Tag Archives: NetScaler BCP

Optimising & Maximising Citrix ADC + Virtual Apps & Desktops during Extended Business Continuity Situations *** Draft

This is a LiVE evergreen post that contains spelling and grammar mistake’s at the moment BUT I wanted to get this out today 28/02/2020 as its important to be prepared.

The post is based upon my experience in but more so outside of Citrix during my time at a Managed Service Provider (MSP) in the City of London so the thinking is in-line with working with a world class engineering team helping my customers then maintain and manage hyper-scale web applications (web app) that processed substantial £’s transaction per second in revenue however that is just one part of a multi-tiered web app in this case the transactions of payments through a payment gateway is one part of many complex parts however in order to maintain that payment hyper-scale you need to keep your website (front door) e.g www.company.name running consistently and reliability fast with little to no difference in page loading times and no degraded interactivity with with dynamic + interactive content otherwise people will lose focus and navigate away from your website and this ultimately equates to reduced £’s transactions been completed incurring lost revenue as a net result.

The world this and last year is facing a WHO outbreak – https://www.who.int/emergencies/diseases/novel-coronavirus-2019 which appears to have forced numerous organisations to review current business continuity (BP) plans and higher degree more than I expected myself, found marco red readiness flags that need to be addressed immediately to be ready if there BP plans are triggered by executive leaders, which I for one am hopeful does NOT HAPPEN in the UK being a life long Londoner! Truth be told a number of customers appear conflicted on how-to manage Citrix workloads that they simply didn’t prepare for beyond 1-3 snow day(s) and the same applies to customers that use Citrix for remote working outside of the office that don’t have a flexible working style framework in-place yet or due to regulator governance & compliance prohibits this capability by industry and finally a few customers have found hidden micro flaws that where dismissed but now pose a very real threat on the horizon that is fast approaching to operationally keep business’s online and moving forwards that security + networking teams are breaking down silo’s and working closer than ever with IT systems teams to be ready to keep employees safe and productive at home irrespective of a Citrix lens or not. If I was a Citrix customer these topics below for me would be top of mind for me to operationally keeping my business online with a continued or near to level of experience and service delivery when my BP plans are triggered by executives. These are in no particular order just as they came to me in a conversation replying to fellow Citrite aka Citrix Employee and numerous customer conversations the past 2-3 weeks more so this week ending 28/02/2020.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

1.If you are deploying Citrix Virtual Apps & Desktops (CVAD) inclusive of the service from Citrix Cloud and you make use of on-premises Citrix ADC’s using the Gateway function then you should download, setup and configure Citrix Application Delivery Management (ADM)https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/overview.html or service – https://docs.citrix.com/en-us/citrix-application-delivery-management-service.html in Citrix Cloud. The key function that you want to consume is HDX Insighthttps://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/hdx-insight.html#identifying-the-root-cause-of-slow-performance-issues which is feature/function of Citrix ADM which will help you better understand end-to-end visibility for HDX traffic or in simpler terms begin running simple load tests by employee personas. Please be 100% sure to read the licensing feature matrix to understand what you get with Citrix ADC Advanced vs. Premium licensing – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/licensing.html and finally you can download it today at – with a valid Citrix.com MyAccount and get started by reading the system requirements at – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/system-requirements.html and the getting started guide at – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/get-started.html. If you want to learn more about ADM beyond HDX Insight watch the embedded YouTube video below by the Citrix Network Masterclass Team.

2. Consider what have you configured within the HDX policy and what can you change? Are any of them even relevant for todays 2020 current site deployment? I have seen “screenshots” of customers master HDX policy configurations that well need to be overhauled by a Citrix SysAdmin, Citrix Partner of our own Citrix Consulting Services (CCS). Evaluating them at least twice a year if you are on a CR -2 stream or CVAD Service is a good leading practise in my view and if your on a LTSR at least annually as making a micro change can make a macro effect and ultimately will determine bandwidth through-put and processing load on Citrix ADC (Universal Gateway function) resulting is continued performance during macro peaks of sustained periods of macro Citrix usage beyond the average daily vs. weekly usage.

3. Do you have more than one HDX policy for different personas? I would at the very least have an internal (office based) vs. external (field people) HDX policy in-place, but experience tells me you need an HDX policy by persona exception and requirement classed as HD experiences been low, medium and high. For example a call centre worker doesn’t need more than 8-16Bit colour depth for looking up and inserting text into a Line of Business (LOB) app when answering and dealing with customer support calls nor do they need H.264 or EDT for watching HD videos right? A office worker living in Word documents and the companies CRM also doesn’t need H.264 or EDT they could configured with HDX Adaptive Display v2 with a colour depth of 24Bit and a lower Frames Per Second (FPS) target of 23 from the default of 30. You getting the picture yet? Having at least 3 HDX policies for low, medium and high expectations of HD experiences means that you can modify one or more to maintain the bulk of employees in medium or allow continued HD experiences at the highest level for these employees whose work results in completion of projects that affects revenue.

4. Always have a general purpose low-bandwidth and emergency HDX policies configured and in place for BP that has been tested and validated by multiple parts of the business through active role-play simulation. An example of low-bandwidth HDX policy could be constructed as follows which I wrote about in 2017 at – https://www.mycugc.org/blogs/cugc-blogs/2017/09/15/hdx-leading-best-practices-for-your-modern-secure entitled “HDX Adaptive Display v2 (Balanced)” the core principles remain largely unchanged for me, it consists of the following HDX policy configuration settings:

1.”Use video codec for compression” then select  “For actively changing regions
2. “Preferred color depth for simple graphics” then select “16 bits per pixel” and also try 24.
3. Select “Frames Per Second” and select the target FPS to circa 25 from the default which is 30.

An example of an emergency HDX policy configuration entitled “Thinwire Compatible Mode (Balanced)” could consist of the following HDX policy configuration settings:

1.”Use video codec for compression” then select the option to be “Do not use video codec
2. “Preferred color depth for simple graphics” then select “8 bits per pixel” and also try 16 or 24.
3. Select “Frames Per Second” and select the target FPS to circa 25 from the default which is 30.

The idea I am aiming to instil here create at the very least a HDX policy configuration for business continuity purposes, its critical now more than ever as numerous LOB apps consume services on-premises and in public clouds consume a rather larger volume of bandwidth and when BP is triggered if you take a Citrix lens out of the equation can you actually support all those modern apps and (hybrid) cloud based services where apps + content reside? Finally HDX Policy readiness means that you could get that extra 1x employee per multi-user OS x how many VMs in your estate?

5. When evaluating HDX policies be mindful of what your offloading to an endpoint and the offload path from the VDA to the endpoint through the Citrix ADC as that will mean more bandwidth + load on the Citrix ADC with the exception of HDX Offloading of UC platforms like Zoom provides VDI optimisation check out – https://support.zoom.us/hc/en-us/articles/360031441671 for more information and obviously Skype for Business, Teams when utilising the HDX Optimisation Pack – https://docs.citrix.com/en-us/hdx-optimization and provided that the solution doesn’t reverted to fallback mode due to a mismatch between the CWa client, HDX optimisation pack, VDA and Skype for Business or Teams package. Finally another consideration is Browser Content Redirection (BCR) be minded of what is configured and the traffic path and fallback – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/browser-content-redirection.html.

6. Something to consider BUT I have not tested this theory but expect an abnormal potential spike on the Citrix ADC and StoreFront (if on-premises) if a high volume of employees access LOB apps using the HTML5 Receiver as it affective downloads the app into the employees HTML5 enabled browser to then launch CVAD resources. I look at this purely from concept of a web server (StoreFront) is holding a file I need to download while its lite weight its extra overhead vs. a device with Citrix Receiver or CWa already installed that is also plumbed through the Citrix ADC.

7. Review your on-premises StoreFront landing and logged in pages and consider if BP where triggered and you received a high volume of login requests could your StoreFront cluster support the load? What if you implemented low bandwidth imagery reducing the colour depth and pixels by a factor of 50% for your logos, background image? How does that affect your loading time? Consider also placing the images on an alternative web server so that all StoreFront is processing is core app and style sheets it doesn’t seem obvious but at hyper scale this makes a huge difference for example on a Twitter handle in a browser and view the source you’ll notice that the core web app itself comes primarily from *.twitter.com but all the content (images, videos) will come from different image or content farms this ensures that the web app in this case on *.twiiter.com can rapidly process and outcome Tweets in your timeline and images render later especially in bandwidth constrained locations or where there is macro spectrum interference resulting in poor interactivity and loading times. Finally even if you reduce the imagery size and the load is still high its often better past experiences to scale up existing StoreFront servers in a cluster than scaling out by adding a net new StoreFront server into the cluster.

8. I reached out to a pool of Citrix Technology Advocates or CTA’s* to provide input into this blog and Bas Stapelbroek follow him at – https://twitter.com/hapster84/ initially suggested at a glance converting existing physical PC’s into remote enabled Citrix Virtual Desktops thus allowing employees to work from home quickly as all you need to do is deploy the Desktop VDA and configure the machine for RemotePC access. To learn more about this feature and to setup and configure it for on-premises CVAD fabric checkout – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/remote-pc-access.html and CVAD Service customers – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/install-configure.html#install-vdas, however be sure that you are correctly licensed for this feature by referring to the CVAD feature matrix at – https://www.citrix.com/products/citrix-virtual-apps-and-desktops/feature-matrix.html.

9. If you have spare capacity on your Citrix ADC (NetScaler) appliances and you need to connect external devices to your network fabric safe and securely beyond CVAD you can also deploy a VPN on the same appliance with pre-authentication scanning policies to checks a devices eligibility requirements from supported endpoints running Windows and Mac using the Citrix ADC’s EndPoint Analysis (EPA) scanning feature. The EPA agent is installed onto the devices endpoint (prompted at the login URL or you can push it from however your manage your Windows and Mac fleet) and runs a scan of the endpoint based upon the policies you assign to check the devices eligibility readiness prior to allowing them access to your network fabric. I wrote blog post at http://axendatacentre.com/blog/2016/11/14/setup-pre-authentication-endpoint-analysis-epa-policy-with-an-azure-netscaler-unified-gateway-11-x-n/  on how-to set this up and enable a few basic checks for EndPoint Analysis (EPA) scanning. For official documentation onto to configure EPA scans check out – https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/endpoint-policies/ng-endpoint-preauthentication-config-tsk.html and on the 13.x.n firmware you can setup EPA a scans for Ubuntu but the scans are limited see – https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/epa-scans-for-ubuntu.html for more information.

10. CVAD supports multi-type licensing within a single CVAD Site. These allows you to consume different licensing models e.g per user/device vs. concurrent within the same CVAD Site provided the assigned licensing edition is of the same product or on-premsies subscription type e.g Advanced edition which is configured for the whole CVAD Site. You cannot mix and match different product or on-premsies subscription editions e.g Advanced concurrent vs. Premium concurrent. The following Citrix eDocs articles – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/manage-deployment/licensing/multi-type-licensing.html provides a visual diagram demonstrating what is vs. isn’t possible.

In closing this post is about helping you achieve Business Continuity (BP) GREEN readiness flags by been smarter through optimising your current Citrix fabric to support abnormal peaks/spikes on the horizon coming ahead to sustain more load than expected for longer periods of time. You need to recognise that optimisation can only go so far when supporting extended BP plans.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

* CTA’s – https://www.citrix.com/en-gb/community/cta/awardees.html