Citrix Receiver Storefront與NetScaler技術架構介紹

1、Citrix桌面虛擬化技術培訓Citrix Receiver Storefront 與 NetScaler技術架構介紹Citrix ReceiverCitrix ReceiverAvailable on 3 Billion DevicesMacPCMacTabletPCSmartphonesTablet/content/dam/citrix/en_us/documents/products-solutions/citrix-receiver-feature-matrix.pdf Storefront and NetScalerWeb Interface is being phased out1

2、0Consistent access inside or outside the firewallSeamless workspace across any deviceAccess to Windows Apps, data, Web and SaaSAuto-configuration of the default app store Citrix StoreFrontStoreFrontDelivering the best user experience on all devicesConsistent User Experience Unified Store Win Apps, D

3、esktop, Web/SaaS, Data & MobileFollow-me Apps & SubscriptionsSimplified Provisioning & Upgrades VPN-less Remote AccessCentralized Management CustomizationNative ReceiversBrowserAuthenticationReceiverforWebAggregationLaunchdesktopsappsSaaSdatamobileStoreFront servicesOne Store for All ReceiversSite 3

4、Site 2HA Pair or scale-out clusterNetScaler GatewayStorefront ServicesSite 1Scale-out cluster with web LBAccess LayerSecure access with ICA proxySession policies for mobile & traditional devicesLocation aware connectivityICA ProxyAll public network communication encrypted in SSLICA Proxy only sends

5、ICA and XML to XenApp/XenDesktop infrastructureIntegrated Secure Ticket Authority prevents server info leakageBesides Receiver, no agent required on endpointNetScaler 功能模塊負載均衡壓縮緩存SSL加速 應用交付網(wǎng)絡平臺AppExpert 策略引擎應用交換引擎管理與監(jiān)控GUI和CLI管理可視化應用策略生成器API接口監(jiān)控與報告工具NetScaler 系統(tǒng)架構無縫集成各功能模塊 500Mbps 50Gbps 7層吞吐 所有功能模塊可

6、同時啟用 各模塊公用策略引擎 統(tǒng)一的管理接口與界面云基礎架構企業(yè)數(shù)據(jù)中心高性能資源卸載應用安全高可靠性4-7層本地服務器負載均衡全局多站點（鏈路）負載均衡可自定義的健康檢測技術高峰流量控制 動靜態(tài)緩存技術HTTP壓縮技術 TCP卸載與TCP連接復用技術SSL加速Web2.0推送技術Cache重定向 SSL VPN功能4-7層DOS/DDOS攻擊防護基于訪問速率控制內(nèi)置應用防火墻 NetScaler 應用交付平臺功能模塊NetScaler在桌面云環(huán)境中的價值基于Receiver 的安全遠程訪問多數(shù)據(jù)中心，全局部署，實現(xiàn)數(shù)據(jù)中心冗余和就近訪問實現(xiàn)XenApp/Desktop關鍵組件的負載均衡實時監(jiān)

7、控最終用戶體驗，并集成到XenDesktop管理工具NetScaler-虛擬桌面接入代理Remote UserBranch OfficeHome OfficeTabletNetScalerDesktop Delivery ControllerHQ OfficeXenDesktop FarmXenServer Resource PoolActive DirectoryData Store License ServerDHCPInfrastructureVirtual Desktop 1Personalization: User AApps: OfficeOS: VistaVirtual Desk

8、top 2Personalization: User BApps: OfficeOS: XPVirtual Desktop 3Personalization:Apps:OS:F i r e w a l lF i r e w a l lPersonalizationApplicationsOSProvisioning ServerXenApp ControllerFile ShareDesktop Delivery ControllerDataCollectorVistaWindows XPWindows 7User AUser BUser CUser DUser EWebInterface安全

9、訪問NetScaler-關鍵桌面云組件負載均衡Remote UserBranch OfficeHome OfficeTabletNetScalerDesktop Delivery ControllerHQ OfficeXenDesktop FarmXenServer Resource PoolActive DirectoryData Store License ServerDHCPInfrastructureVirtual Desktop 1Personalization: User AApps: OfficeOS: VistaVirtual Desktop 2Personalization:

10、 User BApps: OfficeOS: XPVirtual Desktop 3Personalization:Apps:OS:F i r e w a l lF i r e w a l lPersonalizationApplicationsOSProvisioning ServerXenApp ControllerFile ShareDesktop Delivery ControllerDataCollectorVistaWindows XPWindows 7User AUser BUser CUser DUser EWebInterface強壯的 SLAs安全訪問NetScaler-全

11、局負載均衡Remote UserBranch OfficeHome OfficeTabletNetScalerDesktop Delivery ControllerHQ OfficeXenDesktop FarmXenServer Resource PoolActive DirectoryData Store License ServerDHCPInfrastructureVirtual Desktop 1Personalization: User AApps: OfficeOS: VistaVirtual Desktop 2Personalization: User BApps: Offic

12、eOS: XPVirtual Desktop 3Personalization:Apps:OS:F i r e w a l lF i r e w a l lPersonalizationApplicationsOSProvisioning ServerXenApp ControllerFile ShareDesktop Delivery ControllerDataCollectorVistaWindows XPWindows 7User AUser BUser CUser DUser EWebInterface強壯的 SLAsRemote UserBranch OfficeHome Offi

13、ceTabletNetScalerDesktop Delivery ControllerHQ OfficeXenDesktop FarmXenServer Resource PoolActive DirectoryData Store License ServerDHCPInfrastructureVirtual Desktop 1Personalization: User AApps: OfficeOS: VistaVirtual Desktop 2Personalization: User BApps: OfficeOS: XPVirtual Desktop 3Personalizatio

14、n:Apps:OS:F i r e w a l lF i r e w a l lPersonalizationApplicationsOSProvisioning ServerXenApp ControllerFile ShareDesktop Delivery ControllerDataCollectorVistaWindows XPWindows 7User AUser BUserCUserDUserEWebInterface全局高可用Remote UserBranch OfficeHome OfficeTabletNetScalerDesktop Delivery Controller

15、HQ OfficeXenDesktop FarmXenServer Resource PoolActive DirectoryData Store License ServerDHCPInfrastructureVirtual Desktop 1Personalization: User AApps: OfficeOS: VistaVirtual Desktop 2Personalization: User BApps: OfficeOS: XPVirtual Desktop 3Personalization:Apps:OS:F i r e w a l lF i r e w a l lPers

16、onalizationApplicationsOSProvisioning ServerXenApp ControllerFile ShareDesktop Delivery ControllerDataCollectorVistaWindows XPWindows 7User AUser BUserCUserDUserEWebInterface 安全的訪問HDX Insight 用戶報告NetScaler 為某用戶實現(xiàn)桌面云交付的智能選擇Cloud LayerCell LayerService Block LayerPool LayerIP Addresses “Float”DMZ VLAN

17、InternalVLANARP2Addresses need not be bound to a physical portOne-Arm versus Two-Arm 1) User Request2) User Request3) Server Response4) Server ResponseOne-arm Deployment1) User Request2) User Request3) Server Response4) Server ResponseTwo-arm DeploymentFirst define the NetScaler IPNSIPNG-EUsersAdmin

18、istratorsLDAP, RSA, RADIUS, etcStorefrontXenApp or XenDesktopUsers connect to a Virtual Server IPVPN vserverNG-ELDAP, RSA, RADIUS, etcOne MIP or SNIP is requiredNSIPMIPVPN vserverNG-EUsersAdministratorsLDAP, RSA, RADIUS, etcStorefrontXenApp or XenDesktopStorefront must connect to vserverNSIPMIPVPN v

19、serverNG-EUsersAdministratorsLDAP, RSA, RADIUS, etcStorefrontXenApp or XenDesktopFirewall considerationsNSIPMIPNGvserverUsersAdministratorsLDAP, RSA, RADIUS, etcStorefrontXenAppXenDesktop FarmNGvserver:443:80, 22, 3010LDAP: TCP 389LDAPS: TCP 636RADIUS: UDP 1812:443:80 or 443STA: 80 or 443ICA: 1494CG

20、P: 2598NetScaler GatewayExternalRemote End UserLDAPSFInternal DMZSTA and XML44380/443389/636XD/XA Integration WorkflowEE returns EPA results to SFSession policy EPA check results returned to NG Storefront sends credentials & EPA results to Citrix XML Service which validates them and returns users “s

21、mart access” application set to Storefront.Storefront generates “Smart Access” application set page and sends the web page back to user.NetScaler Gateway passes credentials to Directory Service for validation. EPA ActiveX sends results back to NGOn Pre-Authentication EPA success NG returns login pag

22、ePost-AuthN NG Session policy EPA checks done with the existing EPA ActiveX Storefront Authenticates credentials provided via custom SSO NGCitrixBasic HeaderNG Pre-AuthN EPA ActiveX download & client scanNG does a HTTP redirect to the website configured in -homepage option2) Storefront returns a 401

23、 and NG detects that this is a Storefront server.User supplies credentials to logon page.User accesses NG VPN Virtual Server3) NetScaler Gateway next performs pass-through SSO to Storefront via a custom NGCitrixBasic HTTP Header4) A SessionToken is also providedSF makes a XML callback to a preconfigured-on-SF NG VPN Virtual Server URL with the previously provided SessionToken to get the EPA Results XenAppExternalRe