Citrix bought Orbital Data Systems in August 2006. Like many others, I’d never heard of Orbital Data before Citrix bought them. Orbital built WAN optimization appliances. In a nutshell, these things are used in pairs—one on each side of a WAN link—to analyze bandwidth, usage, traffic, etc. They then optimize, compress, cache, and do all sorts of things to better utilize the WAN and increase performance of applications.
So anyway, last August, Citrix bought Orbital Data and re-released their WAN optimization hardware as WANscaler. (In one of more rarer instances, I actually think that “WANscaler” is a fantastic brand name for these things.)
Even though it’s been almost a year since Citrix made this acquisition, I still haven’t personally ever seen one of these things. They’re expensive, you need at least two of them to do anything, and I didn’t consider this as part of the “core” application delivery area that we cover.
But as I was walking through the TechLab at Citrix iForum in Edinburgh, Scotland, last month, I struck up a conversation with Florian Becker, an architect for Citrix. He gave me the 30,000-foot explanation of how these WANscalers work. (We recorded the conversation and will release it soon as a podcast. But here are some highlights:)
- The WANscaler appliance has two ports—in and out—and it is physically connected between your network and your edge device. (In the event the WANscaler loses power, a relay closes and physically connects these two ports as if they were a crossover cable.)
- The WANscaler appliances do NOT build a tunnel between the two devices. They are completely transparent. They work by “tattooing” TCP packets (by putting some bits in an unused portion of the TCP header). When one WANscaler sees an incoming packet that has been tattooed by another WANscaler, it knows that it can start applying optimizations.
- There are several optimizations that the WANscaler can provide (which we’ll cover in the podcast). Most of them center around caching and compression, along with changing and spoofing certain TCP parameters. (The general idea is that the WANscalers know a lot more about the WAN link than the servers do, so they request data from the servers as fast as possible, and then they can deliver is across the WAN in the best way they know how.)
- There is only one configuration requirement of a WANscaler—the connection speed to the WAN segment. There’s no need to build a complex topography in the admin console since these things will recognize the tattoos of other WANscalers automatically.
This list is just paraphrasing the new features, but it taught me enough about how these things work to really see how Citrix could benefit from them.
WANscalers + Presentation Server
In the most obvious way, you’ll be able to put a pair of WANscalers in-between your Presentation Servers and your users to optimize ICA traffic. Devices like Packeteer have been doing this for years. However, with WANscaler Citrix would “own” the traffic generation AND the optimization of it, allowing for a level of integration never before seen.
For example, devices like Packeteer mainly work by adjusting the amount of bandwidth that’s available to various protocols, meaning that they can limit “other” traffic on the network to allow more room for ICA. They can also take this one-step farther by prioritizing certain ICA traffic for certain applications or users.
With WANscaler , I would imagine that a future version of Presentation Server could also recognize the tattoos of a WANscaler appliance, indicating that WANscaler functionality exists in-between it and the client. This could cause the Presentation Server to drastically change the way that it builds traffic for that user session, including:
- Disabling the new “tossing and queuing” mechanism. (Since the sending WANscaler would be on a local network segment, the Presentation Server could send all traffic to the WANscaler, and the WANscaler could figure out what was best for the client given the specific characteristics of the WAN at that moment.)
- Disabling ICA compression. (Again, let the WANscaler do this since it has a better perspective on things.)
- “Tagging” the various virtual channels with priorities, allowing the WANscaler to slice and dice individual ICA packets as needed based on WAN conditions.
- Plus I’m sure many other cool things that I’m not thinking about now..
Again, all of this shows the advantage of Citrix owning the "whole stack" between the application and the user.
WAN Optimizers + SSL-VPNs + Mobile Users = Interesting Complexities
WAN optimization devices like those from Expand Networks can offer compression and caching of ICA data, but of course this only works if your ICA data is not encrypted. (If it’s encrypted, then every packet would be different and the Expand device wouldn’t be able to peer into the packet to figure out what it could cache.) Disabling ICA encryption is no big deal. Typically you have your Presentation Servers send uncompressed, unencrypted ICA traffic to your Expand appliance where the traffic is shaped, cached, compressed, and/or made ready for the network (including their own encryption), and then on the other side the same process happens in reverse.
Of course this whole thing breaks down if you want to use an SSL-VPN like the Citrix Access Gateway, since the CAG client is a piece of software running on a device. Even if you put the Expand appliance on the sending side behind your CAG, there would be no way for the Expand appliance on the receiving side to function since any traffic it would receive would be encrypted by the CAG, not the Expand. The only way to decrypt the CAG content is via the software on the client, and by that point, it’s too late.
Of course in the real world, this scenario doesn’t really come up too often. Appliances like WANscaler and Expand are meant to be used in pairs. This means they're for site-to-site WAN links, not site-to-random-end-user-location links. And SSL-VPN solutions like the CAG are meant to be used for end-users connecting to the main site—you wouldn’t typically use a CAG for several users in a remote office connecting to a primary site over a point-to-point WAN link. Even if that small office had a connection to the Internet as opposed to a point-to-point WAN, there would typically be a VPN appliance in place that would put the entire office on the corporate network, allowing the users in that office to connect as regular LAN users, and allowing either an Expand or a WANscaler device to be used.
Of course Citrix is focusing quite a bit on the CAG, especially with regards to how it works with the Smart Access. And this is starting to catch on. More and more companies are connecting all users to their Citrix application environment via a CAG, and in doing so, they’re architecturally prohibited from using a third-party WAN appliance.
The only way around this would be to build a software client for the WAN accelerator. Then the client could apply the optimizations after the CAG client had decrypted the traffic. I spoke to an Expand employee two weeks ago about this, but he wasn’t too excited about a software client.
“A software client is really complex” he explained. “We would have to figure out how to deal with all the various VPN clients out there and apply our optimizations after them. Plus we’d have to somehow figure out how to deploy, support, and update the client on all those devices.”
He made some really good points. That would be a huge pain—unless of course the WAN accelerator and VPN were made by the same company.
To that end, Citrix recently announced that they would release a software version of the WANscaler client. This would mean that you’d only need a single WANscaler appliance on the datacenter side of your network, and the client devices themselves could read the tattoos and start applying and receiving the optimizations. And since Citrix already makes ICA, CAG, and streaming client software, it doesn’t seem like it’d be too hard to throw the WANscaler client into that mix.
WANscaler beyond Presentation Server
The various WAN optimization products have a bigger impact in the market than just Presentation Server. In fact when I was at PubForum in Lisbon this past May, I talked to a guy who was telling me how cool the Riverbed stuff was. He was saying that in some ways they were actually competing with Citrix Presentation Server! He explained it like this:
Riverbed can do amazing things with files and data in terms of compression, caching, and acceleration. So if you have a small office that needs to access the corporate SharePoint portal, really the only solution over the past few years has been to use server-based computing. But with Riverbed, you can actually have your users run IE locally on their devices at the remote site, and via CIFS and SMB acceleration, the performance is fantastic. The Reverbed appliance almost becomes a completely automatic local cache of your SharePoint content.
So how does this apply to Citrix WANscaler? Sure, you can add a “me too” for them and how they could help with the above scenario. But I think the real value will again be how it more tightly ties into their overall application delivery strategy beyond server-based computing.
One example is in the “user data” department. People like Tim Mangan have been beating the data drum for years. If you haven’t heard Tim explain it, the short version is:
Server-based computing is great because the applications live next to the data, and they’re all delivered via a thin protocol. But now that Citrix is moving beyond server-based computing to deliver apps via streaming that can work locally or offline, what do we do about the data? How useful are these applications if the files, folders, shares, and databases people need are across the WAN or offline?
The workaround so far has been to implement some kind of WAFS (“WAFS” is Wide Area File System, a generic term) or to build complex policies and replication for moving user profiles around and stuff. But with WANscaler, you could conceivably just sprinkle these devices throughout your WAN, and sort of let them take care of everything automatically.
This will provide a great WAN speed increase for any application that accesses files via CIFS over SMB, like, ooohhhh.... Citrix Streaming Server? One of the complaints that people have had about Citrix Streamin Server has been that you can’t put application packages on multiple servers in multiple locations in an easy way. But with WANscaler, you could imagine that you wouldn’t have to do anything at all—just put your packages on one server in your datacenter and let WANscaler optimize the rest.
It’s July 2007. You want one. What do you buy?
Considering everything in this article, what product should you buy today? While it’s easy to imagine how WANscaler could be the best optimizer for Citrix application environments eventually, the reality is that today, WANscaler is not a leading product. Orbital Data was definitely in startup mode when Citrix bought them, and today companies like Expand, Riverbed, Blue Coat, and even Cisco are far ahead of WANscaler on a feature-by-feature basis. The challenge of course is that Citrix will continue to develop WANscaler, and it will be more tightly integrated with their whole platform as future versions come out. So what do buy today? I guess that depends on your specific needs of the moment and how much you’re committed to Citrix as an application delivery platform. But I definitely see WANscaler growing to be a big part of Citrix’s overall strategy in the next few years.