Transcription
Citrix NetScalerWhite PaperAchieve mobiledelivery withCitrix NetScalercitrix.com
Citrix NetScalerWhite PaperThe rise of mobility has placed unprecedented strain on the datacenter network,including one of its fundamental building blocks, TCP (Transmission ControlProtocol). Without change, standard TCP fails to meet the performance, availabilityand security requirements of today’s mobile workforce. Fortunately, a number ofTCP extensions that specifically address these challenges have been developedand Citrix NetScaler has many other mobility-aware features to optimize the userexperience in a mobile-centric world.In order to take advantage of these developments, enterprise IT must deployapplication delivery controllers (ADC) that are mobile aware and support the latestTCP protocol extensions. Citrix NetScaler—the industry’s most advanced cloudnetwork platform—not only supports these extensions, it has been specificallydesigned to deliver the exceptional experience demanded by today’s mobileworkforce. NetScaler includes additional, innovative capabilities that produceindustry leading performance, availability and security for today’s mobile enterprise.TCP: Keeping up with changing network demandsTCP was first formally specified and documented nearly 40 years ago, inDecember of 1974. Today it remains the most popular transport protocol on theInternet, as well as within enterprise datacenter networks.Some of the original design intentions included: Interoperability through a standard protocol for transmitting data betweendifferent hosts and entities Flexibility to handle the physical differences in host computers, routers,and networks in general, including support for different packet sizes Reliability through detection of errors and packet loss, as well asretransmission of data when necessary Connectivity with multiple independent networks, letting them act togetheras a single aggregated networkWhile these objectives were largely met, technology developments that wereunforeseen at that time have created the need for TCP to be updated periodically.Changing network demands and the refinement of core algorithms in the protocolresulted in the release of TCP version 2 and 3 in 1977 and 1978. By 1981, TCPversion 4 was released. At that time, Internet Protocol (IP) was split out from TCPand was called version 4 simply to match the current version of TCP.Extending TCP with the Application Delivery ControllerThe core V4 protocols for TCP/IP—along with the enhanced IPv6 protocol—are stillused today. However, a number of extensions as well as many additional relatedprotocols have been added. For example, TCP multiplexing enables multiple users/applications to share a TCP connection to the same destination. By using anintermediary device such as an application delivery controller (ADC), much of theoverhead of TCP connections can be offloaded from destination servers. Usersmake separate TCP connections to an ADC, while the ADC maintains a commonpool of TCP connections between itself and the server.citrix.com2
Citrix NetScalerWhite PaperYou likely know that ADCs improve performance, availability and security forTCP/IP networks through capabilities such as: Compression Data Caching Layer 7 Content Switching Layer 7 Persistence Application Security SSL Offloading WAN OptimizationAt the same time, mobility is driving an entirely new set of demands—creatingunique issues and raising important questions that must be addressed. What new demands do the plethora of mobile devices that access applicationsand data in the enterprise datacenter put on TCP? How must the ADC evolve to keep up with the changing requirements drivenby mobile users?When standard TCP and mobility collideWith the dramatic rise of mobile devices, wireless networks, and on-the-gousers, TCP faces unfamiliar challenges. Since, TCP was designed well beforethese mobile devices were even conceptualized, they are often mischaracterizedand mishandled, resulting in poor network utilization which in turn leads toinferior performance.For example, TCP often drives too much or too little traffic in part because its flowcontrol and congestion avoidance algorithms were designed in an era of primarilywired networks. Wireless networks tend to lose packets because of interference,not congestion. Standard TCP can greatly reduce performance even wheninterference is minimal because it assumes losses are because of congestionand applies aggressive congestion avoidance algorithms resulting in sharpperformance drops.For mobile workers, the corporate network falls shortWhatever the cause, too many corporate networks are unable to keep pace withthe demands of mobile users. While everything may appear to be fine on thenetwork, mobile users receive a suboptimal experience. Access to applicationsand data from mobile devices and/or wireless networks can be slow enough tocause productivity issues. Mobile performance can also be unpredictable, resultingin even greater frustration among mobile users.Service availability can also be a significant challenge among mobile users. Forexample, active connections may be terminated when moving from external3G/4G networks to the company’s private 802.11 network since the IP address willchange between networks. Another type of availability issue is encountered whenemployees on laptops, desktops and virtual desktops see clear, understandablecontent on the corporate website, while their counterparts on mobile devices seean improperly formatted mess.citrix.com3
Citrix NetScalerWhite PaperUltimately it is the business that pays for the costs of poor mobility. If theprospective customer viewing the company’s product video loses connectivitywhile switching networks, he or she may not be willing to watch the video againfrom the start. If a sales representative cannot show a prospective customera clear view of product materials from the company’s website on a tablet at arestaurant, interest in the product may be lost.Addressing the mobility challengesTo overcome the challenges created by the rise of mobility, changes must happenboth with TCP itself and within the enterprise datacenter network. The good newsis that network challenges encountered over the last several decades have alreadybeen addressed with a combination of TCP and other protocol extensions, as wellas new ADC capabilities. This same two pronged approach can be used again toaddress today’s mobility challenges. TCP protocol extensions such as multipath TCP (MPTCP) are helping overcomeseveral enterprise mobility challenges. ETag headers, discussed in detail later, are used with HTTP to improve clientcache efficiency. As with the TCP multiplexing example from earlier, ADCs are also a critical partof solving mobility challenges.However, keep in mind that many ADCs were also designed with wired networksin mind. Not all ADCs support the updated protocols required to achieve superiormobile delivery and they may also lack additional benefits such as mobilityenhancements, which can be implemented without protocol changes. Choosingthe right ADC is important for your mobile users and applications.Mastering enterprise mobility with NetScalerAs a cloud computing company that enables mobile work styles, Citrix isleading the way in upgrading the datacenter network to support mobility. CitrixNetScaler (the most advanced application delivery controller) offers cutting-edgemobility features that uniquely smooth the way for mobile devices and createmore productive mobile users. NetScaler not only takes advantage of protocolextensions such as MPTCP, it adds powerful new benefits such as visibility andcontrol through NetScaler Insight Center.NetScaler boosts the experience of mobile users across several dimensions.Specific scenarios for three dimensions—performance, availability and securityare provided here:PerformanceOne of the most common issues faced by mobile users is poor performance.A frequent complaint that floods the help desk with calls is slow download of dataand other resources. Importantly, this can happen even when sufficient networkbandwidth is available resulting in the help desk wrongly assuming the problemis with the device or application. This issue arises, in part, because of the way theTCP congestion control algorithms were originally designed, coupled with severalcommon characteristics of mobile wireless networks: relatively high packet loss,dynamic traffic loads and larger quantities of data that have been transmitted butnot yet received.citrix.com4
Citrix NetScalerWhite Paper5Packet loss from wireless network interference causes standard TCP to overreact,unnecessarily reducing the TCP congestion window. This means that less data isallowed to be in transit at any given time, even though overall available bandwidthmay not have really changed. The negative impact on performance is particularlystrong on mixed wired/wireless networks. This impact is also felt more often formobile networks that have higher packet loss rates.NetScaler supports TCP Westwood (TCPW), a congestion avoidance algorithmthat improves performance beyond common TCP congestion algorithms like TCPNew-Reno. Mobile networks can suffer from bit-errors and/or network congestion,which cause traditional avoidance algorithms to reduce their throughput drastically.TCPW corrects that issue by continually computing an effective data-transfer ratefor connections and using it to throttle data at the time of congestion, therebyimproving throughput for that connection. Furthermore, if the throughput has widevariance, the algorithm probes aggressively to accelerate transfers to maximumavailable bandwidth.Throughput (bps)Regular TCP StacksTime (sec)Throughput (bps)Mobile-ready TCP WestwoodTime (sec)Figure 1: TCP Westwood performance compared to traditional congestion avoidance algorithms.NetScaler also offers advanced TCP buffering features, which improve theperformance of a transaction management environment. It achieves this by addinga speed-matching mechanism between a fast server network and a slow clientnetwork, and buffering a server’s response before delivering it to the client at theclient’s speed. This way the server can quickly offload the requested data and thendevote its resources to other tasks.Dynamic Window Management allows NetScaler to dynamically change theadvertised TCP window size based on the system’s memory utilization. If memoryis underutilized, NetScaler will increase the advertise TCP window size allowing foraggressive flow-control of the end-point, shedding load from the client or server.citrix.com
Citrix NetScalerWhite Paper6If the system begins to detect memory pressure it will dynamically and gracefullydecrease the advertised TCP window to balance out load and throughput. Thisoffers optimal utilization of system resources and avoids traffic bottlenecks dueto under-utilized capacity.AvailabilityStandard TCP connections are unable to survive when mobile devices switch fromone network to another. This can cause loss of state information for applicationsusing a TCP connection that goes down. For example, if the user is streaming avideo on a mobile phone over a 3G/4G network, streaming will be interrupted whenconnecting to an 802.11 company network. TCP connectivity is lost and must bereestablished, causing the user to start the video from the beginning again.Today’s hosts and clients have multiple network paths between them, including3G/4G and 802.11 access networks. To take advantage of these paths, NetScalersupports MPTCP, which is an extension of the TCP/IP protocol. MPTCP identifiesand uses multiple paths available between MPTCP-enabled hosts and clients tomaintain the TCP session. With MPTCP enabled, transactions can continue evenif one of the network paths is not available. MPTCP offers better resilience andavailability than standard TCP, because the application session does not fail ifone link goes down.Using an app over a 3Glink is great. App accessis done over standardTCP connections.Until the access pointchanges. The TCPconnection must resetleading to access delays.Multi-path TCP solvesthis by using two TCPconnections. NetScalercan then unite the data.Figure 2: Example of NetScaler acting as a Multipath-TCP (MPTCP) Gateway.Another availability issue arises when content must be formatted uniquely fordifferent device types. NetScaler also supports content switching based ondevice type. It examines the user agent or custom HTTP header in the clientrequest for the type of device from which the request originated. Based on thedevice type, it directs the request to a specific Web server. For example, if therequest came from a mobile phone, the request is directed to a server that iscapable of serving content that the user can view on his or her mobile phone.citrix.com
Citrix NetScalerWhite PaperSecurityTCP lacks even the most basic mechanisms for security. Encryption,authentication and access control must all be handled outside the TCP protocol.In order to protect mobile devices from attacks, data theft and unauthorizedaccess, additional functionality and technologies within the ADC are required.NetScaler protects against a wide variety of threats with integrated securitycapabilities that protect mobile resources and augment existing network-layersecurity protections. For example, the NetScaler App Firewall blocks knownand day-zero application-layer attacks, as well as web application behaviordeviating from normal application use—ultimately protecting the mobile devicesaccessing these applications. Additionally, mobile users gain secure remote accesswith Citrix NetScaler Gateway, a proven SSL VPN solution that empowers usersto work in any location. NetScaler is specifically designed for mobile users andprovides the best secure application and data access for Citrix XenApp and CitrixXenDesktop .Mobile security must extend beyond the network to mobile devices, applicationsand data. For example, devices may be unmanaged, jailbroken, rooted or out ofcompliance with IT policies. Similarly, unapproved users may attempt to accessrestricted applications and data. A complete mobile security solution includesXenMobile MDM for enterprise mobile device management. XenMobile MDMhelps IT maintain device security and compliance to protect mobile applications,networks and data. Together, NetScaler and XenMobile MDM provide the bestoverall solution by enabling IT to support the extended security needs of mobileusers in the enterprise.Protecting mobile devices against attacks also requires visibility. NetScalerInsight Center delivers deep visibility and control to critical business applicationsand mobile services across public and private cloud environments. Based onthe innovative open standard AppFlow , the NetScaler Insight Center leveragesexisting networking real estate—uniquely situated at key focal points in theapplication path—to provide a 360-degree view for all mobile, web and virtualdesktop traffic. The result is a network big data analytics platform that enablesunprecedented visibility and real-time insight into datacenter traffic.Additional NetScaler Mobility SupportNetScaler has many other powerful mobility features to ensure your mobile usersget the experience they need.SPDYSPDY, pronounced speedy, is not an acronym; it is the full name of an opennetworking protocol for transporting web content. The goal of SPDY is to reduceweb page load time by using a single TCP connection per domain. SPDY achievesthis by allowing interleaved resource requests and prioritizing across resources.SPDY also achieves reduced latency through compression.citrix.com7
Citrix NetScalerWhite Paper8Impact of SPDY on Page Load Times3,500Page Load Time 5%2%2.5%Packet Loss Rate (Internet avg is 1%)Action analytics dynamic cachingThe performance of your website or application depends on how well you optimizethe delivery of the most frequently requested content. However, if you do notwant to perform manual optimizations, or if your website or application is dynamicin nature, you need infrastructure that not only collects statistical data but alsoautomatically optimizes the delivery of resources on the basis of the statistics.NetScaler provides this functionality through the Action Analytics feature.AppQoE (Application-Level Quality of Experience)ADCs traditionally maintain independent queues for every backend resource,an approach that does not allow global priority queuing across these resources.Rather than only maintaining queues for individual services, the AppQoE feature inNetScaler adds a global priority queue at the virtual server (vserver) level, allowinghigh-priority traffic to move ahead of traffic that has already been queued. Thisdelivers better user experience when multiple resources are available for the samebackend service.ETag headersAn ETag or entity tag is part of HTTP, the protocol for the World Wide Web. It isone of several mechanisms that HTTP provides for web cache validation, andwhich allows a client to make conditional requests. Etags allow caches to be moreefficient, and save bandwidth, since a web server does not need to send a fullresponse if the content has not changed. However, Etags do not work well withservers behind load balancers, because the validation request can go to a differentserver. NetScaler overcomes this issue by rewriting the ETag header to identify thecorrect back-end server.citrix.com
Citrix NetScalerWhite Paper9Client keep-aliveOpening and closing connections is time consuming and reduces overall enduser performance when making multiple HTTP/HTTPs requests. To improveperformance NetScaler utilizes client keep-alives. Initial traffic from client devicesis intercepted by NetScaler, which sets up one connection between itself andthe client device, and another connection between itself and the server. Followon requests from the client are intercepted by the NetScaler and directed to theserver. When the server sends the response, it closes the connection between theserver and the NetScaler. However, when NetScaler services are configured withclient keep-alive, the NetScaler keeps the connection between itself and the clientopen even after sending the response to the client, minimizing the connectionoverhead from the client when additional requests are made.Enterprise mobility problems and their solutionsMobility problems present themselves in many ways within the enterprise. Whileeach scenario tends to have unique aspects, it isn’t always easy to determinewhich protocol extensions and which ADC features can be used to resolve them.In order to make troubleshooting and problem resolution easier, the followingtables provide a mapping between mobility problems and solutions. Simply findthe relevant problem scenario in the first column and look across the remainingcolumns to find the features and capabilities that may be used to resolve them.Customer Use CaseSPDYUser experience slow webbrowsing to corporate webserversMPTCPTCPWestwood3User loses streaming audio/video when moving from3G/4G to 802.11 networkand needs to restart from InsightCenter3333Multiple mobile userdownloading the samecompany-wide monthlynews letter causing mpressionHTTPCaching333333333User has a older, slowclient which results in poordownload performance33citrix.com33The same content presentedto a PC does not presentitself well when viewing from amobile device3TCPBuffering33User complain that continuedconnections to specificservices are slowClientkeepalives3Corporate Executives requirepriority queuing for a specificapplication regardless of theserver they LB toUser active connections areterminated when movingbetween wireless networksETagheaders3User experiences slowdownload of specific audioand video filesEnd-user complain of slowdownloads to corporate appsand other resources and floodhelp desk with callsAppQoEContentswitchingbased ondevice type33333333333333333
10Empower your employees with mobile deliveryAs a cloud computing company that enables mobile work styles, Citrix is leadingthe way in upgrading the datacenter network to support mobility. Citrix NetScaler—the industry’s most advanced cloud network platform—not only supports the latestTCP extensions required for mobility, it has been specifically designed to deliverthe exceptional experience demanded by today’s mobile workforce. NetScaleroffers advanced mobility features that uniquely smooth the way for mobile devices,overcoming critical challenges in enterprise mobility adoption.Specific mobility challenges addressed by NetScaler include: Performance – Through support for TCPW, TCP buffering, dynamic windowmanagement and more, NetScaler delivers a high-performance not availablethrough standard TCP alone. Availability – By supporting MPTCP, content switching and other innovativefeatures, NetScaler keeps users working productively even when they changelocations. Security – For the most complete enterprise mobile solution, NetScaler InsightCenter, NetScaler App Firewall, NetScaler Gateway and XenMobile MDM keepmobile devices protected from attacks, data theft and unauthorized access.Citrix NetScaler is far more than just a load balancer. It is an ADC for the mobileworld that overcomes the key mobility challenges in the enterprise datacenternetwork, creating greater satisfaction and higher productivity among employees.Corporate HeadquartersFort Lauderdale, FL, USAIndia Development CenterBangalore, IndiaLatin America HeadquartersCoral Gables, FL, USASilicon Valley HeadquartersSanta Clara, CA, USAOnline Division HeadquartersSanta Barbara, CA, USAUK Development CenterChalfont, United KingdomEMEA HeadquartersSchaffhausen, SwitzerlandPacific HeadquartersHong Kong, ChinaAbout CitrixCitrix (NASDAQ:CTXS) is the cloud computing company that enables mobile workstyles—empowering people to work and collaborate fromanywhere, accessing apps and data on any of the latest devices, as easily as they would in their own office—simply and securely. Citrix cloudcomputing solutions help IT and service providers build both private and public clouds—leveraging virtualization and networking technologiesto deliver high-performance, elastic and cost-effective services for mobile workstyles. With market leading solutions for mobility, desktopvirtualization, cloud networking, cloud platforms, collaboration, and data sharing, Citrix helps organizations of all sizes achieve the kind of speedand agility necessary to succeed in an increasingly mobile and dynamic world. Citrix products are in use at more than 260,000 organizationsand by over 100 million users globally. Annual revenue in 2012 was 2.59 billion. Learn more at www.citrix.com. 2013 Citrix Systems, Inc. All rights reserved. Citrix, NetScaler, NetScaler Insight Center, NetScaler Gateway, XenApp, XenDesktop, XenMobileMDM and NetScaler App Firewall are trademarks or registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, andmay be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks areproperty of their respective owners.0512/PDFcitrix.com
connections. NetScaler can then unite the data. Figure 2: Example of NetScaler acting as a Multipath-TCP (MPTCP) Gateway. Another availability issue arises when content must be formatted uniquely for different device types. NetScaler also supports content switching based on device type. It examines the user agent or custom HTTP header in the client
