Optimize your WAN connections with Branch Repeater 6 Self-paced Learning labs exercise guide May 2012 Table of Contents Table of Contents .............................................................................................................................................. 2 Overview............................................................................................................................................................. 3 Hands-on Training Module ............................................................................................................................. 3 Lab Environment Details ................................................................................................................................. 4 Required Lab Credentials ................................................................................................................................. 5 How to log into the lab environment ............................................................................................................. 5 Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX ................................................ 7 Exercise 2: Quality of Service Concepts and Configuration ..................................................................... 13 Exercise 3: Signed SMB2 Acceleration ........................................................................................................ 22 Exercise 4: Testing, Reporting, Monitoring and Statistics ........................................................................ 27 Page 2 Overview Citrix Branch Repeater, available as both a physical and a virtual appliance, is a branch optimization solution that provides a high-definition desktop and application experience to branch and mobile users while dramatically reducing bandwidth costs and simplifying branch infrastructure. Branch Repeater accelerates desktop and application delivery, decreases bandwidth consumption, and enables server consolidation. Branch Repeater 6.X includes several new features that you will gain hands on experience with in this lab. Advanced traffic classification, prioritization, shaping and reporting Improved XenDesktop and XenApp acceleration Clustering via NetScaler SMB 2, Encrypted MAPI and Outlook/Exchange 2010 Acceleration Centralized licensing – Citrix License Server Hands-on Training Module This training module has the following details: Objective Provide hands-on experience with the new features and functionality of Branch Repeater 6.1 Target Audience Citrix Networking Partners WAN Administrators XenApp & XenDesktop Administrators focused on Branch optimizations Page 3 Lab Environment Details This section is used to describe the lab environment and the virtual machines that are used. VM Name AD.training.lab IP Address 192.168.10.11 WIN7CLIENT.training.lab XENAPP.training.lab WEB1.training.lab BR6_Branch 192.168.10.13 192.168.10.14 192.168.10.15 192.168.10.16 BR6_DataCenter 192.168.10.17 Student 192.168.10.9 Description Windows Server 2008 R2. Domain controller, DNS, DHCP services, and Citrix license server. Windows 7 test client VDA. Windows Server 2008 R2 XenApp 6.1 Enterprise server. Windows 2008 R2 Web Interface and CIFS file server Branch Repeater 6.1 VPX on the branch side of the WAN. Branch Repeater 6.1 VPX on the data center side of the WAN. Windows XP SP3. Dedicated landing VDA for User1 Page 4 NOTE: If prompted with a dialog to restart on any virtual machine, always select Restart Later. Required Lab Credentials Below are the login credentials required to connect to the lab system and complete the lab exercises. Domain/Machine BR6_Branch BR6_DataCenter Training.lab Training.lab Username Admin Admin Administrator User1 Password password password Citrix123 Citrix123 Description Branch Repeater 6.1 administrator login. Branch Repeater 6.1 administrator login. Domain Administrator XenDesktop test user How to log into the lab environment The self-paced lab environment is hosted on a cloud-based Citrix XenServer. Connecting to your server from the portal page is as easy as 1-2-3. Step-by-step login instructions Step 1. 2. Action Once logged in at the self-paced portal, click the Start lab button to launch a connection to published XenCenter. When XenCenter loads, right-click the XenCenter node and select Add… Page 5 Step 3. Action On the Add New Server screen enter the XenServer IP address provided on the portal and in the Password field enter the password provided on the portal. The user name will always be root. Page 6 Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Overview In this exercise we will setup and run the initial configuration of both the branch side and the data center side Branch Repeater VPX. Step-by-step guidance Estimated time to complete this lab: 15 minutes. Ste Action p 1. Logon to the Student VM as training\administrator with password Citrix123. Double-click on the BR VPX – Branch icon and login as admin/password. NOTE: To connect to a VM in XenCenter, expand the root node on the left pane and select the VM to connect to, and then select the Console tab on the right pane. 2. Download the required license files from the following location: http://goo.gl/gD3p6r Extract the contents of the zip file to the desktop. 3. Navigate to Configuration > Licensing and then click on the License Server tab, Configure the following settings: License Server Location: Local Click Apply and wait for the process to complete. 4. Click on the Local Licenses tab. Then, click on Add New License. Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Page 7 Ste Action p 5. Click on Browse and select the location where you extracted the license files. Select the VPX_45_SERVER_NFR_720GP_0SA(VPX09).lic file and click Open, then Install. Wait for the license file to be uploaded. You should see the new license available: 6. Click on Add and repeat the process for the CWS_ENCRYPT_ENABLER.lic license file. Verify the CRYPTO license is installed correctly. Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Page 8 Ste Action p 7. Click on the License Features tab. Verify the following features are licensed: 8. Navigate to Configuration > Links and click on the Hardboost/Softboost tab 9. Configure with the following options: WAN Boost Mode: Softboost WAN Bandwidth Receive Limit: 5 Mbps Click Update 10. Click on the Link Definition Tab. Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Page 9 Ste Action p 11. Click Edit under Action for Link (apA.1) and configure with the following settings: Name: LAN (type in) Link Type: LAN Bandwidth In: 1 Gbps Bandwidth Out: 1 Gbps Under Filter Rules verify the apA.1 is listed under the Adapter Column. Click Save. Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Page 10 Ste Action p 12. Repeat the process for Link (apA.2) with the following settings: Name: WAN (type in) Link Type: WAN Bandwidth In : 5 Mbps Bandwidth Out: 5 Mbps Under Filter Rules verify the apA.2 is listed under the Adapter Column. Click Save. 13. Click on Dashboard and verify that the graphs and bandwidth setting appear OK and the settings are correct and traffic is indicated on the LAN and WAN graphs. NOTE: (image below may differ from lab environment) 14. Repeat steps 1-8 for the BR6_DataCenter by clicking on the BR VPX – Data Center icon on the Student Desktop END OF EXERCISE Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Page 11 Summary Key Takeaways The key takeaways for this exercise are: License limits and BW settings only affect accelerated traffic Link definitions affect accelerated traffic and traffic shaping policies Exercise 1: Initial Setup of the Branch Side VPX and Data Center VPX Page 12 Exercise 2: Quality of Service Concepts and Configuration Overview XenApp published applications and XenDesktop groups can be automatically discovered to enable easy application of Quality of Service to mission critical applications. In this exercise we will review and configure QoS settings including links, application classifiers, traffic shaping policies and service classes. Step-by-step guidance Estimated time to complete this lab: 30 minutes. Step Action 1. Creating Links: 2. NOTE: Complete Steps 2-3 on BR6 DataCenter only! To access the BR6_DataCenter Branch Repeater, use the BR6 VPX – DataCenter icon on the Student Desktop. Navigate to Configuration > Links and click Create. NOTE: You may need to scroll the Link Definition page to access the Create button. Exercise 2: Quality of Service Concepts and Configuration Page 13 Step 3. Action Configure the new link with the following settings: Name: Win7 Link Type: WAN Bandwidth In: 1 Mbps Bandwidth Out: 1 Mbps Click on Add rule and then click on any under the Src IP Column. Type in the address of the Win7 VM 192.168.10.13 and click Add. Click Save. Create another Link with the following settings: Name: WinXP Link Type: WAN Bandwidth In: 2 Mbps Bandwidth Out: 2 Mbps Click on Add rule and then click on any under the Src IP Column. Type in the address of the Win XP VM 192.168.10.9 and click Add. Click Save. Exercise 2: Quality of Service Concepts and Configuration Page 14 Step 4. 5. 6. 7. 8. 9. 10. 11. Action Creating a custom Application classifiersNavigate to Configuration > Application Classifiers and click Create Configure the new application with the following settings: Name: Web Interface Description: BR6 labs Web Interface Application group : Custom Classification Type: Web Address Web Address: web1.training.lab Click Save. Repeat steps 5-6 on both BR6_Branch and BR6_DataCenter. Auto Discover XA / ICA Published Apps Navigate to Configuration > Application Classifiers and verify that the option: Auto Discover Citrix published application is checked. Open a new Browser window and login to XA Web Interface at http://web1.training.lab/Citrix/Xenapp with credentials administrator and password Citrix123. Launch the Published Application Paint and wait for the app to fully open. If necessary, click Ok when the Evaluation Software Notification dialog appears. Exercise 2: Quality of Service Concepts and Configuration Page 15 Step 12. 13. 14. 15. 16. Action Back on the Branch Repeater GUI navigate to Configuration > Application Classifiers and scroll down the list until you see ICA: Paint , if the application is not there wait a few seconds and refresh the page. NOTE - You can filter the Application Classifiers page by Application Group > Citrix Protocols and also by checking the option Only show user modified settings. Click on the sign next to the application name to view the application details, use the Edit option to make modifications if needed. Repeat step 12 on both BR6_Branch and BR6_DataCenter. Creating Traffic Shaping Policies Navigate to Configuration > Traffic shaping Policies and Click Create. Click on Show all Advanced Options: and configure the new policy with the following options: Name: WI-High Weighted Priority: High (leave all other options at default values) Exercise 2: Quality of Service Concepts and Configuration Page 16 Step 17. Action Create another traffic shaping Policy with the following settings: Name: Max 500K Weighted Priority: Medium Limit Bandwidth: By Absolute Fixed Data Rate o Incoming Maximum Bandwidth Rate: 500 Kbps o Outgoing Maximum Bandwidth Rate: 500 Kbps 18. 19. Repeat steps 15-17 on both BR6_Branch and BR6_DataCenter. 20. Navigate to Configuration > Service Classes and click Create. Creating Service Classes- Exercise 2: Quality of Service Concepts and Configuration Page 17 Step 21. Action Configure the new service Class with the following settings: Name: BR6 WI Enabled: Yes (checked) Acceleration Policy: None Traffic shaping Policy: Default Policy Click on Add Rule and then click on any under the Application column. Scroll down the list of available applications and click on Web Interface (this is the application you created in the previous step) click Add and click Save, click OK on the warning message. Click Save again. Exercise 2: Quality of Service Concepts and Configuration Page 18 Step 22. 23. 24. 25. Action Create another Service class with the following options: Name: ICA Paint Enabled: Checked Acceleration Policy: None Traffic Shaping Policy: ICA Priorities Click Add Rule Click Any under the Application Column Scroll down and click on the ICA:Paint applications Click Add Click Save Click OK on the Warning message to continue Click Save Repeat steps 19-21 on both BR6_Branch and BR6_DataCenter. Editing your Service Class PoliciesNavigate to Configuration > Service Classes and make sure that the option to Show only user modified Service Classes is Unchecked. Exercise 2: Quality of Service Concepts and Configuration Page 19 Step 26. Action Click on Edit next to the BR6 WI Service Class and change the Traffic Shaping Policy to: WI – High 27. 28. Click Save Uncheck the Show user modified Service Classes checkbox and then click Edit next to the CIFS Service Class and change the Traffic Shaping Policy to: Max 500K. 29. 30. 31. Click Save Repeat steps 24-28 on both BR6_Branch and BR6_DataCenter. Done END OF EXERCISE Exercise 2: Quality of Service Concepts and Configuration Page 20 Summary Key Takeaways The key takeaways for this exercise are: XenApp published applications and XenDesktop groups can be automatically discovered to enable easy application of Quality of Service to mission critical applications. Branch Repeater 6.1 can segment WAN traffic into separate Links and then control and shape traffic on a per Link basis. Service Classes are the mechanism within Branch Repeater which brings together Application Classifiers, Traffic Shaping policies and Link configurations. Exercise 2: Quality of Service Concepts and Configuration Page 21 Exercise 3: Signed SMB2 Acceleration Overview In this exercise we will learn how to setup and configure signed SMB2 acceleration. We will cover these steps: Enabling SSL and creating a key store Setting up a secure partner Adding Branch Repeater to the Windows Domain Step-by-step guidance Estimated time to complete this lab: 15 minutes. Step Action 1. Enabling SSL and creating a Keystore password- 2. Log in to BR6_Branch and navigate to Configuration > SSL Encryption and click on Create Password, type and re-type your keystore password (use ‘citrix’) and click Create Password. Exercise 3: Signed SMB2 Acceleration Page 22 Step 3. Action Verify that the Keystore is OPENED. 4. 5. 6. Navigate to Configuration > SSL Acceleration and click on Manage CAs. Click Add Make sure that Input Method is checked as File Upload, Click Browse… choose the SecurePartner.crt certificate under My Documents\SSLCredentias and click Add. 7. 8. 9. Click Done. Click Manage Keys and then click Add. Make sure that Input Method is File Upload and Input format is Separate certificate/Private Key Input. Under Certificate click Browse… and choose SecurePartner.crt certificate file. 10. Exercise 3: Signed SMB2 Acceleration Page 23 Step 11. 12. Action Under Private Key click Browse… and choose SecurePartner.key key file. Click Add and Click Done. Exercise 3: Signed SMB2 Acceleration Page 24 Step 13. 14. 15. 16. Action Navigate to Configuration > Secure Partners and configure the following options: Partner Status: Enabled Certificate/Key Name: Branch_Repeater CA Certificate Store: Branch_Repeater Listen On: Click Add and Click Apply (The IP will be populated automatically) Leave all other values at default NOTE: The graphic shows the IP address that should appear when the BR6_DataCenter Secure Partner is being configured. The IP address will be 192.168.10.16:2312 when the Secure Partner for BR6_Branch is being configured. Click Save Repeat steps 2-14 on the other unit. (BR6_DataCenter). Navigate to Monitoring > Secure Partners and verify that you see the peer partner and the status is Secure (True) Exercise 3: Signed SMB2 Acceleration Page 25 Step 17. Action Adding the Branch Repeater to the Windows Domain – Complete steps 18-20 on BR6_DataCenter only! 20. Log in to BR6_DataCenter and navigate to Configuration > Windows Domain and click Join Domain. Enter the following values: Domain Name: training.lab Domain User: Administrator Domain Password: Citrix123 Click Join. BR6_DataCenter should now be joined to the training.lab domain. 21. Done. 18. 19. END OF EXERCISE Summary Key Takeaways The key takeaways for this exercise are: SSL is used to create a secure data channel between two or more Branch Repeaters; which enables the Compression and Acceleration of Signed SMB (CIFS) traffic. Adding the Branch Repeater to the domain is only needed for the device on the CIFS/SMB server side. Exercise 3: Signed SMB2 Acceleration Page 26 Exercise 4: Testing, Reporting, Monitoring and Statistics Overview In this exercise we will test the different scenarios we have created in the previous exercises and use the monitoring and reporting tools to understand the traffic behavior Step-by-step guidance Estimated time to complete this lab: 30 minutes. Step Action 1. Monitoring Links2. In the first part of the exercise we will use only the BR6_DataCenter device so in order to disable BR6_Branch but still allow it to pass traffic please follow these steps: Log in to BR6_Branch and navigate to Features , disable the following features: Traffic Acceleration Traffic Shaping 3. We will use both the Student VM (WinXP) and the WIN7 VMs to generate CIFS traffic and monitor the traffic shaping and Links behavior, it recommended that you undock the WIN7CLIENT VM from XenCenter and log in (Administrator / Citrix123) before continuing to the rest of the exercise. From the Student VM access the file share at \\ad\public and copy the 4 folders to the desktop. Do the same from the WIN7Client VM. 4. Exercise 4: Testing, Reporting, Monitoring and Statistics Page 27 Step 5. 6. Action On BR6_DataCenter Navigate to Reports > Link Usage and click on Customize, using CTRL or SHIFT + Click you can select or de-select links to be displayed , make sure that only WIN7, WINXP and LAN links are selected and click Apply. Observe the traffic behavior on the WINXP ,WIN7 and LAN links. NOTE: (image below may differ from lab environment) Exercise 4: Testing, Reporting, Monitoring and Statistics Page 28 Step 7. Action While the CIFS transfer is running navigate to Configuration > Service Classes and click Edit on the CIFS Service Class, change the traffic shaping policy from Max 500K to Default Policy. Click Save. 8. Navigate back to Reports > Link Usage, to refresh the Graph click on the last Minute tab 9. Pop Quiz - Did the traffic behavior change? How? Why? Exercise 4: Testing, Reporting, Monitoring and Statistics Page 29 Step 10. Action On both the Student and WIN7Client VMs: Stop the file transfer delete the folders that were copied to the desktop Close the file share window 11. Monitoring Traffic shaping Policies - 12. Log in to BR6_DataCenter from the Student VM, navigate to Configuration> Service Classes and change the CIFS traffic shaping policy back to Max 500K. Click Save. 13. 14. Start another file transfer from both Student and WIN7 VMs (see step 4) Navigate to Reports > Traffic Shaping and click Customize, select WINXP and WIN7 Links, Under Filtering select the Max 500K policy. Click Apply. Exercise 4: Testing, Reporting, Monitoring and Statistics Page 30 Step 15. Action Pop Quiz - How much Send Rate traffic are you seeing? Why? 16. Stop the file transfer Delete all folders that were copied to the desktop Close the file share window (\\ad\public) Log in to BR6_Branch and navigate to Features , enable the following features: Traffic Acceleration Traffic Shaping 17. Monitoring Applications usage – SMB 1 and SMB 2 18. From your Student VM access the file share at \\ad\Public and copy the 4 folders to your desktop From BR6_Branch navigate to Monitoring > Filesystem (CIFS/SMB) and click on the Connections Tab. 19. 20. 21. 22. 23. Pop Quiz - What SMB version are you seeing? Is the connection signed? Click on the for more details. From your WIN7 VM access the file share at \\ad\public and copy the 4 folders to your desktop From BR6_Branch navigate to Monitoring > Filesystem (CIFS/SMB) and click on the Connections Tab Pop Quiz - What SMB version are you seeing? Is the connection signed? Click on the for more details. Exercise 4: Testing, Reporting, Monitoring and Statistics Page 31 Step 24. 25. 26. 27. 28. 29. 30. 31. Action Stop the file transfer Delete all folders that were copied to the desktop Close the file share windows (\\ad\public) Monitoring Applications Usage – ICA / XA Published Apps From your Student VM open a new browser windows and go to XA Web Interface at http://web1.training.lab/Citrix/XenApp , log in with your user name and password (Administrator/Citrix123) Launch Paint Published Application From BR6_Branch navigate to Reporting > Top Application, observe the graphs and tables and identify the Web Interface application and ICA Paint Application Go to Paint and open one of the graphics files (located at \\ad\public\Pics) Back on the BR6_Branch GUI Click on the Reporting > Top Application and click on the Active Applications tab and then click on ICA Paint. Pop Quiz - Observe the WAN Receive Rate and the LAN Send Rate graphs, are the Kbps values equal? Why is that? 32. Monitoring ICA Connections - 33. While the Paint (XA Published app) is still open navigate to Monitoring > Citrix (ICA/CGP) and click on ICA Connections Tab, click on the to see detailed information about this connection. 34. Click on ICA Statistics tab and observer the information available? How many ICA connections are currently running? Is it ICA or CGP? Exercise 4: Testing, Reporting, Monitoring and Statistics Page 32 Step 35. Action Navigate to Monitoring > Connections and click on Accelerated Connections. 36. Under the Service Class Drop down list click on ICA Paint and then click Filter, observe the list of available connections and click on the icon to see more details about this connection. 37. Monitoring Service Classes – Switch to the BR_DataCenter 38. Click on the Reports > Service Classes and click on the Hour tab. 39. Click on the Sent column header, under Total (Bytes) section of the throughput table. 40. NOTE the appearance of the custom service classes you have created as well as the service classes with the greatest aggregate throughput. Exercise 4: Testing, Reporting, Monitoring and Statistics Page 33 Step 41. Action Click the Customize button. Using the CTRL or SHIFT + Click select the Win7 and WinXP WAN links, under Filtering select only the ICA Paint and BR6 WI service classes. Click Apply. 42. 43. Click on the Reporting > Service Classes once again to reset the view for the current tab. Click on the Since Last Restart tab. 44. Scroll down and click on the CIFS hyperlink in the Service Class Name column. Note the service class statistics for the CIFS service class. Click on the Show link statistics for this service class hyperlink to generate a Link Usage report that automatically drills down on the CIFS service class. 45. Exercise 4: Testing, Reporting, Monitoring and Statistics Page 34 Step 46. 47. 48. Action Note that the Link Usage displayed now is only focusing on the CIFS service class and the specific links chosen in the step 40 above. IMPORTANT! This is the last exercise for this lab. Please go back to the Self-paced Learning Lab portal site and click the “Logout” link towards the bottom right to close out your lab session. Key Takeaways END OF EXERCISE The key takeaways for this exercise are: Monitoring and reporting applies to both Accelerated and non-accelerated traffic. Many of the reporting tools are based on “Policy Objects” such as applications classifies, Traffic Shaping policies , Service Classes Policies, etc. Monitoring Connections shows real time data regardless of policy settings Branch Repeater can be utilized in a monitoring only mode to gain insight in into WAN utilization, before any Quality of Service decisions are made. ICA and CIFS connections can be monitored in real time or historically, across the entire WAN, on specific Links, or by specific Service Classes. We value your feedback! Please take a moment to let us know about your self-paced lab experience by completing the brief Self-paced Learning Lab Survey . Exercise 4: Testing, Reporting, Monitoring and Statistics Page 35 Revision History Revision 1.5 Change Description Updated By Section updates for ServTech Americas 2012 David Jimenez Date July 2012 About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service technologies for more than 230,000 organizations worldwide. Its Citrix Delivery Center, Citrix Cloud Center (C3) and Citrix Online Services product families radically simplify computing for millions of users, delivering applications as an on-demand service to any user, in any location on any device. Citrix customers include the world’s largest Internet companies, 99 percent of Fortune Global 500 enterprises, and hundreds of thousands of small businesses and prosumers worldwide. Citrix partners with over 10,000 companies worldwide in more than 100 countries. Founded in 1989, annual revenue in 2008 was $1.6 billion. http://www.citrix.com © 2012 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Delivery Center™, Citrix Cloud Center™, XenApp™, XenServer™, NetScaler®, XenDesktop™, Citrix Repeater™, Citrix Receiver™, Citrix Workflow Studio™, GoToMyPC®, GoToAssist®, GoToMeeting®, GoToWebinar®, GoView™ and HiDef Corporate™ are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners. Page 36