Optimization of Citrix ICA with Steelhead Appliances and RiOS 6.0 WHITE PAPER
INTRODUCTION Desktop virtualization architectures enable enterprises to host their applications and data centrally and to access those remotely using thin clients. Thin clients offer a number of endpoint benefits, among others: Dramatic reduction in management, better security, reduced power consumption footprint and better total cost of ownership. Citrix, with its XenApp server (previously known as Presentation Server), is a market leader of thin client solutions. XenApp is an application delivery system that offers client-side and server-side application virtualization, for optimal application performance and flexible deliver options. Users connect to their desktops and applications using a thin client which communicates with the server using a custom-built and proprietary protocol know as ICA (Independent Computing Architecture). However, while desktop virtualization usually has little or impact on the end-user experience when the thin client and server communicate over a LAN, it can come at the cost of reduced user experience when running over the WAN, in particular in high-latency environments. ICA has some optimizations to attenuate the effects of latency, such as compression and SpeedScreen Latency Reduction (local echo of keystrokes and mouse click feedback). However, these optimizations alone are usually not sufficient to solve the problem. In RiOS 6.0, the Riverbed Steelhead appliance now has simplified configuration and enhanced QoS capabilities for Citrix by delivering both bandwidth reduction and up to 40% better response times. Results from this analysis show that Steelhead appliances improve Citrix ICA bandwidth utilization by 50% in most cases and up to 90% in some cases. 2010 Riverbed Technology. All rights reserved. 1
Testing Results for RiOS 6.0 The tests described below were done to simulate a T1 link (1.55 Mbps) with 100 ms round trip latency. A desktop was published from a XenApp server version 6.0 and Citrix on-line plug-in client version 12.0.0.6410 was used to connect to the published desktop. RiOS 6.0 provides Citrix ICA support for Presentation Server v4.5, XenApp v5.0, XenApp v6.0, and the v10.x, v11.x and v12.x clients. Five test scenarios were executed to measure the performance of Citrix ICA with the Steelhead appliances and RiOS 6.0. The files accessed were stored centrally on the server. The results from the tests are show below. Test Result #1 In this test scenario, we measured the amount of WAN bandwidth consumed per ICA session. Cold performance numbers indicate the first pass when the Steelhead appliances see the data for the first time. Warm performance numbers indicate the performance on subsequent runs of the same data. Note that we have results for two warm runs. As seen below in figure 1, the amount of WAN bandwidth consumed per session for Warm performance is halved with the use of Steelhead appliances when compared with the default native ICA setup (with encryption and data compression enabled). Based on these results, it is possible to double the number of users supported on a WAN link. Figure 1 Required WAN Bandwidth per Test Session (in kbps) 2010 Riverbed Technology. All rights reserved. 2
Test Result #2 In this test scenario, we measured the WAN bandwidth data reduction when printing a 20MB PDF within an ICA session. The print job was performed with the default native ICA setup and with the use of Steelhead appliances (Cold and Warm performance). As shown in figure 2, we observed an 80% WAN bandwidth data reduction for Steelhead Warm performance when compared with default native ICA. Figure 2 WAN Bandwidth Data Reduction (percentage) for 20MB Print Job Test Result #3 In this test scenario to measure the effects of RiOS 6.0 QoS enhancements, we used the Citrix EdgeSight for Load Testing tool to simulate 20 users executing an interactive Microsoft Word session over a saturated T1. To saturate the T1, we executed three separate file copy jobs (non-interactive) in an active ICA session. The interactive MS Word session consisted of opening a Word document, adding several lines of text and performing a document save. More information on understanding how to use the Citrix EdgeSight for Load Testing can be found here: http://www.citrix.com/english/ps2/products/subfeature.asp?contentid=1297903 Using the QoS settings (see page 7 - Configuring QoS for Citrix ICA Sessions) on the server-side Steelhead for a saturated T1, the most significant impact was on the ICA Ping times (time taken for an ICA packet to travel between the Launcher and the Presentation Server), resulting in a 77% time improvement (see table below). Additionally, the overall completion time for the Word test showed a modest 2% time improvement. These results indicate the RiOS 6.0 Qos Enhancements are effective in impacting the performance for Citrix interactive traffic over the Citrix non-interactive traffic. Microsoft Word Test (sec) ICA Ping (ms) QoS disabled + 3x copy + 20 users 86.00 205.00 QoS enabled + 3x copy + 20 users 84.00 116.00 Times Iimprovement (x-factor) 1.02 1.77 Table 1 MS Word Interactive (20 users) Test 2010 Riverbed Technology. All rights reserved. 3
Test Result #4 In this test scenario, we measured the WAN bandwidth data reduction when executing a 6MB PowerPoint slideshow within an ICA session. The PowerPoint presentation consisted of rich text and graphics to demonstrate the effectiveness of the Steelhead appliances when performing screen updates. For this test, we observed a 63% WAN bandwidth data reduction for Steelhead Warm performance when compared with default native ICA. Test Result #5 In this test scenario, we measured the performance speedup and WAN bandwidth data reduction when copying a 5.76MB PDF and a 14.8MB PPT to the mapped local drive (host computer) within an ICA session. Figure 3 shows up to a 68% times improvement and a 71% WAN bandwidth data reduction for the Steelhead Warm performance when compared with default native ICA for both the PDF and PPT file copies. Figure 3 Times Improvement (percentage) and WAN Bandwidth Data Reduction (percentage) for Copy File Job 2010 Riverbed Technology. All rights reserved. 4
Tuning Citrix Citrix supports compression and encryption of traffic by default. Prior to RiOS 6.0, it was required to switch off compression and encryption for ICA so that Steelhead appliances can compress ICA. In RiOS 6.0, the Citrix blade will automatically disable compression and decrypt basic encryption. This support is specific for Presentation Server v4.5, XenApp v5.0, XenApp v6.0, and the v10.x, v11.x and v12.x clients. The following tables provide a summary of Steelhead operation with Citrix compression and encryption. Citrix Compression Setting Use data compression (default) Steelhead Behavior Detect that compression is enabled; negotiate ICA operation with compression off as if the box were not checked in the configuration. Riverbed standard compression will be used. Operate with compression off as expected. Do not use data compression Riverbed standard compression will be used. Table 2 Citrix ICA Compression Settings Citrix Encryption Setting Use basic encryption (default) Do not use basic encryption Steelhead Behavior Detect that encyption is enabled and extracts the encryption key during connection setup. Apply compression and SDR to the unencrypted traffic over the WAN. Re-encrypt on the LAN side with the encryption key. Data is unencrypted across the WAN (unless encrypted by another entity). Table 3 Citrix ICA Encryption Settings 2010 Riverbed Technology. All rights reserved. 5
Table 4 Citrix ICA Properties 2010 Riverbed Technology. All rights reserved. 6
Tuning Steelhead Appliances These settings are specific to RiOS 6.0. 1. Remove Citrix ICA ports 1494 and 2598 from the Interactive Ports label. On both the client-side Steelhead (CSH) and the server-side Steelhead (SSH), go to Configure- >Networking->Port Labels: a. Click Interactive b. Remove ports 1494 and 2598 c. Click Apply 2. Enable the Citrix ICA Blade. On both the client-side Steelhead (CSH) and the server-side Steelhead (SSH), go to Configure- >Optimization->Citrix ICA: a. Click Enable Citrix ICA Optimization b. Click Apply 2010 Riverbed Technology. All rights reserved. 7
2010 Riverbed Technology. All rights reserved. 8
Configuring QoS for Citrix ICA Sessions ICA Priority Packet Tagging provides a mechanism for prioritizing ICA sessions based on the virtual channel from which the data originated. This is accomplished by associating each virtual channel with a two-bit priority. This two-bit priority is included as part of each ICA framing header. The two priority bits combine to form four priority values: Value Priority Description Realtime keystrokes, bitmap updates, mouse 0 High Priority movements 1 Medium Priority Clipboard, client audio, license management 2 Low Priority Client COM Port Mapping, Client Drive Mapping 3 Background Priority Print Traffic, Auto client update QoS solutions that take advantage of ICA Priority Packet Tagging will provide QoS benefits that are more granular than prioritizing ICA traffic based only on an application name or username. More information on understanding ICA Priority Packet Tagging and virtual channel priorities can be found at Citrix s Support Site: http://support.citrix.com/article/ctx19314 RiOS 6.0 now provides support for priority classification of Session Reliability and ICA traffic. The new Citrix blade can examine priority in ICA as well as Session Reliability traffic. Once the ICA traffic has been classified using the application priorities, QoS rules can be created to separate low importance traffic (printing) from high importance traffic (interactive screen updates). Note that Citrix traffic classification cannot identify Citrix ICA protocol it can only extract application priority. Therefore, it is important to identify Citrix traffic using IP/port combination. For example, source port matching rule can be used to identify Citrix server on the server-side Steelhead. Some of the traffic in Citrix ICA stream is not marked with priority. Such traffic will not match any of the Citrix rules. Therefore, a default class for Citrix traffic has to be configured. This class must be backed by packet ordering queue. The following QoS configuration example is for the Steelhead appliance adjacent to the Citrix server where most of the traffic is going from the Citrix server to a remote client. 1. Enable the QoS Classification In our example, the WAN size is 10 Mbps. On the server-side Steelhead (SSH), go to Configure->Networking->QoS Classification: a. Click Enable QoS Classification and Enforcement b. Click and enter a value for Enable QoS on wan0_0 with WAN Throughput (kbps) c. Click Apply 2010 Riverbed Technology. All rights reserved. 9
2. QoS Classes - Configure 5 classes for Citrix ICA traffic (one class for each of 4 application priorities and one default class). An arbitrary percentage was used for each application priority. NOTE - The following settings are a sample configuration for this document and not necessarily optimal. Please use percentages for each application priority that fit your customer environment. On the server-side Steelhead (SSH), go to Configure->Networking->QoS Classification: a. Click Add a New QoS Class b. Fill in information for the Class Name, Class Parent c. Select a Latency Priority d. Fill in an appropriate Guaranteed Bandwidth leave Upper Bandwidth Limit at 100% so that lower priority classes can utilize full bandwidth when it is available. e. Select packet-order for the Queue f. Click Add g. Repeat for each Citrix class (Citrix-High, Citrix-Medium, Citrix-Low, Citrix-Background, Citrix-Default) 2010 Riverbed Technology. All rights reserved. 10
2010 Riverbed Technology. All rights reserved. 11
3. QoS Rules - Configure 5 QoS rules one for each Citrix class Each rule must be specific enough to isolate Citrix traffic because the appliance doesn t support automatic traffic identification. For example, you may specify Citrix server IP address or service port number. Citrix ICA port number is 1494 and session reliability port number is 2598 Do not include ICA protocol priority for Citrix default class rule Citrix default class rule must be at the end of all Citrix rules because it s less specific than the rules that look at application priority The following configuration is for the Steelhead appliance adjacent to the Citrix server (note that a source ICA port is specified). On the server-side Steelhead (SSH), go to Configure->Networking- >QoS Classification: a. Click QoS Rules b. Select Start for the Insert Rule At c. Select Citrix-High d. Enter 1494 for the Source Subnet Port: e. Select TCP for the Protocol f. Select Citrix ICA for the Application Protocol g. Select 0 High for the ICA Priority h. Click Add i. Repeat for each Citrix class (Citrix-High, Citrix-Medium, Citrix-Low, Citrix-Background, Citrix-Default) 2010 Riverbed Technology. All rights reserved. 12
Summary Enterprises that have deployed Citrix XenApp Server will see added benefit by using Steelhead appliances to support more users on their WAN links. With RiOS 6.0 QoS enhancements, Citrix ICA users will see increased response time for interactive sessions, resulting in more productivity. Typical Deployment Architecture About Riverbed Riverbed Technology is the IT infrastructure performance company. The Riverbed family of wide area network (WAN) optimization solutions liberates businesses from common IT constraints by increasing application performance, enabling consolidation, and providing enterprise-wide network and application visibility all while eliminating the need to increase bandwidth, storage or servers. Thousands of companies with distributed operations use Riverbed to make their IT infrastructure faster, less expensive and more responsive. Additional information about Riverbed (NASDAQ: RVBD) is available at www.riverbed.com Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 Tel: (415) 247-8800 www.riverbed.com Riverbed Technology Ltd. Farley Hall, London Road, Level 2 Binfield, Bracknell Berks RG42 4EU Tel: +44 1344 401900 Riverbed Technology Pte. Riverbed Technology K.K. Ltd. Shiba-Koen Plaza Building 9F 391A Orchard Road #22-06/10 3-6-9, Shiba, Minato-ku Ngee Ann City Tower A Tokyo, Japan 105-0014 Singapore 238873 Tel: +81 3 5419 1990 Tel: +65 6508-7400 2010 Riverbed Technology. All rights reserved. 13