citrix.com

Citrix NetScaler White Paper

Achieve mobile delivery with Citrix NetScaler

2

citrix.com

Citrix NetScaler White Paper

The rise of mobility has placed unprecedented strain on the datacenter network, including one of its fundamental building blocks, TCP (Transmission Control Protocol). Without change, standard TCP fails to meet the performance, availability and security requirements of today’s mobile workforce. Fortunately, a number of TCP extensions that specifically address these challenges have been developed and Citrix NetScaler has many other mobility-aware features to optimize the user experience in a mobile-centric world.

In order to take advantage of these developments, enterprise IT must deploy application delivery controllers (ADC) that are mobile aware and support the latest TCP protocol extensions. Citrix NetScaler—the industry’s most advanced cloud network platform—not only supports these extensions, it has been specifically designed to deliver the exceptional experience demanded by today’s mobile workforce. NetScaler includes additional, innovative capabilities that produce industry leading performance, availability and security for today’s mobile enterprise.

TCP: Keeping up with changing network demandsTCP was first formally specified and documented nearly 40 years ago, in December of 1974. Today it remains the most popular transport protocol on the Internet, as well as within enterprise datacenter networks.

Some of the original design intentions included:

• Interoperability through a standard protocol for transmitting data between different hosts and entities

•Flexibility to handle the physical differences in host computers, routers, and networks in general, including support for different packet sizes

•Reliability through detection of errors and packet loss, as well as retransmission of data when necessary

•Connectivity with multiple independent networks, letting them act together as a single aggregated network

While these objectives were largely met, technology developments that were unforeseen at that time have created the need for TCP to be updated periodically. Changing network demands and the refinement of core algorithms in the protocol resulted in the release of TCP version 2 and 3 in 1977 and 1978. By 1981, TCP version 4 was released. At that time, Internet Protocol (IP) was split out from TCP and was called version 4 simply to match the current version of TCP.

Extending TCP with the Application Delivery ControllerThe core V4 protocols for TCP/IP—along with the enhanced IPv6 protocol—are still used today. However, a number of extensions as well as many additional related protocols have been added. For example, TCP multiplexing enables multiple users/applications to share a TCP connection to the same destination. By using an intermediary device such as an application delivery controller (ADC), much of the overhead of TCP connections can be offloaded from destination servers. Users make separate TCP connections to an ADC, while the ADC maintains a common pool of TCP connections between itself and the server.

3

citrix.com

Citrix NetScaler White Paper

You likely know that ADCs improve performance, availability and security for TCP/IP networks through capabilities such as:

•Compression

•Data Caching

• Layer 7 Content Switching

• Layer 7 Persistence

•Application Security

•SSL Offloading

•WAN Optimization

At the same time, mobility is driving an entirely new set of demands—creating unique issues and raising important questions that must be addressed.

•What new demands do the plethora of mobile devices that access applications and data in the enterprise datacenter put on TCP?

•How must the ADC evolve to keep up with the changing requirements driven by mobile users?

When standard TCP and mobility collideWith the dramatic rise of mobile devices, wireless networks, and on-the-go users, TCP faces unfamiliar challenges. Since, TCP was designed well before these mobile devices were even conceptualized, they are often mischaracterized and mishandled, resulting in poor network utilization which in turn leads to inferior performance.

For example, TCP often drives too much or too little traffic in part because its flow control and congestion avoidance algorithms were designed in an era of primarily wired networks. Wireless networks tend to lose packets because of interference, not congestion. Standard TCP can greatly reduce performance even when interference is minimal because it assumes losses are because of congestion and applies aggressive congestion avoidance algorithms resulting in sharp performance drops.

For mobile workers, the corporate network falls short Whatever the cause, too many corporate networks are unable to keep pace with the demands of mobile users. While everything may appear to be fine on the network, mobile users receive a suboptimal experience. Access to applications and data from mobile devices and/or wireless networks can be slow enough to cause productivity issues. Mobile performance can also be unpredictable, resulting in even greater frustration among mobile users.

Service availability can also be a significant challenge among mobile users. For example, active connections may be terminated when moving from external 3G/4G networks to the company’s private 802.11 network since the IP address will change between networks. Another type of availability issue is encountered when employees on laptops, desktops and virtual desktops see clear, understandable content on the corporate website, while their counterparts on mobile devices see an improperly formatted mess.

4

citrix.com

Citrix NetScaler White Paper

Ultimately it is the business that pays for the costs of poor mobility. If the prospective customer viewing the company’s product video loses connectivity while switching networks, he or she may not be willing to watch the video again from the start. If a sales representative cannot show a prospective customer a clear view of product materials from the company’s website on a tablet at a restaurant, interest in the product may be lost.

Addressing the mobility challengesTo overcome the challenges created by the rise of mobility, changes must happen both with TCP itself and within the enterprise datacenter network. The good news is that network challenges encountered over the last several decades have already been addressed with a combination of TCP and other protocol extensions, as well as new ADC capabilities. This same two pronged approach can be used again to address today’s mobility challenges.

• TCP protocol extensions such as multipath TCP (MPTCP) are helping overcome several enterprise mobility challenges.

•ETag headers, discussed in detail later, are used with HTTP to improve client cache efficiency.

•As with the TCP multiplexing example from earlier, ADCs are also a critical part of solving mobility challenges.

However, keep in mind that many ADCs were also designed with wired networks in mind. Not all ADCs support the updated protocols required to achieve superior mobile delivery and they may also lack additional benefits such as mobility enhancements, which can be implemented without protocol changes. Choosing the right ADC is important for your mobile users and applications.

Mastering enterprise mobility with NetScalerAs a cloud computing company that enables mobile work styles, Citrix is leading the way in upgrading the datacenter network to support mobility. Citrix NetScaler (the most advanced application delivery controller) offers cutting-edge mobility features that uniquely smooth the way for mobile devices and create more productive mobile users. NetScaler not only takes advantage of protocol extensions such as MPTCP, it adds powerful new benefits such as visibility and control through NetScaler Insight Center.

NetScaler boosts the experience of mobile users across several dimensions. Specific scenarios for three dimensions—performance, availability and security are provided here:

PerformanceOne of the most common issues faced by mobile users is poor performance. A frequent complaint that floods the help desk with calls is slow download of data and other resources. Importantly, this can happen even when sufficient network bandwidth is available resulting in the help desk wrongly assuming the problem is with the device or application. This issue arises, in part, because of the way the TCP congestion control algorithms were originally designed, coupled with several common characteristics of mobile wireless networks: relatively high packet loss, dynamic traffic loads and larger quantities of data that have been transmitted but not yet received.

5

citrix.com

Citrix NetScaler White Paper

Packet loss from wireless network interference causes standard TCP to overreact, unnecessarily reducing the TCP congestion window. This means that less data is allowed to be in transit at any given time, even though overall available bandwidth may not have really changed. The negative impact on performance is particularly strong on mixed wired/wireless networks. This impact is also felt more often for mobile networks that have higher packet loss rates.

NetScaler supports TCP Westwood (TCPW), a congestion avoidance algorithm that improves performance beyond common TCP congestion algorithms like TCP New-Reno. Mobile networks can suffer from bit-errors and/or network congestion, which cause traditional avoidance algorithms to reduce their throughput drastically. TCPW corrects that issue by continually computing an effective data-transfer rate for connections and using it to throttle data at the time of congestion, thereby improving throughput for that connection. Furthermore, if the throughput has wide variance, the algorithm probes aggressively to accelerate transfers to maximum available bandwidth.

Regular TCP Stacks

Time (sec)

Thr

oug

hput

(bp

s)

Mobile-ready TCP Westwood

Time (sec)

Thr

oug

hput

(bp

s)

Figure 1: TCP Westwood performance compared to traditional congestion avoidance algorithms.

NetScaler also offers advanced TCP buffering features, which improve the performance of a transaction management environment. It achieves this by adding a speed-matching mechanism between a fast server network and a slow client network, and buffering a server’s response before delivering it to the client at the client’s speed. This way the server can quickly offload the requested data and then devote its resources to other tasks.

Dynamic Window Management allows NetScaler to dynamically change the advertised TCP window size based on the system’s memory utilization. If memory is underutilized, NetScaler will increase the advertise TCP window size allowing for aggressive flow-control of the end-point, shedding load from the client or server.

6

citrix.com

Citrix NetScaler White Paper

If the system begins to detect memory pressure it will dynamically and gracefully decrease the advertised TCP window to balance out load and throughput. This offers optimal utilization of system resources and avoids traffic bottlenecks due to under-utilized capacity.

AvailabilityStandard TCP connections are unable to survive when mobile devices switch from one network to another. This can cause loss of state information for applications using a TCP connection that goes down. For example, if the user is streaming a video on a mobile phone over a 3G/4G network, streaming will be interrupted when connecting to an 802.11 company network. TCP connectivity is lost and must be reestablished, causing the user to start the video from the beginning again.

Today’s hosts and clients have multiple network paths between them, including 3G/4G and 802.11 access networks. To take advantage of these paths, NetScaler supports MPTCP, which is an extension of the TCP/IP protocol. MPTCP identifies and uses multiple paths available between MPTCP-enabled hosts and clients to maintain the TCP session. With MPTCP enabled, transactions can continue even if one of the network paths is not available. MPTCP offers better resilience and availability than standard TCP, because the application session does not fail if one link goes down.

Using an app over a 3G link is great. App access

is done over standard TCP connections.

Until the access point changes. The TCP

connection must reset leading to access delays.

Multi-path TCP solves this by using two TCP

connections. NetScaler can then unite the data.

Figure 2: Example of NetScaler acting as a Multipath-TCP (MPTCP) Gateway.

Another availability issue arises when content must be formatted uniquely for different device types. NetScaler also supports content switching based on device type. It examines the user agent or custom HTTP header in the client request for the type of device from which the request originated. Based on the device type, it directs the request to a specific Web server. For example, if the request came from a mobile phone, the request is directed to a server that is capable of serving content that the user can view on his or her mobile phone.

7

citrix.com

Citrix NetScaler White Paper

SecurityTCP lacks even the most basic mechanisms for security. Encryption, authentication and access control must all be handled outside the TCP protocol. In order to protect mobile devices from attacks, data theft and unauthorized access, additional functionality and technologies within the ADC are required.

NetScaler protects against a wide variety of threats with integrated security capabilities that protect mobile resources and augment existing network-layer security protections. For example, the NetScaler App Firewall blocks known and day-zero application-layer attacks, as well as web application behavior deviating from normal application use—ultimately protecting the mobile devices accessing these applications. Additionally, mobile users gain secure remote access with Citrix NetScaler Gateway, a proven SSL VPN solution that empowers users to work in any location. NetScaler is specifically designed for mobile users and provides the best secure application and data access for Citrix XenApp® and Citrix XenDesktop®.

Mobile security must extend beyond the network to mobile devices, applications and data. For example, devices may be unmanaged, jailbroken, rooted or out of compliance with IT policies. Similarly, unapproved users may attempt to access restricted applications and data. A complete mobile security solution includes XenMobile MDM for enterprise mobile device management. XenMobile MDM helps IT maintain device security and compliance to protect mobile applications, networks and data. Together, NetScaler and XenMobile MDM provide the best overall solution by enabling IT to support the extended security needs of mobile users in the enterprise.

Protecting mobile devices against attacks also requires visibility. NetScaler Insight Center delivers deep visibility and control to critical business applications and mobile services across public and private cloud environments. Based on the innovative open standard AppFlow™, the NetScaler Insight Center leverages existing networking real estate—uniquely situated at key focal points in the application path—to provide a 360-degree view for all mobile, web and virtual desktop traffic. The result is a network big data analytics platform that enables unprecedented visibility and real-time insight into datacenter traffic.

Additional NetScaler Mobility SupportNetScaler has many other powerful mobility features to ensure your mobile users get the experience they need.

SPDY

SPDY, pronounced speedy, is not an acronym; it is the full name of an open networking protocol for transporting web content. The goal of SPDY is to reduce web page load time by using a single TCP connection per domain. SPDY achieves this by allowing interleaved resource requests and prioritizing across resources. SPDY also achieves reduced latency through compression.

8

citrix.com

Citrix NetScaler White Paper

Impact of SPDY on Page Load Times

Packet Loss Rate (Internet avg is 1%)

Pag

e Lo

ad T

ime

(ms)

3,500

3,000

2,500

2,000

1,500

1,000

0% 0.5% 1% 1.5% 2% 2.5%

SPDY

HTTP500

Action analytics dynamic caching

The performance of your website or application depends on how well you optimize the delivery of the most frequently requested content. However, if you do not want to perform manual optimizations, or if your website or application is dynamic in nature, you need infrastructure that not only collects statistical data but also automatically optimizes the delivery of resources on the basis of the statistics. NetScaler provides this functionality through the Action Analytics feature.

AppQoE (Application-Level Quality of Experience)

ADCs traditionally maintain independent queues for every backend resource, an approach that does not allow global priority queuing across these resources. Rather than only maintaining queues for individual services, the AppQoE feature in NetScaler adds a global priority queue at the virtual server (vserver) level, allowing high-priority traffic to move ahead of traffic that has already been queued. This delivers better user experience when multiple resources are available for the same backend service.

ETag headers

An ETag or entity tag is part of HTTP, the protocol for the World Wide Web. It is one of several mechanisms that HTTP provides for web cache validation, and which allows a client to make conditional requests. Etags allow caches to be more efficient, and save bandwidth, since a web server does not need to send a full response if the content has not changed. However, Etags do not work well with servers behind load balancers, because the validation request can go to a different server. NetScaler overcomes this issue by rewriting the ETag header to identify the correct back-end server.

9

citrix.com

Citrix NetScaler White Paper

Customer Use Case SPDY MPTCPTCP

Westwood

Action Analytics dynamic caching

NetScaler Insight Center AppQoE

Content switching based on

device typeETag

headers

Client keep alives

TCP Buffering

Dynamic Window

bufferingHTTP

CompressionHTTP

Caching

User experience slow web browsing to corporate web servers

3 3 3 3 3 3 3 3

User loses streaming audio/video when moving from 3G/4G to 802.11 network and needs to restart from the beginning

3 3

User experiences slow download of specific audio and video files

3 3 3 3 3

Multiple mobile user downloading the same company-wide monthly news letter causing network congestion

3 3 3 3 3 3

End-user complain of slow downloads to corporate apps and other resources and flood help desk with calls

3 3 3 3 3 3 3 3

Corporate Executives require priority queuing for a specific application regardless of the server they LB to

3 3

The same content presented to a PC does not present itself well when viewing from a mobile device

3 3

User has a older, slow client which results in poor download performance

3 3 3

User active connections are terminated when moving between wireless networks

3 3

User complain that continued connections to specific services are slow

3 3 3 3 3 3 3

Client keep-alive

Opening and closing connections is time consuming and reduces overall end-user performance when making multiple HTTP/HTTPs requests. To improve performance NetScaler utilizes client keep-alives. Initial traffic from client devices is intercepted by NetScaler, which sets up one connection between itself and the client device, and another connection between itself and the server. Follow-on requests from the client are intercepted by the NetScaler and directed to the server. When the server sends the response, it closes the connection between the server and the NetScaler. However, when NetScaler services are configured with client keep-alive, the NetScaler keeps the connection between itself and the client open even after sending the response to the client, minimizing the connection overhead from the client when additional requests are made.

Enterprise mobility problems and their solutionsMobility problems present themselves in many ways within the enterprise. While each scenario tends to have unique aspects, it isn’t always easy to determine which protocol extensions and which ADC features can be used to resolve them. In order to make troubleshooting and problem resolution easier, the following tables provide a mapping between mobility problems and solutions. Simply find the relevant problem scenario in the first column and look across the remaining columns to find the features and capabilities that may be used to resolve them.

10

About CitrixCitrix (NASDAQ:CTXS) is the cloud computing company that enables mobile workstyles—empowering people to work and collaborate from anywhere, accessing apps and data on any of the latest devices, as easily as they would in their own office—simply and securely. Citrix cloud computing solutions help IT and service providers build both private and public clouds—leveraging virtualization and networking technologies to deliver high-performance, elastic and cost-effective services for mobile workstyles. With market leading solutions for mobility, desktop virtualization, cloud networking, cloud platforms, collaboration, and data sharing, Citrix helps organizations of all sizes achieve the kind of speed and agility necessary to succeed in an increasingly mobile and dynamic world. Citrix products are in use at more than 260,000 organizations and by over 100 million users globally. Annual revenue in 2012 was $2.59 billion. Learn more at www.citrix.com.

©2013 Citrix Systems, Inc. All rights reserved. Citrix, NetScaler, NetScaler Insight Center, NetScaler Gateway, XenApp, XenDesktop, XenMobile MDM and NetScaler App Firewall are trademarks or registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.

0512/PDF

Corporate HeadquartersFort Lauderdale, FL, USA

Silicon Valley HeadquartersSanta Clara, CA, USA

EMEA HeadquartersSchaffhausen, Switzerland

India Development CenterBangalore, India

Online Division HeadquartersSanta Barbara, CA, USA

Pacific HeadquartersHong Kong, China

Latin America HeadquartersCoral Gables, FL, USA

UK Development CenterChalfont, United Kingdom

citrix.com

Empower your employees with mobile deliveryAs a cloud computing company that enables mobile work styles, Citrix is leading the way in upgrading the datacenter network to support mobility. Citrix NetScaler—the industry’s most advanced cloud network platform—not only supports the latest TCP extensions required for mobility, it has been specifically designed to deliver the exceptional experience demanded by today’s mobile workforce. NetScaler offers advanced mobility features that uniquely smooth the way for mobile devices, overcoming critical challenges in enterprise mobility adoption.

Specific mobility challenges addressed by NetScaler include:

•Performance – Through support for TCPW, TCP buffering, dynamic window management and more, NetScaler delivers a high-performance not available through standard TCP alone.

•Availability – By supporting MPTCP, content switching and other innovative features, NetScaler keeps users working productively even when they change locations.

•Security – For the most complete enterprise mobile solution, NetScaler Insight Center, NetScaler App Firewall, NetScaler Gateway and XenMobile MDM keep mobile devices protected from attacks, data theft and unauthorized access.

Citrix NetScaler is far more than just a load balancer. It is an ADC for the mobile world that overcomes the key mobility challenges in the enterprise datacenter network, creating greater satisfaction and higher productivity among employees.