Sikker adgang fra alle devices

  • View
    38

  • Download
    0

Embed Size (px)

DESCRIPTION

Sikker adgang fra alle devices. edgemo summit CPH maj 2014. Kort intro. Eigil Ørnfelt Infrastructure specialist eoe@edgemo.com. Niels Holm Infrastructure specialist nch@edgemo.com. NetScaler Access Gateway Enterprise Edition (AGEE). NetScaler Gateway. NetScaler ADC. - PowerPoint PPT Presentation

Text of Sikker adgang fra alle devices

PowerPoint Presentation

Sikker adgang fra alle devicesedgemo summit CPHmaj 2014Kort introEigil rnfeltInfrastructure specialisteoe@edgemo.com

Niels HolmInfrastructure specialistnch@edgemo.com

NetScaler GatewayNetScaler Access Gateway Enterprise Edition (AGEE)Citrix Access Gateway (CAG)Citrix Secure GatewayNetScaler ADCCitrix Advanced Access Gateway (CAG)Citrix TriScale Technology

Scale UpScale Out

Scale In

Elasticity with Pay-As-You-Grow Simplicity with Many-In-One

Expandability with Add-and-GoBuy only what you needEnd Appliance SprawlStart Small. Grow ForeverGrow capacity up to 5x. No New Hardware.Megabits to Terabits. Zero Downtime.80x footprint reduction. No Compromises.Citrix NetScaler overview

Citrix NetScaler overview

Cloud Infrastructure

Enterprise DatacenterPerformanAcAcAccelerateOffloadSecurityAvailability

World-class load balancingHealth monitoringCachingCompressionOptimization TCP Connection Management SSL processingSSL VPNApplication firewallAAALayer 4 Load Balancing

Source IPCookieSSL Session IDServer-ID in URL QueryCustomer Server-IDToken (header or body)Maintaining UserSessionsDistributing TrafficLeast ConnectionsLowest Response TimeRound RobinSNMP-basedHash-basedMany moreMonitoring Server Health and AvailabilityTCP ConnectionHTTPS ConnectionExtended Content VerificationScriptable Health ChecksTCP and UDP Client Requests

Global Server Load Balancing

Site BSite A

HTTP RequestsAnything in request bodyDevice TypeLanguageCookieBrowser CapabilityXML XPath support

Client Attributes Any TCP Request HTTP Get HTTP PostRequest ProtocolRequest MethodAny TCP payload valueAny HTTP payload valueDomainWildcard URL

Content Switching: Load Balancing on SteroidsLayer 7 content switching is like load balancing on steroids. It represents the most optimal way to switch requests to the most appropriate server. Click. Specific client attributes can be used. Cookie, device type, browser type, etc. can be used to forward the request.Click. Request protocols such as Gets and Posts can be used.Click. Forwarding decisions can be based on ANY payload value-we dub this deep stream inspection. Now such items as shopping cart values or platinum member passport IDs can be used to give faster service to your best customers.By matching the request with a specific server, availability is enhanced as ONLY those requests that can be serviced are forwarded; servers are not bogged down on requests they cannot fulfill. Application response time is cut as redirects are prevented. CLICK. An additional benefit is the reduction in servers needed as application replication across servers can be minimized. Servers now are specialized by application type.

9OptimeringTCP Connection MultiplexingNetScaler terminates connectionClient transmits requestsNetScaler establishes server connection NetScaler transmits client requestsOther clients follow same procedureMultiple client requests are transmitted across common server connectionWeb Server

Uden Multiplexing12

Med Multiplexing13Database Scale-Up PerformancePerformanceDirectNetScalerTransactions/sec 5,250 14,700 Queries/sec 21,000 58,800 Queries/minute 1,260,000 3,528,000 Latency of each transaction (ms) 34 13 NetScaler CPU use % N/A 46 SQL server CPU use % 100 100 SQL server RAM use (MB) 131 123 RX tput (Mbps) 75 160 NetScaler: MPX5500DB Server: MS SQL Server 2008 on 4-cores + 4GB RAM Server/Windows 2003 32 bit, Intel Xeon X5680 3.33 GHz Transaction: 1 new TCP Connection with 5 SQL Queries

3x1/3Spare CPU: Scale-Out!PerformanceDirectTransactions/sec 5,250 Queries/sec 21,000 Queries/minute 1,260,000 Latency of each transaction (ms) 34 NetScaler CPU use % N/A SQL server CPU use % 100 SQL server RAM use (MB) 131 RX tput (Mbps) 75 Simple 3 step process.14AppCacheMemory or flash disk based cacheReduce time to first packetSignificantly reduce back-end server workloadsDynamic caching for frequently changing contentFlash cache support for realtime updates

AppCache Non-Caching proxy

Deliver it one timeGet the web page

AppCache Caching proxy

Deliver it many timesGet the web page once

AppCompressStandard based compression GZIP/DEFLATEWorks with all browsers, including mobileApplies to HTML, JavaScript, CSS and Documents3:1 to 5:1 Compression Ratio

AppCompress1 GbyteFile1 GbyteFile1 Gbps Throughput200-300Mbps Throughput

AppCompression

1 Kb request (for a 100Kb file from server)1 Kb request (for a 100Kb file from server)

Respone with a 100KB file5Kb Compressed Response5Kb Compressed Response

SikkerhedAAA - Authentication

Multi-factor authentication

REQ.SSL.CLIENT.CERT = EXISTSREQ.BROWSER-TYPE = Internet ExplorerREQ.SSL.CLIENT.CERT != EXISTSREQ.SSL.CLIENT.CERT = EXISTS

+ LDAPNetScaler Insight CenterInsight Center

Internet

!!!!WANData Center NetworkXenDesktop/ XenApp

???Insight CenterOldNewUSER

Help-DeskDesktop AdminNetwork AdminCitrix SupportSoftware

Citrix Support

Citrix SupportEscalationUSER

Help-DeskNetwork AdminIT DepartmentCitrix SupportIT dept calls Citrix Support

NetScaler Insight Center

Internet

NetScaler

XenDesktop/ XenApp

NetScaler Insight Center3rd PartyAnalysis ToolsAppFlowAppFlow

Insight Center

Client Network Insight CenterInsight Center

Insight Center

?

Tak for jeres tid!