Sikker adgang fra alle devices edgemo summit CPH maj 2014.

Sikker adgang fra alle devices

edgemo summit CPHmaj 2014

Kort intro

Eigil ØrnfeltInfrastructure specialist

[email protected]

Niels HolmInfrastructure specialist

[email protected]

NetScaler GatewayNetScaler Access Gateway Enterprise Edition (AGEE)

Citrix Access Gateway (CAG)

Citrix Secure Gateway

NetScaler ADC

Citrix Advanced Access Gateway (CAG)

Citrix NetScaler overview

Citrix NetScaler overview

Cloud Infrastructure

Enterprise Datacenter

PerformanAcAcAccelerate Offload SecurityAvailability

• World-class load balancing

• Health monitoring

• Caching

• Compression

• Optimization

• TCP Connection Management

• SSL processing

• SSL VPN

• Application firewall

• AAA

Layer 4 Load Balancing

• Source IP• Cookie• SSL Session ID• Server-ID in URL Query• Customer Server-ID• Token (header or body)

Maintaining UserSessions

Distributing Traffic

• Least Connections• Lowest Response Time• Round Robin• SNMP-based• Hash-based• Many more…

Monitoring Server Health and Availability

• TCP Connection• HTTPS Connection• Extended Content Verification• Scriptable Health Checks

TCP and UDP Client Requests

Global Server Load Balancing

Site B

Site A

HTTP Requests

• Anything in request body• Device Type• Language• Cookie• Browser Capability• XML XPath support

Client Attributes

• Any TCP Request• HTTP Get• HTTP Post

Request Protocol

Request Method

• Any TCP payload value• Any HTTP payload value• Domain• Wildcard URL

Content Switching: Load Balancing on Steroids

Optimering

TCP Connection Multiplexing

1. NetScaler terminates connection

2. Client transmits requests

3. NetScaler establishes server connection

4. NetScaler transmits client requests

5. Other clients follow same procedure

6. Multiple client requests are transmitted across common server connection

Web Server

AppCache

• Memory or flash disk based cache• Reduce time to first packet• Significantly reduce back-end server workloads• Dynamic caching for frequently changing content• Flash cache support for realtime updates

AppCache – Non-Caching proxy

Deliver it one time

Get the web page

AppCache – Caching proxy

Deliver it many times

Get the web page once

AppCompress

• Standard based compression – GZIP/DEFLATE• Works with all browsers, including mobile• Applies to HTML, JavaScript, CSS and Documents• 3:1 to 5:1 Compression Ratio

AppCompress

1 GbyteFile

1 GbyteFile

1 Gbps Throughput200-300Mbps Throughput

Sikkerhed

AAA - Authentication

Multi-factor authenticationREQ.SSL.CLIENT.CERT = EXISTSREQ.BROWSER-TYPE = Internet ExplorerREQ.SSL.CLIENT.CERT != EXISTS

REQ.SSL.CLIENT.CERT = EXISTS

+ LDAP

NetScaler Insight Center

Insight Center

Internet

!

!!

!WAN Data Center Network

XenDesktop/ XenApp

? ?

?

Insight CenterO

ldN

ew

USER

Help-Desk Desktop Admin

Network Admin

Citrix SupportSoftware

Citrix Support

Citrix SupportEscalation

USER

Help-Desk Network Admin

IT Department

Citrix Support

IT dept calls Citrix Support

NetScaler Insight Center

Internet NetScaler

XenDesktop/ XenApp

NetScaler Insight Center

3rd PartyAnalysis Tools

AppF

low

AppF

low

Insight Center

Application or Network?

Which Part of Network?

Bandwidth Taken Up?Users Affected

Servers Causing Trouble

Insight Center

ICA Analytics

DC & WAN Latency

Active /Inactive Session Data

ICA RTT

Host Delay

Client/ Server IP

Virtual Channels

?

Tak for jeres tid!