deploying xenapp and xendesktop with big-ip brent imhoff – field systems engineer gary zaleski –...
TRANSCRIPT
Deploying XenApp and XenDesktop with BIG-IP
Brent Imhoff – Field Systems EngineerGary Zaleski – Solutions ArchitectMichael Koyfman – Solutions Architect
2
F5’s Dynamic Control Plane ArchitectureUsers
Resources
Physical Virtual Multi-Site DCs
Private Public
Cloud
Availability•Scale•HA / DR•Bursting•Load-Balancing
Optimization•Network•Application•Storage•Offload
Security•Network•Application•Data•Access
Management• Integration• Visibility• Orchestration
App
licat
ion
and
Dat
a D
eliv
ery
Net
wor
k
3
What does F5 have to do with Citrix?• Citrix recommends an application delivery controller to
maximize XenDesktop and XenApp – Providing secure remote access– Supporting shared resources– Ensuring best performance– Protecting against attacks
• Customers need to choose software or hardware load balancing
4F5 Networks, Confidential
BIG-IP APM: High Performance, Low Cost
DMZ
4,000 Remote Users
15,000 Corporate Users
Internal LAN
VLAN 1
Internet
1,000 Wireless Users
Internal LAN
VLAN 2
Utilize existing user directory
Xen Servers
6,000 Corporate Branch
Users
F5 Access Policy Manager
$188K for 26k $188K for 26k usersusers25% of cost25% of cost
$188K for 26k $188K for 26k usersusers25% of cost25% of cost
• Consolidation: 6:1 on Access and Acceleration • High performance – 26,000 users at $7+ per user • Scale up to 60,000 users• Flexible and centralized security policy management• Integrated endpoint security checking• Integrated application acceleration – up to 10x
5F5 Networks, Confidential
• Access Sessions– Application Access Proxy
• SSL offload, full stateful L3 – L7 proxy• Up to 42 Gbps forwarding performance (BIG-IP 11050)
– Network Access VPN• SSL VPN tunnel• Up to 10 Gbps forwarding performance
– Portal Access VPN• SSL offload, HTTP (HTML, Javascript, and CSS) content rewrite• Up to 4.5 Gbps forwarding performance
– Application Tunnel VPN • SSL VPN tunnel
• Up to 600 logins-per-second
• Designed to layer with existing F5 Security Modules
APM Performance and Scalability
6F5 Networks, Confidential
6
Citrix XenApp and XenDesktop Auth Problems
• Costly, complex, and un-extensible• Managing authentication in multiple locations• Manual scripting for auth integration
NetScaler + Access Gateway
Directory
Mobile Users
STA
Citrix XML Brokers
Auth Mgmt
Internal Users
Citrix Web Interface Servers with ICA
Auth Mgmt
7F5 Networks, Confidential
7
Simplified Access for Citrix XenApp• Manage access from consolidated solution• Eliminate Web Interface Servers and NetScalers• Replace Web Interface with Portal Mode
Directory
Mobile Users
Citrix XML Brokers
Auth Mgmt
BIG-IP Local Traffic Manager+ Access Policy Manager
CapExand OpEx
Internal Users
8
F5 Networks, Confidential
8
Simplified Access for Other Applications• Manage access from consolidated solution• Leverage Credential Cacheing and Single Sign On• Present OWA, VMWare View next to Citrix Apps in Portal Mode
Directory
Mobile Users
BIG-IP Local Traffic Manager+ Access Policy Manager
Internal Users
9F5 Networks, Confidential
Dynamic Webtop for End-UsersDynamic Webtop for End-Users
• Dynamically present Citrix Apps and Desktops• Adjusts to mobile devices• Unified End User Experience
10F5 Networks, Confidential
Easy Access Policy Deployment Wizards Deployment-specific wizards for Citrix XenApp/XenDesktop for LTM virtuals, Network
Access, and Web Applications Access Step-by-step configuration, context sensitive help, review and summary Creates base set of objects and access policy for common deployments Automatically branches to necessary configuration (e.g., DNS)
11F5 Networks, Confidential
o Global Traffic Manager improves Citrix performance• Xen App/Desktop users sent to best datacenter• Continuous monitoring of entire infrastructure including network and
application health• Automatic failover during outages• Persistence prevents broken sessions
Monitoring via iQuery
BIG-IP Global Traffic Manager
BIG-IP Local Traffic Manager
BIG-IP Local Traffic Manager
BIG-IP Local Traffic Manager
Geolocation services
L-DNS
Deploying Citrix Globally with GTM
12F5 Networks, Confidential
Only ADC with Geolocation Access Rules
VPE – Geolocation RulesCustom session variablesCustom notification messagesLogging Client locationsReporting
15F5 Networks, Confidential
Key Points about F5 Citrix SolutionKey Points about F5 Citrix Solution
Loadbalancing XenApp and XenDesktop
– Pre-built deployment templates and deployment guides for XenApp and XenDesktop
– TCP optimizations and SSL offload improve user experience and provide server offload
– Provides High Availability to Web Interface and XML broker infrastructure
Remote Access to XenApp and XenDesktop
– Transparent implementation that requires no special Gateway Direct configurations
– Single policy and configuration setup, and SSO for all clients: desktop ICA, PNAgent, Receiver
– Eliminates the need for Secure Ticket Authority for remote access– Eliminates the need for Citrix Access Gateway for remote access– Removes troubleshooting complexity and consolidates all remote access
troubleshooting to a single point only – F5.– Accelerates ICA data delivery of WAN links
Loadbalancing XenApp and XenDesktop
– Pre-built deployment templates and deployment guides for XenApp and XenDesktop
– TCP optimizations and SSL offload improve user experience and provide server offload
– Provides High Availability to Web Interface and XML broker infrastructure
Remote Access to XenApp and XenDesktop
– Transparent implementation that requires no special Gateway Direct configurations
– Single policy and configuration setup, and SSO for all clients: desktop ICA, PNAgent, Receiver
– Eliminates the need for Secure Ticket Authority for remote access– Eliminates the need for Citrix Access Gateway for remote access– Removes troubleshooting complexity and consolidates all remote access
troubleshooting to a single point only – F5.– Accelerates ICA data delivery of WAN links
17
Summary
• Highest availability
• Dramatically increase server capacity
• Cross-site availability and resilience
• Pre-authenticate users in the perimeter network
• Seamless integration with systems management
18
Citrix related resources
• F5 Solution page for Citrix Solutions– http://www.f5.com/solutions/citrix/xenapp
• Video demo of BIG-IP deployment for Exchange Server 2010– http://www.vimeo.com/album/1537190
• F5 Deployment Guide for XenDesktop– http://www.f5.com/pdf/deployment-guides/citrix-xendesktop-dg.pdf
• F5 Deployment Guide for XenApp– http://www.f5.com/pdf/deployment-guides/citrix-xenapp-iapp-dg.pdf
• Application Delivery Controller Performance Reports– http://www.f5.com/pdf/reports/f5-performance-report.pdf
• 5 minutes or less video: BIG-IP APM and XenApp– http://devcentral.f5.com/weblogs/psilva/archive/2011/01/24/in-5-minutes-or-less-video-big-ip-apm-
amp.aspx
• Press Release - F5 Simplifies and Centralizes Access Management for Citrix Applications – http://www.f5.com/news-press-events/press/2010/20101214.html
• F5 DevCentral Community Group: Citrix / F5 Solutions– http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/2040/Default.aspx