SlideShare a Scribd company logo

Citrix Day 2015 Net Scaler Release 10.5 Update v10

Digicomp Academy Suisse Romande SA
Digicomp Academy Suisse Romande SA

NetScaler major release, 2014 •Over 100 features in Beta 1 •New feature highlights ᵒNetScaler MobileStream™ ᵒCore •Policy Variables, TCP Optimizations, Traffic Domains, Link Redundancy ᵒLoad Balancing

Related slideshows

#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
 
1 of 37
Download to read offline
© 2014 Citrix Agenda •NetScaler 10.5 Overview and Features Update •5min break •CloudBridge 7.3 and the Windows Server appliances
NetScaler Release 10.5 Overview and Features Update Simeon Bosshard, Systems Engineer Citrix Systems International GmbH 09.02.2015
© 2014 Citrix Overview •NetScaler major release, 2014 •Over 100 features in Beta 1 •New feature highlights ᵒ NetScaler MobileStream™ ᵒ Core • Policy Variables, TCP Optimizations, Traffic Domains, Link Redundancy ᵒ Load Balancing
© 2014 Citrix Datacenter Enhancements NetScaler MobileStream TM Network Virtualization Release 10.5 Citrix NetScaler 10
© 2014 Citrix Announcement Highlights MPTCP SPDY v3 AAA External Support SSL Enhancements OWA Force Session Timeout Minification Lazy Image Loading Mobile Micro VPN Link redundancy AAA Session Stickiness RISE Integration ACI Integration SVM Managed API HTML Views (not Java) Client Cert Passthrough Gateway Enhancements BIC and CUBIC TCP SSL Elliptical Curve Optimization Simplified File Operations LLDP Support Dynamic routing Enhancements Traffic Domains Domain Sharding Forms Based SSO Enhancements Ethernet Jumbo Frames
© 2014 Citrix New Licensed Features Feature Platinu m Enterprise Standard NetScaler MobileStream™ ✔ ✔ Policy Variables ✔ ✔ ✔ Traffic Domains ✔ ✔ ✔ LLDP ✔ ✔ ✔ Link Redundancy ✔ ✔ ✔ Application Firewall ✔ * Cisco: RISE* ✔ ✔ Cisco: vPath* ✔ ✔ ✔ NetScaler MobileStream™ Platinum Enterprise Standard SPDYv3, MPTCP, BIC TCP, CUBIC, TCP Westwood ✔ ✔ ✔ Domain Sharding, Prefetch, Image Opt, CSS & JS Opt, Lazy loading ✔ ✔ MicroVPN for Mobile Devices (NetScaler Gateway) ✔ ✔ ✔ * Note: Only RISE or vPath can be enabled at one time per NetScaler instance * Available as an a-la-cart feature
NetScaler MobileStream™ Front End Optimization (FEO)
© 2014 Citrix Importance Of Mobile User Acceleration FEOEvery device unique Firmware different Screen size different Retina displays Web browser different Connectivity location different Network speed different • Optimization historically focused on optimizing and reducing load at the backend. • With current trend of Mobility NetScaler Focuses on faster and efficient web content delivery by optimizing the web page components most dependent on client side processing. Mobile Acceleration Improves Your Mobile Clients’ Experience
© 2014 Citrix • Transport layer protocol • Coexist with TCP • Provides fault tolerance and path failover • Increase throughput by using multiple paths • Availability ᵒ RFC 6824 ᵒ Linux distribution (Standard & Android) ᵒ BSD in development Establish secure token on first subflow (SF #1) Subsequent subflows use the secure token from SF #1 to connect What is MPTCP? TCP Options MPTCP SSL HTTPApplication/Session Presentation Transport TCP-2 TCP-nTCP-1 MP_CAPABLE
© 2014 Citrix High-Speed Enablement SPDYv3 Next Generation HTTP •Proposed as HTTP 2.0 BIC TCP For High Speed Variable Latency Networks Send large amounts of data quickly over long distances CUBIC For High Speed Unreliable & Lossy Networks Simplified window control •RTT window size
© 2014 Citrix How NetScaler Optimizes The Front-End • Change embedded URLs to use sub-domains and trick the browser to open more connections Domain Sharding • Remove unnecessary characters & space • Simplify processing & reduce download time to client device • Move CSS & JS objects to end of HTML body • Inline Download Minimize & Optimize Order of CSS & JS • JPG optimize, Convert GIF to PNG, Image Lazy load, Image shrink to display attributes of the user-device Image Optimization
Core
© 2014 Citrix •1000s of Views now only in HTML5 •Load time reduced by over 50% •Improved user efficiency •Following areas will be converted in a 10.5 maintenance release •AppFW, Visualizer, Diagnostics Conversion from Java to HTML5
© 2014 Citrix Core Feature Watch This • Policy Variables ᵒ Store a token (data) from the request or response in a system variable ᵒ Reference stored data for • Fully customized session persistence • Internal computation • Policy processing
© 2014 Citrix LLDP Support • Allow stations attached to an IEEE 802 LAN to advertise System Information. Helps to create network topology. • System information advertised ᵒ Capabilities ᵒ Management addresses ᵒ Connectivity information Dst MAC 01-80-C2-00-00-0E Src MAC Ether Type 88-CC LLDP Info LLDP Info consist of multiple TLVs TLVs must be in following sequence
© 2014 Citrix Ethernet jumbo frames Big Payloads Increased Throughput and Goodput Fewer Packets Less Packet switching Reduced Network I/O Lowered CPU Usage Reduced Protocol Processing
© 2014 Citrix What is Admin Partition? • Logical separation of NetScaler into multiple units • Functions like an independent Netscaler. • Provides isolation of configuration and data/traffic • Provides multi-tenancy, but without separation of system resources, like., CPU, Memory, etc. • Consists of Application resources (services, vservers, policies, monitors, etc.)
© 2014 Citrix Highlights of Admin Partition (Contd…) • Separate GUI/CLI/Monitoring/Report • IP overlapping • External Auth - AAA • No inter partition routing • No read/write access to others • Overall System security • HA – Connection Mirror
© 2014 Citrix Partition Definition • System admin defines partition • Associates partition admins • Defines IP space for partition • Vlan and other Network config Partition Admin • Defines the App • Service creation • Vserver creation • Policies/Profiles • Access common resources • Creates SNIPs • Networking resources System Expectation • Config file • Sh run • Save config • Clear config • SSL cert/keys Manageability Expectation • Config UI • Reporting • Dashboard • SNMP • AppFlow/Insight Admin Partition Workflow
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix
© 2014 Citrix Link Redundancy • LR Trigger for LACP channels ᵒ Set a minimum bandwidth for dynamic channels. When throughput falls below threshold, a link failover is triggered to make another channel. ᵒ For HA pair, when all channels reach threshold, trigger HA failover. • LR Trigger for generic channels ᵒ Fail to another channel (to a redundant switch) when threshold reached One of the active link fails – Min threshold is hit How it works? Key 1 Key 2 Key 3 At any point of time only one channel will be active. Switch X Switch Y Switch Z When one of the active link fails, and lrMinThroughput is hit, we select a subchannel with high throughout and make it active by reseting all other interfaces LCAP Key 4 Key 1 Key 2 Key 3 Switch X Switch Y Switch Z LCAP Key 4
© 2014 Citrix Orchestration • NITRO API SDK in Python for better server side scripting. Python SDK will be available and supported with python 2.7 and 3+.Python SDK • NITRO API support for routing protocols. Changes sync to all peers. Dynamic Routing • NITRO APIs for Upload, Download, Write and Read methods. Key functional requirements like SSL certkey will be able to get the benefits. File Operations • NITRO APIs and commands for better system manageability • Tech Support, batch, source, show nstrace, start nstrace, stop nstrace Other Commands
© 2014 Citrix Service Supporting Features • Content Switching ᵒ Multi-port CS • Configure a CS vserver on a combination of ports ᵒ DNS_TCP Support • DNS_TCP protocol is now supported with a Content Switching Vserver • Audit Logging ᵒ Ability to distinguish whether the command is executed from CLI or the GUI • AAA Session Stickiness ᵒ LDAP, RADIUS, & TACACS: We now stick to the server where last session was successful.
© 2014 Citrix Service Supporting Features (cont) • AAA-TM ᵒ Custom error strings ᵒ Backend HTTP Web-Form Authentication ᵒ Strong Encryption Support in KCD/Kerberos (AES-256, RC4-HMAC) • OWA Force Session Timeout ᵒ Forced timeout on long-lived connections that are open for monitoring • Client Certificate Pass-through ᵒ In XenMobile deployments, a client-certificate is required to be passed to Storefront. Now send the client-certificate any Application server. No configuration needed. • Forms Based SSO – Relative URLs ᵒ NS can take relative URL and processed for Form based SSO
© 2014 Citrix SDX SVM Manageability & 3rd Party Software • CLI Support • File management via NITRO • AAA Support ᵒ Use LDAP/TACACS/RADIUS for SVM access ᵒ Authorization & Audit log support ᵒ Password expiration support ᵒ For more details refer : AAA edocs • Ethernet Jumbo Frames Support with SR-IOV • Central SSL Cert & Key Management Open service delivery platform for 3rd party services
Load Balancing
© 2014 Citrix TM & DNS LB: Increased number of service groups to 8000 DNS LB: CNAME record caching in Proxy mode • NetScaler to use DNS caching module to cache CNAME record and send it from NS than fetching it every time DNS: NAPTR • NAPTR support on NS along with SRV records. GSLB: Static proximity sync • Auto sync of static proximity db
© 2014 Citrix SSL • ECC Cipher Support ᵒ More secure & faster ciphers available on N3-based MPX, SDX, & VPX • ECDHE-RSA-RC4-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA • Common Name Check • Server Auth configuration is enhanced to accept “commonName” check. This check will be performed on SSL certificates received from backend server • SSL Profiles ᵒ SSL profiles added for frontend and backend communication • SSL Cert Chain ᵒ Helps identify the certificates belonging to a chain and suggest if a cert is missing in the chain.
Q&A
Citrix Day 2015 Net Scaler Release 10.5 Update v10

More Related Content

Citrix Day 2015 Net Scaler Release 10.5 Update v10

  • 1. © 2014 Citrix Agenda •NetScaler 10.5 Overview and Features Update •5min break •CloudBridge 7.3 and the Windows Server appliances
  • 2. NetScaler Release 10.5 Overview and Features Update Simeon Bosshard, Systems Engineer Citrix Systems International GmbH 09.02.2015
  • 3. © 2014 Citrix Overview •NetScaler major release, 2014 •Over 100 features in Beta 1 •New feature highlights ᵒ NetScaler MobileStream™ ᵒ Core • Policy Variables, TCP Optimizations, Traffic Domains, Link Redundancy ᵒ Load Balancing
  • 5. © 2014 Citrix Announcement Highlights MPTCP SPDY v3 AAA External Support SSL Enhancements OWA Force Session Timeout Minification Lazy Image Loading Mobile Micro VPN Link redundancy AAA Session Stickiness RISE Integration ACI Integration SVM Managed API HTML Views (not Java) Client Cert Passthrough Gateway Enhancements BIC and CUBIC TCP SSL Elliptical Curve Optimization Simplified File Operations LLDP Support Dynamic routing Enhancements Traffic Domains Domain Sharding Forms Based SSO Enhancements Ethernet Jumbo Frames
  • 6. © 2014 Citrix New Licensed Features Feature Platinu m Enterprise Standard NetScaler MobileStream™ ✔ ✔ Policy Variables ✔ ✔ ✔ Traffic Domains ✔ ✔ ✔ LLDP ✔ ✔ ✔ Link Redundancy ✔ ✔ ✔ Application Firewall ✔ * Cisco: RISE* ✔ ✔ Cisco: vPath* ✔ ✔ ✔ NetScaler MobileStream™ Platinum Enterprise Standard SPDYv3, MPTCP, BIC TCP, CUBIC, TCP Westwood ✔ ✔ ✔ Domain Sharding, Prefetch, Image Opt, CSS & JS Opt, Lazy loading ✔ ✔ MicroVPN for Mobile Devices (NetScaler Gateway) ✔ ✔ ✔ * Note: Only RISE or vPath can be enabled at one time per NetScaler instance * Available as an a-la-cart feature
  • 8. © 2014 Citrix Importance Of Mobile User Acceleration FEOEvery device unique Firmware different Screen size different Retina displays Web browser different Connectivity location different Network speed different • Optimization historically focused on optimizing and reducing load at the backend. • With current trend of Mobility NetScaler Focuses on faster and efficient web content delivery by optimizing the web page components most dependent on client side processing. Mobile Acceleration Improves Your Mobile Clients’ Experience
  • 9. © 2014 Citrix • Transport layer protocol • Coexist with TCP • Provides fault tolerance and path failover • Increase throughput by using multiple paths • Availability ᵒ RFC 6824 ᵒ Linux distribution (Standard & Android) ᵒ BSD in development Establish secure token on first subflow (SF #1) Subsequent subflows use the secure token from SF #1 to connect What is MPTCP? TCP Options MPTCP SSL HTTPApplication/Session Presentation Transport TCP-2 TCP-nTCP-1 MP_CAPABLE
  • 10. © 2014 Citrix High-Speed Enablement SPDYv3 Next Generation HTTP •Proposed as HTTP 2.0 BIC TCP For High Speed Variable Latency Networks Send large amounts of data quickly over long distances CUBIC For High Speed Unreliable & Lossy Networks Simplified window control •RTT window size
  • 11. © 2014 Citrix How NetScaler Optimizes The Front-End • Change embedded URLs to use sub-domains and trick the browser to open more connections Domain Sharding • Remove unnecessary characters & space • Simplify processing & reduce download time to client device • Move CSS & JS objects to end of HTML body • Inline Download Minimize & Optimize Order of CSS & JS • JPG optimize, Convert GIF to PNG, Image Lazy load, Image shrink to display attributes of the user-device Image Optimization
  • 12. Core
  • 13. © 2014 Citrix •1000s of Views now only in HTML5 •Load time reduced by over 50% •Improved user efficiency •Following areas will be converted in a 10.5 maintenance release •AppFW, Visualizer, Diagnostics Conversion from Java to HTML5
  • 14. © 2014 Citrix Core Feature Watch This • Policy Variables ᵒ Store a token (data) from the request or response in a system variable ᵒ Reference stored data for • Fully customized session persistence • Internal computation • Policy processing
  • 15. © 2014 Citrix LLDP Support • Allow stations attached to an IEEE 802 LAN to advertise System Information. Helps to create network topology. • System information advertised ᵒ Capabilities ᵒ Management addresses ᵒ Connectivity information Dst MAC 01-80-C2-00-00-0E Src MAC Ether Type 88-CC LLDP Info LLDP Info consist of multiple TLVs TLVs must be in following sequence
  • 16. © 2014 Citrix Ethernet jumbo frames Big Payloads Increased Throughput and Goodput Fewer Packets Less Packet switching Reduced Network I/O Lowered CPU Usage Reduced Protocol Processing
  • 17. © 2014 Citrix What is Admin Partition? • Logical separation of NetScaler into multiple units • Functions like an independent Netscaler. • Provides isolation of configuration and data/traffic • Provides multi-tenancy, but without separation of system resources, like., CPU, Memory, etc. • Consists of Application resources (services, vservers, policies, monitors, etc.)
  • 18. © 2014 Citrix Highlights of Admin Partition (Contd…) • Separate GUI/CLI/Monitoring/Report • IP overlapping • External Auth - AAA • No inter partition routing • No read/write access to others • Overall System security • HA – Connection Mirror
  • 19. © 2014 Citrix Partition Definition • System admin defines partition • Associates partition admins • Defines IP space for partition • Vlan and other Network config Partition Admin • Defines the App • Service creation • Vserver creation • Policies/Profiles • Access common resources • Creates SNIPs • Networking resources System Expectation • Config file • Sh run • Save config • Clear config • SSL cert/keys Manageability Expectation • Config UI • Reporting • Dashboard • SNMP • AppFlow/Insight Admin Partition Workflow
  • 28. © 2014 Citrix Link Redundancy • LR Trigger for LACP channels ᵒ Set a minimum bandwidth for dynamic channels. When throughput falls below threshold, a link failover is triggered to make another channel. ᵒ For HA pair, when all channels reach threshold, trigger HA failover. • LR Trigger for generic channels ᵒ Fail to another channel (to a redundant switch) when threshold reached One of the active link fails – Min threshold is hit How it works? Key 1 Key 2 Key 3 At any point of time only one channel will be active. Switch X Switch Y Switch Z When one of the active link fails, and lrMinThroughput is hit, we select a subchannel with high throughout and make it active by reseting all other interfaces LCAP Key 4 Key 1 Key 2 Key 3 Switch X Switch Y Switch Z LCAP Key 4
  • 29. © 2014 Citrix Orchestration • NITRO API SDK in Python for better server side scripting. Python SDK will be available and supported with python 2.7 and 3+.Python SDK • NITRO API support for routing protocols. Changes sync to all peers. Dynamic Routing • NITRO APIs for Upload, Download, Write and Read methods. Key functional requirements like SSL certkey will be able to get the benefits. File Operations • NITRO APIs and commands for better system manageability • Tech Support, batch, source, show nstrace, start nstrace, stop nstrace Other Commands
  • 30. © 2014 Citrix Service Supporting Features • Content Switching ᵒ Multi-port CS • Configure a CS vserver on a combination of ports ᵒ DNS_TCP Support • DNS_TCP protocol is now supported with a Content Switching Vserver • Audit Logging ᵒ Ability to distinguish whether the command is executed from CLI or the GUI • AAA Session Stickiness ᵒ LDAP, RADIUS, & TACACS: We now stick to the server where last session was successful.
  • 31. © 2014 Citrix Service Supporting Features (cont) • AAA-TM ᵒ Custom error strings ᵒ Backend HTTP Web-Form Authentication ᵒ Strong Encryption Support in KCD/Kerberos (AES-256, RC4-HMAC) • OWA Force Session Timeout ᵒ Forced timeout on long-lived connections that are open for monitoring • Client Certificate Pass-through ᵒ In XenMobile deployments, a client-certificate is required to be passed to Storefront. Now send the client-certificate any Application server. No configuration needed. • Forms Based SSO – Relative URLs ᵒ NS can take relative URL and processed for Form based SSO
  • 32. © 2014 Citrix SDX SVM Manageability & 3rd Party Software • CLI Support • File management via NITRO • AAA Support ᵒ Use LDAP/TACACS/RADIUS for SVM access ᵒ Authorization & Audit log support ᵒ Password expiration support ᵒ For more details refer : AAA edocs • Ethernet Jumbo Frames Support with SR-IOV • Central SSL Cert & Key Management Open service delivery platform for 3rd party services
  • 34. © 2014 Citrix TM & DNS LB: Increased number of service groups to 8000 DNS LB: CNAME record caching in Proxy mode • NetScaler to use DNS caching module to cache CNAME record and send it from NS than fetching it every time DNS: NAPTR • NAPTR support on NS along with SRV records. GSLB: Static proximity sync • Auto sync of static proximity db
  • 35. © 2014 Citrix SSL • ECC Cipher Support ᵒ More secure & faster ciphers available on N3-based MPX, SDX, & VPX • ECDHE-RSA-RC4-SHA, ECDHE-RSA-DES-CBC3-SHA, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA • Common Name Check • Server Auth configuration is enhanced to accept “commonName” check. This check will be performed on SSL certificates received from backend server • SSL Profiles ᵒ SSL profiles added for frontend and backend communication • SSL Cert Chain ᵒ Helps identify the certificates belonging to a chain and suggest if a cert is missing in the chain.
  • 36. Q&A