Transcription

Data SheetCitrix SD-WAN Data SheetSecure and optimize the workspaceexperience in the cloudSolution overviewCitrix SD-WAN componentsCitrix SD-WAN delivers the reliable, highperformance user experience to your distributedThe Citrix SD-WAN solution consists of threemain components:workforce needs to do their best work anywhere. WithCitrix SD-WAN, you can simplify your hybrid multicloud initiatives by optimizing applications andautomating connectivity. Easily deploy robust securitycapabilities where you need them. And choose fromthe broadest choice in security with a unified securityservice and integration with third-party best-of-breedfirewalls.A single cloud-based user interface makes it simple tomanage your WAN, configure security policies, andmonitor and prioritize applications. Citrix SD-WANgives you the most flexibility with a range of physicaland virtual form factors, you can deploy SD-WAN inpublic clouds, data centers, branches and homeoffices.Citrix SD-WAN is a core capability of the Citrix unifiedapproach to SASE (secure access service edge) alongwith zero-trust network access and cloud-deliveredsecurity for secure, reliable access to all applicationsanywhere from any device. Cloud-hosted (or on-premises) orchestrator forcentralized policy management and visibility Physical, virtual, branch, home and data centerappliances Three software editionsCitrix SD-WANOrchestratorCitrix SD-WANcloud on-rampOffice 365, Zoom,Salesforce, WorkdayAWS, Azure,Google CloudIaaS/PaaSSaaSCitrix Cloud DirectDedicated SaaS access(optional service)Citrix Secure Internet Access(CASB, DLP, SWG, Malware protection,Sandbox)SASE and Citrix SD-WANoverlay architectureCitrix SD-WANfor branch officeCitrix SD-WANfor home officeCitrix SD-WANfor datacenter

Citrix SD-WAN Data SheetCitrix SD-WAN OrchestratorPhysical and virtual form factorsCitrix SD-WAN Orchestrator is a cloud-hosted (oron-premises), multi-tenant management serviceavailable to Do-It-Yourself enterprises and CitrixThe Citrix SD-WAN hardware appliances support thedifferent Citrix SD-WAN editions, common hardwarecomponents, and virtual appliance information. Thevarious Citrix SD-WAN hardware platforms offer awide range of features, virtual paths, and throughput.Citrix SD-WAN software supports all Citrix SD-WANhardware platforms.partners. The Citrix SD-WAN Orchestrator Networkdashboard (Figure 1) provides a bird’s-eye view of anorganization’s SD-WAN network in terms of healthand usage across all the sites. The dashboardcaptures a summary of the network-wide alerts,uptime of the overlay and underlay paths, highlightsusage trends, and provides a global view of thenetwork.Application-centric policies: Application basedtraffic steering, Quality of Service (QoS), andFirewall policies, configurable globally or per site.Figure 1Citrix SD-WAN VPX (virtual form factor) is availableas a virtual instance in major cloud market places(Azure, AWS, GCP) and as BYOL.2

Citrix SD-WAN Data SheetSoftware EditionsCitrix SD-WAN Software EditionsCitrix SD-WAN StandardIncludes Standard Virtual WAN features only (refer to Feature table later in this document).Standard edition supports software-defined WAN capability to create a highly reliable networkfrom multiple network links. It ensures that each application takes the best path to achieve thehighest application performance.Citrix SD-WAN AdvancedIncludes Standard Edition and enables Edge Security features. It includes the followingsecurity capabilities: Web Filtering, Anti-Malware, Intrusion Prevention, SSL Inspection.Citrix SD-WAN PremiumIncludes Standard Edition and WAN Optimization features. Premium Edition integrates WANvirtualization with WAN optimization capabilities to optimize branch and remote user experienceand to achieve fully resilient applications regardless of network quality.Citrix Secure Internet Access is an additional cost.Citrix SD-WAN Portfolio110 SE110-WiFi SE110-LTE-WiFi SE(20 to 200 Mbps)210210-LTE(50 to 300 Mbps)Micro Branch / HomeRetail / SmallBranch1100(200 to 500 Mbps)Large Branch210041006100(300 Mbps to 2 Gbps)(2 Gbps to 3 Gbps)(4 Gbps to 6 Gbps)Small/Medium DCData centerLarge DCSupported Virtual Appliance Platforms20 Mbps -1.5 Gbps (depending on platform)ESXI Citrix Hypervisor Hyper-V KVM3

Citrix SD-WAN Data SheetLicensingSubscription*Available for Standard, Advanced and PremiumEditions. Zero-capacity hardwareSoftware subscriptionOne or three-year termsHardware maintenanceCloud Direct optional add-on licenseOrchestrator entitlement included and availablefor Standard, Advanced, and Premium editions CSS Select-level support includedWhy Citrix SD-WAN Gartner #1 for Application ExperienceOptimization Rock-Solid Experience for Citrix Apps andDesktops Comprehensive Security All Gartner ‘Core’ & ‘Recommended’ SASECapabilities Unified Cloud-Hosted Management Cloud-hosted single-pane-of-glass networking& security Reliable, Resilient Connectivity Over any type of connectivity to cloud, SaaSand virtual apps Consistent Hybrid Work Models For execs, heavy-data users, call center reps,ad-hoc workspacesEnhance workforce experienceCitrix SD-WAN helps connect a hybrid workforce tobusiness applications. Home workers can leverageadditional bandwidth and IT gains visibility into theentire network. Critical workers such as power users,execs and call center reps have redundancy andresiliency. Adding network redundancy greatly4reduces the risk of outages as a single link, evenwith Service Level Agreements (SLAs), can stillexperience congestion and outages.Improve real-time traffic performance for voice andvideo that is sensitive to congested networks, latencyand jitter can stop robotic voice, audio dropouts, poorvideo and dropped calls. End-to-end network policycontrol, management and visibility reduces downtime.Citrix SD-WAN ensures your hybrid workforce is alwayssecure, connected, and engaged.Simplify transition to multicloudCitrix SD-WAN extends the network into IaaS/PaaSclouds where traditional WAN architectures were notdesigned for the cloud and assumed applications livedin the data center protected by a security perimeter.Routing cloud-destined traffic through the datacenter’s security stack increases latency and networkhops and the requires more costly bandwidth to handlethis additional traffic. Citrix SD-WAN providesconsistent WAN administration across major clouds andspeeds up site rollouts while lowering transport costs.Accelerate journey to SASEThe shift to SaaS and cloud necessitates directinternet access as backhauling is inefficient andresults in a degraded user experience. Networkand security integration at the edge protects theuser experience while preventing threats fromentering through the network. Citrix SD-WAN alongwith Citrix Secure Internet Access secures directinternet access at the branch and remote user tothreats from an increased attack surface. CitrixSD-WAN Orchestrator integrates management ofCitrix SD-WAN and security as a cloud-deliveredservice allowing users to truly work from anywhere.The unified approach is built on a globalcloud architecture.*Perpetual licensing also available upon request.

Citrix SD-WAN Data SheetFeatureStandard EditionAdvanced EditionPremium EditionApplication Identification Citrix Protocol Support Citrix Standard (DaaS)Integration and automation Office 365 Optimization WAN OptimizationTraffic Forwarding Maximize Bandwidth Usage Dual-ended QoS Congestion management(Detection, avoidance,remediation) Packet Loss Concealment Latency Mitigation Selective packet duplication for realtime applications HDX Session Fairness Link Failover Fail-to-Wire* SaaS-based Orchestration Enterprise-grade private networksupport for Cloud Direct (SaaS/Cloudgateway)**Multi-cloud connectivity(Azure, AWS, GCP)Integrated LTE***210,1100 110, 210210,1100 210,1100Web Filtering*** 210,1100IDP/IDS*** 210,1100SSL Inspection*** 210,1100Integration with Cloud SecurityIntegrated 802.1x WiFiZero Touch Provisioning 210Malware Prevention***Next-Gen Firewall as VNF 1100 110 *Not available on 110 platform**Optional Cloud Direct***On Standard Edition as an add-on with Citrix Secure Internet Access 5

Citrix SD-WAN Data Sheet6Software FeaturesCategoryFeaturesDescriptionEnhance Workforce ExperienceApplication IdentificationDeep Packet Inspection(4,500 apps)App Classification EngineApplications can be discovered and classified in real-time. Theappliance analyzes an incoming packet and classifies it asbelonging to a particular application or application family.Citrix Protocol ExtensionsAutoQoS for ICASite, session, userlevel HDX reportingGranular visibility into HDX user sessions and the proprietaryICA protocol distinguishes different types of ICA traffic such asin-band audio, display remoting, multimedia redirection, and printingand can optimize such traffic using Quality of Service (QoS) controls.Auto-configures Citrix Virtual Apps and Desktops for optimalintegration, whether on prem or in the cloud.Citrix Standard (DaaS)Integration and automationAutomated workflowAutomated provisioning of SD-WAN on IaaS platform within CitrixVirtual Apps and Desktops Standard Edition/DaaS admin workflow.Office 365 OptimizationAPI integrationBeacon serviceAPI integration and use of Office 365 connectivity principles tooptimize how traffic is sent to Microsoft front doors. Office 365optimization steers trusted SaaS traffic such as Office 365 Teamsaudio-video directly to the cloud, either to the Citrix Cloud Directservice for enhanced reliability and performance or directly to theclosest Office 365 front door, while untrusted traffic can be steeredto a data center security stack or cloud-based SW (Secure WebGateway) for enforcement.WAN OptimizationTCP OptimizationCompressionDe-duplicationand CachingImproves the application experience while reducing bandwidthexpenses. De-duplication and caching reduce traffic across theWAN. Compression reduces band width consumption and increasesdata throughput.TCP optimization reduces overhead.Traffic ForwardingPacket-based trafficforwardingData is delivered on a per packet basis. Packet-based forwardingreorders packets to mitigate changing WAN conditions in order tobest steer traffic.Maximize BandwidthUsageVirtual WANMaximize bandwidth usage (even for a single TCP session over2 or more WAN links). To ensure high application performancefor bandwidth intensive applications such as backups and large filetransfers, multiple links are used simultaneously for a single session.If the bandwidth required for one session exceeds the availablebandwidth on the best link, all the available bandwidth on the bestlink will be bonded with the second-best quality link.This lets highbandwidth applications have as much bandwidth as they need toperform optimally.Dual-ended QoSDual-ended QoSDual-ended QoS measures latency, packet loss and jitter at both thesending end and destination. Administrators configure QoS globallyfrom a single source and senders only send at the peers advertisedreceive rate. Unidirectional local measurements are shared with peerdevices in the network. All sites get their fair share of bandwidthpreventing oversubscription and wasted utilization.

Citrix SD-WAN Data entQoS (Detection, avoidance,remediation)A fourth measurement of QoS is congestion. Tunnels betweenappliances allow for proactive management of the traffic. Thesending appliance tags each packet with information about thetime sent and its order in the packet. The receiving appliance readsthese tags and uses the data to measure transit time, congestion,jitter, packet loss, and other information about the performanceand health of the path in each direction. The appliances share thisinformation with the controller, which uses queuing theory andpredictive behavioral statistical modeling to create a “map” of allof the paths in the WAN. The map is continuously updated withinformation from recent packets.Packet LossConcealmentQoSPacket DuplicationTCP OptimizationSelective Acknowledgment (SACK) is a strategy which corrects thisbehavior in the face of multiple dropped segments. With selectiveacknowledgments, the data receiver can inform the sender aboutall segments that have arrived successfully, so the sender needretransmit only the segments that have actually been lost.Note: Can be applied to UDP flows/data.Latency MitigationDPIDIAIntelligentpath selectionIntelligent detection of the most optimal low-latency routes isachieved by creating a VPN overlay. Additionally, extending thenetwork to the cloud with automated on-ramps and direct breakoutremoves the need to backhaul that traffic reducing the distance ithas to travel.Selective PacketDuplicationPacket DuplicationPacket duplication, or racing, ensures high application performance forreal-time applications such as voice by duplicating a session’s trafficacross multiple paths. This means that no packets are lost and, as thefirst of the duplicate pair to arrive is used, each packet takes the lowestlatency route. This allows for optimal application performance for justa small cost in bandwidth. It is ideal for improving media quality withsoftphones and Unified Communications apps. From an HDX perspective,a softphone/UC app can be “optimized” (the media engine runs on theuser device, offloading the Citrix server) or “unoptimized” (media isprocessed on the Citrix server and delivered over ICA). Packet racingcan be used in either case.HDX Session FairnessHDX Session FairnessSession fairness ensures that no single HDX user consumesmorethan a fair share of the available network bandwidth. Userscontinue to enjoy a responsive, interactive experience even whensomeone in the same office is transferring a huge file or printing alarge graphics-intensive document.Link FailoverLink FailoverSD-WAN will initially select the best path for each type ofapplication based on an algorithm that takes in to account