4 th October 2012 Optimising network delivery of virtual desktops Jason Poole Business Development Manager, EMEA (Cloud Networking) Michael Aldridge Senior System Engineer, EMEA (Cloud Networking) Important – Webinar Audio The audio for this webinar is available over VoIP. Just select the ‘Use Mic & Speakers’ option to listen to the webinar through your computers speakers. To listen using your telephone select the ‘Use Telephone’ option. For local numbers click the ‘additional numbers’ link. You will need to use the Access Code and Audio PIN. The webinar will start at 3:00pm (BST)
Industry trends and IT resources Centralisation of ResourcesMultiple devicesDistributed workforce Work and play from any device, anywhere
Change everything… but wait, consideration? Cost reduction Business Agility Improved security Improved compliance Ease of management Why Implement a Desktop Virtualisation Solution?
Centralisation is a single point of failure Benefits of Desktop Virtualisation are realised through centralisation Branch office workers might experience poor experience 80% of employees are located away from the HQ and the data centre How to provide the access to the virtual desktop More and more users are bringing their own devices Requirement for remote access and maintaining security Considerations for a successful Desktop Virtualisation
Remote Access
Anywhere Access Allows users to securely access desktops and applications using any device in any location, including home computers and mobile devices. HDX SmartAccess Delivers simple and seamless secure access
Network and device roaming Enables users’ sessions to transparently and securely move between networks and devices by dynamically adapting access. HDX SmartAccess Delivers simple and seamless secure access Anywhere Access
Single sign-on Improves the user’s experience by reducing unnecessary authentication prompts and the number of passwords users need to remember. HDX SmartAccess Delivers simple and seamless secure access Anywhere Access Network and device roaming
Granular Action Control Allows the administrators to define capabilities within application to which users have access. HDX SmartAccess Delivers simple and seamless secure access Anywhere Access Network and device roaming Single sign-on
Availability
Goal: Network Infrastructure Fault tolerance Roadblocks: Virtual desktop hosting platform Operating system delivery Application and desktop delivery Desktop controllers Application controllers High Availability
Datacenter – High Availability
Remote User Branch Office Home Office Tablet NetScaler Desktop Delivery Controller HQ Office XenDesktop FarmXenServer Resource Pool Active Directory Data Store License Server DHCP Infrastructure Virtual Desktop 1 Personalization: User A Apps: Office OS: Vista Virtual Desktop 2 Personalization: User B Apps: Office OS: XP Virtual Desktop 3 Personalization: Apps: OS: F i r e w a l l Personalization Applications OS Provisioning Server XenApp Controller File Share Desktop Delivery Controller Data Collector VistaWindows XP Windows 7 User A User B User C User D User E Web Interface Strong SLAs Secure Access
Remote User Branch Office Home Office Tablet NetScaler Desktop Delivery Controlle r HQ Office XenDesktop FarmXenServer Resource Pool Active Directory Data Store License Server DHC P Infrastructure Virtual Desktop 1 Personalization: User A Apps: Office OS: Vista Virtual Desktop 2 Personalization: User B Apps: Office OS: XP Virtual Desktop 3 Personalization: Apps: OS: F i r e w a l l Personalization Applications OS Provisioning Server XenApp Controller File Share Desktop Delivery Controlle r Data Collector VistaWindows XP Windows 7 User A User B User C User D User E Web Interface Strong SLAs Secure Access Remote User Branch Office Home Office Tablet NetScaler Desktop Delivery Controller HQ Office XenDesktop Farm XenServer Resource Pool Active Directory Data Store License Server DHCP Infrastructu re Virtual Desktop 1 Personalization: User A Apps: Office OS: Vista Virtual Desktop 2 Personalization: User B Apps: Office OS: XP Virtual Desktop 3 Personalization: Apps: OS: F i r e w a l l Personalization Applications OS Provision ing Server XenApp Controller File Share Desktop Delivery Controller Data Collector VistaWindows XP Windows 7 User A User B User C User D User E Web Interf ace Global Availability Remote User Branch Office Home Office Tablet NetScaler Desktop Delivery Controller HQ Office XenDesktop Farm XenServer Resource Pool Active Directory Data Store License Server DHCP Infrastructu re Virtual Desktop 1 Personalization: User A Apps: Office OS: Vista Virtual Desktop 2 Personalization: User B Apps: Office OS: XP Virtual Desktop 3 Personalization: Apps: OS: F i r e w a l l Personalization Applications OS Provision ing Server XenApp Controller File Share Desktop Delivery Controller Data Collector VistaWindows XP Windows 7 User A User B User C User D User E Web Interf ace
Data may not be replicated to all sites Data Proximity WAN North America EMEA
Ensure that only ICA traverses the WAN GSLB with Site Roaming WAN North America EMEA
User Experience Deployment across a WAN
Sexy interface – graphic intensive Chatty protocols Testing labs Gigabit connectivity 0 ms Latency Citrix Confidential - Do Not Distribute Applications are designed for the LAN Deployed across a WAN? Slow? = “that’s a network issue. You fix it.”
HDX ICA protocol is an underlying technology for HDX (High-Definition User Experience)
How much bandwidth is enough? It depends on: Other network traffic Application bandwidth requirements Number of users User behavior And more! Bandwidth Allocation for ICA vs.
ICA sessions to drop Users experience choppy typing or screen paints Session Reliability to be invoked (if enabled) User sees application but can’t use it Insufficient Bandwidth Causes... Dear Mr. Templeton, I love Citrix XenApp! How can I purchase more licenses?
Already highly compressed and optimized Automatically tunes itself to further compress when less bandwidth available Single session bandwidth testing not valid! ICA Compression ICA Session
WAN Optimisation for Desktop Virtualisation
What is ICA Optimization? Enhancements to Repeater compression engine ICA Encryption/Decryption The ICA Parser ICA Intra-Session Compression enhancements ICA Cross-Session Compression Adaptive TCP Flow Control Adaptive TCP Flow Control Adaptive Compression Adaptive Protocol Acceleration Traffic Prioritization Branch Staging of Streamed Apps Branch Caching of Hosted Apps
ICA Parser Acts as an intermediate for decryption/encryption Can decrypt all ICA encryption except for SSL. No cert installed on the acceleration pair Supports Basic, RC-40, RC-56 and RC-128 encryption levels Re-encrypts on WAN, transparently to the client. Branch Repeater Repeater or Branch Repeater XenApp Farm Branch Client LAN Client is relieved of ICA decompression tasks ICA Connection initialization WS/CBR Compressed Traffic Decrypt, ICA Parser looks for ICA/CGP Signature, Re-encrypt. De-crypt, then either disk based or memory based compression histories are used, then re- encrypt. WANLAN
ICA Parser ICA compression requests Server/Client are disabled Parsing only occurs on accelerated connections. When a connection is established the ICA handshake is detected. At that point it is determined if it is ICA or CGP (detected in the connection payload). Branch Repeater Repeater or Branch Repeater XenApp Farm Branch Client LAN Client is relieved of ICA decompression tasks ICA Connection initialization WS/CBR Compressed Traffic Decrypt, ICA Parser looks for ICA/CGP Signature, Re-encrypt. De-crypt, then either disk based or memory based compression histories are used, then re- encrypt. WANLAN
ICA Parser Separates headers from payload and bulk from interactive Print/File/Multimedia Bulk traffic goes to disk (DBC) ThinWire graphics commands Interactive goes to memory (MBC) Header data goes to the small matcher (Nano) Branch Repeater Repeater or Branch Repeater XenApp Farm Branch Client LAN Client is relieved of ICA decompression tasks ICA Connection initialization WS/CBR Compressed Traffic Decrypt, ICA Parser looks for ICA/CGP Signature, Re-encrypt. De-crypt, then either disk based or memory based compression histories are used, then re- encrypt. WANLAN
ICA Compression - Cross session Compression Branch Repeater Repeater or Branch Repeater XenApp Farm LAN Client is relieved of ICA decompression tasks Native ICA Compression enabled by default WS/CBR Compressed Traffic WS/CBR turns off XA compression and enables WS compression during negociation. Either disk based or memory based compression histories are used. WANLAN Subsequent packets are compared to the compression history on the sending side. Payload matches are substituted with a token in lieu of the whole packet. The server still sends, and the client still received what they expect to.
ICA Compression - Cross session Compression Branch Repeater Repeater or Branch Repeater XenApp Farm LAN Client is relieved of ICA decompression tasks Native ICA Compression enabled by default WS/CBR Compressed Traffic WS/CBR turns off XA compression and enables WS compression during negociation. Either disk based or memory based compression histories are used. WANLAN After the histories are populated, if a second client requests the same data in his/her ICA session, a second match can occur. Tokens are sent and the payload is pulled from the client side compression history. The more users of the same application, the better.
Use Case – ICA Compression of Display Traffic Repeatable data bitmaps can be reused for subsequent requests Cross-session compression enhanced Repeatable vs. Unique Data Unique data Repeatable data
Use Case - ICA Optimization of Print Traffic Repeater compresses using disk (disk-based compression) ᵒMinus the headers ᵒSecond pass of the same print job ~70:1 compression ᵒSmall modifications followed by a print-job resend Compresses well (35-40:1)
What is an ICA Virtual Channel? A Citrix Independent Computing Architecture (ICA) virtual channel is a bidirectional connection for the exchange of generalized packet data between a Citrix XenApp/XenDesktop Server and a ICA compliant client. Virtual channels correspond to virtual drivers; each providing a specific function. Some are required for normal operation, and others are optional. Virtual drivers operate at the presentation layer protocol level. There can be a number of these protocols active at any given time by multiplexing channels. There are a total of 64 virtual channels in the ICA protocol. However for most user sessions, between are usually utilized. ICA Review – Virtual Channels
ICA QoS Single Stream ICA Priority Packet Tagging allows prioritization of ICA sessions based on the virtual channel data being transmitted. (what the user is doing within the app/session) This is done by associating each virtual channel’s two-bit priority to a packet priority. The two priority bits combine to form four priority values: 00 (0) - High Priority 01 (1) - Medium Priority 10 (2) - Low Priority 11 (3) - Background Priority These priority bits can then be assigned to Branch Repeater Quality of Service queues to allow dynamic QoS.
The Single Stream ICA Problem compressed and encrypted ICA data The user creates an ICA session. User interface traffic is tagged with a priority bit of zero (thin wire). Branch Repeater identifies the priority tags in real time and applies QoS appropriately. Session Bandwidth
The Single Stream ICA Problem compressed and encrypted ICA data The user then starts a print job within the ICA session. Print traffic is tagged with a priority bit of three (real time). Branch Repeater identifies the new priority tags in real time and applies QoS appropriately. Session Bandwidth
The Single Stream ICA Problem compressed and encrypted ICA data The user then either returns to the app’s user interface or starts a second application. (thin wire) The new observed priority bits of the session cause the session to be QoS’ed as a priority zero. Prioritization of printing traffic is now lost. Session Bandwidth
ICA Stream #1(Very High) ICA Stream #2 (High) ICA Stream #3 (Medium) ICA Stream #4 (Low) Channel NameDefault PriorityDescriptionVirtual Driver CTXTW0Remote Session Screen Update (THINWIRE)vdtw30n.dll CTXTWI0Seamless Windows Screen Update (THINWIRE)vdtwin.dll CTXTWN0Winstationwfica32.exe CTXEUEM0End User Experience Monitoringvdeuemn.dll CTXZLFK0Local Text Echo and Keyboard Feedbackvdzlcn.dll CTXZLC0Speed Screen Latency Reduction - Screenvdzlcn.dll CTXZLFK0Speed Screen Latency Reduction - Fontsvdfon30n.dll CTXCTL0ICA Session Controlvdctln.dll CTXFLSH1Multimedia - Flashvdflash.dll CTXGUSB1USB Redirectionvdgusbn.dll CTXMM1Multimedia - Streamingvdmmn.dll CTXCLIP1Client Clipboard Mappingvdclipn.dll CTXCAM1Client Audio MappingvdcamN.dll CTXLIC1License Managementwfica32.exe CTXVFM1Video Server – (no longer used)n/a CTXPN1Program Neighborhoodvdpnn.dll CTXCCM2Client COM Port Mappingvdcom30N.dll CTXCDM2Client Drive Mappingvdcdm30n.dll CTXPASS2Transparent Key Pass-Throughvdkbhook.dll CTXCPM3Printer Mapping for Spooling Clientsvdcpm30N.dll CTXCM3Client Management (Auto-Update)vdcmN.dll CTXLPT13Legacy LP1 Port Mappingwfica32.exe CTXLPT23Legacy LPT2 Port Mappingwfica32.exe CTXCOM13Legacy COM1 Port Mappingwfica32.exe CTXCOM23Legacy COM2 Port Mappingwfica32.exe Virtual Channels
Multi-Stream ICA Terminology Single-port, Multi-stream ICA (MSI Default) 4 random ports at client, 1 primary port on server Automatically enabled on ICA server by Branch Repeater 6.0. Multi-port, Multi-stream ICA 4 random ports at client, 1 primary and up to 3 secondary ports on server Most common deployment if used without Branch Repeater Single-port, Single-stream ICA 1 random port at client, 1 primary port on server The pre-MSI default connection type If any Branch Repeater on the link vetos MSI, or old versions used
How Does Branch Repeater Optimize ICA? Adaptive orchestration with XenDesktop and XenApp Unprecedented visibility into XenDesktop and XenApp traffic Custom acceleration modes for print, video and file traffic Minimum changes to underlying XenDesktop or XenApp infrastructure
Branch Repeater with ICA
Branch Repeater reduces the bandwidth consumed per session by up to 89% Branch Repeater can double the number of users on the same WAN connection Branch Repeater reduces session launch times by up to 40% and print spooling times by up to 60% CTX124457: Data Analysis
Santa Barbara Redmond Schaffhausen Chicago Bedford Dallas Paris Madrid Munich Copenhagen Vianen Chalfont Sydney Dublin Miami Santa Clara Cambridge Mexico City Toronto Atlanta (DR) New York City Bethesda Fort Lauderdale Hong Kong Tokyo Singapore Bangalore Stockholm Data center office Regional headquarters Regional offices Disaster recovery Citrix-on-Citrix: 56 Branch Repeaters Deployed LocationBranch Repeater Model Main data centers8820 Regional/sales offices8540
Summary Industry trends are driving desktop virtualisation as a solution The same trends mean there are considerations for successful deployments Networks must be optimised to ensure Availability and User experience Citrix has the components to ensure Enterprises can realise the benefits of Centralisation, Consumerisation and Geographical dispersion 43 Desktop virtualisation is a solution not a product
Follow us… Citrix blogDesktop Virtualisation Web Community
Work better. Live better.