NetScaler SD-WAN

NetScaler SD-WAN
Product Overview
NetScaler SD-WAN Product Team
AUGUST 2017
1 © 2017 Citrix | Confidential

NetScaler Portfolio
Most comprehensive integration with Orchestration tools
Management + Analytics
provisioning configuration orchestration visibility analytics machine learning
ADC Gateway SD-WAN

Creates a software defined wide area network and cloud
access network that is secure, reliable and ensures high
application quality

NetScaler SD-WAN Provides
Zone-based, Application
stateful Awareness &
firewall Segmentation
Internet
MPLS
NetScaler SD-WAN NetScaler SD-WAN
Branch
Data Center

Granular Internet
path breakout for
selection SaaS apps
Internet
MPLS
Branch
Data Center

Secure &
Auto-
reliable
provision
connectivity
Cloud
to cloud
Appliances
apps
NetScaler SD-WAN Cloud Provider
Internet
MPLS
Branch
Data Center

Centralized
visibility and
control
NetScaler SD-WAN Cloud Provider
Internet
MPLS
Branch
Data Center

NetScaler SD-WAN
Secure, cost-effective, and reliable app and media delivery to the branch
Reduce Cost Always on Better User Simplify Branch Centralize Control

by up to 5X Branch Experience Network and Management

NetScaler SD-WAN
Product Overview

NetScaler SD-WAN: A Comprehensive WAN Edge Platform
Ensure application Securely forward application

reliability and quality via traffic from branch locations
path measurement, across the WAN and to the
selection, and security Internet
Centralized
Management &
Visibility
Reduce bandwidth Secure the branch perimeter
requirements and create while controlling application
more responsive delivery across the WAN and
applications to the Internet

Standard Edition

Centralized
Management &
Visibility
Secure the branch perimeter
while controlling application
delivery across the WAN and
to the Internet

WANOP Edition
Centralized
Management &
Visibility
Reduce bandwidth
requirements and create
more responsive
applications

Enterprise Edition

Centralized
Management &
Visibility
Reduce bandwidth Secure the branch perimeter
requirements and create while controlling application
more responsive delivery across the WAN and
applications to the Internet

NetScaler SD-WAN
Features & Benefits

Intelligent Path End-to-End Stateful Secure Edge Application Unified
Selection QoS Firewall Routing Optimization Management
Application Awareness

Application Awareness with NetScaler SD-WAN
App Classification Engine What Others See
Known protocols and port numbers

1 Compare port numbers and protocol messages against
known applications and application components
Payload Characteristics
2 Search for known binary patterns or packet characteristics
in traffic flows
With NetScaler SD-WAN
Security Certificate Details
3 Read name of service in SSL/TLS certificate or in Server
Name Indication 3,000+ applications and key
DNS Matching and Known IP Addresses components
4 Inspect DNS queries and session initialization sequences
for known IP addresses


NetScaler SD-WAN: Create a tunnel
Connections
Logical tunnel created by encapsulating can be built to the data center,
in UDP
L O G I C A L T U N N E L C R E AT E D
FROM DIVERSE LINKS
! a private cloud, or another branch allowing
for a full mesh if desired
MPLS EF Queue
MPLS Default Queue

Internet

NetScaler SD-WAN: Measure every path
Latency,inloss,
Logical tunnel created by encapsulating UDPjitter, congestion and
!
availability are monitored for each path and
in each direction. And real traffic is used for
the measurement, not probe data.
latency loss jitter cong. latency loss jitter cong.

MPLS EF Queue
MPLS Default Queue


Internet
• The quality of every potential path is assessed with every packet, in each direction

NetScaler SD-WAN: Direct traffic to the best path
Each MPLS queue is treated as a Logical
separate BANDWIDTH
tunnel created by encapsulating in UDP
! path, maximizing the value of MPLS and
ensuring the best path is always used.
CONTROL
MPLS EF Queue
MPLS Default Queue

Internet
• Each data stream is directed to best path(s) with priority given to critical applications

NetScaler SD-WAN: Detect and fail over without impact
We can detect degraded links, or brownouts,
DETECT PROBLEMS
! and quickly
Logical tunnel
Q U I C K LY
createdadapt traffic to compensate.
by encapsulating in UDP By
not waiting for an actual outage, loss and
latency spikes won’t cause performance
problems.
MPLS EF Queue
MPLS Default Queue

Internet
• Each data stream is directed to best path with priority given to critical applications
• Data immediately fails over if an error is detected on any link

NetScaler SD-WAN: Detect and fail over without impact
Failover
Logical tunnel created by encapsulating occurs within a 2-3 packets of loss,
in UDP
AND REACT WITH L O S S L E S S FA I L O V E R ! and those lost packets can be retransmitted
and reordered so the application is never
affected.
MPLS EF Queue
MPLS Default Queue

Internet

NetScaler SD-WAN: Optionally duplicate real-time traffic
Logical tunnel created by encapsulating
With packetinduplication,
UDP VoIP and HDX Thin
PA C K E T D U P L I C AT I O N ! Wire will always take fastest path and never

lose a packet, results in an optimum user
experience
MPLS EF Queue
MPLS Default Queue

Internet
• Packet duplication ensures no loss of critical data for ultimate in consistent user experience

NetScaler SD-WAN: Use multiple links for one session
Bonding links can result in a file Logical tunnel created by encapsulating in UDP
!
B O N D M U LT I P L E L I N K S
transfers that take half the time,
mitigating the impact of latency
MPLS EF Queue
MPLS Default Queue

Internet
• Packet duplication ensures no loss of critical data for ultimate in consistent user experience
• Large flows can use multiple links simultaneously
NetScaler SD-WAN: Breakout Internet at the Branch
Avoid backhauling Internet-bound traffic to
! the data center to save bandwidth and

improve application performance
MPLS EF Queue
MPLS Default Queue

Internet
Secure Web Gateway

(Zscaler, Forcepoint)
• Allows Internet-destined traffic to go to the Internet directly or via a Secure Web Gateway (SWG)
• Interconnect with SWG services (Zscaler, ForcePoint, and McAfee) for security and policy enforcement
• Control the maximum amount of bandwidth for Internet traffic

Deep Understanding of HDX Enables Better Delivery 9.3
BANDWIDTH
Graphics Citrix XenApp

MPLS EF Queue Smartcard
Audio
HDX
Clipboard
MPLS Default Queue Clipboard

Media
File Transfer
Internet Mobile sensors
Client Host Printing
Citrix XenDesktop
• Recognize HDX in various delivery forms: ICA/CGP/SSL/Websockets etc
• Signal presence to the VDA to enable automatic adjustment of policies
• Automatic switch to multi-stream ICA separates traffic into prioritized connections (Interactive,
Multi-media, Bulk etc)
• Adapt to network conditions and deliver each stream with the right quality

NetScaler SD-WAN: Standard Edition Benefits for HDX
With R9.3, NetScaler SD-WAN Standard Edition will automatically move HDX to multi-stream mode
Release Feature & Benefit Single Stream / Multi-Stream / Multi-Stream / Multi-Stream /

Single Port HDX Multi-port HDX Single Port / SSL Single Port / No SSL
Today Session fairness - Ensures no single Yes; competitors Yes; competitors Yes; competitors cannot Yes; competitors cannot
user affects other users cannot do this cannot do this do this do this
Session level QoS - Ensures in session No; competitors Yes; competitors can No; competitors cannot Yes; competitors cannot
QoS for real time, interactive, and cannot do this either be manually do this either do this
bulk traffic configured to do this
R9.3 HDX Insight support - Enhances HDX Per hop information; Per hop / per stream Per hop information; Per hop / per stream
Insight from NetScaler Gateway with Competitors cannot information; Competitors cannot do information; Requires
additional troubleshooting do this competitors cannot do this NetScaler Gateway in
information this transparent mode;
Competitors cannot do
this
Generate HDX-IQ score in SD-WAN Based upon single Based upon multi- Based upon single Based upon multi-
Center – Provides a historical stream input; stream input; stream input; stream input.
experience metric on HDX session Competitors cannot Competitors cannot do Competitors cannot do Competitors cannot do
delivery (overall & site level) do this this this this

Stand By WAN Links
Internet
MPLS
NetScaler SD-WAN LTE-1 NetScaler SD-WAN
Satellite-1
LINK TYPE ACTIVE STANDBY

Example Internet, MPLS LTE-1, Satellite-1
• Choose Standby WAN Links based on Business rules

• Determine when Standby WAN links become Active
• Based on state of Active links – Use Standby links only when all active links are down
• Based on certain capacity thresholds - Make Standby Active, when traffic crosses a certain threshold %age
• Prioritize across Standby links for utilization – Use LTE from Carrier1 before using Satellite link


Application Driven QoS
Skype- WorkDay
for-
Business Web and SaaS QOS: Class of service can now be
Office
assigned for web and saas applications
365
Classify Optimized applications: Now can be
applied to optimized flows in Enterprise Edition
Set priority: Prioritize business critical apps by
Application mapping them to one of the 17 priority traffic
Identification classes
Set traffic policy: Application level control over
QoS Classes link selection and traffic steering
Real-time Interactive Bulk

Application-Aware QoS
• QoS is based upon 3 categories of application Category Minimum Prioritization Duplicate

Bandwidth
traffic: real time, interactive, and bulk
Real Time 30% VoIP Yes
• Categories can be provisioned with guaranteed
Video Conf No
minimums
Interactive 40% XenDesktop No
• Up to 17 QoS levels can be utilized across the 3
SQL No
categories
Exchange No
• Applications can be created and assigned using
Custom No
source/destination IP & port, TCP/UDP, and DSCP
Bulk 30% FTP No
• QoS model is dual-ended and therefore provides
Video No
guaranteed delivery
Custom No

Single-Ended QoS Has Pitfalls
10Mbps
WAN Received
10Mbps
10Mbps
0Mbps 0Mbps
0Mbps Received
• Quality of service configuration is fairly static

• No proactive or reactive actions taken to prevent far-end congestion
• Lack of last-mile awareness (destination is a choke point, wasted potential
utilization)
End-to-End QoS Ensures Delivery and Efficiency
10Mbps
WAN Received
5Mbps
5Mbps
2.5Mbps 5Mbps
2.5Mbps Received
• QoS configuration configured globally from a single source, highly customizable

• Proactively prevent loss with duplication, react to network conditions with
retransmission and/or redirection
• Last-mile awareness prevents oversubscription and wasted utilization

Integrated Stateful Firewall
• Comprehensive Firewall security: IP to Application layer
– Secure hosts, ports and infrastructure
– Support for Dynamic and Static NAT
ALLOW DROP – Enable firewall rules even for encrypted traffic with
Application intelligence
• Define zones to enforce different policies for

COUNT & different users
LOG REJECT
• Single Point of Management across Network
– Provision, troubleshoot and analyze Routing and Security
through SD-WAN center
• NSS Labs certification coming in 3Q…

Application Awareness with NetScaler SD-WAN (Cont)
• Over 4000 common applications already defined

• Preloaded and organized into categories
• Prioritization hierarchies pre-configured
• All of which can be edited
You can also re-categorize

applications to fit business needs

Application-aware firewall with Centralized and Integrated
Configuration
You can restrict which zones this

application can come from and to
Control whether to allow, reject,

or drop this traffic
Apply policies to groups of applications,

individual applications, or subsets of traffic
within an application


Simplified deployments with Routing in Overlay Mode
Benefits
Listen to route advertisements &
advertise routes over Virtual WAN
Ease of management of L3 network at scale
• Changes in the routing environment
learned in real-time SD-WAN
Branch Branch Exchange

• Simplified integration with branch subnet
information
SD-WAN
DC
LAN environment
Data Center • No LAN subnet configuration required

• Allows for larger clustered • Real-time route learning from the network environment
deployments to support DC scale • OSPF and BGP support
• Selective route filtering

Enhanced WAN Edge mode
In addition to our existing SD-WAN and WANopt integration:
• DHCP support
• Client, Server, and Relay WAN EDGE MODE
• Routing Branch DC
• eBGP, iBGP, OSPF SD-WAN SD-WAN
WAN
• 3rd party IPSec Interoperability
• GRE tunnels (WAN & LAN)
• 3rd party service chaining
• Routing Domains (Micro-segmentation)

Routing Domains
Domain 1 OVERLAY or WAN EDGE MODE USE CASES
• Application separation
MPLS
Internet
• Enterprise acquisitions
• Managed Service Providers
Domain 255
BENEFITS
• Expanded to 255 route domains • Support for traffic isolation across
• A domain is a top level network entity that provides the Virtual WAN deployment
network layer isolation • Simplified management–Build per
• Across domains, application policies, rules, routes and domain policies without concern
routing tables are completely independent for interference


Accelerate Microsoft Apps with NetScaler SD-WAN
WAN
NetScaler SD-WAN at NetScaler SD-WAN at a

Branch Office proximal office / Cloud
Ensure great user experience with end-to-end security

• Alleviate latency
• Accelerate access
• Reduce bandwidth needs
• Flexible deployment options Sample Performance gains
10x 20x 30x 40x 50x

NetScaler SD-WAN is HDX aware
Higher Lower
1. Offload of compression from XD/XA server Priority Priority
– Reduces load on XD server/client
– Plus benefits of cross-session compression
Screen Updates
Local Text Echo
Session Control
Drive Mapping
Printing
2. Identifies and parses HDX traffic:
Audio
Video
– Thin-wire data (e.g. mouse movements, keyboard)
– Multimedia (e.g. video and audio content)
– Bulk operations (e.g. print / file downloads)
ICA
– Client management (e.g. auto-updates)
3. HDX aware pattern matching:

– Nano- / memory- / disk-based compression
TCP
4. Prioritizes HDX channels / facilitates IP layer QoS
– Supports both single-stream or multi-stream

NetScaler SD-WAN Benefits for XenDesktop
WAN Bandwidth
50.0 • Reduces WAN bandwidth
requirements by up to 80%
40.0
• Preconfigured QoS settings ensure
30.0
Mbps
correct prioritization of HDX traffic

20.0
• Supports both single-stream and
10.0 multi-stream deployments
0.0
100 Users 200 Users 300 Users • And optimizes other enterprise
No WAN Op 17.6 35.4 45.4 applications as well
CloudBridge 3.4 7.3 11.7
https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/tolly-report-citrix-cloudbridge-xendesktop-performance-evaluation.pdf


NetScaler SD-WAN Center for Unified Management
• Single pane of glass for branch, datacenter and cloud
• Policies are defined centrally and pushed across
SD-WAN
Center
• Firewall, Virtual WAN, Routing and WAN Optimization all
configured from same user interface
• No branch or device config or login required
Cloud/SaaS
Branch MPLS
INTERNET
4G/LTE
SATELLITE
Datacenter
Branch
NetScaler SD-WAN Center for Centralized Management
and Control
• Define users, permissions, and
authentication method
• Simple network map with health
indications
• Define event severity and
alerting methods
• See and filter event history
• Monitor WAN link performance
against carrier SLAs
• And more…

Top Applications / Top Sites Reports
• See top applications by a

particular site or all sites
• View by application or
application group
• Choose the time period
• Understand inbound
versus outbound usage

Extended Visibility with HDX Insight
• Supported across NetScaler portfolio
and integrated with Desktop
Director
• Existing integration with other
NetScaler SD-WAN NetScaler SD-WAN NetScaler
Gateway analytics & visibility tools e.g. Splunk
• Detailed visibility on users,
apps/desktops and devices
ICA Info
L4 Per-Hop L4 Per-Hop
• Start with a user and click through to
identify hop-by-hop latency
NetScaler MAS • Quickly narrow down source of
NetScaler Gateway
Or SD-WAN WO/EE problems
SD-WAN - SE SD-WAN - SE Data Center
• Real-time analysis as well as historical
Remote or Cloud
data for troubleshooting

HDX QoE Dashboard in SD-WAN Center
Quality sistribution for Current User and
Bottom 5 Sites
Various Sites Session Count
• HDX QoE provides measure of

network performance impact
on HDX user experience
• Calculated using formula
developed in conjunction with
HDX product team
• SD-WAN Center dashboard
provides clickable graphs &
charts for detail drill down
Historical User Count Historical Session Historical QoE with

with filters Count with filers filters
Simplified Deployment with Zero-Touch Deployment Service
On-premises In the Cloud

• Automated appliance provisioning
• Authentication to join Network
• Status updates of the deployment
process
• On-premises appliance support:
• 410, 1000, 2000, 2100
platforms
• Cloud-based deployments:
• Amazon and Azure

NetScaler SD-WAN
Platform Overview

NetScaler SD-WAN: Standard Edition Lineup
Physical and Virtual products as of 3Q2017
Virtual WAN Capacity Virtual Path Capacity

Appliance Form Factor
(Mbps full duplex) (Fixed/Dynamic)
5100 3000/4000/5000 550/32
4100 1000/2000/3000 256/32
2100 200/300/500/1000/1500 128/16
1000 20/50/100 16/8
410 20/50/100/150 16/8
VPX 20/50/100/200/500/1000 16/8 Software

NetScaler SD-WAN: Enterprise Edition Lineup
Physical and Virtual products as of 3Q 2016
Virtual WAN
WAN Op Virtual Path Concurrent
Capacity
Appliance Capacity* Capacity HDX Form Factor
(Mbps full
(Mbps) (Fixed/Dynamic) Sessions
duplex)
250 50 32/16 300
2000 200 20 32/16 200
100 10 32/16 100
100 20 16/8 200
50 10 16/8 100
1000
20 6 16/8 60
10 4 16/8 40
NetScaler SD-WAN: WANOP Line Up
Physical and Virtual products as of 3Q17
Model Capacity (Mbps) HDX Form Factor
5100 1,500 – 2,000 3,500 – 5,000
4100 310 – 1,000 750 – 2,500
3000 50 – 155 300 – 500
2000 10 – 50 100 – 300
1000/1000WS 6 - 20 60 - 200
800 2 – 10 20 – 100
400 2–6 10 – 30
VPX 2 – 200 15 – 250 Software

NetScaler SD-WAN - Technical Overview

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

NetScaler SD-WAN - Technical Overview

Diunggah oleh

Hak Cipta:

Format Tersedia

1 © 2017 Citrix | Confidential

ADC Gateway SD-WAN

3 © 2017 Citrix | Confidential

4 © 2017 Citrix | Confidential

5 © 2017 Citrix | Confidential

NetScaler SD-WAN Cloud Provider

6 © 2017 Citrix | Confidential

NetScaler SD-WAN Cloud Provider

7 © 2017 Citrix | Confidential

Reduce Cost Always on Better User Simplify Branch Centralize Control

8 © 2017 Citrix | Confidential

9 © 2017 Citrix | Confidential

Ensure application Securely forward application

10 © 2017 Citrix | Confidential

Ensure application Securely forward application

11 © 2017 Citrix | Confidential

12 © 2017 Citrix | Confidential

Ensure application Securely forward application

13 © 2017 Citrix | Confidential

14 © 2017 Citrix | Confidential

15 © 2017 Citrix | Confidential

App Classification Engine What Others See

Known protocols and port numbers

16 © 2017 Citrix | Confidential

17 © 2017 Citrix | Confidential

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

18 © 2017 Citrix | Confidential

latency loss jitter cong. latency loss jitter cong.

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

latency loss jitter cong. latency loss jitter cong.

19 © 2017 Citrix | Confidential

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

20 © 2017 Citrix | Confidential

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

21 © 2017 Citrix | Confidential

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

22 © 2017 Citrix | Confidential

PA C K E T D U P L I C AT I O N ! Wire will always take fastest path and never

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

23 © 2017 Citrix | Confidential

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

! the data center to save bandwidth and

MPLS Default Queue

NetScaler SD-WAN NetScaler SD-WAN

Secure Web Gateway

25 © 2017 Citrix | Confidential

Graphics Citrix XenApp

NetScaler SD-WAN NetScaler SD-WAN

26 © 2017 Citrix | Confidential

Release Feature & Benefit Single Stream / Multi-Stream / Multi-Stream / Multi-Stream /

27 © 2017 Citrix | Confidential

NetScaler SD-WAN LTE-1 NetScaler SD-WAN

LINK TYPE ACTIVE STANDBY

• Choose Standby WAN Links based on Business rules

28 © 2017 Citrix | Confidential

29 © 2017 Citrix | Confidential