Introduction to Citrix SD-WAN for Citrix Workspace
Author: Matthew Brooks
Special Thanks: Shoaib Yusuf
SD-WAN is a software defined approach to managing enterprise wide area networks (WANs) to provide optimal network connectivity between enterprise branch offices and data resource locations on-premises or in the cloud.
Citrix Software Defined Wide Area Network (SD-WAN)
Citrix SD-WAN solves complex routing with simplicity. Each SD-WAN instance hosted in on-premises office locations, or Hybrid cloud hosted resource locations, across an Enterprise intranet communicate regarding their view of the network in real time. They establish a web of virtual paths between virtual IP addresses assigned to each interface type and establish secure virtual tunnels across path options between locations. Then they identify traffic, and route it on a per packet basis across the optimal path with knowledge of the quality each path can offer including latency, loss, and jitter characteristics and reassemble flows for delivery at their destination providing the best possible application user experience.
Citrix SD-WAN is available in three editions.
Standard Edition (SE)
The Standard Edition or SE focuses on traffic optimization. It aggregates bandwidth across available WAN links, monitors path quality in real-time, and routes traffic based on priority and session characteristics.
- WAN Aggregation - over diverse network links with real-time unidirectional per packet dynamic path selection.
- Quality of Service - prioritization with advanced queuing and bandwidth allocation algorithms.
- Network Control – with dynamic Routing, stateful Firewall, and web Gateway integration.
WanOp Edition (WO)
The WanOp Edition focuses on session optimization. It optimizes session bandwidth use to maximize throughput and is an ideal remedy for branch offices with limited leased lines and minimal bandwidth.
- Acceleration - proxies client-server TCP connections to implement protocol level changes to maximize session throughput across the network.
- Caching - stores session content segments on the WAN Edge pairs and transmits token markers in their place to save bandwidth.
- Compression – applies standard TCP supported protocols to uncompressed traffic to further reduce session bandwidth.
Premium Edition (PE)
The Citrix SD-WAN Premium edition combines the functionality of the Standard and WanOp editions to offer a broad set of differentiated use cases to optimize Enterprise networks.
Key Workspace Use Cases
HDX Session and Traffic Optimization
Citrix Virtual App and Desktop sessions are delivered by the HDX protocol suite. The protocol provides the ability to tag session traffic by using a unique port or QOS tag. Yet either options may require extensive firewall changes and or routing QOS changes to implement. Also, they do not utilize a multi-path approach whereas Citrix SD-WAN can uniquely identify Multi-stream ICA, using the default configuration, over a single port and prioritize traffic over multiple paths simultaneously according to QOS requirements.
Citrix SD-WAN Virtual Instance for Azure Resource Locations
Microsoft Azure is a popular cloud platform and many Citrix customers utilize it to host hybrid Resource Location systems such as Virtual Desktop Agents (VDA). Both the SD-WAN VPX Standard Edition and WANOP Edition VPX may be deployed in Microsoft Azure and integrated with an Enterprise SD-WAN environment to facilitate such features as link bonding, instantaneous failover and selective packet duplication to Azure hosted resources.
Integration with Microsoft Azure global Virtual WAN
Citrix SD-WAN solution is a preferred partner for Microsoft Azure Virtual WAN. Citrix SD-WAN can be used to facilitate Azure Virtual WAN gateway service, for IPSEC connectivity and automated setup, enabling ease of management of scaled deployments.
Citrix SD-WAN monitors and manages a complex web of paths with various delivery characteristics across the corporate network to deliver traffic with optimal user experience.
Operates across the existing enterprise network. The deployment team will consult current network diagrams to design the SD-WAN integration to take advantage of existing network links and equipment.
The first step in implementing and managing SD-WAN is applying an IP address from the existing management network to SD-WAN platforms in branches and data centers across the corporate intranet.
Operates on top of the underlay network using secure UDP tunnels between Citrix SD-WAN platforms. With full visibility across the WAN a complex web of available paths with measured QOS characteristics are used to route traffic efficiently.
Citrix SD-WAN offers flexible options for deployment depending on use cases, or high availability requirements in the primary Data Center, Branch, or Cloud Resource locations.
Hardware appliances may be deployed seamlessly in the path between the LAN and the WAN edge network. If the device goes offline for any reason the physical ethernet connection, through the equipment between switches or routers, remains intact.
An approach that offers similar usage to Inline, without the need to physically interrupt the primary data center network. The Citrix SD-WAN equipment is implemented on a Vlan adjacent to the Edge router which uses policy routing to direct pertinent traffic to it for optimization.
Edge / Gateway Mode
Takes over responsibility for WAN edge networking including terminating leased lines, routing, firewall, and internet proxy filtering in addition to providing full SD-WAN functionality. This allows enterprises to consolidated branch hardware to maximize network throughput, availability, and security while minimizing complexity and cost.
Hardware platforms include fail-to-wire (Ethernet bypass) cards for direct in-path deployment. If power fails, a relay closes, and the input and output ports become electrically connected, allowing the Ethernet single to passthrough from one port to the other, defaulting to the existing underlay network.
The various deployment options (Inline, Virtual Inline, Edge) support high-availability. A pair of devices can be deployed at a site location in Active/Standby roles. This high availability deployment operates similar to Virtual Router Redundancy Protocol (VRRP), ensuring the SD-WAN Overlay is continuously active.
Geographically Distributed MCN
A secondary datacenter or branch site can be assigned the role of Secondary MCN (also known as GEO MCN). This site will take the responsibility of the primary datacenter SD-WAN and ensure that the SD-WAN Overlay continues to operate until the primary site comes back online.
For more information see: Zero Touch Deployment service
Citrix SD-WAN supports a variety of hardware and software appliances, including support for leading Cloud platforms, hypervisor platforms, and Citrix SDX, including a variety of speeds and feeds with flexible resources to meet throughput needs. Some models oriented for branch offices may be configured using the Zero Touch Deployment (ZTD) Cloud Service whereby once units are connected to the network and powered on they are able automatically contact the cloud and obtain the configuration made centrally by and administrator. Other models can easily be configured through their console to access the management network.
The configuration GUI can be accessed by connecting to the management IP with a browser. Under the Configuration tab licensing is applied in the Appliance Settings, settings like the date and time may be configured under System Management and the Configuration Editor to configure the overlay network and SD-WAN functionality may be found under Virtual WAN.
The global configuration of all SD-WAN appliance is done central on the Master Control Node (MCN). The 1st configuration package for each is downloaded through the MCN and applied to the GUI of each branch, yet all further configuration is done centrally through the MCN. See SD-WAN documentation more information.
Monitoring & Management
Master Control Node (MCN)
The monitoring tab in GUI connected to the MCN shows essential information such as WAN link status, throughout, and overlay paths.
An on-prem, customer managed, SD-WAN management solution. A software appliance that may be installed on most popular hypervisor platforms. It provides more comprehensive reporting on the SD-WAN environment and is essential to some configuration tasks such as integration with Azure virtual WAN and Zero Touch Deployment.
A cloud-hosted, multitenant management SaaS offering available through Citrix Service Provider (CSP), Citrix Solution Advisor (CSA), or Citrix SD-WAN Managed Service Providers (MSP). It provides a central manage and reporting with multi-tenancy administration. Contains key capabilities such as guided workflow for site creation, site profiles/templates for easy management of network configuration.
Application Deliver Management (ADM)
ADM is a Citrix Cloud service that provides broad visibility and management capabilities across Citrix Networking product. It can add Citrix SD-WAN WanOp instances to provide advanced workspace session flow information using Deep Packet Inspection (DPI) capabilities.