To address this issue, the NetScaler SD-WAN solution offers a virtual appliance that runs in Amazon Web Services (AWS) regions. Page 5. 5. Citrix | White
6 pages

144 KB – 6 Pages

PAGE – 1 ============
1Building a Software-de˜ned WAN with NetScaler SD-WAN Your WAN is stressed Productivity plummets when virtual desktop infrastructure (VDI), voice over IP (VoIP) and video conferencing connections disconnect. Employees complain when cloud-based applications take too long to respond or time out. Work comes to a halt when employees lose access to ERP, CRM and other enterprise applications. Sales stop and customers leave the store when POS terminals lose their connections. Today enterprises rely on wide area networks (WANs) to support an ever-growing number of bandwidth-intensive business critical applications. Because these applications are used to firun the business,fl they demand high reliability and quality of service. When they slow down for even a few seconds, employees notice and complain. Unfortunately, IT staff face a dilemma when they try to improve the reliability and capacity of their WANs. Multiprotocol label switching (MPLS) is reliable and provides fairly consistent performance, but adding capacity can be expensive. Internet connections via broadband technologies such as cable and DSL are much less costly, but reliability and performance are inconsistent and there are security concerns. WAN optimization products accelerate performance and effectively increase bandwidth, but they can™t overcome all of the issues when the underlying WAN is unreliable or unavailable. Introducing the software-de˜ned WAN A new approach called software-de˜ned WAN, or SD-WAN, offers a solution to this dilemma. This technology logically binds multiple MPLS and broadband paths into a single logical path. With SD-WAN, quality of service (QoS) rules, path selection and traf˜c shaping can be applied to ensure that high-priority applications always perform well. SD-WAN can also ensure that all bandwidth on all paths is fully utilized. In addition, critical business processes can be protected against network outages. If even a single path remains, key applications can be switched over in milliseconds and continue uninterrupted operation with no discernable impact on end user productivity. What can go wrong? A typical datacenter-to- branch WAN connection Before examining how SD-WAN technology works, let™s look at a typical situation today for networking between a datacenter and a medium-sized branch or remote of˜ce. Most traf˜c, including all traf˜c for business critical applications, is con˜gured to run through an MPLS connection. One or two paths through the public Internet have been added, primarily for backup in case the MPLS link goes down (Figure 1). Businesses rely on branch of˜ces or remote employees to serve customers, to be near partners and suppliers and to expand into new markets. As application and desktop virtualization increase or applications move to the cloud, IT managers face the challenge of providing these applications without a performance penalty to branch and mobile users. NetScaler SD-WAN can help you effectively and economically increase WAN throughput while accelerating enterprise applications and ensuring the performance and availability of mission critical applications.

PAGE – 2 ============
2What are the drawbacks in this arrangement? There is a lot of wasted bandwidth and contention. The broadband paths are kept in reserve in case the MPLS link fails, or used only for a few low-priority applications. If the MPLS path reaches capacity, there is no easy way to move MPLS traf˜c over to the broadband connections to reduce contention on MPLS. Failover when a connection goes down can take several seconds, or even minutes. Even a short outage can be extremely annoying to employees, who may be forced to restart sessions or log in again, and it can result in a loss of revenue for the enterprise. After failover, the performance of critical applications will be seriously degraded, along with all other applications using the remaining paths. With many applications competing for limited bandwidth on the backup connections, applications sensitive to latency, loss or jitter like desktop and application virtualization, VoIP and video conferencing may become unusable, resulting in additional lost business. Adding additional capacity can be very costly. If the Internet connections can™t provide the required reliability and quality of service for new applications, then the organization is looking at very expensive upgrades to its MPLS network. Although MPLS networks are generally of good quality, they can still experience packet loss, latency and jitter. These problems impact latency-sensitive applications, causing yet more employee frustration and lost business. Branch networks are becoming more complex, potentially with separate appliance for routing, ˜rewall, and WAN Optimization. Multiple appliances increase the cost per branch and add complexity to maintaining and troubleshooting the branch network. Network administration can be complex and time-consuming. Application traf˜c needs to be con˜gured and monitored differently for each path. If paths to a remote of˜ce or user take more than one fihopfl across different network types, then it is extremely dif˜cult to manage end-to-end monitoring and quality of service. Of course, Figure 1 only shows a single datacenter and one branch of˜ce. The issues mentioned above will be greatly magni˜ed in an enterprise with multiple datacenters and dozens or hundreds of remote of˜ces. The challenges will be even greater with the increasing use of cloud-based applications. Now that we’ve looked at the problems that are common with a typical WAN, let’s look at the basic capabilities and features of a software de˜ned WAN and then see how SD-WANs address these problems. SD-WAN basics #1: measure and monitor network paths The most important aspect of SD-WAN technology is the knowledge it gathers regarding the underlying network connections and the intelligent decisions it makes using this knowledge. The unique power of SD-WAN is achieved by: Figure 1: In a typical datacenter-to-branch scenario, broadband is used only for backup or low priority applications because it is not reliable. Figure 2: NetScaler SD-WAN appliances measure transit time, jitter and packet loss, then create a fimapfl of the performance and health of all paths in the WAN. This information is used to select the most appropriate paths for different types of traf˜c. Broadband connections can now be used actively for all applications. ˜˚˛˚˝˙ˆˇ˛ˆ˘˙ ˜˚˛˚˝˙ˆˇ˛ˆ˘˙ ˘ ˝ ‘ š˘

PAGE – 3 ============
31. Measuring and monitoring network paths in both directions 2. Identifying and assigning priorities to applications 3. Applying the knowledge gained from monitoring paths to optimize the reliability and performance of network traf˜c Figure 2 shows the same headquarters-to- branch of˜ce scenario as Figure 1, except with NetScaler SD-WAN appliances included at each location. (Later we will discuss how many bene˜ts of SD-WAN can be gained with a NetScaler SD-WAN appliance at only one end, or with a virtual appliance in the cloud.) The source (sending) appliance adds tags to each packet with information about the time sent and its order in the packet ˚ow. The destination (receiving) appliance reads these tags and uses the data to measure transit time, congestion, jitter, packet loss and other information about the performance and health of the path. The appliances share this information with the controller, which uses queuing theory and predictive behavioral statistical modeling to create a fimapfl of all of the paths in the WAN. This information is continuously updated with information from recent packets. These techniques allow the WAN appliances to continuously measure and monitor the performance, quality and health of every MPLS and broadband connection in the WAN, then apply that knowledge to providing quality of service, path selection, traf˜c shaping, sub- second failover and other services. SD-WAN basics #2: application awareness The NetScaler SD-WAN solution allows enterprise IT to make prioritization decisions for each application using very granular application classi˜cation. That ensures that the highest- priority applications always perform extremely well, while other applications receive QoS appropriate to their priority. Each application is assigned to one of three high-level categories: fireal-time,fl fiinteractivefl and fibulk.fl Typically, high-priority applications that demand low latency are assigned to the real-time category. VDI and application virtualization solutions (including XenDesktop and XenApp), VoIP, Skype for Business and video conferencing applications, and other enterprise applications can be assigned to real-time or interactive categories according to business policy. Lower-priority applications are assigned to the bulk category. In some organizations these three categories are satisfactory, but if more granularity is required custom rules can be created based on factors such as source and destination IP addresses, IP protocol, DSCP tag, and source and destination ports. Each category of application, and even each individual application, can be assigned a minimum share of bandwidth. If the network is congested, each application can continue to function and high priority applications can’t be crowded out. And with NetScaler SD-WAN, the bandwidth is reserved on the ˜rst and last mile, meaning that if the far end is congested, it can back pressure the near end to prevent traf˜c from being sent to an oversubscribed end point, resulting in more ef˜cient bandwidth utilization. SD-WAN basics #3: combine network measurements with application policies to intelligently route traf˜c The NetScaler SD-WAN solution uses several techniques to ensure excellent, reliable performance for business critical applications. The core approach is called filatency-aware path selection.fl This means performing intelligent load balancing within a network session to use the optimal WAN path or paths. Based on information from the fimapfl of available network links, a high-priority application is assigned to the lowest latency (best performing) WAN path available at that moment. If the bandwidth requirements of the application exceed the bandwidth available on that path, part of the application traf˜c is sent through the next-best path, and if necessary through a third or fourth. The paths can be a mix of MPLS and broadband links. This aggregation allows high-priority applications to take advantage of the fastest paths available, without overloading any single path. The path selection process is dynamic. If a particular path begins to slow down or experience excessive jittering or packet loss, high-priority traf˜c is reassigned to a better- performing path on the ˚y, without interruption to the application. If a higher-priority session starts, that traf˜c is assigned to the best- performing path, and if necessary lower-priority applications are moved to the next-best path. Packet Duplication An additional enhancement technique is fipacket duplication.fl Duplicate copies of each packet can be sent along different, independent paths. The packet that reaches the destination appliance ˜rst is used and the second one is discarded. This approach uses extra bandwidth, but it ensures the highest possible performance and zero packet loss, making it appropriate for applications like VoIP, Skype for Business and video conferencing where excellent performance is essential and bandwidth is low. Traf˜c shaping and dynamic bandwidth reservation Traf˜c shaping and dynamic bandwidth reservation are additional techniques for managing quality of service for different classes of application traf˜c. The NetScaler SD-WAN solution provides four types of service: ŁfiVirtual Path,fl which is communication between two locations with NetScaler SD-WAN appliances (the scenario discussed up to this point in this white paper) ŁfiIntranet,fl which is communication between a location with a NetScaler SD-WAN appliance and another corporate WAN location that does not have an appliance ŁfiInternet,fl which is communication from a location with a NetScaler SD-WAN appliance to destinations on the public Internet ŁfiPass-through,fl which is traf˜c that administrators want to transit unchanged through the NetScaler SD-WAN appliances, for example pings and troubleshooting traf˜c With traf˜c shaping, it is possible to specify a minimum reserved bandwidth for each of these four services, so that no one service ever can crowd out the others on a path. A fisharefl for each service is also speci˜ed. When two or more services are contending for capacity above the reserved minimum, bandwidth is allocated between them based on the relative shares assigned to each. When a service exceeds its bandwidth share, low-priority traf˜c within that service is queued and transmitted when spare capacity is available. The Virtual Path service (traf˜c between two NetScaler SD-WAN appliances) provides an even more sophisticated type of traf˜c shaping

PAGE – 4 ============
4that allows the destination appliance to fibackpressurefl the source appliance. That is, the source appliance not only allocates bandwidth among the service types, it also checks on the load at the destination appliance. If the destination appliance has no available capacity, then the source appliance will hold back on that traf˜c and use the resulting free bandwidth to send packets somewhere else. This allows more- ef˜cient use of overall bandwidth. Traf˜c shaping and bandwidth reservation ensure that an adequate amount of bandwidth is always available for high-priority applications. Also, because traf˜c shaping is managed dynamically, the NetScaler SD- WAN solution makes optimal use of available capacity at all times. These features, along with the other capabilities of NetScaler SD-WAN, ensure MPLS-level quality and reliability for high-priority applications on broadband connections, even when the underlying connections are not of high quality. That means that enterprises can expand their WAN bandwidth with inexpensive and ˚exible broadband connections rather than paying for much more costly MPLS capacity (Figure 3). Failover and survivability Provisions for failover and survivability are important elements of the software-de˜ned Figure 3: The NetScaler SD-WAN solution allows enterprises to expand WAN bandwidth by adding inexpensive broadband connections instead of MPLS capacity. ˜˚˛˚˝˙ˆˇ˛ˆ˘˙ ‘˘ ’š˝ WAN. NetScaler SD-WAN appliances tag packets with sequence numbers and information about the packets to follow. This allows destination appliances to detect path outages after just two or three missing packets. Information about the outages is immediately shared with all other appliances. Because these appliances have visibility into all of the WAN links, they can immediately reroute traf˜c onto the next-best available paths. This approach allows seamless sub-second failover, undetectable by applications using the new paths. Competing solutions can™t match this level of failover performance. Another bene˜t of this approach is that all applications are not degraded equally. On the contrary, high-priority applications are given the most bandwidth on the remaining paths, so that in most cases users of these applications are not even aware that a network outage ever took place. Finally, when an outage is detected, NetScaler SD-WAN appliances will send frequent probes to determine the health of the failed path. When the path is brought back on line, the appliances can resume using it in less than a second. Packet reordering and loss mitigation Packet reordering is another element of SD- WAN that can improve application performance. When destination appliances receive packets out of sequence, they can reorder them using the sequence number in the packet header. This of˚oads the reordering task from applications, resulting in better and more consistent application performance. Packet loss mitigation by the appliances can also boost performance. When the destination appliance determines that packets have been dropped, they contact the source appliance to resend them. This of˚oads retransmission tasks from applications, and prevents automatic TCP corrections that can cause window sizes to drop rapidly and adversely affect performance. Locations without appliances The NetScaler SD-WAN solution provides optimal results between locations with appliances at both ends. However, it can also provide signi˜cant bene˜ts when there is an appliance on only one end. As discussed above, the NetScaler SD-WAN appliances provide four types of services, of which two, the Intranet and Internet services, are designed for communication between locations with an appliance on only one side (Figure 4). For Intranet and Internet traf˜c the source appliance can still provide traf˜c shaping, with minimum bandwidth allocations for each service, so no one type of service can crowd out the others. SD-WAN basics #4: integrating public and private clouds Most enterprises are increasing their use of applications running in public and private clouds. Unfortunately, when application traf˜c enters a cloud-based data center, it effectively leaves the WAN boundary and becomes invisible to the enterprise IT organization. To address this issue, the NetScaler SD-WAN solution offers a virtual appliance that runs in Amazon Web Services (AWS) regions.

PAGE – 5 ============
5Figure 4: A virtual appliance provides visibility and control for traf˜c to Amazon Web Services (AWS) and SaaS applications. ˜˚˛˚˝˙ˆˇ˛ˆ˘˙ This effectively expands the WAN boundary to the edge of the cloud. NetScaler SD- WAN appliances and virtual appliances can aggregate multiple broadband and Amazon Direct Connect links, and provide latency- aware path selection, packet duplication and seamless failover (Figure 5) for users accessing cloud data and SaaS applications. SD-WAN basics #5: consolidate branch network functions into a single appliance NetScaler SD-WAN offers a complete all-in- one solution that includes application-aware virtualized WAN connectivity, dynamic routing, WAN optimization, secure data segmentation, and secure Internet breakout. This limits the number of separate appliances that need to be deployed in a branch, and provides a single centralized management system for con˜guration and reporting. This approach drives down the cost of the branch network, not only by limiting the number of appliances that have to be individually purchased, but by lowering the technical support costs per branch. A single con˜guration system means that IT staff doesn’t have to learn multiple technologies and coordinate changes across multiple systems. This means that the time and cost of con˜guration is less and lowers the risk of errors that can result in network downtime. The NetScaler SD-WAN solution supports multiple deployment modes allowing customers to overlay the SD-WAN technology on their existing network, aggressively rearchitect their WAN to consolidate network services, including routing, into a single appliance, or selectively deploy SD-WAN in the mode best suited to each location. SD-WAN basics #6: centralized policies, simpli˜ed management and visibility WANs with multiple network types can be hard to manage. The NetScaler SD-WAN solution simpli˜es management and analysis. NetScaler Command Center makes con˜guring NetScaler SD-WAN appliances and policies intuitive, especially because the WAN can be con˜gured in its entirety, rather than as a series of individual devices. The Command Center automatically discovers all NetScaler SD-WAN appliances in the network, and allows administrators to push out con˜guration changes to all appliances in a very short time window. NetScaler Insight Center includes a customizable dashboard with charts, maps and diagrams that display key facts and events showing the health and performance of WAN paths across the network. A unique replay feature shows traf˜c ˚ows over time and highlights changes resulting from changes in network conditions and application demand. The NetScaler SD-WAN solution is the only SD- WAN offering that provides this level of insight into application traf˜c over wide area networks. SD-WAN results: Noticeable improvements to application reliability, performance and the business bottom line The fiWhat Can go Wrongfl section above discussed seven issues that arise with typical WAN connections today: wasted bandwidth, slow and disruptive failovers, degraded performance of high-priority applications after a failover, the high cost of adding capacity, packet loss and jitter on MPLS networks, and complex and time- consuming administration. NetScaler SD-WAN addresses all of these issues. No wasted bandwidth Intelligent path selection across all connection types ensures that all bandwidth is available at all times. It is no longer necessary to reserve broadband connections primarily for backup. Further, the highest-priority application traf˜c is assigned to the paths with the best performance and lowest packet loss. Assignments are made dynamically, based on granular classi˜cation of each application and real-time information about the performance and health of every path in the WAN. This dynamic path selection is performed automatically, without requiring network administrators to analyze or monitor network links or assign applications to paths. Sub-second failover and failback NetScaler SD-WAN appliances can detect path outages after just two or three missing packets, allowing seamless sub-second failover of application traf˜c to the next-best WAN path.

PAGE – 6 ============
6Employees are never forced to restart sessions, redial calls, or log in to applications again. The appliances also detect immediately when connections come back online, and seamlessly return traf˜c to the restored paths. High-priority applications perform well after failover When a connection goes down, traf˜c shaping and latency-aware path selection ensure that high-priority applications are given adequate bandwidth on the best-performing remaining paths. Packets for lower-priority fibulkfl applications are queued if necessary and sent when bandwidth is available. In most cases outages are undetectable by employees, even with latency-sensitive applications like VoIP. Dramatically lower costs for expanding capacity The NetScaler SD-WAN solution allows broadband connections to deliver high-priority application traf˜c with the same reliability and quality of service as far more expensive MPLS networks. That means enterprises can expand their WAN capacity using low-cost, ˚exible broadband connections, and have those connections work seamlessly with an existing MPLS network. In fact, some enterprises may be able to dispense with MPLS entirely and build high-quality WANs using broadband links alone. Better quality for all application types NetScaler SD-WAN appliances continuously measure and monitor the latency, jitter and packet loss of every WAN connection. They dynamically make routing decisions to use the best quality paths as much as possible. Lower quality paths are used only as much as necessary, and then for lower priority applications. Packet reordering and packet loss mitigation features reduce jitter and packet loss, improving the quality of MPLS as well as broadband connections. Consolidated branch networking NetScaler SD-WAN integrated edge solution combines software-de˜ned WAN capabilities with WAN Optimization, routing and security in a single appliance. This allows enterprises to choose which network functions it needs for each branch without worrying about purchasing and managing separate appliances for each function. Simpli˜ed, end-to-end management and monitoring The NetScaler SD-WAN solution makes it simple to manage and monitor performance and quality on WANs that combine multiple MPLS and broadband connections. Administrators can con˜gure WANs in their entirety, rather than as series of individual devices. They can also push WAN visibility and management into the cloud, with virtual appliances running in Amazon Web Services (AWS) regions. If your WAN is stressed, please learn more by visiting or contacting your Citrix sales professional or authorized reseller. Enterprise Sales North America | 800-424-8749 Worldwide | +1 408-790-8000 Locations Corporate Headquarters | 851 Cypress Creek Road Fort Lauderdale, FL 33309 United States Silicon Valley | 4988 Great America Parkway Santa Clara, CA 95054 United States Copyright© 2016 Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Of˜ce and in other countries. All other marks are the property of their respective owner/s. 1116

144 KB – 6 Pages