Deploy SD-WAN WANOP VPX on Microsoft Azure
Citrix SD-WAN WANOP Edition is now available in the Azure marketplace, enabling WAN optimization between enterprise datacenter/branch and Azure cloud. Since L2 mode support is not available on cloud infrastructures, you cannot deploy Citrix SD-WAN WANOP as a standalone VPX in Azure Cloud. However, you can deploy Citrix SD-WAN WANOP VPX along with NetScaler VPX in Azure cloud infrastructure. The NetScaler VPX uses cloud connector to create an IPsec tunnel, while the NetScaler SD-WAN WANOP VPX accelerates the connections, providing LAN-like performance for applications.
Citrix SD-WAN WANOP in Azure cloud topology
The topology diagram shows a Citrix SD-WAN 4000/5000 deployed in the data center or branch premises. You could also deploy Citrix SD-WAN WANOP and NetScaler SD-WAN appliance in two-box mode or it could both be VPX. On the Azure cloud VNET, the Citrix SD-WAN WANOP VPX is deployed in one-arm (PBR) mode with the NetScaler SD-WAN VPX.
To deploy SD-WAN WANOP on Microsoft Azure:
- Deploy a NetScaler VPX instance on the Azure cloud. For more information, see Deploy a NetScaler VPX instance on Microsoft Azure. Configure four network interfaces in four different subnets and enable IP forwarding on all the network interfaces. The four network interfaces are used as:
- Management interface
- WAN side interface, for IPsec tunnel
- LAN side interface, to connect to the server
- WANOP communication interface, to communicate with the Citrix SD-WAN WANOP VPX on the Azure cloud.
Deploy a Citrix SD-WAN WANOP VPX on Azure cloud. For more information, see the deployment procedure below.
Note: Enable IP forwarding on WANOP interface.
Configure an IPsec tunnel between the on-premise appliance and the NetScaler VPX on Azure cloud, using the public IP address of NetScaler WAN interface. For more information on configuring IP tunnels see, IP Tunnels.
Configure NetScaler VPX to redirect the packets to Citrix SD-WAN WANOP VPX. Use the private IP address of WANOP communication interface and create a load balancing virtual server. For more information, see Create a load balancing virtual server.
- Configure the following route tables on Azure:
- Route table for WANOP facing interface on NetScaler VPX – Route table entries should have source and destination address as client and server subnets respectively. The NetScaler VPX’s WANOP facing interface IP address is the next hop.
- Route table for Citrix SD-WAN WANOP interface - Route table entries should have source and destination address as client and server subnets respectively. The Citrix SD-WAN WANOP interface IP address is the next hop.
In the above example, when the source tries to access an application on the cloud destination, the packets flow through the established IPsec tunnel. At the Azure cloud VNET end, the NetScaler VPX receives the packets, decrypts, and forwards it to the Citrix SD-WAN WANOP VPX. The Citrix SD-WAN WANOP VPX processes the packets, optimizes it, and sends it back to NetScaler VPX. The NetScaler VPX sends the packet to the destination. On the return path, the NetScaler VPX forwards the packets to Citrix SD-WAN WANOP VPX for optimization. The optimized packets are transmitted back to the source through the established IPsec tunnel.
Deploy Citrix SD-WAN WANOP VPX on Microsoft Azure
To deploy Citrix SD-WAN WANOP VPX on Microsoft Azure:
- In Microsoft Azure, navigate to Home > Marketplace > Networking, search for Citrix SD-WAN WANOP and install it.
- On the Citrix SD-WAN WAN OP page, from the drop-down list select Resource Manager and click Create. The Create Citrix SD-WAN WAN Optimization page appears.
In the Basics section, select the subscription type, resource group, and location. Click OK.
Note: You can choose to create a resource group. A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
In the Administrator section, enter the name and credentials for the Citrix SD-WAN WANOP virtual machine. Click OK.
In the Citrix SD-WAN WANOP settings section, configure the setting for the Citrix SD-WAN WANOP VPX as per your requirements. Click OK.
The configuration that you provided in previous steps is validated and applied. If you have configured correctly, the validation passed message appears. Click OK.
After successful deployment, navigate to Virtual Networks to view the Citrix SD-WAN WANOP VPX. You can further configure the virtual machine parameters using the settings option.