Citrix SD-WAN simplifies branch networking with a secure, reliable and high-performance network, providing users with an improved workspace experience that helps with accessing SaaS applications, virtual desktops and/or traditional data centres.

Citrix SD-WAN offer many benefits to meet the demands of modern business networks, including:

• Improved application performance and quality of service for remote and branch workers.

• Reduced WAN costs and scaled capacity through the use of lower-priced broadband and mobile connections.

• Increased flexibility to prioritise business-critical applications over other network traffic.

• Improved business continuity and disaster recovery capabilities that maintain connectivity even during multiple network failures.

• Increased connection security across the WAN application and data migrate to the cloud.

• Reduces branch networking complexity by consolidating services into an integrated WAN edge appliance and centralising management and policy definition.

Citrix run a range of instructor led courses, online e-learning and SD-WAN labs and workshops, visit the Citrix Education website for details. cloudDNA can offer bespoke training tailored to your specific requirements and use cases, please contact us for further information.

Application Programming Interface (API) – NITRO APIs (REST APIs) were introduced in NetScaler SD-WAN release v9.3. NITRO APIs can be used for third-party software integration. Detailed API documentation is available in the product installation. APIs are available for the following:

Configuration:

• Network Adaptors: Config Package – Import, Export, Save As

Monitoring:

• Access Interfaces: Virtual Path Services: Ethernet MAC Learning: Intranet:Observed Protocols

• Paths (Detailed) : Appliance Routes: Rule Group:Site: MPLS Queues: WAN Link Usage: GRE Tunnel

• IPsec Tunnel: Multicast Group; Dynamic Routing Protocol

Configuration editor:

• App QoE Application Routes: DNS Settings: Office 365

• WAN optimisation Application Classifiers and Service Classes.

This feature is applicable to networks with VSAT, LOS, Microwave, 3G/4G/LTE WAN Links, for which the available bandwidth varies based on weather and atmosphere conditions, location, and line of site obstructions. It allows the SD-WAN appliances to adjust the bandwidth rate on the WAN Link dynamically based on a defined bandwidth range (minimum and maximum WAN Link rate) to use the maximum amount of available bandwidth without making the paths BAD.

Citrix SD-WAN appliances can be deployed in high availability configuration as a pair of appliances in Active/Standby roles. There are three modes of high availability deployment:

• Parallel Inline high availability

• Fail-to-Wire high availability

• One-Arm high availability

The Citrix SD-WAN solution includes a sophisticated application Quality-of-Services (QoS) engine that accesses the application traffic and prioritises critical applications. It also understands the requirements for WAN network quality and picks a network path based on the quality characteristics in real time. QoS classes, IP rules, application QoS rules, and other components are required to define application QoS.

Citrix SD-WAN allows segmenting of networks for more security and manageability by using Virtual Routing and Forwarding (VRF). For example, you can separate a guest network traffic from employee traffic, create distinct routing domains to segment large corporate networks, and segment traffic to support multiple customer networks. Each routing domain has its own routing table and enables the support for overlapping IP subnets, Citrix SD-WAN appliances implement OSPF and BGP routing domains to control and segment network traffic.

Citrix SD-WAN provides Wide AREA Network optimisation and resilience and should not be confused with Citrix ADC (formally NetScaler ADC) which is an Application Delivery Controller.

From release 12.1 49.xx, you can deploy a Citrix SD-WAN VPX instance on Citrix ADC SDX 14XXX and SDX 115XX appliances:

https://docs.citrix.com/en-us/…

You can deploy a Citrix SD-WAN VPX appliance on a Citrix ADC SDX policy-based route (PBR) mode or in inline mode.

For more information contact a cloudDNA technical specialist.

With Citrix SD-WAN, you can easily and cost-effectively spin up SD-WAN instances to reliably connect branches to Google Cloud Platform (GCP) through virtual overlays, Citrix SD-WAN supports high reliable and performant connectivity from office locations to workloads running on GCP on-premise resources such as database servers, offering advanced features including:

Deliver an optimal application experience to Citrix Virtual Apps and Desktops on GCP through integration with HDX, which uses the ICA protocol. Provide exceptional performance to applications running on GCP, including G Suite, with deep packet inspection, QoS, link bonding and selective packet duplication for critical traffic such as VoIP and SCADA. Quickly set up high-availability connections to Google virtual private cloud (VPCs) and manage the entire network from Citrix orchestration service.

Citrix SD-WAN connects branch offices to AWS through virtual paths. Users can continue using existing links and add low-cost broadband to achieve an active-active state, allowing Citrix to map connectivity, monitor all conditions (eg, latency, congestion, etc), and innately determine which apps go over which link – in real time.

Citrix SD-WAN optimises bandwidth utilisation between branch offices, enterprise data centres, and public cloud with Transmission Control Protocol (TCP) flow control, data, compression, de-duplication, and protocol optimisation to improve the user experience and reduce bandwidth costs.

Citrix SD-WAN provides strong encryption and an integrated stateful firewall to centrally define security policies for application traffic across on-premise, branch, and AWS environments. If traffic is slowed or in case of an outage, the Citrix SD-WAN dynamically reroutes it within milliseconds to the best link available, helping to establish high availability and performance.

Citrix partners with Microsoft to provide the Citrix SD-WAN solution as the on-ramp to Azure. The joint solution is designed for the WAN edge of Azure to help enhance user experience, deliver consistent productivity and automate the branch-office network deployments.

As applications continue to migrate to the cloud, and companies continue to operate across geographically dispersed locations, branch offices need access solution that is purpose-built for the internet with enhanced security and improved reliability. Branch offices need to be able to optimise and scale Azure performance to deliver reliable access to resources.

Citrix SD-WAN can be used in the simplification of WAN network connections by the replacement of ISP routing devices. One way is by configuring the Citrix SD-WAN appliance to act as a PPPoE client. It authenticates with the PPPoE server and obtains a dynamic IP address or uses static IP address to establish PPPoE connections.

Citrix SD-WAN supports enabling metered links, which can be configured such that user traffic is only transmitted on a specific internet WAN Link when all other available WAN Links are disabled.

Metered links conserve bandwidth on links that are billed based on usage. With the metered links you can configure the links as the Last Resort Link, which disallows the usage of the link until all other non-metered link are down or degraded.

Citrix SD-WAN provides resilient and robust connectivity between remote sites, data centres and cloud networks. The SD-WAN solution can accomplish this by establishing tunnels between SD-WAN appliances in the network enabling connectivity between sites by applying route tables that overlay the existing underlay network. SD-WAN route tables can fully replace or coexist with existing routing infrastructure.

Citrix SD-WAN allows you to configure policies to break out Office 365 traffic to the Internet. The Office 365 traffic is directed to the nearest service endpoint, which exists at the edge of Microsoft Office 365 infrastructure worldwide. Once traffic reaches a front door, it goes over Microsoft’s network and reaches the actual destination. This minimises latency as the round trip time from the customer network to the Office 365 endpoint reduces.

There are three Citrix SD-WAN Editions each with a different set or subset of SD-WAN features. The type of license you install determines the platform edition- Standard Edition, WANOP and Premium Edition appliances.

In all cases, licenses can be applied locally (to each appliance), remotely (using Citrix virtual Licensing server) and Centralised Licensing (using Citrix SD-WAN Centre).

Citrix SD-WAN Enterprise Edition is the old name for Citrix SD-WAN Premium Edition. This is a physical appliance that combines both the Citrix SD-WAN Standard Edition and Citrix SD-WAN WANOP Editions in a single unit to optimise branch and mobile user experience and to achieve fully resilient applications regardless of network quality.

Citrix SD-WAN Premium Edition is a physical appliance that combines both the Citrix SD-WAN Standard Edition and Citrix SD-WAN WANOP Editions in a single unit, to optimise branch and mobile user experience and to archive fully resilient applications regardless of network quality.

Citrix SD-WAN Standard Edition (WAN virtualisation) creates a secure, reliable and scalable WAN by bonding diverse network links, including MPLS, broadband and wireless and ensures that appliances take the best path to achieve the highest application performance.

Citrix SD-WAN simplifies branch networking with a secure, reliable and high-performance network, providing users with an improved workspace experience that helps with accessing SaaS applications, virtual desktops and/or traditional data centres.

Citrix SD-WAN offer many benefits to meet the demands of modern business networks, including:

• Improved application performance and quality of service for remote and branch workers.

• Reduced WAN costs and scaled capacity through the use of lower-priced broadband and mobile connections.

• Increased flexibility to prioritise business-critical applications over other network traffic.

• Improved business continuity and disaster recovery capabilities that maintain connectivity even during multiple network failures.

• Increased connection security across the WAN application and data migrate to the cloud.

• Reduces branch networking complexity by consolidating services into an integrated WAN edge appliance and centralising management and policy definition.

Citrix SD-WAN Orchestrator is a centralised management and analytics platform. It’s designed to reduce the operating overhead of Citrix SD-WAN estate management with multi-tenant capabilities for deployments at scale. cloudDNA use the platform for managed service customers.

The product is now available for on prem deployments but more popularly consumed as a service from Citrix Cloud.

Please speak to a cloudDNA technical specialist for more information on Orchestrator and our Managed Services offering.

Citrix SD-WAN Zero Touch Deployment (ZTD) Service is a Citrix operated and managed cloud service which allows discovery of a new appliance in the Citrix SD-WAN network and automates the deployment process for branch offices. The ZTD Cloud Services is accessible from any node in the network, and over Secure Socket Layer (SSL) protocol.

Citrix SD-WAN Center is a centralised management system that enables you to configure, monitor, and analyse all the Citrix SD-WAN appliances on your SD-WAN on your WAN. It reduces the configuration errors and the time taken to deploy Citrix SD-WAN appliances. It also provides visibility into the SD-WAN network and application performance by allowing you to generate reports and statistics across multiple Citrix SD-WAN appliances.

Citrix SD-WAN Standard Edition (WAN virtualisation) creates a secure, reliable and scalable WAN by bonding diverse network links, including MPLS, broadband and wireless.

Citrix SD-WAN WAOP Edition provides Application and WAN optimisation and bandwidth efficiently through features such flow control, data compression and protocol optimisation.

Citrix SD-WAN Premium Edition is a physical appliance that combines both Citrix SD-WAN Standard and Citrix SD-WAN WANOP Edition in a single unit.

Citrix SD-WAN VPX is a Citrix SD-WAN Virtual appliance that can be hosted on a Citrix XenServer, VMware, ESX or ESXi, Microsoft Hyper-V, Microsoft Azure, Amazon AWS and Google Cloud virtualisation platforms. A Citrix SD-WAN VPX appliance supports most of the features of the physical Standard Edition or WANOP Edition appliances.

Citrix CloudBridge is an old product name for what is know now as “Citrix SD-WAN”. Citrix SD-WAN is a family of appliances, both physical and virtual that provides wide area network optimisation (WANOP Edition) across public and private cloud networks.

Citrix NetScaler SD-WAN is an old product name for what is known now as “Citrix SD-WAN”. Citrix SD-WAN is a family of appliances, both physical and virtual that provide wide area network optimisation (WANOP Edition), hybrid WAN virtualisation (Standard Edition) or both physical appliances (Premium Edition) across public and cloud networks.

Citrix SD-WAN is a family of appliances, both physical and virtual that provides wide area network optimisation (WANOP Edition), hybrid WAN virtualisation (Standard Edition), or both in a physical appliance (Premium Edition) across public and private cloud networks.

Citrix SD-WAN solves complex routing with simplicity. It provides optimal network connectivity between enterprise branch offices and their Workspace, whether it’s hosted on-premise or in the cloud. This improves user experience and reduces costs.

A Software – defined Wide Area Network (SDWAN) is a virtual WAN architecture that allows businesses to securely leverage any number of WAN links (including MPLS, LTE, and broadband internet services) to connect users to application in corporate network and Cloud.

As companies utilise a growing number of cloud-based applications, traditional WAN networks are unable to maintain good speeds and optimised connectivity. Scaling multi-protocol label switching (MPLS) solutions to overcome these challenges can be costly and time-consuming. SD-WAN solutions offer the flexibility to control connection efficiently even during periods of high network demand.

Citrix SD-WAN WAN Op Edition provides application and WAN Optimisation usability and bandwidth efficiently, through features such as TCP flow control, data compression de-duplication and protocol optimisation. Citrix SD-WAN can improve the end-user experience as well as provide a reduction in WAN bandwidth expenses. And with video usage on the rise, Citrix SD-WAN can optimise video delivery within Citrix Virtual Apps and Desktops environments as well as for popular websites and internal video content repositories.

Citrix SD-WAN security features include an integrated Stateful Firewall.

The firewall allows policies to be enforced between services and zones, and supports Static NAT, Dynamic NAT (PAT) and Dynamic NAT with Port Forwarding for enterprise grade control.

More firewall capabilities include providing security for user traffic within the SD-WAN network overlay, using the same IP address space for multiple entities, NAT capability and many more – details can be found in product documentation.

Once a firewall policy template has been created it can be used to configure firewall settings for Citrix SD-WAN Network. Using the Global firewall settings, it’s possible to configure the global firewall parameters, these settings are applied to all the sites on the virtual WAN network in a click for rapid rule deployment where required. Cool.

To secure internet traffic and enforce policies companies often use MPLS links to backhaul branch traffic to the corporate data centre. This can consume bandwidth and increase latency to the detriment of application performance and user experience. An alternative is to allow this traffic onto the internet direct from the Branch/Remote site but this can add complexity and cost. The ideal solution to enforce security without adding cost, complexity, or latency is to route all branch internet traffic from the Citrix NetScaler SD-WAN appliance to the Zscaler Cloud Security Platform. The Zscaler Cloud Security Platform acts as a series of security check posts in more than 100 data centres around the remote locations. Zscaler connects users and the internet, inspecting every byte of traffic, even if it is encrypted or compressed.

NetScaler SD-WAN appliances can connect a Zscaler cloud network through GRE tunnels and IPsec tunnels at the customer’s site.

Quality of Service (QoS):

The network between office locations and the data centre or cloud must transport a multiple of applications and data, including high quality video or real-time voice. Bandwidth sensitive applications stretch the network’s capabilities and resources. Citrix SD-WAN provides guaranteed, secure, measurable, and predictable network services. This is achieved by managing the delay, jitter, bandwidth, and packet loss on the network.

The Citrix SD-WAN solution includes, a sophisticated application Quality-of-Service (QoS) engine that accesses the application traffic and prioritises critical applications. It also understands the requirement for WAN network quality and picks a network path based on the quality characteristics in real time.

Citrix SD-WAN datasheet (previously known as Citrix NetScaler SD-WAN Datasheet) is a document that provides technical details of all the physical and virtual appliances in the Citrix SD-WAN product ranges.

Information about appliances, types, models, bandwidth supported, software features.

For virtual appliances it provides guidance on Hypervisor support, CPU, memory and hard drives requirements. For physical applications it also provides appliance dimension, rack space, power and environmental specifications.

The online datasheet can be found at the following link

https://www.citrix.com/product…

You can download a PDF version of the datasheet from the following link.

https://www.citrix.com/content…

The Master Control Node (MCN) is the central Virtual WAN Appliance that acts as the master controller of the Virtual WAN, and the central administration point for the client nodes. All configuration activities, as well as preparation of the appliances packages and their distribution to the clients are performed on the MCN. In addition, certain Virtual WAN monitoring and diagnostic information is available only on the MCN.

Citrix SD-WAN documentation is an online resource that provides Citrix SD-WAN administration and developers with detailed information on installation, configuration, maintenance and troubleshooting of the Citrix SD-WAN product set.

This documentation can be found at the following link http://docs.citrix.com/en-us/c…

Please speak to cloudDNA technical specialists who will be happily organise an SD-WAN demo.

A Citrix SD-WAN Virtual path is a logical tunnel between sites that comprises of multiple diverse network links. A single Virtual Path may consist of several WAN links that include WAN links such as NPLS, Satellite, LTE and broadband.

Citrix SD-WAN allows for the creation of “Static Virtual Paths” which are fixed predefined paths created between sites in an organisation. Citrix SD-WAN also supports “Dynamic Virtual Paths between sites as needed and traffic dictates.

Citrix SD-WAN works on a packet by packet basis and with each packet that passes through the network Citrix SD-WAN measures the latency, loss, congestion and jitter of every possible path, in each direction. The intelligence is used for all network decisions and is key to the ability of the Citrix SD-WAN to provide always on branches and high application quality.

A Virtual Private Network (VPN) is a secure encrypted tunnel between two devices and evolved from the need for people to access their company network securely from a remote site, VPN’s are often restricted to a single WAN link and inflexible.

A Software- defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows businesses to securely leverage any combination of WAN links (including MPLS, LTE, broadband internet services and VPN tunnels) to connect remote users/sites to corporate infrastructure.

Software Defined Networking (SDN) provides a method to centrally configure and manage physical and virtual network devices, such as routers, switches and gateways within the internal infrastructure of a company.

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows businesses to leverage any combination of WAN links – including MPLS, LTE and broadband internet services – to securely connect users to applications.

SD-WAN stands for Software Defined Wide Area Networking.

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows businesses to leverage any combination of WAN links- including MPLS, LTE and broadband internet services – to securely connect users to appliances.

The communication between SD-WAN appliances (SD-WAN virtual path) uses AES-128 data encryption by default which can be increased to AES-256 encryption level.

In addition, Citrix documentation recommends that “Enable Encryption Key Rotation” is set to ensure key regeneration for every Virtual Path with encryption enabled using an Elliptic Curve Diffie-Hellman key exchange as intervals of 10-15 minutes.

It also recommended to maintain security through the deployment lifecycle of Citrix SD-WAN, Citrix documentation lists the following security considerations:

• Physical Security> Appliance Security> Networking security > Administration and Management

http://docs.citrix.com/en-us/c…

Will Citrix MPLS replace MPLS?–

MPLS stands for Multi-Protocol Label Switching. What is MPLS? It is a mechanism for routing traffic within a telecommunications network, as data travels from one network node to the next. MPLS can provide applications including VPN’s (Virtual Private Networks), traffic engineering (TE) and Quality of Service (QoS).

Citrix SD-WAN simplifies branch networking with a secure, reliable and high-performance network, providing users with an improved workspace experience that helps with accessing SaaS application, virtual desktops and/or traditional data centres.

Citrix SD-WAN offer many benefits to meet the demands of modern business network including:

• Improved appliance performance and quality of service for remote and branch workers.

• Reduced WAN costs and scaled capacity through the use of lower-priced broadband and mobile connections.

• Increased flexibility to prioritise business-critical appliances over the network traffic.

• Improved business continuity and disaster recovery capabilities that maintain connectivity even during multiple network failures.

• Increased connection security across the WAN as applications and data migrate to the cloud.

• Reduced branch networking complexity by consolidating services into an integrated WAN edge appliance and centralising management and policy definition.

All Citrix SD-WAN physical appliances have at least one fail to wire network card installed.

Fail to Wire (FTW) functionality provides a mechanism to connect link layer signal (L2 signals) to one of two data ports on a single Network Interface Card (NIC) via a relay switch. The relay switch provides a direct hardware path for incoming traffic to exit directly without going through the NIC driver. This is called bypass mode of the FTW card and when enabled allows traffic to flow through the interface even when there is no power, providing fault tolerance to power/ device failure.

Citrix SD-WAN WAN OP Edition can be used to optimise/ accelerate the XenApp/XenDesktop (ICA/CGP) traffic. This acceleration has three components:

• Compression – The appliance cooperates with XenApp clients and serves to compress XenApp data streams for interactive data (keyboard/mouse/display/audio) and batch data (printing and file transfers). This interaction takes place transparently and requires no configuration of the appliance. A small amount of configuration, described below is required on older Xen App servers (release 4x).

• Multistream ICA – In addition to compression, Citrix SD-WAN WAN OP appliances support the new Multistream ICA protocol, in which up to four connections are used for the different ICA priorities, instead of multiplexing all priorities over the same connection. This approach gives interactive tasks greater responsiveness, especially when combined with the appliance’s traffic shaping.

• Traffic Shaping – Citrix SD-WAN WANOP traffic shaper uses the priority bits in the XenApp data protocols to modulate the connection’s priority in real time, matching the bandwidth share of each connection to what the connection is transmitting at the moment.

VPX or Virtual appliance is an appliance that can be hosted on Citrix XenServer, VMware ESX or ESXi, Microsoft Hyper-V, Microsoft Azure, Amazon AWS and Google Cloud virtualisation platform. A Citrix SD-WAN VPX application supports most of the features of the physical appliances.

This Edition includes WAN Optimisation features only. It supports application acceleration, data reduction and protocol control to optimise application across WAN. Optionally it can include virtual Windows Server to simplify branch infrastructure and mobile PC plug-in capability.

This Edition includes WAN Optimisation features only. It supports application acceleration, data reduction, and protocol control to optimise applications across the WAN. Optionally, it can include virtual Windows Server to simplify branch infrastructure and mobile PC plug-in capacity.

The Citrix SD-WAN WAN OP Client Plug-in is a software based network accelerator that runs on Windows laptops and workstations, providing acceleration anywhere, not just at office/branch office. It connects to a Citrix SD-WAN WAN OP appliance at the end of the link.

The principles of WAN OP Client Plug-in operation are generally the same as those of a Citrix SD-WAN WAN OP appliance providing Application optimisation, WAN optimisation and bandwidth efficiency through features such Flow Control, data compression and protocol optimisation.