Brian Madden Logo
Your independent source for application and desktop virtualization.
Blogs » Original Blogs on BrianMadden.com » Brian Madden » Is WANscaler poised to become Citrix's secret weapon?
Marketplace

advertisement
Brian Madden's Blog

Syndication

Recent Posts

Tags

View more

Archives

Is WANscaler poised to become Citrix's secret weapon?

Written on Jul 03 2007
Filed under: , ,
17,649 views, 37 comments

by Brian Madden

Citrix bought Orbital Data Systems in August 2006. Like many others, I’d never heard of Orbital Data before Citrix bought them. Orbital built WAN optimization appliances. In a nutshell, these things are used in pairs—one on each side of a WAN link—to analyze bandwidth, usage, traffic, etc. They then optimize, compress, cache, and do all sorts of things to better utilize the WAN and increase performance of applications.

Other companies in this space that are perhaps more familiar to readers are Expand, Riverbed, and the old favorite Packeteer.

So anyway, last August, Citrix bought Orbital Data and re-released their WAN optimization hardware as WANscaler. (In one of more rarer instances, I actually think that “WANscaler” is a fantastic brand name for these things.)

Even though it’s been almost a year since Citrix made this acquisition, I still haven’t personally ever seen one of these things. They’re expensive, you need at least two of them to do anything, and I didn’t consider this as part of the “core” application delivery area that we cover.

But as I was walking through the TechLab at Citrix iForum in Edinburgh, Scotland, last month, I struck up a conversation with Florian Becker, an architect for Citrix. He gave me the 30,000-foot explanation of how these WANscalers work. (We recorded the conversation and will release it soon as a podcast. But here are some highlights:)

  • The WANscaler appliance has two ports—in and out—and it is physically connected between your network and your edge device. (In the event the WANscaler loses power, a relay closes and physically connects these two ports as if they were a crossover cable.)
  • The WANscaler appliances do NOT build a tunnel between the two devices. They are completely transparent. They work by “tattooing” TCP packets (by putting some bits in an unused portion of the TCP header). When one WANscaler sees an incoming packet that has been tattooed by another WANscaler, it knows that it can start applying optimizations.
  • There are several optimizations that the WANscaler can provide (which we’ll cover in the podcast). Most of them center around caching and compression, along with changing and spoofing certain TCP parameters. (The general idea is that the WANscalers know a lot more about the WAN link than the servers do, so they request data from the servers as fast as possible, and then they can deliver is across the WAN in the best way they know how.)
  • There is only one configuration requirement of a WANscaler—the connection speed to the WAN segment. There’s no need to build a complex topography in the admin console since these things will recognize the tattoos of other WANscalers automatically.

This list is just paraphrasing the new features, but it taught me enough about how these things work to really see how Citrix could benefit from them.

WANscalers + Presentation Server

In the most obvious way, you’ll be able to put a pair of WANscalers in-between your Presentation Servers and your users to optimize ICA traffic. Devices like Packeteer have been doing this for years. However, with WANscaler Citrix would “own” the traffic generation AND the optimization of it, allowing for a level of integration never before seen.

For example, devices like Packeteer mainly work by adjusting the amount of bandwidth that’s available to various protocols, meaning that they can limit “other” traffic on the network to allow more room for ICA. They can also take this one-step farther by prioritizing certain ICA traffic for certain applications or users.

With WANscaler , I would imagine that a future version of Presentation Server could also recognize the tattoos of a WANscaler appliance, indicating that WANscaler functionality exists in-between it and the client. This could cause the Presentation Server to drastically change the way that it builds traffic for that user session, including:

  • Disabling the new “tossing and queuing” mechanism. (Since the sending WANscaler would be on a local network segment, the Presentation Server could send all traffic to the WANscaler, and the WANscaler could figure out what was best for the client given the specific characteristics of the WAN at that moment.)
  • Disabling ICA compression. (Again, let the WANscaler do this since it has a better perspective on things.)
  • “Tagging” the various virtual channels with priorities, allowing the WANscaler to slice and dice individual ICA packets as needed based on WAN conditions.
  • Plus I’m sure many other cool things that I’m not thinking about now..

Again, all of this shows the advantage of Citrix owning the "whole stack" between the application and the user.

WAN Optimizers + SSL-VPNs + Mobile Users = Interesting Complexities

WAN optimization devices like those from Expand Networks can offer compression and caching of ICA data, but of course this only works if your ICA data is not encrypted. (If it’s encrypted, then every packet would be different and the Expand device wouldn’t be able to peer into the packet to figure out what it could cache.) Disabling ICA encryption is no big deal. Typically you have your Presentation Servers send uncompressed, unencrypted ICA traffic to your Expand appliance where the traffic is shaped, cached, compressed, and/or made ready for the network (including their own encryption), and then on the other side the same process happens in reverse.

Of course this whole thing breaks down if you want to use an SSL-VPN like the Citrix Access Gateway, since the CAG client is a piece of software running on a device. Even if you put the Expand appliance on the sending side behind your CAG, there would be no way for the Expand appliance on the receiving side to function since any traffic it would receive would be encrypted by the CAG, not the Expand. The only way to decrypt the CAG content is via the software on the client, and by that point, it’s too late.

Of course in the real world, this scenario doesn’t really come up too often. Appliances like WANscaler and Expand are meant to be used in pairs. This means they're for site-to-site WAN links, not site-to-random-end-user-location links. And SSL-VPN solutions like the CAG are meant to be used for end-users connecting to the main site—you wouldn’t typically use a CAG for several users in a remote office connecting to a primary site over a point-to-point WAN link. Even if that small office had a connection to the Internet as opposed to a point-to-point WAN, there would typically be a VPN appliance in place that would put the entire office on the corporate network, allowing the users in that office to connect as regular LAN users, and allowing either an Expand or a WANscaler device to be used.

Of course Citrix is focusing quite a bit on the CAG, especially with regards to how it works with the Smart Access. And this is starting to catch on. More and more companies are connecting all users to their Citrix application environment via a CAG, and in doing so, they’re architecturally prohibited from using a third-party WAN appliance.

The only way around this would be to build a software client for the WAN accelerator. Then the client could apply the optimizations after the CAG client had decrypted the traffic. I spoke to an Expand employee two weeks ago about this, but he wasn’t too excited about a software client.

“A software client is really complex” he explained. “We would have to figure out how to deal with all the various VPN clients out there and apply our optimizations after them. Plus we’d have to somehow figure out how to deploy, support, and update the client on all those devices.”

He made some really good points. That would be a huge pain—unless of course the WAN accelerator and VPN were made by the same company.

To that end, Citrix recently announced that they would release a software version of the WANscaler client. This would mean that you’d only need a single WANscaler appliance on the datacenter side of your network, and the client devices themselves could read the tattoos and start applying and receiving the optimizations. And since Citrix already makes ICA, CAG, and streaming client software, it doesn’t seem like it’d be too hard to throw the WANscaler client into that mix.

WANscaler beyond Presentation Server

The various WAN optimization products have a bigger impact in the market than just Presentation Server. In fact when I was at PubForum in Lisbon this past May, I talked to a guy who was telling me how cool the Riverbed stuff was. He was saying that in some ways they were actually competing with Citrix Presentation Server! He explained it like this:

Riverbed can do amazing things with files and data in terms of compression, caching, and acceleration. So if you have a small office that needs to access the corporate SharePoint portal, really the only solution over the past few years has been to use server-based computing. But with Riverbed, you can actually have your users run IE locally on their devices at the remote site, and via CIFS and SMB acceleration, the performance is fantastic. The Reverbed appliance almost becomes a completely automatic local cache of your SharePoint content.

So how does this apply to Citrix WANscaler? Sure, you can add a “me too” for them and how they could help with the above scenario. But I think the real value will again be how it more tightly ties into their overall application delivery strategy beyond server-based computing.

One example is in the “user data” department. People like Tim Mangan have been beating the data drum for years. If you haven’t heard Tim explain it, the short version is:

Server-based computing is great because the applications live next to the data, and they’re all delivered via a thin protocol. But now that Citrix is moving beyond server-based computing to deliver apps via streaming that can work locally or offline, what do we do about the data? How useful are these applications if the files, folders, shares, and databases people need are across the WAN or offline?

The workaround so far has been to implement some kind of WAFS (“WAFS” is Wide Area File System, a generic term) or to build complex policies and replication for moving user profiles around and stuff. But with WANscaler, you could conceivably just sprinkle these devices throughout your WAN, and sort of let them take care of everything automatically.

This will provide a great WAN speed increase for any application that accesses files via CIFS over SMB, like, ooohhhh.... Citrix Streaming Server? One of the complaints that people have had about Citrix Streamin Server has been that you can’t put application packages on multiple servers in multiple locations in an easy way. But with WANscaler, you could imagine that you wouldn’t have to do anything at all—just put your packages on one server in your datacenter and let WANscaler optimize the rest.

It’s July 2007. You want one. What do you buy?

Considering everything in this article, what product should you buy today? While it’s easy to imagine how WANscaler could be the best optimizer for Citrix application environments eventually, the reality is that today, WANscaler is not a leading product. Orbital Data was definitely in startup mode when Citrix bought them, and today companies like Expand, Riverbed, Blue Coat, and even Cisco are far ahead of WANscaler on a feature-by-feature basis. The challenge of course is that Citrix will continue to develop WANscaler, and it will be more tightly integrated with their whole platform as future versions come out. So what do buy today? I guess that depends on your specific needs of the moment and how much you’re committed to Citrix as an application delivery platform. But I definitely see WANscaler growing to be a big part of Citrix’s overall strategy in the next few years.

Comments

Guest wrote Interesting Article
on 07-03-2007 10:32 AM

Hi Brian

Interesting article.  I was just wondering if the Citrix WANScaler device needed ICA encryption disabled too, to do it's optimisations?  Or, as it is a Citrix product whether it can optimise any Citrix traffic.

Regards
Adrian

awong505 wrote WANScaler Client, "Pre staging" the cache
on 07-03-2007 10:51 AM

Just a side note in regards to the WANScaler client. In a remote office, when using the WANScaler client you lose some of the  caching that you would normally see if you had the appliance. For example, say you have 10 users in a remote office connected via a slow WAN link. If you had the WANScaler appliance on both ends of that WAN link, and user1 of the users accessed a 75MB powerpoint file, then when user2 goes to access the same file, it will be almost instanenous to access it as long as it is still cached on the appliance and has not been flushed out because of other cached files filling the cache up. In the scenario with the WANScaler client, user2 would need to download the 75MB powerpoint file again as the cache is not on an appliance, but on user2's workstation/laptop. That being said, the WANScaler client definately has its place, but it is worthwhile to mention the above scenario as you do lose some of the caching functionality as you do not have a "shared" cache within the remote office when using the WANScaler client.

Another cool tidbit to mention is that you can "pre stage" the cache on the appliance. For example, lets say you have a remote office with 10 users as in the above scenario. All the users access the same 10GB of information on a shared folder. You can copy the 10GB of information over the appliance before it is ever deployed in the remote office and the data will be already cached on the appliance. That way, you do not have to take the initial hit of caching the 10GB of information the first time each file is accessed once the appliance is deployed to the remote office.

Brian Madden wrote Re: Interesting Article
on 07-03-2007 11:45 AM
Yes it would, since like the other products, there is no repeatable pattern in SSL traffic, thus nothing to compress / cache.
Guest wrote Re: WANScaler Client,
on 07-03-2007 2:05 PM

I just demo'ed the WANscaler and had nothing but problems. In theory it sounds awesome. In real world, it is another device that can fail on the link. Further more, these devices do not term your WAN, but are inside your LAN. If you want to use the device for a remote site it is fine, but what happens when you have to term the other side on your core router. You can do things like virual inline, but still it causes issues. One issue was how it tagged packets that were sent over VPN, basically killed printing from the source.

I think it is a great idea, but for most it will be too hard to isolate and manage in a large scale environment. These should be true WAN devices and actually term the T1, T3 etc....then we could really call them WANScalers....

 

Guest wrote Wanscaler and the competition
on 07-03-2007 3:24 PM

Having just returned from some wanscaler training I have some severe reservations of the scalability and features of the technology in comparison to a product like Riverbed, specifically:

Wanscalers heritage is derived from optomizing TCP flow control to move typically large amounts of already highly compressed data from A to B (orbitals target market where originally movie and design studios). The compression technology has been added as an after thought and it shows.

 Although the product is pitched as needing minimal config. based on what i saw today this is only true of small simplistic environments any enterprise with multiple asymmetric routes, multiple paths, and complex routing will have a hellish time getting it working.

You only solve WAN problemd by addressing three specific areas:

TCP flow control - all WO products have a solution here

Data compression - again all WO have this element - although some are archtitecturally superior

Application protocol optomisation - Wanscaler is weak here with specific optomisations for CIFS and NFS only

 A product like Riverbed covers lots of application protocols such as specifics for MAPI/NOTES/HTTP/HTTPS (Wanscalers will break SSL in your environment even for clients on unoptimised links)/SQL/NFS/Backup Products/Replication - Doubletake etc

 I dont work for Riverbed but have over 100 deployments in the field and it works 100%. In terms of the software client I would watch the space closely as things are about to change dramatically.

By my estimation Riverbed are about 2 years ahead if Citrix can catch up this technology does hold great promise you only have to see Riverbed now to see whats possible - it redefines the rules of infrastructure design, most definately a ground breaking product.

BTW I was the guy talking to you in Lisbon Pubforum Brian !!

David Caddick wrote WAN Scaler
on 07-03-2007 8:14 PM

Hi Brian,

I think that so far Citrix has a reasonably good track record in bringing in complimentary products and technologies and integrating them - and this is no different.

Don't forget that when Citrix goes a' huntin' they don't want to buy at the highest price (just like a house) they are going to buy something that is still a work in progress, shows promise, and still needs a little work to finish it off?

In the meantime if you find that your CIFS/SMB traffic is struggling in the VPN can I suggest trying TeraCopy as a free tool that I have found works really well.

TeraCopy - is it possible to resume a file copy across regular drives using standard SMB, CTRL+V, Cut and Paste, etc? - Yes it is!

Michael Platsis wrote maybe they are a bit better presented now
on 07-03-2007 8:17 PM

we attempted to trial one a few months ago, and it was obvious the product was not mature.

 You only had to look from it's presentation/package to see it was a rushed product. It had the following visible tags/marks on it:

 "Citrix Wanscaler + model"

"Orbiter" AND

"Dell Poweregde 2850" (i think was the model)

Guest wrote Project Evergeen not mentioned
on 07-04-2007 9:00 AM
Josef Zeiler wrote What Citrix says regarding Optimizing ICA through WANSCALER
on 07-04-2007 10:43 AM

Hi all,

 regarding:

  • Disabling ICA compression. (Again, let the WANscaler do this since it has a better perspective on things.)

    • I have found a really interesting document, which says that WANSCALER does no good at all to the ICA protocol. Have fun reading that:

    http://support.citrix.com/servlet/KbServlet/download/13529-102-16760/CPS%204[1][1].5%20-%20Truths%20and%20Myths%20of%20CPSandWAN%20Opt%20(2007.05).pdf

    Guest wrote any real numbers out there ?
    on 07-04-2007 12:00 PM

    I have heard alot of talk about this product "WanScaler". Was curious if anyone has actually posted performance numbers... Yes, plently of variables i'm sure, but what improvement did you see ? I have India users that i support in Colorado, They are about 300ms away, things take X amount of time to occur that happen in seconds to US users.... is this product actually significant ?

     

    thanks Phil 

    Peter Ghostine wrote Re: What Citrix says regarding Optimizing ICA through WANSCALER
    on 07-05-2007 7:30 AM

    No product other than Expand Networks is capable today of optimizing (i.e. compressing and accelerating) real-time data such as ICA and RDP.  This includes WANScaler as well as RiverBed and others.  Yes, they can compress and cache bulk data (Web pages, files, etc), but definitely not real-time protocols.  We have a couple of Expand Networks units in the lab which we're using in conjunction with RDP.  In short, it's tripling the speed of the simulated link (among other benefits).  

    If you'e serious about WAN optimization and don't care much for all the hype, I strongly recommend evaluating Expand Networks.

    Peter Ghostine wrote Re: any real numbers out there ?
    on 07-05-2007 7:31 AM

    Take a close look at Expand Networks.  As I mentioned earlier, no other product is capable of accelerating real-time data.

    Guest wrote Re: Re: Interesting Article
    on 07-06-2007 9:30 AM

    Be careful here with the wording of Adrian's original question.  Compression is not the only optimizing function of the WANScaler.  WANScaler's architecture starts with very strong TCP flow optimizations which will definately benefit ICA traffic whether it is encrypted or not.

    Also, on a saturated link, WANScaler can prioritize different types of ICA traffic in the latest version of firmware.

    Guest wrote Re: Re: any real numbers out there ?
    on 07-07-2007 1:19 AM

    The downside of Expand is, that they say it's transparent, however if i do a trace from site a to  a server at site b , i only see the ip addresses of the expand boxes, i can't see anything between the two boxes.

    This creates a new problem, and that's if your using a QOS MPLS network, i will not be able to look into the packets anymore, and will just put all traffic from the two expand units in level 4... :(

    Jason Conomos wrote Cisco WAAS
    on 07-07-2007 3:41 AM
    I have done some testing with WAN Scaler in comparison to the Cisco WAAS and the Cisco WAAS is by far the more superior product out there and the price (for the company I work with anyway as we are an ISP) the Cisco left the WAN Scaler in its wake.  This was to do more than faster WAN responce but to do with reporting and packet analysis and tweaking also.
    Guest wrote WanScaler 4.2 is the first Step of Citrix ADN infrastructure
    on 07-07-2007 8:08 AM
    As we konw,now NetScaler 8.0 has combine the AppFirewall SSL VPN and EdgeSight, In Citrix's roadmap,next step is going to add WanScaler into the NS platform. Think about that: a worldwide GSLB infrastucture with SSL VPN access, Wan optimize,securityand app performance monitoring. BTW,in Array networks's roadmap(they "invented" the first site2site SSL VPN),they will add wan optimize function in the next version of site2site ssl vpn product. I think that's the FF of Citrix.
    Guest wrote ICA Optimisation
    on 07-09-2007 5:14 AM
    I was at a WANScaler seminar last week with Citrix and I was told that currently ICA cannot be optimised by WANScaler. A future release that will have tighter interation with Microsoft protocols may be able to look inside ICA and optimise.  G
    Guest wrote Re: WAN Scaler
    on 07-09-2007 9:57 PM
    True!  If you are into remodeling that ol' house.  Remember at the end of the day, you get what you pay for.  By the time you're done spending $$ fixing it + add up all the frustration with the contractors not showing up + put some value on lost time to market = the housing market rebounds, you can no longer afford the house you "really" wanted and you're still stuck with a rundown shack :-(