protocol Acceleration HDX IntelliCache Prioritization & QoS Branch Staging of Offline Apps Branch Caching of Online Apps WAN Repeater Branch Repeater Branch Repeater Technology – HDX Broadcast Adaptive Protocol Acceleration Adaptive Compression Adaptive TCP Flow Control Prioritization and QoS (Improve inefficient protocols) (Reduce application turns and data) (Overcome loss/latency penalties) (Prioritize critical traffic) Adaptive Protocol Acceleration Intelligently accelerates common application protocols • Mitigates latency by reducing round trips (chatty protocols) • CIFS (File Sharing) • MAPI (Exchange) • Makes compression engine application-aware • Separates headers from payload • ICA, CIFS, MAPI, HTTP, FTP, NFS Example: CIFS CIFS CIFS: Common Internet File System Most common file sharing protocol Microsoft Office, Linux Open Office, etc. Windows XP/Vista, Windows Server 2003/2008, Mac OS X NetApp Filers, EMC File System Access Drag/Drop, Read/Write, Copy, Directory Browsing Example: CIFS – without Branch Repeater 250ms 250ms 250ms 250ms 1000 ms Example: CIFS – with Branch Repeater Open \\dog\bone\blue for John Whomever, password “Whatever” 1 ms 252 ms 125 ms 1 ms 125 ms Branch Repeater CIFS Performance Open Word Doc Over WAN Browse Directory with 20 Files "Drag & Drop" 20 Files "Drag & Drop"- 1 Large File "Drag & Drop"- 1 Small File 0% 200% 400% 600% 800% 1000% 1200% 1400% 1600% Improvement in Application Response Time CIFS Acceleration Requirements Windows 2003/2008 Server : • Set “Microsoft network client: Digitally sign communications (always)” to “Disabled” • Set “Microsoft network server: Digitally sign communications (always)” to “Disabled” Windows 2000 Server : • Set “Digitally sign server communication (always)” to “Disabled” • Set “Digitally sign client communication (always)” to “Disabled” For Windows 2008 Server Disable SMB 2.0 See : http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm Why accelerate MAPI? • Faster sending/receiving of email attachments • Lessen MAPI-related bandwidth requirements • Increase mail system responsiveness for branch office users • Help enable Exchange server consolidation • Drastically reduce idle time in sending/receiving emails • Iterations of same or similar messages by email • Optimization when different users, different applications access similar files What is MAPI Acceleration? • MAPI Acceleration is: • The pipelining of MAPI-based traffic between Microsoft Outlook and Exchange. • Acceleration of the uploading and downloading of email attachments made to email messages. • The compression of message attachments. What is MAPI Acceleration? • MAPI Acceleration is: • The pipelining of MAPI-based traffic between Microsoft Outlook and Exchange. • Acceleration of the uploading and downloading of email attachments made to email messages. • The compression of message attachments. How does MAPI Acceleration work? •The Outlook client initiates a MAPI connection to Exchange on TCP port 135. •Branch Repeater detects the Outlook to Exchange handshake. •User authentication and mailbox enumeration occurs. •If an accelerated connection is allowed the native Exchange compression is decompressed on the serverside Repeater. •No acceleration = native compression only •The Repeater/Branch Repeater pair then apply compression to subsequent MAPI traffic. How does MAPI Acceleration work? •A compression bit is flipped in the •The downloading and uploading of message attachments •Outlook then creates multiple packet prior to reaching the client, (messages larger than 32k) is then accelerated. connections the to Exchange server notifying Outlook not to decompress and message requests are exchanged the native Exchange compression. • Appropriate compression is applied to obtain a higher compression simultaneously among the connections ratio. •Packet header : Memory-based history •Packet payload: Disk -based history How does MAPI Acceleration work? The acceleration of MAPI is accomplished using several methods Pipelining of ROP requests containing data • Queuing up of upload bytes acknowledged by the client. Pipelining of ROP responses containing data • Pre-fetching of bytes of download data to be sent to the client. Aggregation of DCERPC fragments • MAPI/RPC requests combined into single multithreaded messages Exchange (MAPI) Acceleration • Requirements • Microsoft Outlook/Exchange Server 2003 and 2007. • Outlook must use normal Exchange mode (no HTTP or HTTPS proxy), without encryption • To disable encryption manually on a single Outlook 2007 client, go to the menu shown uncheck the box, “Encrypt data between Microsoft Office Outlook and Microsoft Exchange’. • To disable encryption for multiple users via group policies, follow the instructions at http://support.microsoft.com/default.aspx/kb/924617 . Change the Properties for “Enable RPC Encryption” to “Disabled” under “User Configuration: Administrative Templates: Microsoft Office Outlook 2007: Tools: Advanced Settings: Exchange. Branch Repeater Technology – HDX Broadcast Adaptive Protocol Acceleration Adaptive Compression Adaptive TCP Flow Control Prioritization and QoS (Improve inefficient protocols) (Reduce application turns and data) (Overcome loss/latency penalties) (Prioritize critical traffic) Adaptive Compression Sensing real-time network and traffic conditions • First pass compression Disk • Byte Caching • In memory or on disk • De-Duplication • Across workflows • Across applications • Across users Access Time • In L2 cache and memory • Various algorithms (ZLIB, LZS) DRAM Cache History Length Adaptive Compression First Pass Compression History Compression History Adaptive Compression Second Pass A Small Token Replaces Thousands of Bytes Compression History Compression History Branch Repeater Technology – HDX Broadcast Adaptive Protocol Acceleration Adaptive Compression Adaptive TCP Flow Control Prioritization and QoS (Improve inefficient protocols) (Reduce application turns and data) (Overcome loss/latency penalties) (Prioritize critical traffic) Adaptive TCP Flow Control Sensing and responding to latency and packet loss Without Branch Repeater Throughput With Branch Repeater Throughput Link Speed Average Utilization Average Utilization Time Slow Start Slow Ramp Time Branch Repeater Technology – HDX Broadcast Adaptive Protocol Acceleration Adaptive Compression Adaptive TCP Flow Control Prioritization and QoS (Improve inefficient protocols) (Reduce application turns and data) (Overcome loss/latency penalties) (Prioritize critical traffic) Traffic Prioritization and QoS Adaptively allocates bandwidth across different applications and ICA virtual channel types Without Branch Repeater 1.5 Mbps Bulk Transfers With Branch Repeater 20% 20% ICA (Interactive) Recreational Recreational ICA (Interactive) 60% Bulk Transfers Quality of Service (QoS) prioritizes applications • 5 traffic classes (or QoS queues) • Each queue assigned a min % of the link bandwidth • If queue bandwidth is unused, other traffic can use it • QoS is Citrix ICA aware • Dynamic mapping based on ICA priority bits Goal = Fill the pipe • Queue specific reporting Quality of Service Scheduling Class A – 50% Class B – 25% Class C – 25% Flow (Partner unit) Flow (Partner unit) Class D – 0% Flow (Partner unit) Class E – 0% Adapter (NIC) QoS and ICA Priority Tags •Default Priority bits and ICA virtual channels: Priority High (0) Medium (1) Sample Virtual Channels Video, Mouse and Keyboard Screen Updates Program Neighborhood, clipboard, audio mapping, license management Low (2) Background (3) Client COM Port Mapping, Client Drive Mapping Auto Client Update, Client Printer Mapping and OEM Channels •ICA packet with data from multiple channels gets the priority bit associated with the highest level Virtual Channel •ICA Priority bits can be changed via the registry of the Presentation Servers. Branch Repeater Technology – HDX IntelliCache Branch Staging of Offline Apps Pre-positions streamed applications locally for rapid delivery to branch users Branch Caching of Online Apps Local caching and de-duplication across multiple XenApp user sessions Accelerating XenApp Offline Apps • Stages and accelerates Offline apps to branches • Deliver LAN-like performance • Branch remains productive even during WAN outages • Reduce management complexities of services in the branch • Transparent, instant-on service to the user Branch Staging Pre-positioning of Offline applications locally in the branch XenApp Application Profiler File Share (Application Hub) Branch Users WAN Branch Repeater with Windows Server When do .CAB stream over the WAN? • User accesses an app for the first time • Get updated or patched applications • After users download the app, it is saved to the local PC cache Pre-positioning .CAB files XenApp Profiler Client Citrix Branch Repeater Citrix Repeater 1 XenApp 5 WAN 2 • • • • Very automatic and transparent to client .cab File store Can be done anytime QoS administration of both DFS replicated traffic and other traffic to branch Tip: Make sure that the Branch Repeater and the XenApp Server have domain permissions. Client accessing the files via DFS Namespace XenApp Profiler and redirection (Authenticate / Download / Redirect) Client Citrix Branch Repeater Citrix Repeater 1 XenApp 5 WAN 2 .cab File store • Designed based on DFS replication • Redirects client to closest DFS replication site the local BR • No client changes required Client accessing the files via DFS Namespace XenApp Profiler and redirection (Authenticate / Download / Redirect) Client Citrix Branch Repeater Citrix Repeater XenApp 5 WAN 3 .cab File store • Designed based on DFS replication • Redirects client to closest DFS replication site the local BR • No client changes required Branch Repeater responds to client request XenApp Profiler Client Citrix Branch Repeater Citrix Repeater WAN XenApp .cab File store • LAN like performance • No need to go over WAN to get the LARGE .cab file • Results: Very HAPPY user! Branch Repeater Technology – HDX IntelliCache Branch Staging of Offline Apps Pre-positions streamed applications locally for rapid delivery to branch users Branch Caching of Online Apps Local caching and de-duplication across multiple XenApp user sessions Branch Caching Local caching and de-duplication across multiple sessions Data Center Branch Office Branch Repeater Repeater Infrastructure Servers XenApp Farm Optimized TCP Connections Multi-user Optimization for XenApp Delivers best performance for XenApp to branch users • 22-39% faster application start up per user • 2-6x faster bulk data transfer over ICA + up to 20x less bandwidth consumption • Up to 30x reduction for UPD print traffic over the WAN Ideal Use Cases for Branch Caching • Multiple users accessing the same text heavy applications • e.g. Microsoft Word or Excel • Multiple users frequently accessing forms-based Web applications • e.g. Call center environment utilizing SAP • Multiple users printing similar files within ICA • i.e. Universal Print Driver (UPD) • Multiple users performing repetitive file transfers within ICA • i.e. Client drive mapping • Multiple users streaming the same media file within ICA • i.e. HDX MediaStream Example: Text Heavy Application User 1 User 2 Same text between users using Word. Redundant data not sent over WAN. Example: Forms-based Web Application User 1 User 2 Form and web browser based apps share background objects between users. Redundant data not sent over WAN. Example: Multi-user file and print services on ICA User #1 User #2 Cross-session de-duplication benefit for print or transfer of similar files by different users Redundant data not sent over WAN. ICA Acceleration with XenApp alone compressed and encrypted ICA data XenApp Client WAN • Supports Windows 2003 servers • Leave all compression, encryption settings enabled • Native ICA from XenApp is optimized and compressed XenApp Server ICA Acceleration with Branch Repeater compressed and encrypted ICA data XenApp Client Branch Repeater WAN ICA data still encrypted Repeater XenApp Server ICA data still encrypted • Branch Repeater decrypts and encrypts ICA traffic to allow the ICA protocol to be parsed and compressed • Supports basic and advanced encryption ICA Acceleration with Branch Repeater compressed and encrypted ICA data XenApp Client Branch Repeater WAN Repeater XenApp Server • Automatic disabling of ICA compression on the XenApp server and client • Branch Repeater parses ICA traffic inside the virtual channel • Compression works across users and virtual channels to optimize all traffic • Optimal performance for print, client drive mapping, and common apps Mixed Environment Support Decrypted and Encrypted by Repeater ICA Pass-through by Repeater Branch Office #1 HQ/Data Center Branch Repeater WAN Branch Office #2 Repeater HDX IntelliCache ensures that branch users on direct WAN as well as those behind a Branch Repeater continue to enjoy ICA application performance! Further Reading Whitepaper: Performance assessment of Multiuser XenApp Optimization • http://www.citrix.com/branchrepeater • http://support.citrix.com/article/ctx120160 Citrix Repeater Plug-in for Citrix Receiver Citrix Receiver A single Citrixexperience clientPC, for home Citrix PC, Delivery Simple For the user enterprise and Center Singleinfrastructure point for notifications BYOPC Orchestrates installation, updates, and interaction of Windows, Macintosh, iPhone, & Smartphones third party plug-ins with Citrix Works inside and outside the plug-ins firewall Citrix Receiver Key Benefits • Improved User Experience • Simplified User Interface • Reduce Systray Sprawl • Consistent User Notifications • Simpler Secure Connection from outside work • Improved IT Experience • Centralized client management • Head-end controls default settings • Simpler support for BYOC, home, etc Citrix Receiver for Windows Three Components • Citrix Receiver – software installed on end-user desktop that houses plug-ins and communicates with the Merchandising Server for updates • Citrix Receiver Merchandising Server – Linux-based XenServer Virtual Machine that stores plug-in updates • Citrix Receiver Administrator Console – Web-based console used to administer the Merchandising Server and configure plug-in deliveries Citrix Repeater Plug-in • Available as plug-in for the Citrix Receiver as well as standalone • High-definition experience for mobile users and teleworkers ("office like") • Overcomes bandwidth and latency uncertainty of 'on-road' connectivity • WiFi, broadband, 3G connections Deployment Scenarios Integrated mode • Merchandising Server is used to deploy Citrix Receiver and plug-ins • Schedule the delivery for self-service install by end-user Standalone mode • Citrix Repeater plug-in is deployed without the Citrix Receiver or Merchandising Server • Citrix Repeater plug-in software is downloaded from www.citrix.com • Software is customized and deployed using existing software distribution mechanisms Turbocharge Your Access Gateway! • Repeater and Access Gateway plug-ins interoperate to turbocharge secure, remote access • Unique, single-vendor secure accelerated access solution • Best remote and mobile user experience • Simple, secure and fast Turbocharge Access Gateway Un-optimized traffic Optimized traffic Traffic between the client and the secure network is optimized before passing through the VPN tunnel Repeater Plug-in Access Gateway Plug-in Secure & Optimized traffic WAN Access Gateway Repeater Repeater and Access Gateway Plug-Ins Integration Application (Email, Web Browser) Repeater Plug-in Access Gateway Plug-in User Space Kernel TCP/IP Protocol Stack (Kernel) TCP/IP Protocol Stack (Kernel) Repeater Packet Interceptor Access Gateway Driver Network Driver Access Gateway Configuration All editions of Access Gateway can be turbocharged Standard Edition Advanced Edition Enterprise Edition Step by step configuration and planning available in CTX121035 Turbocharge Access Gateway Reference Architecture Benefits of Access Gateway integration • Secure and accelerated remote access • Compared to secure access without the Repeater Plug-in, a turbocharged Access Gateway: • Improves CIFS performance by up to 30X • Improves HTTP performance by up to 50X • Improves MAPI performance by up to 50X • Up to 99% bandwidth saving with native Windows file shares, Exchange email, SharePoint document libraries, and other apps Turbocharge Access Gateway Test results showing the performance improvement over different types of bandwidth Plug-n-Play for Any Network Plug-and-Play Deployment with Full Transparency Auto-discovery No tunnels NoTunnel Zero impact to: Firewalls NetFlow QoS Branch Repeater Repeater Proprietary Tunnel Branch Office Users Non-Citrix WAN Optimization Non-Citrix WAN Optimization Multiple Deployment Modes Optional HA Inline Bypass NIC LAN WAN Switch Repeater or Branch Repeater Router Virtual Inline PBR WCCPv2 LAN WAN Switch Router Repeater or Branch Repeater Optional HA Multiple Deployment Modes : Proxy Modes High Availability – 4-port NICs in Repeater • The 4-port NIC is two logically-individual fail-to-wire pairs • 4-port NICs are for the environments that are: • dual homed, load balanced, and redundant • the multiple WAN links have the same speed • Supports HA Pair mode starting with release 5.0 • can be deployed inline, WCCP, or policy based routing modes High Availability Mode in Branch Repeater • High-availability mode • Transparently combines two Branch Repeaters with Windows Server into a primary/secondary pair • Uses standard protocol VRRP • Supports multiple HA deployment topologies for uninterrupted service to the branch Approaches to Resolve ‘Asymmetric Routing’ • Asymmetric Routing: In a multi-homed environment, a packet on a given connection might travel over either link Group Mode • allows two or more appliances to be grouped together into a single virtual appliance WCCP mode • where WAN routers send traffic from multiple links to the same appliance (or HA pair), via the WCCP protocol. Virtual Inline • where routers send traffic from multiple WAN links through the same appliance (or HA pair). LAN-level aggregation • where an appliance (or HA pair) is placed closer to the LAN, before the convergence point of the WAN links Group mode over non-redundant links with possible asymmetric routing Why deploy in Group Mode • When multiple WAN links exist. • Primary/secondary configurations. • Load balanced configurations. • Possibility of asymmetric routing issues. • Group mode can be used on redundant links without reconfiguring routers. • Group mode applies only to the appliances on one side of the WAN link. • Appliances in group mode have no affect or reliance on the appliances on the other side of the WAN link. Primary Link Backup Link How does Group Mode work? • Within a Group Mode grouping, there is a connection “owner”. • The owner of a connection is set by default according to a hash of IP/port pairs. • The owner can optionally be set according to specific IP/port-based rules. • Group mode uses a heartbeat mechanism to verify that other members of the group are active. Packets are only forwarded to active group members. Primary Link Backup Link How does Group Mode work? • If traffic arrives first at the “owning” appliance, it is accelerated and forwarded normally. If it arrives first at a non-owning appliance, it is forwarded to its owner, which accelerates it and returns it to the original appliance for forwarding. • In addition, it means that an appliance is available for acceleration even if its link is down. When the routing tables change to bypass the failed link, group mode still forwards the packets through the owning appliance before sending them across the remaining link. Owning Appliance Integrated Windows Services Citrix Branch Repeater with Windows Server • A comprehensive branch solution, Citrix Branch Repeater: • Optimizes application delivery from the Citrix Delivery Center • Provides key native Microsoft Windows™ branch infrastructure services • Branch Repeater is paired with Citrix Repeater appliances in the data center • Administration is performed through an MMC snap-in or other Windows management services Branch Repeater System Architecture Windows Services Citrix Services File Print AD DNS . . . Branch Users Datacenter Citrix XenApp Repeater for Streamed Apps Repeater Citrix WAN Optimization Windows OS Citrix Hardware Apps Branch Repeater Feature Breakdown • WAN Optimization – Citrix Repeater Technology • Domain Controller Services – Windows 2003/ 2008 • Active Directory – Windows 2003/ 2008 OR • Web Content Caching – ISA Server 2006 • File and Print Services – Windows 2003/ 3008 • DNS, WINS and DHCP Services – Windows 2003/ 2008 • Administration – MMC Snap-in Framework or Citrix Command Center Windows File and Print Services • The Branch Repeater appliance also serves as a local print server to speed up print job spooling times • It also provides Windows file and printer services • The queuing of CIFS messages and the compressing of traffic alleviate the effects of a slow WAN link Domain Controller Services • Remote administration is eased through domain-level, instead of local machine, accounts • Read Only Domain Controller (RODC) for improved data security in branch office servers • This scenario also provides local authentication and Windows policy enforcement • Branch Repeater allows the branch office be self-sufficient in the event of lost WAN connectivity Windows Management Tools • Management pack available for System Center Operations Manager 2007 (SCOM) • Windows Management Instrumentation (WMI) support for integrating with custom management and reporting tools • Using solutions such as Microsoft SCOM and WMI, an entire enterprise-wide deployment of Citrix Branch Repeaters can be centrally and seamlessly managed. Advanced Microsoft Services – Web Content Caching • Optional add-on feature • The web caching functionality of ISA Server 2006 Enterprise is leveraged • Page elements, graphics, text and active content are cached locally on the Branch Repeater appliance • Protocol object caching • HTTP • FTP • BITS • Requires inline deployment Advanced Microsoft Services – Systems Management • Branch Repeater is the single platform to configure, administer and maintain the branch systems using existing Microsoft tools • Eliminate dedicated branch servers and optimize WAN latency and bandwidth • SMS Secondary Site for geographically spread deployments • SCCM Branch Distribution Point for simplified software distribution and faster patching • Extend IT consolidation initiatives to the branch Flexible and Centralized Management What is Citrix Command Center? • Single administrative interface to all remote appliances • Automated discovery and inventory • One-click configuration replication • System-wide fault management and performance monitoring • Manages NetScaler, Access Gateway, Repeater and Branch Repeater from Citrix • Free and easy to use; runs on any Windows server Command Center 3.2 Features • Centralized management of Citrix Branch Repeater devices (both Windows and non-Windows) • Citrix Branch Repeater with Windows Server can also be centrally managed by Microsoft System Center Operations Manager (SCOM) and other Microsoft management tools • Centralized Configuration Management Other Enhancements in Command Center 3.2 • Microsoft® SQL Server™ support • High Availability support • Faster and more efficient backup • Fault Management and Event Aggregation enhancements • Historical Reporting and Performance Graphs enhancements Command Center - Web-based Interface Command Center - Configuration Management View archived configs and restore to any previous config Command Center - Monitoring and Reporting • Multiple levels of performance monitoring • appliance-level (e.g. single WAN link) • System-wide (Citrix Command Center) • End-user (XenApp, XenDesktop) • Full network transparency allows use of existing performance monitoring tools (e.g. NetFlow) • Extensive alarm and activity information • Export data to industry-standard NMS tools Appliances - Additional Management Utilities • Web-based configuration • Scriptable CLI • SNMPv2 support for NMS integration Hardware Overview Complete Product Line – Citrix Branch Repeater Integrated Windows Services Branch Repeater with Windows Server 100 / 200 / 300 Repeater Plug-in Branch Repeater 100 / 200 / 300 Branch Repeater VPX-2 / 10 Mobile User Branch Office (1-10 Mbps) Repeater 85xx 8520 8540 Branch Repeater VPX-45 Regional HQ (10-45 Mbps) Repeater 88xx 8820 8820 High Speed Branch Repeater VPX-45 Data Center (45-500 Mbps) Branch Repeater & Branch Repeater VPX-2/10 • Small to medium branch offices • WAN optimization functionality in a compact and nearly silent form-factor • VPX = low-cost, flexible branch installation with existing servers • WAN speeds up to 10 Mbps • Command Center management Branch Repeater with Windows Server • Small to medium branch offices • Integrated Windows services • Stages XenApp offline apps • WAN speeds up to 10 Mbps • Command Center and Microsoft manageability Repeater Appliances & Branch Repeater VPX-45 • Datacenters and large offices • Fan out to branches • Datacenter replication • Repeater Plug-in support • WAN speeds up to 500 Mbps • VPX = low-cost, flexible installation with existing servers • Command Center management Repeater Plug-in • For remote and mobile users • Plug-in for Citrix Receiver or run standalone • Support broadband, WiFi and 3G connections • Works with Access Gateway and other leading VPNs • Included with XenApp, XenDesktop & NetScaler Platinum Editions Branch Repeater 5.7 Key Features and Benefits Feature Customer Benefits SSL Acceleration Accelerate encrypted XenDesktop and XenApp traffic and secure web applications by up to 30X without compromising security Disk Encryption Prevent theft of sensitive data and comply with security mandates and regulations 2008 R2 for Branch Repeater Reduce the number of servers in branch offices and enable with Windows Server customers to upgrade to Windows Server 2008 R2 Windows 7 64-bit plug-in Support growing number of remote users with 64-bit devices Branch Repeater 5.7 Platform Compatibility • Repeater appliances: all supported 8xxx models • Branch Repeater appliances: 100, 200, 300 • Branch Repeater with Windows Server: 100, 200, 300 • Note – 5.7 is versioned as 3.0 on Windows appliances • Repeater plug-in for Receiver • Branch Repeater VPX: N/A* * 5.7 features will be available for Branch Repeater VPX in Q4 with 6.0 release Citrix Confidential - Do Not Distribute SSL Acceleration Citrix Confidential - Do Not Distribute SSL Acceleration – Overview • Accelerate all applications that use SSL, e.g: • XenApp and XenDesktop (when using SSL encryption) • SharePoint and other ERP/CRM applications (e.g. SAP, Oracle) over HTTPS • Exchange – Outlook Web Access over HTTPS* • Optional encryption of data at rest and over WAN • Available for appliances and plug-ins Secure Web Server (HTTPS) PC with web browser Branch Repeater Today: Branch Repeater with SSL Acceleration: • TCP Flow Control • Quality of Service • HTTP/ICA Protocol Awareness/Optimization • Multi-level Compression • TCP Flow Control • Quality of Service * Note - Encrypted MAPI does not use SSL and is not supported Brings parity with Riverbed and Cisco and adds a differentiator against others competitors SSL Acceleration Disk Encryption Citrix Y Y Riverbed Y Y Cisco Y Y Blue Coat Y - Juniper - - Expand Networks - - New “Crypto” Licenses • Due to US export restrictions for encryption technology • Available at zero cost ($0) to customers via MyCitrix • Unlocks SSL acceleration and disk encryption capabilities • Applied to each appliance on top of standard Citrix license • Similar process to other WAN optimization vendors How SSL Acceleration Works Traffic Interception • Compatible with existing application/web servers and certificate/key formats • Interoperability with NetScaler (or any other SSL offload device) SSL Traffic Interception How SSL Acceleration Works Secure Key Store • Built-in secure certificate/key store on Repeater • With tracking of certificate/key expiry • Application/web server private keys NEVER leave data center Secure, enterpriseclass Certificate / Key Store How SSL Acceleration Works Secure Data Transfer • Encrypt and secure user data sent between Repeater appliances • Optional ability to encrypt ALL (non-SSL) TCP traffic between Repeater appliances Secure Data transfer between Repeater Appliances How SSL Acceleration Works Secure Disk Storage • Ability to turn off disk compression for sensitive user data • Ability to secure/encrypt the user’s data stored on disk • With ability to erase (scrub) the data • Optional ability to secure/encrypt ALL (non-SSL) user data Disk encryption Flexible deployment modes for joining the branch network Branch Repeater Inline • Optional Bypass NIC WAN LAN Switch Virtual Inline Router Branch Repeater • WCCPv2 • Policy-based Routing WAN LAN Switch Router Branch Repeater VPX Features – 1/2 • Hypervisor: Citrix XenServer only* • Based on Branch Repeater software v5.5.1 • Support for Repeater Plug-in Print Server Branch Services • Inline, WCCP and PBR deployment modes • Scale VM resources as needed * Additional hypervisor support in future releases Branch Repeater VPX Features – 2/2 • Centralized management via Command Center* • Support for “Essentials for XenServer” tools • XenMotion Live Migration, High Availability and Resource Pool Print Server Branch Services • No Group Mode support • No Fail-to-Wire (FTW) support * Requires Command Center v4.0 or higher Use Case 1: Accelerate other Virtual Machines VM #1 Network 0 Branch Repeater VPX VM #2 XenServer Use Case 2 : Accelerate other Servers VM Network 0 Branch Repeater VPX XenServer Network 1 Server Use Case 3 : Accelerate Desktop Virtualization XenApp Network 0 Branch Repeater VPX XenDesktop Merchandising Server XenServer* * Likely to be a Resource Pool or Cluster Use Case 4 : Multiple Instances for Traffic Separation Branch Repeater VPX VLAN 2 Segregate traffic by VLAN in XenServer Branch Repeater VPX Branch Repeater VPX XenServer VLAN 2 Branch Repeater VPX Failover and Bypass Card • Cannot “bridge” or bypass the XenServer host if hosting other VMs • XenServer does not recognize any special hardware (FTW card) VM #1 VPX VM #2 • Use WCCP or PBR • Use XenServer HA • Configure VPX to start automatically • Configure HA on Resource Pool VPX Server Branch Repeater VPX Requirements VPX Minimum Requirements XenServer Requirements • 1 CPU • 64 bit x86 server • 1 GB RAM • VT enabled CPU (Intel VT or AMD-V) for running Windows VMs* • 60 GB Disk • 2 Virtual NICs • Min. 1 GB RAM, 16 GB disk** • Windows PC for XenCenter * Branch Repeater VPX does not require VT enabled CPU ** Not including VM requirements Citrix Confidential - Do Not Distribute Branch Repeater 5.7 Platform Compatibility • Repeater appliances: all supported 8xxx models • Branch Repeater appliances: 100, 200, 300 • Branch Repeater with Windows Server: 100, 200, 300 • Note – 5.7 is versioned as 3.0 on Windows appliances • Repeater plug-in for Receiver • Branch Repeater VPX: N/A* * 5.7 features will be available for Branch Repeater VPX in Q4 with 6.0 release Citrix Confidential - Do Not Distribute Repeater VPX Repeater as a Virtual Machine available in different flavors : Repeater VPX Express for trial purpose only (512kbps, 10 accelerated connections, 5 repeater plugins) Repeater VPX 2Mbps for WAN links up to 2Mbps Repeater VPX 10Mbps for WAN links up to 10Mbps Repeater VPX 45Mbps for WAN links up to 45Mbps Promotion Overview : Branch Repeater & XenDesktop • The Citrix® Branch Repeater™ Promotion for XenDesktop™ Customers provides 2 free of charge Citrix Branch Repeater VPX-10 virtual appliances to all existing and new Citrix XenDesktop customers with active SA who purchase any of the following physical or virtual appliances: • • • • • Branch Repeater VPX-45 Repeater 8520 Repeater 8540 Repeater 8820 Repeater 8820 with high-speed option Citrix Confidential - Do Not Distribute Repeater VPX Repeater as a Virtual Machine Only on XenServer(a version for Vmware ESX or vSphere is expected Q4 2010) All features are supported accept : • Group Mode • Repeater High-availability mode is not supported. (XenServer HA is supported.) • Ethernet bypass card • LCD front-panel display • Serial console interface Minimal Standard Config Only for Demo/POC Citrix FlexLM Licensing Citrix Licensing • Branch Repeater product line now follows the standard Citrix Licensing (a.k.a. V6, Flex LM) infrastructure • Repeater 8x00 series • Citrix Repeater Plug-in • Branch Repeater • Branch Repeater with Windows Server Benefits of Citrix Licensing • Simplicity – consistent across all Citrix products • Single way to obtain Citrix product licenses (including Platinums) • Consistent license installation, management and compliance • A single way to upgrade and renew licenses • Consistent license consolidation, re-statement and reporting • Flexibility – ease of deployment • Ability to allocate Repeater Plug-in licenses across multiple Repeater appliances post-purchase • Separate Repeater Plug-in purchases from Repeater appliance purchases Obtaining New Licenses • New Repeater and Branch Repeater units will ship from Citrix without a license • License entitlements will be available on the “My Citrix” portal (www.mycitrix.com) • License files can be generated from the “Activation System/Manage Licenses” tool on My Citrix