SlideShare a Scribd company logo

Citrix Net Scaler V9.0 Lb Highload Mar2009

Download as PPSX, PDF
Liudmila Li
Liudmila Li
Technology
1 of 49
Citrix NetScaler – балансировка высоконагруженных систем Николай Шадрин Systems Engineer Citrix Systems
Тенденции пользователей и ИТ USERS APPS APPS APPS • Глобализация • Зеленые ЦОД • Свободный график • Безопасность • Расширение филиалов • Непрерывность бизнеса • Мобильность • Web и Enterprise 2.0 • E-коммерция • SaaS, XML, SOA
Веб-приложения: богатые, сложные, требовательные Больше Sharing Content соединений Больше общения Групповые блоги Больше протоколов Wiki Больше форматов Групповые календари Списки Больше неизвестного Microsoft SharePoint 2007
Серверы: их всѐ больше Projected Server and Electricity Use Servers Electricity Use 18.0 120 16.0 100 Annual Electricity Use (billions/kWh) 14.0 Servers Installed (millions) 12.0 80 10.0 60 8.0 6.0 40 4.0 20 2.0 0.0 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Year Source: Energy Star Report
Доверие лидирующих предприятий и веб-сервисов 7000+ Deployments Worldwide
XML...SOAP...HTTP...WSDL...JSON...REST...RSS...AJAX...end-user experience... Mashup...RelTag...SOA...Application Availability...Data theft...RIA...Wiki...Enterprise 2.0 Трафик приложений Users Apps Ускорение Доступность Безопасность Разгрузка приложений приложений приложений инфраструктуры Сетевой трафик Router Switch Firewall MAC address...Source IP...Destination IP...Source port...Destination port...Ping... OSPF...RIP...BGP...ACL...DNS...Subnet...802.XX...ARP...ICMP...RTT...SYN...ACK... Keepalive...SNMP...SSH...SSL...MTBF...Latency...
Citrix Delivery Center TM “Превращаем центры обработки в центры доставки” Workflow Studio XenDesktop XenApp XenServer NetScaler
Citrix Delivery Center TM NetScaler - Platinum Встроенный Встроенный мониторинг Workflow Studio AG-E Сеть доставки Динамический ЦОД XenDesktop XenApp XenServer EdgeSight Access Provisioning Repeater Server Gateway NetScaler Встроенный Web App Firewall
NetScaler AppExpert
Системная архитектура NetScaler Единое управление и отчеты Функциональные модули NetScaler AppExpert Высокопроизводительная обработка Visual Policy пакетов и политик AppExpert Builder Administration Application Networking Platform
AppExpert Policy Engine Приложение 1 AppExpert Policy Engine 1) Получение и прерывание запроса 2) Расшифровка/аутентификация/анализ запроса Приложение 2 Users 3) Применение политик и ответ на запросы 4) Мультиплексирование через постоянные соединения
AppExpert Service Callout Example 3 Scraper 1. Приходит запрос tracking 2 2. NetScaler отсылает IP 4 3. Приложение проверяет IP 1 4. Приложение отсылает “yes” или “no” NS NS 5. Политика NetScaler PolicyNS Policy 5 Policy Website – Пропускает, если “yes” Users Citrix NS – Блокирует, если “no”
NetScaler Product Capabilities
NetScaler and the 4 Feature Buckets Clients Internet NS Server Acceleration Security Availability Offload
NetScaler and the 4 Feature Buckets Clients Internet NS Server Acceleration Security Availability Offload • TCP Optimization • DDos Protection • Load Balancing Layer 4 and Layer 7 • TCP Multiplex and Reuse • Web Compression • Content Filtering and Redirection • Global Server Load Balancing • SSL Offload • Cache (Static and Dynamic) • Web Application Firewall • Content Rewrite and Redirection • Cache (Static and Dynamic) • SSL VPN • Surge Protection and Sure Connect • Consolidated Web Logging • TCP Buffering
Разгрузка серверов
Server Offload Клиенты Интернет NS Сервер • Мультиплексирование и повторное использование TCP • Разгрузка SSL Offload • Кэширование (статическое и динамическое) • Консолидированная работа с логами • TCP-буферизация
Основы TCP и дополнительные 7 пакетов SYN 1. Клиент и сервер договариваются о настройках соединения. SYN + ACK ACK } 3 – Way Handshake GET 2. Client sends initial Data TCP request for data. In HTTP, this would be a GET. The server will 7 Packet respond with data. Overhead FIN } ACK 3. Server will send a 4 – Way FIN, informing the Teardown FIN client that all data has been sent. ACK
Установка TCP-соединения (3-Way Handshake) • Почему это важно? – Установка правильной связи с использованием порядковых номеров и подтверждений – Обе стороны принимают соглашение об опциях соединения (WS, MSS и SACK) • Какие проблемы? – TCP Slow Start – Slow Start и congestion avoidance постоянно меняют скорость отправки пакетов – Denial of Service Attacks – TCP может использоваться для отправки пакетов, перегружающих систему (SYN Flood)
Традиционные балансировщики и TCP Clients Internet LB Server Клиент отправляет TCP SYN на LB LB отправляет пакет на Web-ферму TCP-соединения от клиента к серверу
NetScaler и TCP-соединения Clients Internet NS Server Клиент отправляет TCP SYN на NS NS отправляет свой SYN на ферму NetScaler в виде TCP Proxy
Традиционные балансировщики vs. NetScaler Clients Internet NS Server Соотношение клиентских и серверных соединений – 1:1 у традиционных балансировщиков NS проксирует TCP-соединения, клиент и сервер полностью разделены; this allows a NetScaler to Multiplex and Reuse server side TCP Connections. Many Client Connections to 1 Server Side Connection N:1
Server Offload Customer Other Benefits Attained • Improved response time by 110% dRemate 50% • 40% savings on mgmt. costs LiveNation 50% • Capacity to support 100X traffic spikes • Significant decreases in application latency and SINA 66% mgmt. costs Transport for • 10X improvement in application performance 95% • 60% reduction in application latency London Userplane 87% • Estimated $390K savings in capital investment
Application Availability
Traditional Load Balancing Pool Clients Internet NS Server LB Algorithms: Health Checks: • Least conns. • TCP, UDP • Least bandwidth • HTTP, HTTPS • SNMP (CPU, RAM, etc.) • App level checks • etc.
L7 Content Switching Pool Content Switch Clients Internet NS Server LB Algorithms: Health Checks: • Least conns. • TCP, UDP • Least bandwidth • HTTP, HTTPS • SNMP (CPU, RAM, etc.) • App level checks • etc.
L7 Content Switching Статический (html, jpg, etc.) Оптимизированные пулы для разного типа контента Server Content Type Динамический Clients Internet NS (asp, cgi, etc.) Server
L7 Content Switching 95% запросов 5% содержимого Оптимизированные пулы для разного контента Server URL 5% запросов Clients Internet NS 95% содержимого Server
L7 Content Switching Пользовательский трафик Разные уровни сервиса разным клиентам Server Source Info Ботнеты, спайдеры и т.п. Clients Internet NS Server
NetScaler GSLB Site A B2C B2B Site B P2P
Как работает GSLB? 1. Клиент производит DNS-запрос What site should I go to? 2. NetScaler возвращает IP наиболее доступного ЦОД Go to site number 3. 3. Клиент соединяется с указанным IP Site 1 Site 2 Site 3
Варианты выбора политики доступа • Round Robin Взвешенный или невзвешенный • Географическая близость – Статическая или динамическая • Уровень нагрузки • Пользовательские политики • Disaster Recovery автоматический или ручной перенос нагрузки • На базе сохранения сессии
GSLB Static Proximity • IP локального DNS определяет его географическое расположение. • Стандартные базы данные определяют ближайший балансировщик • В георгафическом контексте имеются следующие обозначения: “Continent”, “Country”, “State”, “City”, “ISP”. Organization” • LDNS IP может подходить под несколько политик • Предлагается VIP с наилучшим набором параметров • Сайты в том же ЦОД балансируются по взвешенному Round Robin
GSLB Static Proximity - Supported Formats – NetScaler format – IP-country – IP-country-isp – IP-country-region-city – IP-country-region-city-isp – GeoIP-country – GeoIP-region – GeoIP-city – GeoIP- organization – GeoIP -isp – GeoIP-city-isp-organization – Custom database (User defined qualifiers)
GSLB Communication b/w NetSclaers Простой мониторинг • Only State (Up/Down) is learned • Status is assumed to be equally good • Each DNS query gets the IP address of various participating GSLB sites in a round robin fashion. • Insecure mode of Communication MEP (Metric Exchange Protocol) • NetScaler internal protocol to exchange state and health information over a TCP session • Connection establishment involves a secure RPC method • Data is sent in an non-encrypted manner • DNS queries get best suited response based on configured algo and information gathered through MEP
GSLB Dynamic Decision Methods • RTT (Round Trip Time) • Least Connections • Least (Server) Response Time • Least Bandwidth • Least Packet • Source IP Hash
NetScaler 9: AppExpert Rate Controls • Make sure the right users get Partners appropriate capacity • Плохие ничего не получат • Ни один отдельный пользователь не Lines of Business нагрузит сервер • Встроено в ядро NetScaler Customers • Работает со многими модулями Spiders, botnets, scrapers, etc.
AppExpert Rate Controls  User(s) Rate Time Object Action • IP Address • Запросы • Измеряется • IP сервера • Ограничения • IP Range/Subnet • Пакеты в мсек. • URL/URI • Выполнить • Cookie • Полоса • Рисунок политику • Wildcards • Файл • Responder • Rewrite • Любой • Любой • Cache заголовок или заголовок или • и. т. д. данные… данные… • Alert • Log • Trap Изолирование критичных объектов
Application Acceleration
Application Acceleration Clients Internet NS Server • TCP Optimization Acceleration • Web Compression • Cache (both Static Content and Dynamic)
Сжатие HTTP Зачем сжимать данные HTTP?  Меньше пакетов проходят по сети  Быстрее ответ приложения • Большинство веб-контента хранится несжатым • Все броузеры поддерживают сжатие GZIP – Совершенно прозрачно для пользователей – Решение о сжатии принимается на основе заголовка User-Agent – Политика NetScaler определяется по User-Agent и MIME-Type • Обычное сжатие – в интервале от 3:1 до 5:1 • Сжатие данных на скоростях до 6 Gbps
Динамическое кэширование без NetScaler с NetScaler
NetScaler ускоряет доставку до пользователя 0,22 SharePoint 2,04 1,1 SAP 5,22 With NetScaler 1,3 Without NetScaler Siebel CRM 4 Oracle 6,41 Forms 10,1 0 2 4 6 8 10 12 Response Time in Seconds
Продуктовая линейка NetScaler
Solutions for Any Size Business MPX: 15 Gbps 12000: 6 Gbps 10000: 4.8 Gbps 9000: 3 Gbps 7000: 600 Mbps
Citrix NetScaler Medium Enterprise Platforms 7000 9010 Size 1U 2U Power Supplies 1 2 Processor Single Single Memory 1 GB 2GB 6x - 10/100 & 4x - 10/100/1000; or Network Interface Support 2x - 10/100/1000 4x – GB Fiber System Throughput 600 Mbps 3 Gbps HTTP Compression Throughput 150 Mbps 400 Mbps HTTP Requests per Second 50K 125K SSL Encrypted Throughput 150 Mbps 500 Mbps SSL Transactions per Second 4400 Max. 4400
Citrix NetScaler Large Enterprise Platforms 10010 12000 MPX 15000 MPX 17000 Size 2U 2U 2U 2U Power Supplies 2 2 2 2 Processor Single Dual Dual (4 cores) Dual (8 cores) Memory 4GB 4GB 16GB 32GB 8x Fiber/Cu GB SFP, or 4x 10G Fiber XFP 4x - 10/100/1000 & 8x Cu GB SFP; or 2x 10G Fiber XFP + or Network Interface Support 4x – GB Fiber 4x Fiber & 4x CU SFP; or 8x CU SFP 10/100/1000 2x 10G Fiber XFP + 2x10GE & 8x10/100/1000 8x CU SFP 10/100/1000 System Throughput 4.8 Gbps 5.5 Gbps 15 Gbps 15 Gbps HTTP Compression Throughput 555 Mbps 1.3 Gbps 6 Gbps 6 Gbps HTTP Requests per Second 250K 275K 350K+ 350K+ SSL Encrypted Throughput 760 Mbps 3 Gbps 6 Gbps 6 Gbps SSL Transactions per Second 8800 28,000+ 48,000 48,000
• http://angdemo.citrix.com/ • http://hqfastapps.com • nshadrin@citrix.com
Citrix Net Scaler V9.0 Lb Highload Mar2009

Recommended

Using Omnet++ in Simulating Ad-Hoc Network
Using Omnet++ in Simulating Ad-Hoc Network Using Omnet++ in Simulating Ad-Hoc Network
Using Omnet++ in Simulating Ad-Hoc Network
Ahmed Nour
 
шадрин Xen Server And Citrix Essentials Technical Presentation Widescreen
шадрин Xen Server And Citrix Essentials Technical Presentation Widescreenшадрин Xen Server And Citrix Essentials Technical Presentation Widescreen
шадрин Xen Server And Citrix Essentials Technical Presentation Widescreen
Liudmila Li
 
Donnation Request
Donnation RequestDonnation Request
Donnation Request
Pat Duffy
 
Leitura Basica Historia Ead
Leitura Basica Historia EadLeitura Basica Historia Ead
Leitura Basica Historia Ead
guest7c79d19
 
Communities+Of+Practice+Workshop
Communities+Of+Practice+WorkshopCommunities+Of+Practice+Workshop
Communities+Of+Practice+Workshop
Miguel Cornejo Castro
 
Resolució Del Problema De MatemàTica Comercial
Resolució Del Problema De MatemàTica ComercialResolució Del Problema De MatemàTica Comercial
Resolució Del Problema De MatemàTica Comercial
Elies Villalonga
 
Merchant Product Datafeeds for Affiliates 101
Merchant Product Datafeeds for Affiliates 101Merchant Product Datafeeds for Affiliates 101
Merchant Product Datafeeds for Affiliates 101
Carsten Cumbrowski
 
06 November Presentation
06 November Presentation06 November Presentation
06 November Presentation
Raj RANA
 

Recommended

Using Omnet++ in Simulating Ad-Hoc Network
Using Omnet++ in Simulating Ad-Hoc Network Using Omnet++ in Simulating Ad-Hoc Network
Using Omnet++ in Simulating Ad-Hoc Network
Ahmed Nour
 
шадрин Xen Server And Citrix Essentials Technical Presentation Widescreen
шадрин Xen Server And Citrix Essentials Technical Presentation Widescreenшадрин Xen Server And Citrix Essentials Technical Presentation Widescreen
шадрин Xen Server And Citrix Essentials Technical Presentation Widescreen
Liudmila Li
 
Donnation Request
Donnation RequestDonnation Request
Donnation Request
Pat Duffy
 
Leitura Basica Historia Ead
Leitura Basica Historia EadLeitura Basica Historia Ead
Leitura Basica Historia Ead
guest7c79d19
 
Communities+Of+Practice+Workshop
Communities+Of+Practice+WorkshopCommunities+Of+Practice+Workshop
Communities+Of+Practice+Workshop
Miguel Cornejo Castro
 
Resolució Del Problema De MatemàTica Comercial
Resolució Del Problema De MatemàTica ComercialResolució Del Problema De MatemàTica Comercial
Resolució Del Problema De MatemàTica Comercial
Elies Villalonga
 
Merchant Product Datafeeds for Affiliates 101
Merchant Product Datafeeds for Affiliates 101Merchant Product Datafeeds for Affiliates 101
Merchant Product Datafeeds for Affiliates 101
Carsten Cumbrowski
 
06 November Presentation
06 November Presentation06 November Presentation
06 November Presentation
Raj RANA
 
11 Ban Net Scaler Xa
11 Ban Net Scaler Xa11 Ban Net Scaler Xa
11 Ban Net Scaler Xa
Liudmila Li
 
11 Net Scaler Xa1
11 Net Scaler Xa111 Net Scaler Xa1
11 Net Scaler Xa1
Liudmila Li
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
SSA KPI
 
1.Ms 云计算平台介绍
1.Ms 云计算平台介绍1.Ms 云计算平台介绍
1.Ms 云计算平台介绍
GaryYoung
 
рогачков Intel
рогачков Intelрогачков Intel
рогачков Intel
Liudmila Li
 
AWS re:Invent 2020 IoT Update - 20201223
AWS re:Invent 2020 IoT Update - 20201223AWS re:Invent 2020 IoT Update - 20201223
AWS re:Invent 2020 IoT Update - 20201223
Amazon Web Services Japan
 
X S Cloud N R 5
X S Cloud N R 5X S Cloud N R 5
X S Cloud N R 5
Liudmila Li
 
10 Dg Xd
10 Dg Xd10 Dg Xd
10 Dg Xd
Liudmila Li
 
08 Dg Xd
08 Dg Xd08 Dg Xd
08 Dg Xd
Liudmila Li
 
Aws it manager 2
Aws it manager 2Aws it manager 2
Aws it manager 2
ram jatan yadav
 
2. Windows Azure
2. Windows Azure2. Windows Azure
2. Windows Azure
GaryYoung
 
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Dmitri Soshnikov
 
Figaro
FigaroFigaro
Figaro
Endpoint Systems
 
Программные сервисы как выгодная инвестиция в новую ИТ-стратегию
Программные сервисы как выгодная инвестиция в новую ИТ-стратегиюПрограммные сервисы как выгодная инвестиция в новую ИТ-стратегию
Программные сервисы как выгодная инвестиция в новую ИТ-стратегию
SQALab
 
Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up
Abhishek Singh
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012
WSO2
 
Bynet2.3 Microsoft Silverlight3 using for business
Bynet2.3 Microsoft Silverlight3 using for businessBynet2.3 Microsoft Silverlight3 using for business
Bynet2.3 Microsoft Silverlight3 using for business
Транслируем.бел
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Elena Marianenko
 
E g innovations overview
E g innovations overviewE g innovations overview
E g innovations overview
Nuno Alves
 
Network Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: IntrouctionNetwork Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: Introuction
Cloudflare
 
09 Ban Branch Repeater1
09 Ban Branch Repeater109 Ban Branch Repeater1
09 Ban Branch Repeater1
Liudmila Li
 
08 Xenserver Dg
08 Xenserver Dg08 Xenserver Dg
08 Xenserver Dg
Liudmila Li
 

More Related Content

Similar to Citrix Net Scaler V9.0 Lb Highload Mar2009

11 Ban Net Scaler Xa
11 Ban Net Scaler Xa11 Ban Net Scaler Xa
11 Ban Net Scaler Xa
Liudmila Li
 
11 Net Scaler Xa1
11 Net Scaler Xa111 Net Scaler Xa1
11 Net Scaler Xa1
Liudmila Li
 
1.Ms 云计算平台介绍
1.Ms 云计算平台介绍1.Ms 云计算平台介绍
1.Ms 云计算平台介绍
GaryYoung
 
рогачков Intel
рогачков Intelрогачков Intel
рогачков Intel
Liudmila Li
 
2. Windows Azure
2. Windows Azure2. Windows Azure
2. Windows Azure
GaryYoung
 
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Dmitri Soshnikov
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012
WSO2
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Elena Marianenko
 

Similar to Citrix Net Scaler V9.0 Lb Highload Mar2009 (20)

11 Ban Net Scaler Xa
11 Ban Net Scaler Xa11 Ban Net Scaler Xa
11 Ban Net Scaler Xa
 
11 Net Scaler Xa1
11 Net Scaler Xa111 Net Scaler Xa1
11 Net Scaler Xa1
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
1.Ms 云计算平台介绍
1.Ms 云计算平台介绍1.Ms 云计算平台介绍
1.Ms 云计算平台介绍
 
рогачков Intel
рогачков Intelрогачков Intel
рогачков Intel
 
AWS re:Invent 2020 IoT Update - 20201223
AWS re:Invent 2020 IoT Update - 20201223AWS re:Invent 2020 IoT Update - 20201223
AWS re:Invent 2020 IoT Update - 20201223
 
X S Cloud N R 5
X S Cloud N R 5X S Cloud N R 5
X S Cloud N R 5
 
10 Dg Xd
10 Dg Xd10 Dg Xd
10 Dg Xd
 
08 Dg Xd
08 Dg Xd08 Dg Xd
08 Dg Xd
 
Aws it manager 2
Aws it manager 2Aws it manager 2
Aws it manager 2
 
2. Windows Azure
2. Windows Azure2. Windows Azure
2. Windows Azure
 
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
Cloud Computing - новая парадигма облачных вычислений. Windows Azure.
 
Figaro
FigaroFigaro
Figaro
 
Программные сервисы как выгодная инвестиция в новую ИТ-стратегию
Программные сервисы как выгодная инвестиция в новую ИТ-стратегиюПрограммные сервисы как выгодная инвестиция в новую ИТ-стратегию
Программные сервисы как выгодная инвестиция в новую ИТ-стратегию
 
Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up Scaling a Rails Application from the Bottom Up
Scaling a Rails Application from the Bottom Up
 
WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012WSO2 Year End Tech Update 2012
WSO2 Year End Tech Update 2012
 
Bynet2.3 Microsoft Silverlight3 using for business
Bynet2.3 Microsoft Silverlight3 using for businessBynet2.3 Microsoft Silverlight3 using for business
Bynet2.3 Microsoft Silverlight3 using for business
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов Riverbed
 
E g innovations overview
E g innovations overviewE g innovations overview
E g innovations overview
 
Network Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: IntrouctionNetwork Automation with Salt and NAPALM: Introuction
Network Automation with Salt and NAPALM: Introuction
 

More from Liudmila Li

09 Ban Branch Repeater1
09 Ban Branch Repeater109 Ban Branch Repeater1
09 Ban Branch Repeater1
Liudmila Li
 
07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)
07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)
07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)
Liudmila Li
 
04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh
04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh
04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh
Liudmila Li
 
05 чэс описание решения V3
05 чэс описание решения V305 чэс описание решения V3
05 чэс описание решения V3
Liudmila Li
 
01 Ap еKaterinburg
01 Ap еKaterinburg01 Ap еKaterinburg
01 Ap еKaterinburg
Liudmila Li
 
09 Branch Repeater1
09 Branch Repeater109 Branch Repeater1
09 Branch Repeater1
Liudmila Li
 
06 03 Gazprombank Success Story
06 03 Gazprombank Success Story06 03 Gazprombank Success Story
06 03 Gazprombank Success Story
Liudmila Li
 
06 02 C I S Citrix Final
06 02 C I S Citrix Final06 02 C I S Citrix Final
06 02 C I S Citrix Final
Liudmila Li
 
06 01 сертифицированные продукты
06 01 сертифицированные продукты06 01 сертифицированные продукты
06 01 сертифицированные продукты
Liudmila Li
 
05 Bykov Citrix Last
05 Bykov Citrix Last05 Bykov Citrix Last
05 Bykov Citrix Last
Liudmila Li
 
04 Xa5 Fp1 Sergey Kh
04 Xa5 Fp1 Sergey Kh04 Xa5 Fp1 Sergey Kh
04 Xa5 Fp1 Sergey Kh
Liudmila Li
 
02 Citrus Systems S Pb
02 Citrus Systems S Pb02 Citrus Systems S Pb
02 Citrus Systems S Pb
Liudmila Li
 
01 Sk Cvc 2009 Key Note St P
01 Sk Cvc 2009 Key Note St P01 Sk Cvc 2009 Key Note St P
01 Sk Cvc 2009 Key Note St P
Liudmila Li
 
Digital Design Проект Xen Server Метрополитен
Digital Design Проект Xen Server МетрополитенDigital Design Проект Xen Server Метрополитен
Digital Design Проект Xen Server Метрополитен
Liudmila Li
 

More from Liudmila Li (20)

09 Ban Branch Repeater1
09 Ban Branch Repeater109 Ban Branch Repeater1
09 Ban Branch Repeater1
 
08 Xenserver Dg
08 Xenserver Dg08 Xenserver Dg
08 Xenserver Dg
 
07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)
07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)
07 Ibm System X And Blade Center For Citrix Forum(Ekatirenburg)
 
04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh
04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh
04 Cvc2009 Yekaterinburg Xa5 Fp1 Sergey Kh
 
06 [хост]
06 [хост]06 [хост]
06 [хост]
 
05 чэс описание решения V3
05 чэс описание решения V305 чэс описание решения V3
05 чэс описание решения V3
 
03 Bcc суэк
03 Bcc суэк03 Bcc суэк
03 Bcc суэк
 
01 Ap еKaterinburg
01 Ap еKaterinburg01 Ap еKaterinburg
01 Ap еKaterinburg
 
09 Branch Repeater1
09 Branch Repeater109 Branch Repeater1
09 Branch Repeater1
 
10 Xs Dg
10 Xs Dg10 Xs Dg
10 Xs Dg
 
07 Ws08 R2 Virt
07 Ws08 R2 Virt07 Ws08 R2 Virt
07 Ws08 R2 Virt
 
06 03 Gazprombank Success Story
06 03 Gazprombank Success Story06 03 Gazprombank Success Story
06 03 Gazprombank Success Story
 
06 02 C I S Citrix Final
06 02 C I S Citrix Final06 02 C I S Citrix Final
06 02 C I S Citrix Final
 
06 01 сертифицированные продукты
06 01 сертифицированные продукты06 01 сертифицированные продукты
06 01 сертифицированные продукты
 
05 Bykov Citrix Last
05 Bykov Citrix Last05 Bykov Citrix Last
05 Bykov Citrix Last
 
04 Xa5 Fp1 Sergey Kh
04 Xa5 Fp1 Sergey Kh04 Xa5 Fp1 Sergey Kh
04 Xa5 Fp1 Sergey Kh
 
03 Bcc снг
03 Bcc снг03 Bcc снг
03 Bcc снг
 
02 Citrus Systems S Pb
02 Citrus Systems S Pb02 Citrus Systems S Pb
02 Citrus Systems S Pb
 
01 Sk Cvc 2009 Key Note St P
01 Sk Cvc 2009 Key Note St P01 Sk Cvc 2009 Key Note St P
01 Sk Cvc 2009 Key Note St P
 
Digital Design Проект Xen Server Метрополитен
Digital Design Проект Xen Server МетрополитенDigital Design Проект Xen Server Метрополитен
Digital Design Проект Xen Server Метрополитен
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Citrix Net Scaler V9.0 Lb Highload Mar2009

  • 1. Citrix NetScaler – балансировка высоконагруженных систем Николай Шадрин Systems Engineer Citrix Systems
  • 2. Тенденции пользователей и ИТ USERS APPS APPS APPS • Глобализация • Зеленые ЦОД • Свободный график • Безопасность • Расширение филиалов • Непрерывность бизнеса • Мобильность • Web и Enterprise 2.0 • E-коммерция • SaaS, XML, SOA
  • 3. Веб-приложения: богатые, сложные, требовательные Больше Sharing Content соединений Больше общения Групповые блоги Больше протоколов Wiki Больше форматов Групповые календари Списки Больше неизвестного Microsoft SharePoint 2007
  • 4. Серверы: их всѐ больше Projected Server and Electricity Use Servers Electricity Use 18.0 120 16.0 100 Annual Electricity Use (billions/kWh) 14.0 Servers Installed (millions) 12.0 80 10.0 60 8.0 6.0 40 4.0 20 2.0 0.0 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 Year Source: Energy Star Report
  • 5. Доверие лидирующих предприятий и веб-сервисов 7000+ Deployments Worldwide
  • 6. XML...SOAP...HTTP...WSDL...JSON...REST...RSS...AJAX...end-user experience... Mashup...RelTag...SOA...Application Availability...Data theft...RIA...Wiki...Enterprise 2.0 Трафик приложений Users Apps Ускорение Доступность Безопасность Разгрузка приложений приложений приложений инфраструктуры Сетевой трафик Router Switch Firewall MAC address...Source IP...Destination IP...Source port...Destination port...Ping... OSPF...RIP...BGP...ACL...DNS...Subnet...802.XX...ARP...ICMP...RTT...SYN...ACK... Keepalive...SNMP...SSH...SSL...MTBF...Latency...
  • 7. Citrix Delivery Center TM “Превращаем центры обработки в центры доставки” Workflow Studio XenDesktop XenApp XenServer NetScaler
  • 8. Citrix Delivery Center TM NetScaler - Platinum Встроенный Встроенный мониторинг Workflow Studio AG-E Сеть доставки Динамический ЦОД XenDesktop XenApp XenServer EdgeSight Access Provisioning Repeater Server Gateway NetScaler Встроенный Web App Firewall
  • 10. Системная архитектура NetScaler Единое управление и отчеты Функциональные модули NetScaler AppExpert Высокопроизводительная обработка Visual Policy пакетов и политик AppExpert Builder Administration Application Networking Platform
  • 11. AppExpert Policy Engine Приложение 1 AppExpert Policy Engine 1) Получение и прерывание запроса 2) Расшифровка/аутентификация/анализ запроса Приложение 2 Users 3) Применение политик и ответ на запросы 4) Мультиплексирование через постоянные соединения
  • 12. AppExpert Service Callout Example 3 Scraper 1. Приходит запрос tracking 2 2. NetScaler отсылает IP 4 3. Приложение проверяет IP 1 4. Приложение отсылает “yes” или “no” NS NS 5. Политика NetScaler PolicyNS Policy 5 Policy Website – Пропускает, если “yes” Users Citrix NS – Блокирует, если “no”
  • 14. NetScaler and the 4 Feature Buckets Clients Internet NS Server Acceleration Security Availability Offload
  • 15. NetScaler and the 4 Feature Buckets Clients Internet NS Server Acceleration Security Availability Offload • TCP Optimization • DDos Protection • Load Balancing Layer 4 and Layer 7 • TCP Multiplex and Reuse • Web Compression • Content Filtering and Redirection • Global Server Load Balancing • SSL Offload • Cache (Static and Dynamic) • Web Application Firewall • Content Rewrite and Redirection • Cache (Static and Dynamic) • SSL VPN • Surge Protection and Sure Connect • Consolidated Web Logging • TCP Buffering
  • 17. Server Offload Клиенты Интернет NS Сервер • Мультиплексирование и повторное использование TCP • Разгрузка SSL Offload • Кэширование (статическое и динамическое) • Консолидированная работа с логами • TCP-буферизация
  • 18. Основы TCP и дополнительные 7 пакетов SYN 1. Клиент и сервер договариваются о настройках соединения. SYN + ACK ACK } 3 – Way Handshake GET 2. Client sends initial Data TCP request for data. In HTTP, this would be a GET. The server will 7 Packet respond with data. Overhead FIN } ACK 3. Server will send a 4 – Way FIN, informing the Teardown FIN client that all data has been sent. ACK
  • 19. Установка TCP-соединения (3-Way Handshake) • Почему это важно? – Установка правильной связи с использованием порядковых номеров и подтверждений – Обе стороны принимают соглашение об опциях соединения (WS, MSS и SACK) • Какие проблемы? – TCP Slow Start – Slow Start и congestion avoidance постоянно меняют скорость отправки пакетов – Denial of Service Attacks – TCP может использоваться для отправки пакетов, перегружающих систему (SYN Flood)
  • 20. Традиционные балансировщики и TCP Clients Internet LB Server Клиент отправляет TCP SYN на LB LB отправляет пакет на Web-ферму TCP-соединения от клиента к серверу
  • 21. NetScaler и TCP-соединения Clients Internet NS Server Клиент отправляет TCP SYN на NS NS отправляет свой SYN на ферму NetScaler в виде TCP Proxy
  • 22. Традиционные балансировщики vs. NetScaler Clients Internet NS Server Соотношение клиентских и серверных соединений – 1:1 у традиционных балансировщиков NS проксирует TCP-соединения, клиент и сервер полностью разделены; this allows a NetScaler to Multiplex and Reuse server side TCP Connections. Many Client Connections to 1 Server Side Connection N:1
  • 23. Server Offload Customer Other Benefits Attained • Improved response time by 110% dRemate 50% • 40% savings on mgmt. costs LiveNation 50% • Capacity to support 100X traffic spikes • Significant decreases in application latency and SINA 66% mgmt. costs Transport for • 10X improvement in application performance 95% • 60% reduction in application latency London Userplane 87% • Estimated $390K savings in capital investment
  • 25. Traditional Load Balancing Pool Clients Internet NS Server LB Algorithms: Health Checks: • Least conns. • TCP, UDP • Least bandwidth • HTTP, HTTPS • SNMP (CPU, RAM, etc.) • App level checks • etc.
  • 26. L7 Content Switching Pool Content Switch Clients Internet NS Server LB Algorithms: Health Checks: • Least conns. • TCP, UDP • Least bandwidth • HTTP, HTTPS • SNMP (CPU, RAM, etc.) • App level checks • etc.
  • 27. L7 Content Switching Статический (html, jpg, etc.) Оптимизированные пулы для разного типа контента Server Content Type Динамический Clients Internet NS (asp, cgi, etc.) Server
  • 28. L7 Content Switching 95% запросов 5% содержимого Оптимизированные пулы для разного контента Server URL 5% запросов Clients Internet NS 95% содержимого Server
  • 29. L7 Content Switching Пользовательский трафик Разные уровни сервиса разным клиентам Server Source Info Ботнеты, спайдеры и т.п. Clients Internet NS Server
  • 30. NetScaler GSLB Site A B2C B2B Site B P2P
  • 31. Как работает GSLB? 1. Клиент производит DNS-запрос What site should I go to? 2. NetScaler возвращает IP наиболее доступного ЦОД Go to site number 3. 3. Клиент соединяется с указанным IP Site 1 Site 2 Site 3
  • 32. Варианты выбора политики доступа • Round Robin Взвешенный или невзвешенный • Географическая близость – Статическая или динамическая • Уровень нагрузки • Пользовательские политики • Disaster Recovery автоматический или ручной перенос нагрузки • На базе сохранения сессии
  • 33. GSLB Static Proximity • IP локального DNS определяет его географическое расположение. • Стандартные базы данные определяют ближайший балансировщик • В георгафическом контексте имеются следующие обозначения: “Continent”, “Country”, “State”, “City”, “ISP”. Organization” • LDNS IP может подходить под несколько политик • Предлагается VIP с наилучшим набором параметров • Сайты в том же ЦОД балансируются по взвешенному Round Robin
  • 34. GSLB Static Proximity - Supported Formats – NetScaler format – IP-country – IP-country-isp – IP-country-region-city – IP-country-region-city-isp – GeoIP-country – GeoIP-region – GeoIP-city – GeoIP- organization – GeoIP -isp – GeoIP-city-isp-organization – Custom database (User defined qualifiers)
  • 35. GSLB Communication b/w NetSclaers Простой мониторинг • Only State (Up/Down) is learned • Status is assumed to be equally good • Each DNS query gets the IP address of various participating GSLB sites in a round robin fashion. • Insecure mode of Communication MEP (Metric Exchange Protocol) • NetScaler internal protocol to exchange state and health information over a TCP session • Connection establishment involves a secure RPC method • Data is sent in an non-encrypted manner • DNS queries get best suited response based on configured algo and information gathered through MEP
  • 36. GSLB Dynamic Decision Methods • RTT (Round Trip Time) • Least Connections • Least (Server) Response Time • Least Bandwidth • Least Packet • Source IP Hash
  • 37. NetScaler 9: AppExpert Rate Controls • Make sure the right users get Partners appropriate capacity • Плохие ничего не получат • Ни один отдельный пользователь не Lines of Business нагрузит сервер • Встроено в ядро NetScaler Customers • Работает со многими модулями Spiders, botnets, scrapers, etc.
  • 38. AppExpert Rate Controls  User(s) Rate Time Object Action • IP Address • Запросы • Измеряется • IP сервера • Ограничения • IP Range/Subnet • Пакеты в мсек. • URL/URI • Выполнить • Cookie • Полоса • Рисунок политику • Wildcards • Файл • Responder • Rewrite • Любой • Любой • Cache заголовок или заголовок или • и. т. д. данные… данные… • Alert • Log • Trap Изолирование критичных объектов
  • 40. Application Acceleration Clients Internet NS Server • TCP Optimization Acceleration • Web Compression • Cache (both Static Content and Dynamic)
  • 41. Сжатие HTTP Зачем сжимать данные HTTP?  Меньше пакетов проходят по сети  Быстрее ответ приложения • Большинство веб-контента хранится несжатым • Все броузеры поддерживают сжатие GZIP – Совершенно прозрачно для пользователей – Решение о сжатии принимается на основе заголовка User-Agent – Политика NetScaler определяется по User-Agent и MIME-Type • Обычное сжатие – в интервале от 3:1 до 5:1 • Сжатие данных на скоростях до 6 Gbps
  • 42. Динамическое кэширование без NetScaler с NetScaler
  • 43. NetScaler ускоряет доставку до пользователя 0,22 SharePoint 2,04 1,1 SAP 5,22 With NetScaler 1,3 Without NetScaler Siebel CRM 4 Oracle 6,41 Forms 10,1 0 2 4 6 8 10 12 Response Time in Seconds
  • 45. Solutions for Any Size Business MPX: 15 Gbps 12000: 6 Gbps 10000: 4.8 Gbps 9000: 3 Gbps 7000: 600 Mbps
  • 46. Citrix NetScaler Medium Enterprise Platforms 7000 9010 Size 1U 2U Power Supplies 1 2 Processor Single Single Memory 1 GB 2GB 6x - 10/100 & 4x - 10/100/1000; or Network Interface Support 2x - 10/100/1000 4x – GB Fiber System Throughput 600 Mbps 3 Gbps HTTP Compression Throughput 150 Mbps 400 Mbps HTTP Requests per Second 50K 125K SSL Encrypted Throughput 150 Mbps 500 Mbps SSL Transactions per Second 4400 Max. 4400
  • 47. Citrix NetScaler Large Enterprise Platforms 10010 12000 MPX 15000 MPX 17000 Size 2U 2U 2U 2U Power Supplies 2 2 2 2 Processor Single Dual Dual (4 cores) Dual (8 cores) Memory 4GB 4GB 16GB 32GB 8x Fiber/Cu GB SFP, or 4x 10G Fiber XFP 4x - 10/100/1000 & 8x Cu GB SFP; or 2x 10G Fiber XFP + or Network Interface Support 4x – GB Fiber 4x Fiber & 4x CU SFP; or 8x CU SFP 10/100/1000 2x 10G Fiber XFP + 2x10GE & 8x10/100/1000 8x CU SFP 10/100/1000 System Throughput 4.8 Gbps 5.5 Gbps 15 Gbps 15 Gbps HTTP Compression Throughput 555 Mbps 1.3 Gbps 6 Gbps 6 Gbps HTTP Requests per Second 250K 275K 350K+ 350K+ SSL Encrypted Throughput 760 Mbps 3 Gbps 6 Gbps 6 Gbps SSL Transactions per Second 8800 28,000+ 48,000 48,000

Editor's Notes

  1. This view of Citrix Delivery Center is still perfectly valid. It will not be featured as much in the Synergy keynotes this year since so much of the focus is on the line-of-sight delivery concepts, but we can still use it in the breakouts. What this view shows is a zoom in on the “Delivery Controllers” that sit in the datacenter at the delivery tier. All four of the delivery controllers have platinum editions that extend their “delivery reach” (three extend out to the end user, while one extends back into the datacenter to deliver application workloads).Note that we’re making one subtle change to this chart by extending NetScaler along the bottom. This does a few things: Makes it easier to tell the end-to-end virtualization story (servers-apps-desktops) Shows NetScaler (application networking) as a layer above transport networking Makes it easier to show that NetScaler delivers web apps to external users (who don’t go through a corporate “desktop”)
  2. {slide builds from core CDC products and then details the additional supporting products that complement the Product Lines in the CDC}{This chart serves to illustrate the key Platinum components – and the elements that complete the end-end solution for Platinum}
  3. NetScaler is able to provide a broad spectrum of application delivery benefits and simplify web app delivery, because it is architected for high performance, extensibility and ease of management. We control the architecture from the ground up by tightly coupling networking hardware with advanced CPUs and specialized processors. Layered on top of this powerful hardware platform is a high performance packet processing and evaluation engine that makes all decisions for that packet in one single pass. This allows us to deliver an industry leading 15 Gbps of throughput on a single core and to add services to that packet like content switching, caching and compression without degrading performance. NetScaler’s architecture is also highly extensible. Using the AppExpert Policy Framework administrators can create highly customized policies. Functional modules like AppFW, GSLB and Access Gateway SSL VPN can be easily added via software license keys. The extensibility of our architecture has allowed us to rapidly add new functional modules to meet increasingly challenging application delivery requirements. All of NetScaler’s performance and features are easily managed by a strong suite of management tools. All functions on NetScaler can be managed and monitored through the unified graphical or command line interface and rich reporting tools. The AppExpert Visual Policy Builder allows administrators to easily create rich policies without having to write complex code.
  4. Currently, the most commonly cited use case is for basing NetScaler policy decisions on “source IP address reputation” that is tracked in another application or service. For example, one beta customer has an external application that identifies and tracks IP addresses that are scraping its site’s content. This customer used a service callout to have NetScaler query this application in real-time and then used NetScaler to either pass or drop the request. The same approach could be used to have NetScaler filter spam or other inbound content by using a callout to pass payload information to another application that inspects this content.Other use cases customers have mentioned include:-Passing content to an external transformation engine -Integration with UDDI or other directory services-Geo-targeting or other token-based switching decisions, where the logic for the content switch is available in an external application.
  5. The NetScaler has four primary buckets in which Features can fall. In the following sections we will take each one individually:Server OffloadClient Side AccelerationSecurityAvailability
  6. The NetScaler has four primary buckets in which Features can fall. In the following sections we will take each one individually:Server OffloadClient Side AccelerationSecurityAvailability
  7. The NetScaler has Features designed to improve Server Side performance and to assist in improving Server Efficiency. These Features are:TCP Multiplex and Reuse. As previously mentioned, reducing the CPU overhead associated with TCP connection management from web servers can allow sites to scale much more effectivelySSL Offload. The NetScaler has a build in ASIC designed to handle SSL transactions and bulk encryption. SSL encryption generates significant CPU load on web servers.Cache. We can cache Static content, such as images or whole pages, as well as content that is typically not cacheable, like dynamic content. Dynamic content might be a database report. Provided there is a valid URL a policy can match on this content can be cached based on user defined parameters. Using Dynamic caching can greatly reduce the amount of CPU cycles spent on a DB server running and formatting such large reports.Web Compression. Modern day web browsers support standards based web compression in the form of GZIP or Deflate. The Accept-Encoding headers specify to the NetScaler which type of compression the browser (client) can handle. This can be done on the web servers for a significant cost in the CPU.Consolidated Web Logging. The NS can allocate a memory buffer to dynamically store and pass of to a dedicated client real time web logs. There is no longer a need to run a web logging agent on each server and then to further consolidate those logs after the fact.TCP Buffering. This feature allows the server to send communication at wirespeed to the NetScaler, where the NetScaler can “buffer” this content and meter out this content to a slower link. This allows a server to be free to handle new requests while the slow client is still receiving content. Typically this slow client would lock this session until all content is received.
  8. In a traditional TCP communication, in which the server interacts directly with the client, you can see that there is a cost for connection set-up and tear-down. In addition, this implies that the two systems have already had some communication and have arrived at their maximum window size. In most initial connections, systems perform a TCP Slow Start (RFC 2001), in which they ACK the first packet, then the next two, then the next three and so on until they reach an agreed upon maximum window size. For sites that receive a large number of connection from new hosts, this slow start congestion avoidance can reduce performance as well. HTTP is a short lived connection and will have difficulty reaching full speed from TCP Slow Start.
  9. TCP has an Option Field where various TCP options can be used to enhance communication between a client and server: 1. Window Scaling: This will change the Window Size (the Window Size defines the number of bytes to be received before requiring acknowledgement) to up 1 GB 2. Maximum Segment Size: Defines the maximum size of data (in bytes) that can be sent per segment. Ideally fragmentation should be avoided 3. Selective Acknowledgements: Allows the client to Acknowledge, selectively, data that was sent, as opposed to requesting a resend of all packets
  10. Traditional Load Balancers forward TCP connections straight through to back-end services. Some load balancers use a concept called Delayed Binding, where they will pause a TCP connection and spoof the 3-Way Handshake to a client. This is used as a security mechanism against SYN Floods, before quickly establishing the server side 3-Way handshake, thereby forwarding the TCP connection on to the server. This passes on the TCP connection overhead directly to the Server to manage, increasing server CPU cycles.
  11. The NetScaler acts as a TCP Proxy allowing two distinct and independent TCP connections, one to the client and one to the server.
  12. Traditional Load Balancers Because of 1:1 TCP Connection Mapping, TCP overhead related to connection setup and teardown is passed directly to the Web Server Most of the CPU loading on a web server is directly related to the TCP OverheadNetScaler Advantage The NetScaler acts as a TCP Proxy, doing so allows the NetScaler to manage the server side TCP connection and the client side TCP connection as two distinct and independent connections With this separation, the NetScaler can now leverage the TCP Proxy architecture to multiplex and reuse the server side TCP connection independently from a client side connection. This NS reuse of already established and idle server side TCP connections reduces the TCP Overhead on web servers. If you can consider a very conservative estimate of 2:1 Offload, this will potentially allow a situation where the site traffic can double before the need to provision additional resources or half of the existing resources can be pulled out reducing Space, Power and Cooling concerns inside a data center.
  13. There is a published case study for every customer listed on this slide available at www.citrix.com. The case studies provide more detail on the offload and other benefits the customer achieved.
  14. Traditional Load Balancers
  15. Traditional Load Balancers
  16. Traditional Load Balancers
  17. Traditional Load Balancers
  18. Traditional Load Balancers
  19. To illustrate, NetScaler maximizes application availability with intelligent L4 server load balancing and advaced L7 content switching features to ensure that users are directed to the right content every time. NetScalers global server load balancing features provides seamless failover and redirection of users to a back-up site in the event of a disaster and can be used to intelligently spread user requests across multiple sites during normal business operations.
  20. NetScaler 9 enhances the ability ensure application availability by enabling NetScaler policies to be triggered based upon data rates either coming from a given source or going to a given resource. AppExpert Rate Controls give administrators the ability take actions beyond what basic network rate-shaping or QoS provide, and to govern resources at a far more granular level. By integrating AppExpert Rate Controls into NetScaler’s fully application-aware policy engine, administrators aren’t limited to just throttling traffic based upon IP address and port, but have the full depth and breadth of NetScaler traffic management, acceleration and security functionality at their disposal.There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
  21. There’s a number of ways folks have told us they’re going to use AppExpert rate controls. Of course straight-up rate limiting (e.g., DNS rate-limiting, limiting traffic originating from a single subnet) is one example. Ensuring a given resource (e.g., anything from a VServer to a specific URL) is another. Two specific examples are:One customer allows some of its partners to scrape its website so the partners can republish content on their own sites. However, the customer wants to ensure that overly aggressive scraping by the partners doesn’t overwhelm the website and degrade the site’s performance. AppExpert rate controls can be used to limit how much scraping each partner can do. This same approach could be used to ensure that websites that publish APIs -- so that partners can do mashups, for example -- aren’t overwhelmed by any particular partner’s use of the API.Another example is a customer that was having problems with a couple of users FTPing a few too many large files at the same time. By using AppExpert rate controls to build an expression around bandwidth consumed per sourceIP, they can drop any additional FTP requests coming from a sourceIP (aka a user) that already has too much FTP activity. A more generalized use could also do something along the lines of limiting the amount of concurrent file downloading for a given SharePoint site, to ensure that downloads don’t drown out other SharePoint (or other application) activity.
  22. The NetScaler has Features designed to improve client experience on a web site. These Features are:TCP Optimization. Low level TCP optimizations designed to speed content to the client, such as WSS, SACK, MSS and FastRamp.Web Compression. Modern day web browsers support standards based web compression in the form of GZIP or Deflate. The Accept-Encoding headers specify to the NetScaler which type of compression the browser (client) can handle. This single feature offers the biggest bang for improving web site response for your clients. Even clients on a quick link (such as DSL and Cable) stand to see improvements since Compression reduces the amount of packets sent. Also a benefit seen in high-loss networks such as wireless.Cache. We can cache Static content, such as images or whole pages, as well as content that is typically not cacheable, like dynamic content. Dynamic content might be a database report. Provided there is a valid URL a policy can match on this content can be cached based on user defined parameters. This benefits clients by reducing the “time” spent processing objects such as a large report. The clients will not have to wait while the report is run and then formatted.SSL Offload. The NetScaler has a build in ASIC designed to handle SSL transactions and bulk encryption. End to end encrypted traffic will typically not be available for mid stream enhancements like caching or compressing data, only by loading valid SSL Certificates on the NetScaler can acceleration benefits be achieved on encrypted traffic.