Friday, 03 September 2010 11:32 | 
Author: Eelco de Vries | 
The last couple of years I’ve been involved in some issues at several customers concerning performance. In almost every case the following took place:
- Customer switches from client-server to SBC (mainly Citrix).
- Existing WAN configuration is used or a new WAN is in place with limited bandwidth.
- PoC and pilots went OK, but in production (with far more users) performance is (very) poor.
- After first investigation Citrix environment performs well (at DataCenter or main location) but on branch locations performance is poor (latency, slow response, freezing sessions etc.).
Most of the time the WAN connections on branch offices is based on assumptions like:
- Users sessions take about 50kbit/sec of bandwidth.
- Mostly ICA traffic (= Citrix, Terminal Server only = RDP) is going over the WAN connections.
Both assumptions are always DEAD WRONG!
It’s possible to consume all available bandwidth on the WAN with just one ICA session. Just start Internet Explorer and go to a web page with a large amount of flash content and wait until all your colleagues complain… Or start Adobe Reader, open a PDF and use the slide bar on the side of the screen to scroll up and down… Just 2 examples which causes your ICA session to consume all the available bandwidth.
You can check the bandwidth consumption in the logs of your router. If you’re using devices like Packeteer, Juniper or WANScaler (Branch Repeater) you can easily check which sessions take a lot of bandwidth. If you do not have any monitoring tools available: just download SMCConsole; a very lightweight monitoring tool to check ICA bandwidth and latency. Just start the tool on a Citrix server, pick your own ICA session and try the two examples I mentioned earlier to increase your bandwidth consumption within ICA rapidly…
SMCConsole
So item 1 is explained… Item 2 (only ICA traffic…): most of the customers use a single or clustered print server, located at the main office or Data Center, used for all branch offices. So when users print from their applications the print job is sent from the Data Center to the printer in the branch office. That means that SMB traffic is roaming on the network, using all available network it can get if the WAN is not managed. If someone prints a large PDF document the whole office will experience poor performance until the print job has finished. Or Administrators copying large amounts of data over the WAN… Or a user with a laptop who syncs Outlook with an Exchange server located in the Data Center…
What has to be done to get an acceptable performance over WAN connections?
We can divide the performance issues roughly into two pieces:
-
Optimize ICA performance
-
Optimize WAN performance
Why splitting it up? Simple: even with only ICA traffic on your WAN it’s possible to frustrate a complete WAN location by generating hugh ICA packets (using IE with flash or applications with rich media content).
1. Optimize ICA performance
- Use a Citrix policy to limit the overall session bandwidth usage per user. It’s easy to implement and it prevents massive ICA traffic from a single session. Dependable of the amount of bandwidth performance will decrease a bit for applications with rich media content, but all other users on the same WAN connection won’t be bothered because their sessions aren’t suppressed.
- Implement Citrix HDX when you’re using XenApp or XenDesktop. Features like HDX Mediastream can be used to get a better performance using multimedia.
2. Optimize WAN performance
With more than just ICA traffic on the network the WAN has to be managed to avoid suppression of ICA traffic. There are many possibilities to increase the performance of the WAN, dependable of the kind of network traffic that roams the network:
Prioritization.
With Prioritization (also called Cos, Class of Service) it’s possible to give important network traffic precedence over unimportant network traffic. Products like Citrix’s WANScaler (Branch Repeater) can prioritize ICA traffic over other traffic, together with caching techniques, to improve ICA performance over the WAN.
Quality of Service.
QoS (Quality of Service) is used to provide a guaranteed amount of bandwidth. The used protocols are classified in different classes (high/medium/low or gold/silver/bronze). The highest class gets the best service. When putting ICA traffic in the highest class and SMB traffic in the lowest class the performance can improve dramatically.
Note: When the WAN connection is flooded with data even CoS or QoS can fail because the amount of data cannot be handled by the used equipment (network congestion).
Packet shaping.
Especially for SMB traffic packet shaping can be very useful. With packet shaping network traffic can be send segmented, delayed, or be sent in smaller packets. This can be very effective for large print jobs; it has less impact on the WAN because print job data is fragmented. Products like Packeteer use packet shaping, but also software solutions like ThinPrint are using compression together with packet shaping.
Policy Based Routing.
With Policy Based Routing (PBR) you need at least two WAN connections per site. With PBR you can split your network traffic into important traffic (ICA) and unimportant traffic (other). On the WAN ICA traffic is never bothered by other network traffic (like SMB, HTTP etc.) because all other protocols roam on the second WAN connection.
Increase bandwidth.
And last but nog least: increase your bandwidth. When your WAN connections are flooded all the time nothing will help you to get an acceptable performance, even with the most expensive appliances. CoS, QoS, PBR and shaping will help you to manage your WAN, but when there’s a huge amount of traffic on your network your router will work as a funnel, causing network congestions, packet drops and other stuff you do not wish to happen…
So… check your WAN before you are going to use your SBC or VDI environment en masse. When you don’t have the expertise to monitor/investigate your network just hire an experienced network consultant to give you a good advise what to do. At the end it’ll save you a lot of money, time and frustration. Keep in mind that within SBC and VDI environments your Wide Area Network is a mayor key component of your infrastructure. When your network is not available your infrastructure is completely useless!
Not only performance is an issue, but also redundancy. Make your WAN redundant if your business is dependent of your remote infrastructure. There are several ways to secure your WAN environment, but you don’t need a Citrix expert on that one, try a network geek :)
) and is still busy designing and implementing SBC and VDI environments at customers, based on Citrix products. Besides consultancy Eelco is frequently asked for troubleshooting jobs and infrastructural challenges.