CDW Citrix 10 Things Event
10 Things You Should
Be Doing With Your
Citrix Infrastructure
20th October 2016
AGENDA
Arrival and Registration
09.30 Welcome and Introductions
09:40 Citrix and Microsoft
10.00 Network Optimisation
10.15 Unified Communications
10.30 Citrix FrameHawk
10.45 Netscaler for XA & XD
11.00 Coffee Break
11.15 XenMobile
11.30 Windows Server 2016
11.45 Lakeside
12.05 Hyper-Converged, Atlantis
12.25 AppSense
12.40 Q&A and Close
13.00 Lunch and Networking
CDW Confidential, 2016
KEY SPEAKERS
Andy Osborne
CDW - Solutions Architect
Accreds: Citrix Expert, Citrix
PTEC, Atlantis ACE
Kyle Davies
CDW - Solutions Architect
Twitter: @kdavies1988
Accreds: vExpert 2016, Citrix
Expert, Atlantis ACE, etc.
Lyndon-Jon Martin
Citrix
Senior Systems Engineer
CDW Confidential, 2016
20/10/2016
Citrix&Microsoft
BetterTogether
Lyndon-JonMartin
SeniorSystemsEngineer- ChannelUKI
Mobile- +44(0)7972775902
E-mail- lyndon-jon.martin@citrix.com
Twitter- @lyndonjonmartin
LinkedIn- http://uk.linkedin.com/in/lyndonjonmartin/en
4
©2016Citrix|Confidential– ContentinthispresentationisunderNDA.Slidesbylyndon-jon.martin@citrix.com
Private
Cloud
Aligning Microsoft
EMS (NetScaler VPN)
& XenMobile (EMS
enabled)
Hybrid
Cloud
XenDesktop Win 10
delivery on Azure
XenApp Express
Service
5
©2016Citrix|Confidential– ContentinthispresentationisunderNDA.Slidesbylyndon-jon.martin@citrix.com
Public
Cloud
Co-dev & roadmap
Best UX as a virtual
app
delivered by XAD
Scheduled Day 1
support with Citrix
XenApp
Win 10 on Azure
by
Express Service
CitrixCloud
Connector
6
Windows
App
Windows
Apps
Active
Directory
©2016Citrix|Confidential– ContentinthispresentationisunderNDA.Slidesbylyndon-jon.martin@citrix.com
BetterTogether
www.citrixandmicrosoft.com
7
©2016Citrix|Confidential– ContentinthispresentationisunderNDA.Slidesbylyndon-jon.martin@citrix.com
NETWORK OPTIMISATION
AndyOsborne– CDWWorkspaceSolutionsArchitect
NetScaler Provides a Complete App Delivery Solution
Other SaaS Apps
Citrix ShareFile
Citrix NetScaler SD-WAN
Citrix NetScaler
Gateway & ADC
Citrix XenApp
Branch user
Citrix XenDesktop
Citrix XM Client
Citrix XenMobile
Other Apps
For Apps anywhere, Users everywhere
CDW Confidential, 2016
Challenges with the Enterprise WAN
Typical
Which Portion of Your Network Access
Is Most Expensive?
Type
7%
Network Security
The WAN
is the Most
WAN
Expensive Part of the
Data Center
Enterprise
Network
Consumer-grade
DSL
Downtime
Availability Per Month
Per Circuit
98%
15 Hours
And often lacks the
65%
Businessreliability
DSL
99.0%
that7 Hours
21%
Metroenterprises
Ethernet
99.5%need
4 Hours
6%
Campus/User Edge
MPLS Leased Line
0%
10%
20%
30%
Gartner Data Center Conference Dec 2015: Top 10 Ways to reduce Network/Telecom Budget presentation
CDW Confidential, 2016
40%
99.9%
50%
1 Hour
60%
70%
Gartner: VDI needs SD-WAN
Gartner:VDIandDaaSDemandtheEnterpriseArchitects
RethinkTheirNetworkArchitectures
CDW Confidential, 2016
NetScaler SD-WAN
Secure, cost-effective, and reliable app and media delivery to the branch
Reduce
Cost
by up to 5X
Always on
Branch
Better User
Experience
CDW Confidential, 2016
Simplify Branch
Network
Centralize Control
and Management
Standard Edition
WANOP Edition
Enterprise Edition
Scale bandwidth, ensure availability, and
reduce costs
Optimize bandwidth while accelerating
application delivery
Fully integrated solution for efficiency,
reliability, and usability
CDW Confidential, 2016
NetScaler SD-WAN: Standard Edition
SD-WAN
Internet (DIA/DSL/Cable)
IP
Sec
NetScaler SDWAN
MPLS
4G LTE / Satellite
IP
Sec
NetScaler SDWAN
• Logically bonds multiple, distinct WAN connections into one virtual path
• Encrypt data between devices to provide end-to-end security
• Direct packets based upon application needs, link performance, and
business policies
CDW Confidential, 2016
NetScaler SD-WAN: WAN Optimization
WAN
Optimization
MPLS
WAN
Optimization
NetScaler SDWAN
NetScaler SDWAN
Used in conjunction with a single WAN link or independent WAN links
Improves the user experience by accelerating application protocols
Reduces bandwidth utilization by compressing and de-duplicating application
data
Provides details into application performance delivery through AppFlow
CDW Confidential, 2016
NetScaler SD-WAN Center for Scale and Management
NetScaler SD-WAN Center
• Single pane of glass for branch, DC,
Cloud
• Config, manage, report
• No branch or device config required
Cloud/SaaS
Branch
Branch
MPLS
INTERNET
4G/LTE
SATELLITE
Datacenter
CDW Confidential, 2016
Zero-Touch Service
Benefits
•
•
Effortless deployment
• Secure association and
geo-location
• Zero configuration on
device at deployment
site
• Mobile App
Installer/Outsource
friendly
• Facilities for installer
tracking, ”run-book” for
physical install, cabling
at remote site
Zero Touch Service
2
1
3
Central
Management
& Reporting
Platform
REMOTE /
BRANCH
Controller
CDW Confidential, 2016
Intelligent Path
Selection
End-to-End QoS
Secure Edge
Routing
CDW Confidential, 2016
Application
Optimization
Management &
Visibility
Intelligent Path
Selection
End-to-End QoS
Secure Edge
Routing
CDW Confidential, 2016
Application
Optimization
Management &
Visibility
Real-Time Path Measurement and Selection
Logical tunnel created
by encapsulating in
UDP
Intelligently measures
paths in each direction
Internet (DIA/DSL/Cable)
Real Time Algorithm
NetScaler SD-WAN
Real Time Algorithm
MPLS
NetScaler SD-WAN
Selects link based upon
one-way measurements
Optional ability to bias
towards a particular path
CDW Confidential, 2016
Path Bonding for Improved Throughput
Not just path selection as with other solutions
Spreads application traffic
across multiple links (if
needed)
Uses real time
measurement to understand
available bandwidth
Internet (DIA/DSL/Cable)
NetScaler SD-WAN
MPLS
Assigns highest priority
applications to best path for that
application
CDW Confidential, 2016
NetScaler SD-WAN
Packet Duplication for Lossless Connectivity
Packet is duplicated
across the two best links
MPL
S
Packet that arrives first
is forwarded on
Example
without
duplication
4G
NetScaler SD-WAN
NetScaler SD-WAN
Works even for a single
uncongested link
Packet arriving last is
discarded
Ensure success of Skype for Business or other VoIP solutions
CDW Confidential, 2016
Example with
duplication
Lossless Failover
Then traffic is shifted to
remaining links within a
couple packets
Lost packets can be
retransmitted and reordered
so application sees a clean
connection
Internet (DIA/DSL/Cable)
Real Time Algorithm
NetScaler SD-WAN
Real Time Algorithm
MPLS
If one link fails or
degrades significantly
CDW Confidential, 2016
NetScaler SD-WAN
CDW Confidential, 2016
Intelligent Path
Selection
End-to-End QoS
Secure Edge
Routing
CDW Confidential, 2016
Application
Optimization
Management &
Visibility
NetScaler SD-WAN is HDX aware
3.HDX aware pattern matching:
• Nano- / memory- / disk-based compression
4.Prioritizes HDX channels / facilitates IP layer QoS
• Supports both single-stream or multi-stream
CDW Confidential, 2016
Drive Mapping
Printing
Audio
Video
ICA
TCP
2.Identifies and parses HDX traffic:
• Thin-wire data (e.g. mouse movements, keyboard)
• Multimedia (e.g. video and audio content)
• Bulk operations (e.g. print / file downloads)
• Client management (e.g. auto-updates)
Lower
Priorit
y
Screen Updates
Local Text Echo
Session Control
1.Offload of compression from XD/XA server
• Reduces load on XD server/client
• Plus benefits of cross-session compression
Higher
Priority
Multi-Stream HDX with Enterprise Edition
NetScaler
SD-WAN
Thinwire
Data Center
NetScaler
SD-WAN Graphics
MPLS
Sm artcard
Audio
Clipboard
Clipboard
Media
Client Host
HDX
Branch Office
File Transfer
M obile sensors
INTERNET
Printing
HDX Insight
Print
Multi-Stream ICA with virtual channel steering
CDW Confidential, 2016
Intelligent Path
Selection
End-to-End QoS
Secure Edge
Routing
CDW Confidential, 2016
Application
Optimization
Management &
Visibility
NetScaler SD-WAN Center: Management capabilities
•
•
•
•
Centralized, aggregate
dashboard view
Configuration of the network,
application priorities and
optimization needs
Proactive SLA monitoring for
WAN links
Fault management and alerting
capabilities
CDW Confidential, 2016
NetScaler SD-WAN: application visibility via AppFlow
ICA
HTTP
CIFS
NetScaler SD-WAN
•
•
•
•
Protocol
Specific
Information
Wan
Optimization
Compression
Statistics
TCP/IP
Network Layer
Information
Enhanced network diagnostics and reporting
Real time and historical views
Create customized reports and analytics
Visualize with Citrix Insight Center or a 3rd party app
CDW Confidential, 2016
Troubleshoot to the Branch with NetScaler SD-WAN
Branch
users
NetScaler
SD-WAN
WAN
NetScaler
SD-WAN
AppFlow
Insight
Center
App
HDX
CDW Confidential, 2016
WAN
Understand App Performance and User Experience
Branch
users
NetScaler
SD-WAN
NetScaler
SD-WAN
WAN
AppFlow
Insight
Center
Application Performance
Application Usage
CDW Confidential, 2016
User Experience
NetScaler SD-WAN: WANOP Line Up
Model
Capacity (Mbps)
HDX
5000
1,500 – 2,000
3,500 – 5,000
4000
310 – 1,000
750 – 2,500
3000
50 – 155
300 – 500
2000/2000WS
10 – 50
100 – 300
1000/1000WS
6 - 20
60 - 200
800
2 – 10
20 – 100
400
2–6
10 – 30
VPX
2 – 200
15 – 250
CDW Confidential, 2016
Form Factor
Software
NetScaler SD-WAN: Standard Edition Lineup
Appliance
Virtual WAN
Capacity
(Mbps full duplex)
Virtual Path
Capacity
(Fixed/Dynamic)
5100
1000/2000/3000/400
0
256/32
4000
300/500/1000/2000
256/32
2000
100/200
32/16
1000
20/50/100
16/8
410
20/50/100/150
16/8
VPX
10/20/50/100
16/8
CDW Confidential, 2016
Form Factor
Software
NetScaler SD-WAN: Enterprise Edition Lineup
Appliance
2000
1000
Virtual WAN
Capacity
(Mbps full
duplex)
WAN Op
Capacity*
(Mbps)
Virtual Path
Capacity
(Fixed/Dynami
c)
Concurrent
HDX
Sessions
250
50
32/16
300
200
20
32/16
200
100
10
32/16
100
100
20
16/8
200
50
10
16/8
100
20
6
16/8
60
10
4
16/8
40
CDW Confidential, 2016
Form Factor
UNNIFIED COMMUNICATIONS
KyleDavies– CDWWorkspaceSolutionArchitect
HIGH DEFINITION EXPERIENCE
HDX Broadcast
ICA and RDP protocol support for
access from any device, anywhere
HDX Plug-n-Play
Access to local resources and
peripherals, including USB devices
and printers
HDX MediaStream
Video and audio playback
HDX RichGraphics
2D/3D graphics incl. Adaptive Display,
HDX 3D Pro and Microsoft RemoteFX
HDX RealTime
Voice and video for real-time
collaboration
HDX WAN Optimization
Performance and bandwidth optimizations
for branch offices with NetScaler SD-WAN
HDX Mobile
Touch navigation for Windows apps;
local device features
HDX Adaptive Orchestration
Best user experience based on server,
network connection and user device
CDW Confidential, 2016
WHY SKYPE FOR BUSINESS IS A PRIORITY FOR CITRIX
•
Over 75% of surveyed customers have budget
for Unified Communications
•
3 out of 4 Citrix customers adopting UC have
chosen Skype for Business
•
Over 100 million people were using Lync (now
Skype for Business) to communicate for work as
of March 2015
•
90+ of the Fortune 100 have adopted Skype for
Business
CDW Confidential, 2016
CDW Confidential, 2016
CHALLENGES DELIVERING SKYPE FOR BUSINESS (VIRTUALISED)
•
Video processing is CPU intensive
• Could significantly reduce server scalability and
inflate average cost-per-user
•
Media quality can be reduced by
transcoding or re-packetization
•
Users may be far from the data center
where the UC client is running
•
Users are free to reconnect from a
different device type as they roam
CDW Confidential, 2016
NO OPTIMIZATION!
CDW Confidential, 2016
OPTIMIZED
CDW Confidential, 2016
THE ANSWER
User 2
CDW Confidential, 2016
THE FALLBACK
User 2
CDW Confidential, 2016
LEARNING FROM EXPERIENCE – HOW HAVE WE GOT HERE
Microsoft v1 VDI Plug-in
Citrix HDX RealTime Optimization
Pack 1.8
• Microsoft-developed solution
supported by Citrix, delivering
native UI experience
• XenDesktop VDI only (Microsoft
support)
• Windows devices only
• Full virtual desktops only
• No support for Office 365
• Large footprint on user device
• “Limited support” for Call Delegation
etc.
• No smart card support
• Citrix-developed solution using
Microsoft APIs, with some UI
differences and feature gaps
• XenApp & XenDesktop
(Enterprise/Platinum)
• Redirection to Windows, Linux, Mac
• Full desktops or published Skype for
Business
• Customer premises and Office 365
• Small footprint
• Smart card support
• No statement of support from Microsoft
CDW Confidential, 2016
MICROSOFT & CITRIX TOGETHER
Close collaboration between Microsoft and Citrix, direct developer
interaction, weekly meetings, documentation sharing, joint testing
New improved v2 architecture that addresses the challenges of
both previous optimized solutions
Multi OS (Linux, Windows, Mac…)
Formal relationship and joint support story
Leverages Citrix HDX RealTime Media Engine (Receiver plug-in)
Launched January 2016
• Skype for Business 2015 client PU from Microsoft
• HDX RealTime Optimization Pack 2.0 release from Citrix
CDW Confidential, 2016
JOINT SUPPORT MODEL
•
No more he said she said between vendors
•
Open a ticket with the vendor whose code you suspect to
be causing the issue
•
The vendor receiving the trouble ticket will triage the issue
and escalate as appropriate
•
Each vendor can open trouble tickets with the other
vendor as needed, eliminating the need to pong the issue
back to the customer for redirection
CDW Confidential, 2016
MICROSOFT AT CITRIX SYNERGY
CDW Confidential, 2016
MICROSOFT AT CITRIX SYNERGY
Microsoft Corporate VP Brad Anderson
“The Skype for Business team actually has
engineered Skype for Business to be
optimized in Citrix environments”
“We’ve integrated with HDX, and it’s the
only protocol we’ve integrated with”
“This is the only VDI solution that
Skype for Business has been optimized
for”
CDW Confidential, 2016
WHAT WAS NEW COMPARED TO 1.8?
•
•
Native Skype for Business UI
Additional features, including:
• Call Delegation & Response Groups
• Voice Mail integration
• Automatic Join Meeting audio
• Emoticons
• Web Proxy support
• Support for Click-to-Run
• Status icons (Connecting,
Connected, etc.)
• Active speaker identification
CDW Confidential, 2016
JUNE 2016: HDX REALTIME OPTIMIZATION PACK 2.1*
“Skype for Business 2016 ready”
• Endpoint identification for Location
Services (e.g. E911)
•
Performance optimizations
•
Improved video quality, especially on
conference calls (H.264 SVC with
FEC)
•
Improved audio quality (FEC, Silk
codec)
QoE reporting
Federation with consumer Skype
Control of systray notification balloons
Interop with server-based audio recording
64-bit Linux RealTime Media Engine
* In conjunction with mandatory Microsoft Skype for Business 2015 client update (June PU)
CDW Confidential, 2016
OPTIMISATION V2 OVERVIEW
Authentication stays in the DC
Data Center
Authentication
Skype for
Business client
Citrix
Server
XenApp
or
XenDesktop
SIP signaling & IM
(min. Dec’15 PU)
Data collaboration
or
Lync Server
2013
HDX
Connector
IM/Signalling stays in the DC
Skype for
Business
Server 2015
Native Skype for Business Experience
User Device
(e.g. thin client)
ICA Virtual
Channel
HDX Connector co-developed by Microsoft-Citrix
Citrix
Receiver
Media offload to the endpoint
HDX RealTime
Media Engine
(Receiver
plug-in)
AV media
Calls are direct
Other Skype
for Business
user
endpoint or
server
Cross Platform, Rich Device Support
Unique to Microsoft and Citrix
15
© 2016 Citrix
CDW Confidential, 2016
WHAT DO I INSTALL?
•
Single download, single install
•
Ideal for BYOD and at-home workers on
unmanaged devices
•
Latest bundle packages Windows Receiver
4.4.1000 and HDX RTME 2.1
https://www.citrix.com/downloads/citrix-receiver/additional-client-software/hdx-realtime-media-engine-201.html
CDW Confidential, 2016
ENDPOINT SUPPORT
User Device Operating System Support
Windows Support
Windows 10
Windows 8 & 8.1
Windows 7x
Windows Server 2012 R2
Windows IoT Enterprise
WES7
WES 2009
Windows Thin PC
Linux Support
Red Hat Enterprise Linux
Ubuntu
SUSE Enterprise Desktop SP1/SP2
CentOS
HP ThinPro (partner provided)
Unicon eLux (partner provided)
ThinLinX TLXOS (partner provided)
Mac OS X
Dell Wyse ThinOS
CDW Confidential, 2016
Citrix Optimization Pack
J
J
J
J
J
J
J
J
J
J
J
J
J
J
J
J
J
J
J
SKYPE/LYNC SUPPORT
Citrix HDX
Optimization Pack
Skype/Lync Support
Skype for Business Server 2015/2016
J
Office 365 (Skype for Business Online)
J
Lync Server 2013
Lync Server 2010
(now at End of Mainstream Support)
J
J
Requires HDX RTOP 1.8
Skype for Business 2015 client
J
Skype for Business 2016 client
J
CDW Confidential, 2016
CDW Confidential, 2016
CDW Confidential, 2016
CDW Confidential, 2016
BUT WHAT ABOUT OTHER UC
SOLUTIONS???
CISCO VIRTUALIZATION EXPERIENCE MEDIA ENGINE - VXME
•
It still exists, originally designated
VXME thin clients
•
Cisco Virtualization Experience
Media Edition extends the Cisco
Jabber for Windows collaboration
experience to virtualized
environments by facilitating realtime voice and video traffic
processing on the local devices.
•
With Cisco VXME, organizations can
deliver the same uncompromised
user experience of Cisco Jabber to
virtual desktops on thin clients and
Windows PCs.
CDW Confidential, 2016
VXME ON XENDESTOP
•
Resembles that of the HDX RealTime Optimization Pack (RTOP) for
Skype for Business.
•
There is a VXME Agent that you install alongside the hosted Jabber
client, and a VXME Client (media engine) that runs as a plug-in to the
Citrix Receiver on the user device.
CDW Confidential, 2016
VXME ON XENAPP
•
Authentication is handled by the Jabber client. Media processing is all done
on the user device.
•
Audio-video quality is preserved by avoiding “hairpinning” of the media
traffic through the XenApp or XenDesktop server(s).
CDW Confidential, 2016
BUT WHAT ABOUT OTHER UC
SOLUTIONS AND OTHER
PLATFORMS???
VXME ON XENAPP
CDW Confidential, 2016
CITRIX FRAMEHAWK
Lyndon-JonMartin– CitrixSeniorSalesEngineer
What is HDX & Framehawk?
What is HDX
Framehawk
DCR
ICA Connection
Thinwire
HDX technologies offer a set of capabilities that deliver a “highdefinition” experience to users of centralized applications and
desktops, on any device and over any network. HDX technologies are
built on top of the ICA remoting protocol, proven in large enterprise
environments and accessed by millions of users globally.
http://www.citrix.com/content/dam/citrix/en_us/documents/productssolutions/citrix-hdx-technologies.pdf
KB & Mouse
Flash
Generic USB
Smartcard
Multimedia
Clipboard
Framehawk within HDX
It is one of a few graphics modes that forms part of HDX Broadcast i.e.
our remote graphics technologies for virtual app & desktop delivery.
Audio
CDM
Skype4B
Printing
Mobility SDK
Mobile sensors
CDW Confidential, 2016
Introduction to Framehawk?
Where did it come from?
Citrix Acquisition
Citrix acquired Framehawk in 2014 and its initial Citrix release was June 2015 https://www.citrix.com/blogs/2015/06/30/our-first-release-of-framehawktechnologies/.
The Basic’s
Satellite
External Firewall
Cellular
NetScaler
UG
Internal Firewall
ü Framehawk is a display remoting technology for mobile workers on broadband
wireless connections (Wi-Fi and 4G/LTE cellular networks).
Virtual Apps
& Desktops
ü Framehawk overcomes the challenges of spectral interference and multipath
propagation, delivering a fluid and interactive user experience to users of virtual
apps and desktops.
ü Framehawk may also be a suitable choice for users on long-haul (high latency)
broadband network connections where even a small amount of packet loss can
otherwise degrade the user experience.
SuGgEsTeD Use Cases by Internet Connection
Type
ü Remote users connecting back using 4G/LTE cellular networks
Wi-Fi
ü Cruise liners or remote research centres that utilise a satellite connections for
comms
ü Wi-Fi connections (spectrum interference) inside organisations & roaming
ü Long-haul (high latency) broadband network connections
CDW Confidential, 2016
Understanding Framehawk
http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/hdx/framehawk.html
What is it?
Framehawk was built as an intent engine to focus on what is what is
right vs. relevant to the user. Think of Framehawk as a software
implementation of the human eye, looking at what's in the frame buffer
and discerning the different types of content on the screen
ü Never retransmit always focus on the users experience
ü A human heuristic driven graphics display
ü It doesn't replace the set of Thinwire+ technologies
ü Framehawk technologies speed up interactivity over a broad range of
mobility scenarios
ü It solves UX on networks with jitter, high packet loss & congestion
Satellite Cellular Wi-Fi
ü Framehawk is defined as a “lightweight framebuffer protocol (LFP)”
and is UDP based protocol
ü Available for iOS and Windows end-points only and for remote access
requires a customer NetScaler firmware build
CDW Confidential, 2016
NETSCALER FOR XA & XD
AndyOsborne– CDWWorkspaceSolutionArchitect
Architecture
CDW Confidential, 2016
Citrix NetScaler
The World’s Most Advanced Cloud Networking Platform
Availability
and Performance
Cloud Scale
CDW Confidential, 2016
Security
and
Visibility
Infinite
Flexibility
Optimize with NetScaler Gateway and SD-WAN
End-To-End Visibility
(Director with HDX Insight)
WWW
“Citrix Datacenter” Network
Powered by NetScaler
XD 7.0
StoreFront
Remote
Desktop/Mobile
User
(For Traffic
Management)
DMZ
Receiver
Micro VPN
NetScaler
DDC/XMLB (SQL)
CloudBridge
(Traffic Management
and Gateway)
-
SD-WAN
-
-
-
-
WAN Optimization
for XenDesktop and
XenApp
Acceleration for
legacy enterprise
applications
Video delivery
optimization
Seamless cloud
connectivity for
Enterprises
Branch Office
-
SSL VPN Gateway
Web Application Firewall
Global Server Load
Balancer
Server Load Balancer
Secure Ticketing Authority
for secure XenDesktop and
XenApp delivery
Smart Access
ICA Proxy
DataStream (SQL Load
Balancing)
XenMobile Connector
StoreFront LoadBalancing
NetScaler
CDW Confidential, 2016
NetScaler
(For ICA Proxy)
XenMobile/XDM
AppC
Load Balancing of XA/XD/XM
Data centre
DMZ FW
User Layer
DC FW
Access Layer
App & Data
Layer
XA-XD
XM
client
XNC
Control layer
CDW Confidential, 2016
MA
M
Built-in Monitoring
Data centre
DMZ FW
User Layer
DC FW
Access Layer
XA-XD
App & Data
Layer
Monitor the actual
application service & DB
XM
client
XNC
Control layer
CDW Confidential, 2016
MA
M
GSLB Disaster Recovery
DMZF
W
Data centre
DC FW
Access
Layer
XA-XD
App &
Data
Layer
XM
client
Active – Active
Active - Passive
User Layer
Control layer
DMZF
W
Data centre
DC FW
Access
Layer
XA-XD
XM
Control layer
CDW Confidential, 2016
App &
Data
Layer
GSLB Zone Preference
San Francisco
Singapore
User is
connected to
closest site
Add NetScaler for Zone Preferences
CDW Confidential, 2016
Configuration Wizards for XA/XD/XM
Built-in XM monitors
CDW Confidential, 2016
Custom monitors for
SF
ICA Proxy
Data centre
DMZ FW
User Layer
DC FW
Access Layer
XA-XD
App & Data
Layer
XM
client
XNC
Control layer
CDW Confidential, 2016
MA
M
RfWeb UIonGatewayprovidesconsistentuserexperience
Easy to manage changes in UI
• Same portal across direct Storefront
access and remote Gateway access
• Single code base
• Portal customization re-use
• Export / import option
• Enhancements re-use
CDW Confidential, 2016
Authentication Offload
Data centre
DMZ FW
DC FW
Access Layer
User Layer
XA-XD
App & Data
Layer
Single Sign-on
client
User authenticates
to NetScaler
XM
XNC
Control layer
CDW Confidential, 2016
MA
M
Internal Users Topologies: Out of Path
XD
server
Server
network
WAN
Switch
No network changes to go into
test or production
CDW Confidential, 2016
XD
server
XA/XD FARM
Endpoint Analysis
Which Platforms?
CDW Confidential, 2016
Scan points
Pre-authentication
Post-authentication
CDW Confidential, 2016
OPSWAT
OPSWAT multi-scanning technology
Integrated into Gateway end-point scanning
Scan strings for 1000s of applications
Frequent update of OPSWAT engine – includes latest
application strings
Seamless upgrade of OPSWAT libraries
Supports pre and post authentication scan points
CDW Confidential, 2016
OPSWAT Application types
Anti-phishing
Antispyware
Antivirus
Backup Client
Device Access Control
Data Loss Prevention
Desktop Sharing
Firewall
CDW Confidential, 2016
• Health Agent
• Hard disk Encryption
• Instant Messenger
• Web Browser
• P2P
• Patch Management
• URL Filtering
Non-OPSWAT scans
OS (Win8.1?/Mac?)
OS service pack/hot fix
Domain membership
Registry scan (numeric/binary/string)
MAC address
File/Process/Service
Time-based scan
CDW Confidential, 2016
Device certificate scanning
Performed before pre-authentication policies
Windows system certificate store contains device
certificate
User proceeds to pre-auth only if valid device cert is
presented
CDW Confidential, 2016
SmartAccess
Data centre
DMZ FW
Access Layer
User Layer
User1 from secure
laptop
client
DC FW
Same User1 from
UNsecure laptop
Allow apps
app1,
app2,
app3, app4
Allow only
app1
XA-XD
XM
XNC
Control layer
CDW Confidential, 2016
App & Data
Layer
MA
M
Secure access to Citrix app and desktop virtualization
An integrated delivery infrastructure
Citrix
Receiver
Branch
Repeater
Access
Gateway
XenApp
XenDesktop
XenServer
NetScaler
Delivery
Network
CDW Confidential, 2016
Citrix SmartAccess
Other SSL VPNs only go this far
Who and
Where?
Which
User
What
Device
What
Resources?
Web and
File
Resources
How
Fast?
Networks
How?
VPN
Access
Clientless
Access
XenApp
XenDesktop
•Applications
•Desktops
•Virtual
Channels
•Virtual
Channels
Repeater
What
What
Authentication Location
Endpoint
Analysis
Authentication
Mail
Servers
Applications
Access
Control
CDW Confidential, 2016
Acceleration
Action Control
SmartControl
SmartControl
CDW Confidential, 2016
SmartControl
Compliant
ICA Traffic
Intranet
Limited:
NetScaler with
Unified Gateway
Copy/Paste
Storefront
farm
DC Fw
DMZ Fw
Full
Access
Storefront
farm
Drive Access
Print
Access
Storefront
farm
Storefront
farm
CDW Confidential, 2016
Citrix
Virtualizatio
n solution
SmartControl: What can be controlled?
All of these features can be controlled.
•
•
•
•
•
•
•
•
•
Client clipboard redirection
Client Drive mapping
Client USB Device Redirection
Client audio redirection
Client COM port redirection
Client LPT port redirection
Client printer redirection
Multi stream
File sharing for Receiver for HTML5
• Rather than making the admin configure capabilities on multiple backend XA/XD servers, with
SmartControl, NetScaler becomes a single point of configuration.
• Users can be granted access based on EPA checks.
CDW Confidential, 2016
SmartControl: Limitations
• Not all XA/XD features can be controlled as of now.
• EPA related checks will work only in the Gateway mode. EPA
related checks wont work for the LAN users or Transparent users.
The workaround would be to make these users to go through the
Gateway.
• Since the SmartControl enforcement is done at session setup time,
if the EPA periodic check fails after the connection is established,
we cannot change the already enforced SmartControl for that
connection.
CDW Confidential, 2016
SmartControl - License requirement
SmartControl is supported only with the Platinum License.
CDW Confidential, 2016
Visibility
CDW Confidential, 2016
NetScaler Insight Center
apps
users
AppFlow data from
NetScaler to Insight centre
•
Insight centre
User and app data
(reports, graphs,
tables, etc.)
•
HDX Insight
Web Insight
CDW Confidential, 2016
Gateway
Insight
Visibility into
user
experience
Gateway
user
sessions info
So What Kind of Data Gets Logged?
Periodic Stats
on Data
Transfers and
Bandwidth
Virtual
Channel
Events
User login,
EPA, SSO,
app-launch,
termination
ICA Session
handshake,
start and stop
Application
Start and
Stop
AppFlow
Record
CDW Confidential, 2016
TCP Events
(Latency,
Jitter, RTT)
HDX Insight
Data centre
DMZ FW
User Layer
DC FW
Access Layer
XA-XD
App & Data
Layer
XM
client
Which Users?
What apps?
What is the latency?
Which network component?
Why auth failed?
Why app is not enumerated?
Which server gone down?
Bandwidth consumption?
Top URLs? Clients? Browsers?
…....
XNC
Control layer
CDW Confidential, 2016
MA
M
New Gateway Insight
AppFlow data
Gateway Insight
• Visibility into user
experience
• Gateway user
session info
HDX
CDW Confidential, 2016
Reporting Capabilities
Endpoint Analysis
(EPA)
Authentication
Access Modes
Single Sign-On
(SSO)
Network
Web
CDW Confidential, 2016
App Launch
Session
Termination
Virtual Apps & Desktops
Time bound summaries
CDW Confidential, 2016
Visibility into errors and EPA methods
CDW Confidential, 2016
Troubleshoot user authentication errors
CDW Confidential, 2016
Troubleshoot single sign on issues
CDW Confidential, 2016
Troubleshoot application launch issues in HDX sessions
CDW Confidential, 2016
COFFEE BREAK
11am – 11.15
CDW Confidential, 2016
XENMOBILE AND INTUNE
AndyOsborne– CDWWorkspaceSolutionArchitect
What is Microsoft Enterprise Mobility Suite (EMS)?
EMS includes 3 cloud
services:
1. MS Intune - MDM & MAM
(~12 MAM policies)
2. Azure Rights Management
– control policies for files stored
in OneDrive For Business (incl.
data encryption, identity, &
authorization policies)
3. Azure Active Directory
Premium - identity
management & SSO
EMS/Intune is often included with O365 subscription
CDW Confidential, 2016
Why do
need need
Intune/EMS
Why
docustomers
customers
Intune/EMS?
.
• To containerize
Office Mobile apps.
• MS doesn’t allow any
other EMM vendor to
do so.
CDW Confidential, 2016
How does XenMobile compare to MS EMS?
On prem
or cloud
More
secure
Enterprise grade
productivity apps
CDW Confidential, 2016
Deployment
flexibility
How is MS EMS priced?
CDW Confidential, 2016
XenMobile embraces Office 365 Apps
1. DeployaunifiedAppStore
2. Enforcedeviceencryption
3. UsemicroVPN forsecuredatacommunications
4. ApplyOpen-InpolicyforOffice365mobileapps
5. Blocksavingoffilestoun-sanctionedstorage
CDW Confidential, 2016
XenMobile
How XenMobile coexists with EMS today
CDW Confidential, 2016
XenMobile app interoperate with EMS Managed Office Mobile Apps
XenMobile co-exists with EMS/Intune
Enablesseparationbetween
PersonalandWorkdocsused
byOffice365mobileapps
- WithoutXMvalue-add,MSDLP
policiesonlyapplytofilesfirst
storedinOneDriveforBusiness
- Now withXMcoexistingwith
EMS,MSDLPpolicieswillalso
applytodocscomingfrom
XenMobile– withouttheneedto
firststorethedocsinOneDrive
forBusiness
DLP:DataLossPrevention
CDW Confidential, 2016
Synergy 2016 MS and
Citrix Partnership
Announcement
CDW Confidential, 2016
Citrix XenMobile and EMS
What does the partnership announcement enable?
Understandingthe
Announcement
11
7
Citrix Secure Mail and other XM apps to be EMS
enlightened*
Citrix VPN to be EMS enlightened*
Citrix XenMobile MDM to be offered in Azure Cloud
Citrix XenMobile to integrate with Azure Active Directory
(AAD)
*enlightened is a Microsoft term which means “managed”
CDW Confidential, 2016
Citrix for EMS offering
Citrix for EMS sku on Azure (1Q 2017)
CitrixvalueforEMScustomers
Enterprise-grade:
1.
Deviceanddata-in-motionsecurity
2.
Intuitivemobileproductivityapps
30
© 2016 Citrix | Confidential
•NetScaler micro VPN for EMS
•Secure Mail for EMS
•Secure Tasks for EMS
•Secure Notes for EMS
•Secure Web for EMS
•Secure MDM Service
CDW Confidential, 2016
XenMobileandOffice365– BetterTogether
1
UnifiedEnterprise
AppStore
Accesstoanytypeofapp
fromasinglecommon
store
2
Enforcedevice
encryption
Securedata-at-reston
thedevice
3
Secure
communicationto
Officeservices
ConfigureVPNfor
securedata-in-motion
4
Openattachmentsin
Office365mobileapps
Open-inpolicyforspecific
apps
5
Blockaccesstounsanctionedstorage
DeployCASBusing
XenMobiletointerceptfile
uploads
Netskope – CASB
CDW Confidential, 2016
1
World-class Experience with Mature Security
Unified Enterprise App Store
Allowsusersaccesstoanytypeofapp
fromasinglestore
•
•
•
•
•
•
Officemobileapps
CitrixXenMobileapps
SaaSapps
Windowsdesktop(virtual)
Companyinternalapps
3rd partymobileapps
SingleSign-Ontoanyapp
andbetweenapps
• PIN
• Certificates
• TouchID
CDW Confidential, 2016
EnforceDeviceLevelEncryption
Enfore Device Level
Encryption
2
Enforcedevicepasscodeusing
XenMobileMDMtoencryptand
securealldataonthedevice
includingthedocumentsfor
Officemobileapps–
encrypteddata-at-rest
InMAM-Onlymode,checkand
mandatethatdevice
pin/passcodeisset
CDW Confidential, 2016
Configure Secure
Communications
ConfigureSecureCommunications
3
XenMobilemVPN securesthe
communicationstoservicesin
thecloudorresourcesinthe
datacenter–
encrypteddata-in-motion
CDW Confidential, 2016
Open Attachements
in Native Office Mobile Apps
OpenAttachmentsinNativeOfficeMobileApps
4
Whenchoosingtoopenan
attachmentfromWorxMail,
Office365mobileappscanbe
madeavailableviaXenMobile
policy
Open-Inpolicycanconfiguredfor
specificapps–
fine-grainedcontrol
CDW Confidential, 2016
Leverage
CASB to Block Unsanctioned Storage
LeverageCASBtoBlockUnsanctionedStorage
Blockaccessto
unauthorizedstoragein
thecloudutilizingaCASB
deployedbyXenMobile
PartnershipwithNetskope
CASB:CloudAccessServiceBroker
CDW Confidential, 2016
5
MICROSOFT WINDOWS
SERVER 2016
Kyle Davies – CDW Workspace Solutions Architect
ITS HERE!
•
Released October 12th 2016 ---- Been in tech preview since October 2014!
•
Support for OpenGL 4.4 and OpenCL 1.1
•
Added layers of Security
•
New deployment Options
•
Built-in containers
•
Cost efficient storage with SDS
•
Innovative networking (SDN)
•
Azure inspired innovation / Cloud ready operating system
•
Citrix support day one!
CDW Confidential, 2016
CITRIX SUPPORT & WINDOWS SERVER 2016
•
Windows Server 2016 virtual apps & desktops
requires 7.11 Server VDA
•
Xenserver 7 required for Server 2016 VMs
•
XAD 7.11 Infrastructure is supported on Windows
Server 2016:
•
•
•
•
•
•
•
•
•
•
•
Controller
Studio
Director
StoreFront
Provisioning Services
Hyper-V through SCVMM 2016
License Server (new release)
SCOM Management Packs (new release)
AppDNA (new release)
Session Recording (new release)
GPU pass-through on HyperV 2016 support
CDW Confidential, 2016
USER EXPERIENCE
CDW Confidential, 2016
CDW Confidential, 2016
ACCELERATE ONTO WINDOWS SERVER 2016
•
Add 7.11 VDA and start launching shared
hosted server desktops
•
•
Publish your key applications, like Office 2016
Start your app validation testing for Server 2016 with
AppDNA
•
Migrate your control & access tiers to Server
2016 & XAD 7.11
•
AppDNA included for platinum licensed
organizations
CDW Confidential, 2016
WHY USE APPDNA
•
Every application and operating system has
DNA
•
Citrix AppDNA uses heuristic algorithms
•
Build assessment and Interop testing
•
Simple Green, Amber or Red status against
each app tested
•
89% time saving
•
You may already be licensed!
CDW Confidential, 2016
WHAT ABOUT RESOURCE
REQUIREMENTS?
SIZING???
It Is Early Days
It Depends
….
Come And See Me At The Breakout
CDW Confidential, 2016
LAKESIDE SYSTRACK
TomHowie– LakesideSoftware
HYPERCONVERGED ATLANTIS
JimMoyle– AtlantisComputing
APPSENSE
DanielMoss– AppSense
CDW Confidential, 2016
CDW Confidential, 2016
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising