Sikker adgang fra alle devices edgemo summit CPH maj 2014
Dec 17, 2015
Kort intro
Eigil ØrnfeltInfrastructure specialist
Niels HolmInfrastructure specialist
NetScaler GatewayNetScaler Access Gateway Enterprise Edition (AGEE)
Citrix Access Gateway (CAG)
Citrix Secure Gateway
NetScaler ADC
Citrix Advanced Access Gateway (CAG)
Citrix NetScaler overview
Cloud Infrastructure
Enterprise Datacenter
PerformanAcAcAccelerate Offload SecurityAvailability
• World-class load balancing
• Health monitoring
• Caching
• Compression
• Optimization
• TCP Connection Management
• SSL processing
• SSL VPN
• Application firewall
• AAA
Layer 4 Load Balancing
• Source IP• Cookie• SSL Session ID• Server-ID in URL Query• Customer Server-ID• Token (header or body)
Maintaining UserSessions
Distributing Traffic
• Least Connections• Lowest Response Time• Round Robin• SNMP-based• Hash-based• Many more…
Monitoring Server Health and Availability
• TCP Connection• HTTPS Connection• Extended Content Verification• Scriptable Health Checks
TCP and UDP Client Requests
HTTP Requests
• Anything in request body• Device Type• Language• Cookie• Browser Capability• XML XPath support
Client Attributes
• Any TCP Request• HTTP Get• HTTP Post
Request Protocol
Request Method
• Any TCP payload value• Any HTTP payload value• Domain• Wildcard URL
Content Switching: Load Balancing on Steroids
TCP Connection Multiplexing
1. NetScaler terminates connection
2. Client transmits requests
3. NetScaler establishes server connection
4. NetScaler transmits client requests
5. Other clients follow same procedure
6. Multiple client requests are transmitted across common server connection
Web Server
AppCache
• Memory or flash disk based cache• Reduce time to first packet• Significantly reduce back-end server workloads• Dynamic caching for frequently changing content• Flash cache support for realtime updates
AppCompress
• Standard based compression – GZIP/DEFLATE• Works with all browsers, including mobile• Applies to HTML, JavaScript, CSS and Documents• 3:1 to 5:1 Compression Ratio
Multi-factor authenticationREQ.SSL.CLIENT.CERT = EXISTSREQ.BROWSER-TYPE = Internet ExplorerREQ.SSL.CLIENT.CERT != EXISTS
REQ.SSL.CLIENT.CERT = EXISTS
+ LDAP
Insight CenterO
ldN
ew
USER
Help-Desk Desktop Admin
Network Admin
Citrix SupportSoftware
Citrix Support
Citrix SupportEscalation
USER
Help-Desk Network Admin
IT Department
Citrix Support
IT dept calls Citrix Support
NetScaler Insight Center
Internet NetScaler
XenDesktop/ XenApp
NetScaler Insight Center
3rd PartyAnalysis Tools
AppF
low
AppF
low
Insight Center
Application or Network?
Which Part of Network?
Bandwidth Taken Up?Users Affected
Servers Causing Trouble
Insight Center
ICA Analytics
DC & WAN Latency
Active /Inactive Session Data
ICA RTT
Host Delay
Client/ Server IP
Virtual Channels