Haven’t looked at WAN optimizer appliances? Now’s the time. And now they're even more important!

Citrix bought a company called Orbital Data back in July 2006 which ultimately led to the creation of Citrix's WANscaler line of appliances. This was the first time I really started paying attention to proper WAN accelerators or WAN optimizers.

Citrix bought a company called Orbital Data back in July 2006 which ultimately led to the creation of Citrix’s WANscaler line of appliances. This was the first time I really started paying attention to proper WAN accelerators or WAN optimizers. Sure, I’d been using Packeteer (and Sitara and Allot) for years for basic Quality-of-Service shaping to protect ICA on the network, but the whole concept of a device that accelerates TCP connections, caches and dedupes network traffic, and generally makes a WAN work better was new to me in 2006.

(I did a session called “Optimizing and understanding Citrix over WAN connections” at BriForum 2008 Chicago last year. You can watch that video online to learn more about how this stuff works. That video applies to all WAN vendors—not just Citrix WANscaler.)

In the past, I’ve written about how cool it would be if Citrix really embraced these and changed the behavior of XenApp to more appropriately work with WANscalers. (More details on that.) Unfortunately that hasn’t happened from Citrix yet, but at this point it doesn’t really matter. There are a lot of really great WAN optimization vendors that have some cool products that can really help in the desktop and application virtualization space today. I’m most familiar with Expand Networks, although I just met with Riverbed last week and I’m looking forward to speaking with the others very soon. (Expand was at BriForum last year, which is why I know them so well. Here’s my interview with them from the show.)

In my quest to meet with all 113 desktop virtualization vendors this year, I talk to a lot of vendors who are very closed-minded about the future of our industry, (mainly because they only make products that fit certain use cases, so they try to shoe-horn every real life situation into the use case that they happen to have a product for). But the WAN optimization vendors are different, because regardless of whether your technology is server-based or client-based, streamed or local, virtual or not—if you have users outside of your corporate headquarters, then you’re dealing with a WAN.

For strict server-based computing (whether VDI or Terminal Services), all these WAN optimizer products work in the same way, which is that in addition to their standard TCP optimization capabilities, you disable encryption and compression of your remote display protocol at the server-level which lets the WAN optimizer go to work looking for duplicated data chunks which can be cached on the remote ends. While just about every vendor has a software client for mobile users today, these optimizers really shine in remote offices where you have more than one user connecting into the same server-based apps. In this case, all the little screen graphics and GDI data can be cached from multiple users, and really the sky’s the limit for how much optimization can be done. (These things really benefit from the economies of scale. The more remote users you have, the more bandwidth they can save you.)

So that’s fine for server-based computing. But don’t forget that the WAN optimizers also help with application virtualization and application streaming, since they can automatically locally cache the application virtualization source packets on the remote side of the WAN. The same is true for all the data you access within a session, such as users’ home drives and profiles. And if you get into the client hypervisor or local virtual desktop space, the WAN accelerators will do a great job caching the VHD or VMDK files.

The bottom line is that as you evolve from pure client-based computing to server-based computing to application streaming to offline or local VMs to OS streaming…. These WAN accelerators can help you the entire time. And with Citrix WANscaler, Expand Networks, Riverbed, Silver Peak, BlueCoat, and probably a dozen others, there’s plenty of competition in this space to ensure that you can get exactly what you want without being ripped off. All of these vendors offer evaluation programs, so it’s pretty easy to borrow a pair of devices and drop them in place to see if they work in your environment. I know in a lot of cases, the cost for the WAN appliance was offset by the fact that they didn’t have to buy a bigger WAN pipe or that they could remove local fileservers from the remote site.

So what do you think? Can anyone share stories about WAN acceleration in your own environment, good or bad?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Citrix Repeater (formerly WanScaler) can now optimise ICA traffic. In effect, XenApp is Repeater 'aware' and when these devices are detected during the client connection process to the XenApp Farm, standard XenApp compression will be disabled and offloaded to the Repeater. For secureICA connections, Repeater will de-crpyt and re-encrypt the data (also allowing for compression). Where standard ICA compression saw ratios of 2:1 - 3:1, Repeater can acheive 4:1 - 6:1. Obviously then you get all the benefits of second pass traffic from cache and acceleration of client drive mapping etc etc.


I don't believe Riverbed can optimize ICA/RDP traffic as it is already compressed and well optimized already...however what is interesting is Riverbeds new offering that allows you to run a virtual machine on the appliance itself, so you can have a DC/DHCP/DNS server running on 1 appliance instead of an appliance and local server.  There are some compliance issues I'm working out regarding what happens to that VM if my appliance fails and needs to be returned to Riverbed and backing up that VM.  If I need a tape device, I might as well just put a server at the remote site.

Where I have seen the best use cases for Riverbeds (that what we use) is for remote site replication (NetApp Snapmirror), HTTP (specifically Sharepoint) Exchange IMAP and HUGE optimizations for FTP.  The only area I've seen Riverbeds do anything helpful in Citrix is roaming/TS profiles with redirection, but nothing in the actual session itself...I haven't done any testing with App Streaming thru a Riverbed yet....

About price...just remember you need an appliance on both ends and if you have a lot of small remote sites, it can get pricey with support renewals.  Riverbed also now seems to have this 3 year lifecycle on their appliances.


I recently worked at Fortune 500 company out of South Florida and right before I left I worked with a co-worker on a large-scale implementation of PS 4.5 that heavily relied on WAN Optimization.  Before starting we reviewed both Riverbed and Cisco's WAAS product.  For the most part they were comparable products but at the time Riverbed had a lot more experience with deploying their products in true production environments, had better support, a better management interface, and a couple extra features (most notably the MS SQL acceleration).  However, for cost and vendor alignment reasons we were forced to use Cisco’s product.

As expected we went through a couple of rough moments dealing with a Cisco product that was not fully baked, but once the kinks were worked out the solution worked great.  We utilized it to help us keep all Citrix servers in one central datacenter while servicing a global workforce that included de-centralized application and file servers.  Our employees would log  into a published server desktop that we secured through group policy and run applications that had their back-end servers both here in the US and also in EU, Japan, China, etc.  We even provided them access to the shared network drives on servers located in those same variety of countries.  Our long-term goal was always to centralize these application and file servers in the US, but we had to start somewhere and EU Data Privacy laws severely hindered how far we could go.

I highly recommend a WAN Optimization solution to anyone who services users globally and make sure that you factor in server/dc consolidation when you’re looking at the ROI…YES it CAN be done.  Based on my own experience, I would recommend Riverbed over Cisco but for the most part I think cost is going to be the largest factor there; even with the hurdles of dealing with a relatively new Cisco product, the solution worked once we ironed out the kinks.


(Fair disclosure - I work for Riverbed)

Riverbed can actually optimize Citrix/ICA traffic. You need to configure some optional (by default, off) settings on the Steelhead appliances like MX-TCP. And you also have to turn native Citrix compression off.

Our tests show that we can reduce traffic by 25% - 50% more than using default Citrix compression, so that additional configuration is definitely worth it.

More than just bandwidth savings, however, we saw that we can actually improve the response time of the typical requests. Again, our lab tests show 20% - 40% improvement in response times.



The bigger problem I have found that there are too many Cisco bigots internally at companies who just don't want to make it easy to change the kit they know and proects them from getting fired. So I think the WAN accelerator folks have to win mindshare and show complelling TCO


Riverbed cannot really acclerate ICA traffic. I dont care how much riverbed koolaid you drink. Now riverbed is indeed the market leader in wan acceleration and works great but not on ICA and not on any real world scenario. Companies commonly perform their own "tests" given a narrow set of parameters and claim success.

So lets get this straight, Citrix repeater is the only Wan Accelerator that will really work with ICA. XenApp client 11.0 and higher are custom built to work with Repeater alone. A repeater is also able to tokenize the screen refreshes so they can be served locally.

and a comment on Cisco WAAFs. Its great from a price point, but really dosent hold its own to any of its competitors like bluecoat, Citrix, Riverbed, I would even go so far as to say the f5 wanjet is even better.


We use Riverbeds for data replication and they deliver truly stunning results.  However we were told by our reseller that we couldn't use them for ICA.  Searching Riverbed’s knowledge base returns nothing on ICA optimization so if there are some voodoo settings that will enable it to optimize ICA then please point us in the direction of any technotes.


re Riverbeds accelerating ICA.

Enabling MX-TCP has massive implications on your network and WAN links so might only be an option for a small percentage of cases. MX-TCP does not "back off" like TCP does on congested links, and needs to be implemented with a good QoS policy.

It this reason why its disabled by default, and none of the networking experts I've spoken too would ever consider turning it on!


@ apurvadave.

I have spoken to Riverbed on many occasions and they have always told me that their kit doesn't accelerate ICA or RDP traffic.  What you are talking about is much like the Expand argument and both Riverbed and Expand do not accelerate ICA.

I agree with AJBYNC and the only WAN accelerator that can provide optimization of the ICA protocol is the Citrix repeater.  ICA is a proprietary protocol so to accelerate it you would need to license it from Citrix.  Or you would need to reverse engineer the ICA protocol.




Indeed the Citrix Branch Repeater (formerly WanScaler) product line is the only one that can accelerate ICA without needing to manually turn off encryption/compression on your XA farm.

For more information on what to expect from this optimization look at:



Jason - Riverbed's position on accelerating ICA is in the process of changing so your previous experience doesn't surprise me.  Before RiOS 5.5, our data reduction mechanism would automatically store byte-level data on disk.  Because disk is spinning storage media, that would add jitter and latency, so we did not advise our customers to use it for Citrix ICA and other thin-client traffic.  Now that we have memory based data reduction as well as disk-based, we are able to provide it to our customers who want better compression for Citrix ICA and RDP traffic. A Riverbed SE or partner can provide you with the paper I mention (or you can email me at my-first-name-at-riverbed-dot-com)

For Riverbed's methodology to work today, it does require the administrator to manually turn off ICA compression (to Phil's point).

And finally, we don't claim the same kind of benefits for ICA as we do for CIFS, MAPI, etc. But the benefits are enough to make a difference for some customers.  


We use Silver Peak WAN acceleration devices in our environment. We've got four core data centres and a lot of offices and users around the world connecting into them, with all our applications delivered by Citrix XenApp centrally in the data centres. As well as purely optimising and accelerating the traffic, the Silver Peak devices allow us to cache data so that where we have say, 200 users in a remote office, a lot of data can be held locally, to save office <-> data centre traffic. Where rich media apps are concerned, this is particularly useful.


As others have mentioned, many WAN acceleration vendors pass ICA/RDP in an unoptimized form.  But just because of that doesn't mean that they are not valuable.  If you look at your typical WAN circuit, there's tons of CIFS and HTTP going on that you can improve dramatically.  If you improve the CIFS/HTTP, then that means there's more bandwidth (and likely less jitter/latency issues) which will improve your ICA/RDP experience.  I'm just personally a little miffed that Citrix isn't opening up their optimizations to third party WAN optimization vendors.  Sure there's the issue that they want to sell their appliances, but in the end they hurt their own customers who might be using XenApp/XenDesktop/XenServer, but couldn't win the battle of WANScaler over <insert other vendor here>



I agree with Appdetective about Cisco bigots, but if you know IOS then you really should look at the Expand Networks boxes.  Once my network engineers saw the CLI, they loved it.  It is very similar in structure to IOS.   Our two Expand Networks boxes integrated very well with our Cisco powered network.

And if you don't know what "show ip route" does, the GUI is really nice too.  


I just want to clarify something, Expand networks does improve ICA/RDP traffic. They do this by using a unique feature called Packet Aggregation, this feature basically aggregates many small packets and send them over the WAN using one large packet. This really helps the performance of ICA/RDP since these protocols usually send many small packets over the network. I have seen Expand appliances improve ICA performance at many of our customers especially with high-latency WAN lines...


In my experience reselling and deploying various WAN Opt technologies such as Riverbed, Expand, Cisco and Citrix, for any thin-client environment whether it be ICA, RDP, VDI, ALP etc, there is only one which delivers when its a 100% thin-client environment and that's Expand Networks. I have also sold Riverbed and Cisco (hardly ever WANScaler as it delivers very little, even on ICA!) but they only really deliver the benefit when there is also a mix of other traffic like CIFS and HTTP. Expand can directly optimize ICA and RDP even if it is the only traffic on the WAN, as well as provide Layer 7 QoS.

I also found that i was able to get a similar level of compression between the vendors, but since Expand was the only one that can optimize on memory and disc, it was the only one that did not add latency, so as well as reducing the data on the WAN, it translated to a better user experience, whereas there was a huge amount of screen lag when using Cisco and Riverbed, who by default bypass ICA and RDP.

Of course, disabling compression and encryption is required for all vendors, however i do a lot of consulting in the VDI space and know that Quest/Provision connection broker has a built in "enable Expand Networks" tick box which goes away and automatically makes the adjustments to RDP connection file making deployments much simpler. Hopefully other connection brokers will follow suit.

My advice is, learn about who is best of breed for that specific environment.

If it's mainly thin client, go Expand, if its mainly CIFS go Riverbed, if it needs a Cisco badge, go Cisco....


It is true that previous versions of Citrix Branch Repeater (formerly WANScaler) did little to improve ICA performance unless it was sharing the wire with other traffic. However, as noted above, this changed with Branch Repeater 5 which was released back in February. Branch Repeater 5 includes groundbreaking HDX IntelliCache and HDX Broadcast technology for accelerating and de-duplicating ICA traffic to the branch.

One key point to remember is that it does this without manually disabling XenApp compression and encryption as other vendors suggest. Instead it adaptively orchestrates with XenApp to dynamically disable compression on a per-session basis. So if there is a Branch Repeater in the path, just that session will be transmitted uncompressed allowing Branch Repeater to accelerate and de-duplicate the traffic. That way all other users working from home, on the road, or anywhere not served by Branch Repeater still benefit from native ICA compression. And since Branch Repeater understands and works with native ICA encryption, there is no weakening of end-to-end security.

We have Branch Repeater customers who are now able to support up to 4X more XenApp users on the same bandwidth and are seeing “scary fast” XenApp performance – including faster printing and client drive mapping.

For more information on Branch Repeater 5 and the benefits of HDX IntelliCache and HDX Broadcast see –




We have been deploying VDI solutions for years and have tested the main optimisers from Riverbed, Brocade and Expand Networks.

Expand is the preferred solution chosen by our customers as it focuses on protocol acceleration more than the others and Expand have put a lot of effort into VDI. They were also the first to accelerate RDP. We have been working with hosting companies recently and achieving ICA performance and minimal bandwidth requirements with RDP. With ICA it is even better and we are achieving 8K per user over a WAN connection. Perfect for hosted VDI