Optimizing with Citrix NetScaler

Three keys to building the

best front-end network for
virtual desktop delivery

www.citrix.com

White Paper

Executive summary
Motivated by the compelling benefits virtual desktops provide, enterprises of
all types and sizes worldwide are migrating to virtual desktop technologies
and techniques. Indeed, Gartner expects adoption of hosted virtual desktops
alone to reach 70 million users by 20141. In contrast to complex and costly
traditional desktop management, deployment and management approaches,
desktop virtualization promises significantly reduced operating costs, greater
business agility, better data protection and improved compliance with
corporate standards.
To fully achieve these business benefits, though, you need to ensure the
availability, security, performance and scalability of your virtual desktop
solution. Thats why IT organizations have developed a best practice of
implementing a dedicated service delivery solution as an optimized front-end
infrastructure for desktop virtualization deployment.
This paper explains why the Citrix NetScaler service delivery solution is
ideally suited to fulfill this role. NetScaler helps ensure that your organization
fully benefits from its deployment of desktop virtualization, maximizing your
business advantage by integrating an extensive set of capabilities for optimizing,
securing and ensuring the delivery of virtual desktops.

Benefits of desktop
virtualization
Organizations of all sizes are considering desktop virtualization. A full-featured
desktop virtualization solution such as Citrix XenDesktop helps enterprises to:
Sustainably reduce desktop ownership and operating costs.
Implement desktops, applications, updates and patches centrally
and apply them instantly for all users regardless of location.
Extend the service life of older applications that newer operating
systems dont support.
Support, optimize and extend the service life of all types of
devices, new and old.
Enable complete workplace flexibility, as well as workforce
continuity in the event of a disaster or disruption.
Improve security and meet compliance mandates by keeping
desktops, applications and data in the datacenter.
Increase business agility by rapidly and efficiently supporting
strategic initiatives such as mergers and acquisitions, geographic
expansion and dynamic partnership arrangements.
Simplify and accelerate migrations to new operating systems,
such as Windows 7.
1

Gartner, Forecast: Hosted Virtual Desktops, Worldwide, 2010-2014, November 2010

Optimizing with Citrix NetScaler

White Paper

What to look for in a service

delivery front end
The extent to which your organization can achieve the benefits of desktop
virtualization depends on how well your implementation supports availability,
security, a high-quality user experience and scalability.
Ensure availability. With desktop virtualization, users desktop environments

dont usually reside on their local devices. Instead, you host them in the
corporate datacenter and users access them over the network. Although this
approach provides a tremendous degree of location and device independence, it
relies on both network connectivity and centralized infrastructure. Furthermore,
numerous desktops share the same desktop delivery infrastructure, from the
front-end connection brokers to the back-end servers. This means that while
a failure with a conventional desktop PC only impacts a single user, a failure
within the shared infrastructure of a virtual desktop deployment has the
potential to impact the entire user population. This is why you need to design
your infrastructure to protect not only against the failure of individual
components, but also from disasters that could cause site-level outages.
Strengthen security. Robust security capabilities are especially important

within a virtualized desktop environment, for several reasons. Many of your

users are likely to access their desktops remotely, over insecure public
networks. Theyve probably been demanding support for a rapidly expanding
variety of client devices, each with widely varying security characteristics and
profiles. Many of these devices are not owned or controlled by the enterprise.
And finally, with desktop virtualization, youre giving users access to an
entire desktop, not just a sliver of functionality or data. In addition to their
own applications and data, users can get to all of the downstream resources
their desktops are entitled to access. You need to ensure that you protect
your assets against the challenges of this new environment.
Deliver a smooth and seamless user experience. Your users will insist on

performance thats comparable to that of a classic desktop PCand youll have

to win them over with seamless logons and fast response times, despite the fact
that desktop access is occurring over a network. Otherwise, if users perceive
or experience any shortcomings with the new environment, they might try to
circumvent itwhich could cause major problems for your organization.
Build in scalability. Most organizations take a practical approach to desktop

virtualization, starting out small and steadily growing their implementations over
time. With this kind of approach, you can scale your solution without impacting
users or requiring forklift upgrades to the initial infrastructure investment.

Optimize your virtual desktop

deployment with NetScaler
Given the type and scope of these requirements, you should consider
front-ending your virtual desktop infrastructure with a next-generation
application delivery controllersuch as Citrix NetScalerthat can deliver not
only applications but also a broader array of services including on-demand
virtual desktops.
NetScaler is an ideal choice for front-ending your organizations desktop
virtualization infrastructure. An advanced solution for delivering both
applications and services, it provides extensive high-availability, security
and performance-optimization capabilities. Its powerful core features can work
well with any virtual desktop products you choose, but if your organization
selects the XenDesktop desktop virtualization solution, youll also be able to
take advantage of a number of more advanced features, made possible by the
deeper level of integration between NetScaler and XenDesktop.

Ensuring availability
In order for your organization to gain the greatest benefit from desktop
virtualization, your users must always have access essential desktop resources.
NetScaler helps ensure the availability of critical components with a
combination of robust server load balancing (SLB), health monitoring and
global server load balancing (GSLB) capabilities.
High availability for dependable access. If a component such as a connection

broker fails, core load-balancing algorithms within NetScaler dynamically

route virtual desktop traffic to available services and servers. NetScaler
configures and manages these as part of a pool of resources to automatically
address both unanticipated failures and scheduled outages. NetScaler also
helps ensure high availability of other elements in your desktop virtualization
solution, including:
Front-end components, such as web interface and security servers
Supporting services, such as file transfer, licensing, provisioning
and management servers
Downstream components, such as the web interface and XML
broker servers of Citrix XenApp, that you can use to enable
application virtualization
Health monitoring for proactive failure management. In conjunction with

load balancing capabilities, NetScaler health checks proactively determine

the status of key solution components such as the web interface and desktop
delivery controller. NetScaler does more than ping servers, because pinging
would only confirm whether a network connection was available and whether
the underlying hardware was up and running. It wouldnt provide information
about the state of higher-level services and software. This is why NetScaler
includes extended content verification checks to further establish both the
availability and proper operation of numerous software routines and systemlevel components, including ASP.net and essential logon, pool management,
controller and database services.
4

Optimizing with Citrix NetScaler

White Paper

You can also use NetScaler to carry out health checks for other products
that your organization uses. Your system administrators can easily leverage
the powerful and fully extensible NetScaler management framework to
develop custom health checks that provide a similar degree of intelligent
application-level monitoring for desktop virtualization solutions from
other vendors.

GSLB for disaster recovery. NetScaler includes a robust GSLB capability that

provides seamless disaster recovery for desktop virtualization. If a site becomes

unavailable for any reason, NetScaler automatically directs users to an
alternate datacenter, helping to ensure continuity of access to their desktops.
You can configure intelligent monitors and policies to route users to different
sites based on administrator-selected priorities, such as proximity, resource
utilization levels, or overall performance. As a result, your organization can
fully leverage secondary facilities all the time, even during normal operating
conditions, while providing users the best available performance.

Strengthening security
In addition to helping ensure availability, NetScaler delivers virtual desktop
implementations additional security protection.
Secure access from any location and device. An integral component of

NetScaler, Citrix Access Gateway is a full-featured secure sockets layer (SSL)

virtual private network (VPN). As such, it provides your organization several
security capabilities important to a virtual desktop operating model, without
the need to deploy any additional devices.
The Access Gateway module accounts for remote users by providing an
encrypted tunnel and supporting multiple methods for user authentication.
This protects desktop sessions traversing public networks from eavesdropping
while enabling your enterprise to leverage its existing identity infrastructure.
With Access Gateway, you can control on a granular lever which users get
access to which resources based on attributes including user role, location,
strength of authentication, sensitivity of the resource and ownership and
security posture of the client device. If your organization is also using
XenDesktop, you can take advantage of that products intimate knowledge
of virtual channels to control local printing, copy, paste, save-to-disk and
other functionality.
NetScaler offers additional client-side security features that further minimize
the risk of supporting a diverse population of user-owned devices. These
include the ability to perform a detailed check of a devices security posture,
to wipe the browser cache and delete or encrypt downloaded data upon
termination of the desktop session.
Built-in infrastructure protection. A NetScaler front end includes design features

that automatically protect any infrastructure. Its enhanced high-performance,

standards-compliant TCP/IP stack both enforces a positive security model,
dropping all traffic that is illegally formatted, and automatically thwarts
many types of DDoS/flood attacks that exploit vulnerabilities in the TCP
protocol and common connection handling techniques.
The proxy architecture of NetScaler provides a further layer of protection,
shielding downstream components from direct connections and thus reducing
their exposure to malware and other types of attacks.

Streamlining the user experience

NetScaler improves the overall usability of virtual desktops, both by optimizing
overall performance and providing a uniform user experience.
Performance optimization. Leading virtual desktop solutions employ optimized

display protocols to help ensure adequate performance over wide area

networks (WANs). ICA, the display protocol that both XenDesktop and
XenApp use, is unmatched in this regard. Still, one or more of the NetScaler
performance enhancement mechanisms can improve performance further,
especially if your organization is using a desktop virtualization solution
other than XenDesktop.

Optimizing with Citrix NetScaler

White Paper

NetScaler can deliver greater system capacity, lower packet loss rates and
improved response times by using TCP optimizations to make more efficient
use of server resources and available bandwidth. These optimizations include
TCP buffering techniques, advanced window scaling, intelligent packet
retransmit, selected acknowledgement (described in IETF RFC 2018) and
enhanced congestion control (based on IETF RFC 3742). Unlike most
competing solutions, NetScaler also incorporates optimizations to improve
the performance of traffic streams characterized by heavy concentrations of
small packets, typical with hosted virtual desktops.
Uniform, streamlined user experience. A universal client technology that is

part of the XenDesktop solution, Citrix Receiver provides users with a

single-pane-of-glass experience that features single-sign on and a self-service
model for obtaining access to additional applications. When used in conjunction
with the NetScaler Cloud Gateway solution, these capabilities also extend to
enterprise web, SaaS and IaaS-based applications. The net result is a single,
uniform and highly efficient way for users to securely access not only virtual
desktops, but also web, cloud-hosted and Windows-based applications from
any device, over any network.

Simplifying scalability
A virtual desktop implementation should be inherently scalable. NetScaler
can increase the scalability of your deployment even further.
Server load balancing for intelligent load distribution. SLB does more than

enable high availability. It also supports load distribution, which enables you
to seamlessly scale up essential virtual desktop components such as connection
broker, security and management servers. If your organization needs to add
capacity, all you need to do is deploy another instance of the desired component,
and NetScaler takes care of the rest, automatically balancing the workload
among all available instances.
SSL offload for increased infrastructure capacity. SSL offload leverages

purpose-built acceleration hardware to relieve downstream servers of the

compute-intensive cryptographic operations that SSL requires. This frees up
server resources, increases session density and improves performance, which
can enable your organization to defer additional hardware purchases. This
can benefit front-end serverssuch as the web interface for XenDesktop and
connection brokers for other desktop virtualization productsand might
help other solution components too, depending on the products and their
configurations.

NetScaler: an enterprise-class
solution
NetScaler provides an extensive set of capabilities for optimizing both Citrix
and non-Citrix virtual desktops. It wraps these capabilities in a full-fledged
enterprise-class solution that delivers a choice of platform, the flexibility to
support different virtual desktop architectures and an unmatched degree of
consolidation and manageability.
Choice of platform. Whereas the highly popular NetScaler MPX hardware

appliances are ideally suited for single-instance, high-capacity use cases, the
recently introduced NetScaler SDX platform can also support multi-tenancy requirements by running multiple, isolated NetScaler instances on a single
physical device. Either one can provide you a combination of hardware and
system-level software that has been constructed and optimized for service
delivery.
In comparison, NetScaler VPX is a full-featured virtual appliance version of
NetScaler that you can deploy on any hardware platform running a compatible
Citrix XenServer, Microsoft Hyper-V, or VMware ESXi hypervisor. Because
there is no physical appliance to deal with, you can deploy NetScaler service
delivery capabilities on demand, anywhere within your enterprise or cloud-based
datacenter. A flexible, software-based solution, NetScaler VPX is ideal for:
Smaller-scale implementations with less-demanding requirements
Desktop virtualization development, testing and staging
environments that cant easily accommodate a traditional
network appliance
Multi-tier scenarios that use both dedicated NetScaler virtual
appliances for all virtual desktop delivery and high-performance
NetScaler hardware appliances at the network edge for delivery
tasks for the entire enterprise environment
The net result is that with NetScaler, your organization can choose the
platform that best meets your requirements for scalability, multi-tenancy,
flexibility and lower total cost of ownership.
Flexible support for different architectures. Although many enterprises plan

to take a private cloud computing approach to desktop virtualization, others

will lean toward public or hybrid configurations where an external service
provider delivers all or some of the virtual desktops. NetScaler VPX offers a
straightforward way to implement an identical front-end capability for
cloud-hosted desktops.

Another related NetScaler capability is NetScaler Cloud Bridge; available as

a standalone appliance or integrated within NetScaler application delivery
appliances. Combining WAN optimization with integral GSLB, IPSec and
Layer 2 tunneling technologies, Cloud Bridge provides location, performance
and network transparency for implementations that span on- and off-premise
datacenters. Cloud Bridge automatically routes users to the location that will
best meet their needs, preserving LAN-like performance and providing a secure
channel for distributed components to seamlessly communicate with each
other, all without the need for IP addressing or other network design changes.

Optimizing with Citrix NetScaler

White Paper

Unmatched consolidation. NetScaler is the only service delivery solution that

combines SLB, GSLB, SSL VPN and more on an integrated, flexible and highly
scalable platform. Most competing solutions force organizations to purchase,
implement and integrate multiple, separate products and devices to obtain a
similar set of capabilities. If your organization is also using XenDesktop, you
can consolidate further, hosting a full-featured version of the web interface for
XenDesktop directly on NetScaler appliances. This configuration enables you to:
Simplify network architecture, configuration and administration
Cut IT costs by reducing server count
Boost session performance and capacity using dedicated SSL
hardware support and built-for-purpose hardware design
Improve security by operating web interface on a hardened
platform and eliminating separate firewall openings to enable
communication with DMZ-based web interface servers
Simple yet powerful management. Citrix Command Center is a centralized

management console that eliminates the need to administer multiple, distributed

NetScaler instances individually. It features an intuitive policy framework
and includes several wizards for simplifying common configuration tasks,
such as SLB and GSLB setup.
Virtual desktop solution front ends typically involve complex configurations
and numerous components. AppExpert Visualizer helps your organization
manage this complexity with an at-a-glance graphical view illustrating the
full end-to-end virtual desktop infrastructure, including individual NetScaler
delivery capabilities and the components they support. You can easily
monitor relationships, health status and configuration parameters, both for
routine administration as well as analysis and troubleshooting.

Built-in configuration wizards for easy XenDesktop deployment

Conclusion: get the most

from your desktop
virtualization implementation
If your organization is one of the growing number of enterprises worldwide
adopting desktop virtualization, consider implementing an advanced application
delivery controller, such as Citrix NetScaler. NetScaler offers a convenient and
economical way for your organization to make the most of the advantages of
desktop virtualizationthe lower ownership and operating costs, stronger
data security and greater business agilityby helping to ensure the availability,
security, usability, performance and scalability of your selected solution.
Designed to support a broad array of applications and IT services, including
on-demand virtual desktops, NetScaler provides an extensive set of delivery
capabilities that you can deploy on purpose-built hardware and full-featured
virtual appliances. By front-ending your desktop virtualization infrastructure
with Citrix NetScaler, your organization can benefit from:
Increased availability, as NetScaler protects against both component
and site-level failures
Strengthened security that helps compensate for access over public
networks and from client devices not controlled by IT
A smooth and seamless user experience that helps ensure
employees remain content and productive
The ability to scale infrastructure without disrupting users or
requiring forklift upgrades
An enterprise-class solution, NetScaler delivers a choice of platform, the
flexibility to support different deployment architectures and an unmatched
degree of infrastructure consolidation and manageability. Find out more
about how you can use it along with your preferred desktop virtualization
solution to help ensure your organization gets the maximum benefit from
this new desktop delivery model. Visit www.citrix.com/netscaler.

10

Worldwide Headquarters
Citrix Systems, Inc.
851 West Cypress Creek Road
Fort Lauderdale, FL 33309, USA
T +1 800 393 1888
T +1 954 267 3000
Americas
Citrix Silicon Valley
4988 Great America Parkway
Santa Clara, CA 95054, USA
T +1 408 790 8000
Europe
Citrix Systems International GmbH
Rheinweg 9
8200 Schaffhausen, Switzerland
T +41 52 635 7700
Asia Pacific
Citrix Systems Hong Kong Ltd.
Suite 6301-10, 63rd Floor
One Island East
18 Westland Road
Island East, Hong Kong, China
T +852 2100 5000
Citrix Online Division
6500 Hollister Avenue
Goleta, CA 93117, USA
T +1 805 690 6400
www.citrix.com

About Citrix
Citrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as an
on-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a full
portfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizations
worldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000
companies in more than 100 countries. Annual revenue in 2010 was $1.87 billion.
2011 Citrix Systems, Inc. All rights reserved. Citrix, NetScaler, XenDesktop, XenApp, Citrix Access Gateway, Citrix
Receiver , MPX, SDX, VPX, XenServer and AppExpert Visualizer are registered trademarks of Citrix Systems, Inc. and/
or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other
trademarks and registered trademarks are property of their respective owners.

0611/PDF