Application Delivery Control Customer Overview - …licensing.arrowecs.at/wp-uploads/2017/11/7-Citrix-NetScaler...Citrix XenMobile Client Citrix ShareFile ... • The quality of every

Application Delivery Control Customer OverviewEnsuring application performance and security

Presenter Name PlaceholderJob Title

NOVEMBER 13, 2017

How Citrix NetScaler delivers solutions

Solving Business Challenges

3 © 2016 Citrix | Confidential

Business challenges facing application delivery

Technical debt and application lifecycle management across

multi-cloud

ManageSupporting cloud native apps and

hybrid cloud topologies

HybridServer failures or

public cloud outages can impact app

availability

ReliabilityDecreased productivity and loss of revenue due

to slow performing applications

PerformanceIncreasing need for encryption

and new ciphers

Security


NetScaler Portfolio

ADC

Secure delivery of traditional & micro-services

Apps

Gateway

Secure Access for Apps anywhere users everywhere

SD-WAN

Secure & reliable delivery of Apps to the branch

Management & Analytics SystemApplication & Infrastructure Intelligence for the data

driven enterprise


Citrix NetScaler SD-WAN

Citrix XenMobile Client

Citrix ShareFile

Citrix XenApp

Citrix XenDesktop

Citrix XenMobile

Other Apps

Citrix NetScaler Gateway & ADC

Branch user

For Apps anywhere, Users everywhere

Citrix Receiver

Citrix Receiver

A complete App Delivery solution

Optional subtitle

NetScaler Platforms and Licensing


2016 Magic Quadrant for

Application Delivery Controllers

Source: Gartner report, Magic Quadrant for Enterprise Mobility Management Suites, June 8, 2015, Terrence Cosgrove, Rob Smith, Chris Silva, John Girard, Bryan Taylor

Source: Gartner report, Magic Quadrant for Enterprise File Synchronization and Sharing, August 6, 2015 Monica Basso, Charles Smulders, Jeffrey Mann

Source: Gartner report, Magic Quadrant for Application Delivery Controllers, September 12th, 2016, Mark Fabbi, Andrew Lerner

© 2015 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, e-mail [email protected] or visit gartner.com. Used with permission. The Gartner document is available upon request from Citrix.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to

select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this

research, including any warranties of merchantability or fitness for a particular purpose.

10th

Year

2016

Recognized as a leader

…a solid

roadmap of

product

features

and

licensing

options.


Secure delivery of traditional & micro-services apps

Load Balancing Acceleration Security SSL Availability Performance Visibility

PerformanceAvailability SecurityOffload Visibility


“Citrix NetScaler leads the market in innovation and vision with capabilities that give us a competitive advantage.”

Tech Validate ID: 0CE-B5A-F7D

84%of customers agree


PlatinumEnterpris

e

Standar

d

Ensure application availability with traffic management and

server monitoring

Improve application performance and manage resource availability

across multiple datacenters

Protect against web-based attacks and data theft

NetScaler editions


PlatformsHardware or software options

Hypervisor

basedDocker Container

based

Multi-tenant

hardware

Single instance

hardware


Virtual Platforms

Hypervisor Support

Cloud Hosted

<100 Gbps

Performance

Up to

100 Gbps


Containerized Platforms

Container Support

Performance

Up to

1 Gbps

Container Management Support

<1 Gbps

Free developer

version


Hardware Platforms

Performance

L7 Throughput

<200 Gbps

L7 Requests per second

<5.2m

SSL Throughput

<46 Gbps

SSL Requests per second

<560k<200 Gbps


Hardware Platforms

<200 Gbps

Performance

L7 Throughput

<200 Gbps

L7 Requests per second

<5.2m

SSL Throughput

<46 Gbps

SSL Requests per second

<560k

Virtual tenants

<115


NetScaler SD-WAN Product Overview

NetScaler SD-WAN Product Team

MARCH 2017

© 2016 Citrix | Confidential


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Stateful

Firewall


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Statefull

Firewall


NetScaler SD-WAN: Create a tunnel

MPLS EF Queue

MPLS Default Queue

InternetNetScaler SD-WAN NetScaler SD-WAN

Logical tunnel created by encapsulating in UDPLO G I C A L T U N N E L C R E AT E D

F R O M D I V E R S E L I N K S

Connections can be built to the data center, a private cloud, headquarters or dynamically created on demand direct from branch to branch

!


NetScaler SD-WAN: Measure every path

MPLS EF Queue

MPLS Default Queue


Logical tunnel created by encapsulating in UDP

latency loss jitter cong.






• The quality of every potential path is assessed with every packet, in each direction

Latency, loss, jitter, congestion and availability are monitored for each path and in each direction. And real traffic is used for the measurement, not probe data.

!


NetScaler SD-WAN: Direct traffic to the best path

MPLS EF Queue

MPLS Default Queue



• The quality of every potential path is assessed with every packet, in each direction• Each data stream is directed to best path with priority given to critical applications

B A N D W I DT H C O N T R O L

Each MPLS queue is treated as a separate path, maximizing the value of MPLS and ensuring the best path is always used.!


NetScaler SD-WAN: Detect and fail over without impact

MPLS EF Queue

MPLS Default Queue



• The quality of every potential path is assessed with every packet, in each direction• Each data stream is directed to best path with priority given to critical applications• Data immediately fails over if an error is detected on any link

D E T E C T P R O B L E M S Q U I C K LY

We can detect degraded links, or brownouts, and quickly adapt traffic to compensate. By not waiting for an actual outage, soss and latency spikes won’t cause performance problems.

!


NetScaler SD-WAN: Detect and fail over without impact

MPLS EF Queue

MPLS Default Queue


Logical tunnel created by encapsulating in UDPFailover occurs within a 2-3 packets of loss, and those lost packets can be retransmitted and reordered so the application is never affected.

!A N D R E A C T W I T H LO S S L E S S FA I LOV E R

• The quality of every potential path is assessed with every packet, in each direction• Each data stream is directed to best path with priority given to critical applications• Data immediately fails over if an error is detected on any link


NetScaler SD-WAN: Optionally duplicate real-time traffic

MPLS EF Queue

MPLS Default Queue


Logical tunnel created by encapsulating in UDPWith packet duplication, VoIP and HDX Thin Wire will always take fastest path and never lose a packet, results in an optimum user experience

!

• The quality of every potential path is assessed with every packet, in each direction• Each data stream is directed to best path with priority given to critical applications• Data immediately fails over if an error is detected on any link• Packet duplication ensures no loss of critical data for ultimate in consistent user experience

PA C K E T D U P L I C AT I O N


NetScaler SD-WAN: Use multiple links for one session

MPLS EF Queue

MPLS Default Queue


Logical tunnel created by encapsulating in UDPBonding links can result in a file transfers that take half the time, mitigating the impact of latency!

• The quality of every potential path is assessed with every packet, in each direction• Each data stream is directed to best path with priority given to critical applications• Data immediately fails over if an error is detected on any link• Packet duplication ensures no loss of critical data for ultimate in consistent user experience• Large flows can use multiple links simultaneously

B O N D M U LT I P L E L I N K S


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Stateful

Firewall


Application SLA QoS

Category Minimum Bandwidth

Prioritization Duplicate

Real Time 30% VoIP Yes

Video Conf No

Interactive 40% XenDesktop No

SQL No

Exchange No

Custom No

Bulk 30% FTP No

Video No

Custom No

• QoS is based upon 3 categories of application traffic: real time, interactive, and bulk

• Categories can be provisioned with guaranteed minimums

• Up to 17 QoS levels can be utilized across the 3 categories

• Applications can be created and assigned using source/destination IP & port, TCP/UDP, and DSCP

• QoS model is dual-ended and therefore provides guaranteed delivery


Application Intelligence Forms the Core of the Product

Finer Control Comprehensive SecurityDeeper Visibility

• Deep Packet Inspection• 4000+ Enterprise & SaaS Apps• Classify within Applications• DPI signatures updated regularly

• 200+ Enterprise Apps• 6 tuple matching to extend

Today

9.2


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Statefull

Firewall


Integrated Statefull Firewall

• Comprehensive Firewall security: IP to Application layer

• Secure hosts, ports and infrastructure

• Support for Dynamic and Static NAT

• Enable firewall rules even for encrypted traffic with Application intelligence

• Define zones to enforce different policies for different users

• Single Point of Management across Network

• Provision, troubleshoot and analyze Routing and Security through SD-WAN center

• ICSA certification coming soon…

ALLOW

REJECTCOUNT &

LOG

DROP


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Statefull

Firewall


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Statefull

Firewall


• Network throughput impacted by TCP window

size, latency and congestion

• Google “Mathis equation” or “TCP tuning”

• No packet loss: RWIN / RTT

• Packet loss: MSS / (RTT * SQRT(Packet Loss))

• NetScaler SD-WAN employs

• Window scaling of up to 16Kx of standard TCP

• SACK to minimize data that is resent

• Fast re-transmits to reduce delay before resend

• BIC TCP for faster recovery from packet loss

NetScaler SD-WAN Advanced TCP Flow Control

Slow Start Slow Ramp

Without NetScaler SD-WAN

Average

Utilization

Thro

ughput

Time

Link Speed

With NetScaler SD-WAN

Average

Utilization

Time

Link Speed

Thro

ughput


NetScaler SD-WAN makes HDX better

Data Center or Cloud

Client Host

Clipboard

File Transfer

Mobile sensors

Clipboard HD

X

Printing

Smartcard

Audio

Graphics

Media

Citrix XenApp

Citrix XenDesktop

MPLS EF Queue

MPLS Default Queue


B A N D W I DT H


Secure Edge

Routing

Application

Optimization

Unified

Management

App-Aware

QoS

Intelligent Path

Selection

Statefull

Firewall


NetScaler SD-WANPlatform Overview


Ensure application reliability and quality via path measurement, selection, and security

Reduce bandwidth requirements and create more responsive applications

Securely forward application traffic from branch locations across the WAN and to the Internet

Secure the branch perimeter while controlling application delivery across the WAN and to the Internet

NetScaler SD-WAN: A Comprehensive WAN Edge Platform

Centralized Management &

Visibility







Visibility

Standard Edition





Visibility

WANOP Edition








Visibility

Enterprise Edition


Model Capacity (Mbps) HDX Form Factor

5000 1,500 – 2,000 3,500 – 5,000

4000 310 – 1,000 750 – 2,500

3000 50 – 155 300 – 500

2000/2000WS 10 – 50 100 – 300

1000/1000WS 6 - 20 60 - 200

800 2 – 10 20 – 100

400 2 – 6 10 – 30

VPX 2 – 200 15 – 250 Software

NetScaler SD-WAN: WANOP Line UpPhysical and Virtual products as of 3Q 2016


NetScaler SD-WAN: Standard Edition LineupPhysical and Virtual products as of 3Q 2016

ApplianceVirtual WAN Capacity

(Mbps full duplex)Virtual Path Capacity

(Fixed/Dynamic)Form Factor

5100 3000/4000 550/32

4100 1000/2000 256/32

2100 200/300/500/1000/1500 128/16

1000 20/50/100 16/8

410 20/50/100/150 16/8

VPX 20/50/100/200/500/1000 16/8 Software


NetScaler SD-WAN: Enterprise Edition Lineup

Appliance

Virtual WAN Capacity

(Mbps full duplex)

WAN Op Capacity*

(Mbps)

Virtual Path Capacity

(Fixed/Dynamic)

Concurrent HDX

SessionsForm Factor

2000

250 50 32/16 300

200 20 32/16 200

100 10 32/16 100

1000

100 20 16/8 200

50 10 16/8 100

20 6 16/8 60

10 4 16/8 40

Physical and Virtual products as of 3Q 2016

44 © 2017 Citrix | Confidential – Content in this presentation is under NDA

NetScaler MAS 12Product Overview

Michael LeonardPrincipal Product Marketing Manager

[email protected]

May, 2017

mailto:[email protected]


Visibility and Analytics

Observe trends and

plan capacity

Proactively identify issues

Detect and address

security threats

Harness and use the data

from your network

What’s new in 12.0?• Anomaly

detection• Troubleshooting

applications• Application

threat exposure


Advanced analytics comprehensive sources of data

Network Reporting

Volumetric or Utilization Data

SSLvServerICMPTCP

HTTPCompression

UDP

INSIGHTS (Analytics)

Application Layer DataCapacity Planning, Performance, Threats

HDX Web Security SSL

Advanced Analytics

Metadata + other high value dataUser impacting scenarios

Automated Trouble-shooting

Automated Threat

Detection


Anomaly detection for performance troubleshooting

Which services are contributing to server

response time anomalies?

What has been the anomaly based trend line for this service?

Which point was the anomaly identified?


Application security status monitoring dashboard


Which are the top Apps with high threat index?

Who are the top Clients with high number of violations association?

Which locations attacks are originated from?

What is the total attack variation across all apps?

New Threat Detection added

Application security threat exposure assessment


App-centric lifecycle management

App-centric trouble-

shooting,security

Capture app-centric details

Granular role-based access

Gain app-centric

visibility and control

What's new in 12.0?- App health

monitoring- App dashboard- App Security

Dashboard- Stylebooks for

configuring apps


Application health score for user experience

User Experience

Caused by

Latency

Availability

Anomalies

Errors

ADC health: CPU,

memory

Server latency and availability

Security attacks: threat index, DNS DDoS

App Health Score

NetScaler Metadata

Anomalies: surge

queue, uneven LB

HTTP Errors


When user clicks on any App

Which Apps are the most used most?

Why does this App have a low health score?

How many Apps have a low health score?

Which Apps have high threat exposure?

Which Apps have low security enabled?

Which Apps have high client connections and low server

connections?

Which network functions

define this app?

Health Score Trend

Threat Index Trend

Attack Trend

.

.

.

Application dashboard for activity monitoring


Configurable application centric components

vServers vServers vServers

Backstage Application

Sharefile Application

Store Application

LB_vServerCS_vServer



For each vServer:• Dashboard

• Transactions• Connections• SSL• Throughput

• Services• Configuration

• Basic• Load balancing Method• Persistence

App Owner A

App Owner B


Centralized Management

Certificate management

Configuration, logging and

events

License Management

Automate administrative tasks across

infrastructure

What's new in 12.0?- Performance

reporting and exporting

- Check in check out licensing

- Role based access control

- HA Proxy support


See all locations in a geo map view

Data Center view, highlighting state of instances, and critical/major Events.


Centrally manage the NetScaler fleet

Distribution by Events/Health/Versions/Model/UpTime/Config Audit/Certificates


Top Parameters & Trends • Which are the top vservers

causing low health score?• What is the key app usage

metric variation?• What is the total event

variation trend for this app?

Top 5 vservers with lowest health score

How are the total events trending over the time?

How are the total events trending over the time?

Monitor device state with the activity investigator


0

100000

200000

300000

400000

500000

600000

# SSL v3 Sessions # ECDHE Sessions # ECDSA Sessions

Perform SSL capacity planning with SSL insight

Identify SSL Traffic Composition

Time

Future: Identify SSL CPU Utilization

Total Elliptical Curve Traffic


NetScaler MAS packaging and licensing

NetScaler ADC

SDN Control

Hybrid and Multi-Cloud Control

NetScaler Gateway

Advanced Application Analytics

Management and Automation

• Application dashboard• Application performance monitoring • Application level RBAC• End-to-end troubleshooting• Advanced capacity planning• Predictive analytics• Security threat analysis and

mitigation

• Configuration management• Logs, events and reports• Certificate management• License management• Cloud system integration• Container management• SDN integration

HA Proxy

Orchestration and Analytics Systems

SD-WAN


NetScaler MAS annual and multi-year pricing

NetScaler MASPer Instance Licensing

Product License SRP

Software Maintenance SRP

100 vserver On-Premise Subscription 1-year $10,000 $2,200





1. Annual or multi-year on-premise subscription. Customer must purchase multiple licenses to reach level of vservers required.2. Customer must purchase Software Maintenance (SWM) packs to equal to or more than the number of vserver licenses purchased .3. Customers who are using the unlicensed MAS with less than 30 vservers, who wish to receive support, need not purchase Software

Maintenance.4. The minimum support purchase is for 100 vservers.


Documents

Application Delivery Control Customer Overview - …licensing.arrowecs.at/wp-uploads/2017/11/7-Citrix-NetScaler...Citrix XenMobile Client Citrix ShareFile ... • The quality of every