NetScaler SD-WAN User Interface
Some time ago I published an article about the solution of NetScaler SD-WAN. Why this technology is needed, how to build SD-WAN on NetScaler, and what useful functions it has, you can read here . And in this article I propose to look at the functionality of the NetScaler SD-WAN user interface, how the system is configured and supported to improve the efficiency of the enterprise. All interested in asking under the cat.
The initial Citrix SD-WAN Center management screen looks like this:
There are three main sections of the Citrix SD-WAN Center: Dashboard (Console), Monitoring and Configuration. The system configuration is set here: the IP addresses of the hosts - the central and branch offices, the types of sessions are specified, the classes of flows are defined and other necessary settings are made.
In the Console section there is an interactive system diagram with a map on a geographic map. The picture for example shows a map of the network of a conditional enterprise, whose head office (HQ) is in Moscow, and its branch (BR-1) is located in Kamchatka.
In addition, a list of the most frequently used applications (Top Applications) and their families (Top Application Families), which work through the SD-WAN network between the head office and the branch and the volume of traffic consumed by them, is available in the Console. For example, we see that the application of a remote workplace in a branch whose virtual machine is located in the center (Remote Desktop) occupies 5.01% of the total traffic volume. Obviously, the working day in Kamchatka has already ended.
On the Monitoring tab there is an opportunity to set the time interval and see all the parameters of the channels (the operator sets the parameters for the review, as required), and the quality of the channel for the specified time interval. For example, this figure shows the channel parameters between the central office (HQ) and the branch (BR-1). For example, you can visually display the available channel bandwidth via the WAN (LAN to WAN Bandwidth).
You can select the interesting period of time and enlarged look at the diagram of the available bandwidth in this interval. This, among other things, is very useful for interacting with the communication channel operator, for example, as a documentary confirmation of the implementation of the last SLA (Service Level Agreement). The tenant of channels (the enterprise user of SD-WAN) always has on hand documentary evidence of the fulfillment or non-fulfillment by the operator of the promised SLA level. As channel quality parameters, you can also track the percentage of packet loss (in%), packet delay (in ms or ms) and other necessary parameters specified in the SLA contract in real time.
In addition to real time, the Citrix SD-WAN Center monitoring system allows you to monitor the integral parameters, for example, the time the channel is in good condition, when all the agreed SLA parameters are normal (Good Time), bad condition (Bad Time), the time period any parameter is out of the normal range or when the channel is dead (Dead Time). The administrator of the Citrix SD-WAN Center management system can flexibly indicate the time period for which he needs data and obtain an enlarged graphical representation of the behavior of a particular parameter during this period of time. This greatly facilitates troubleshooting, analysis of the quality of the system as a whole (for example, flexible load redistribution between BR-n branches (of which in practice, of course, much more than one), and also significantly increases the efficiency of decision-making on technical policy in the enterprise. For example, an enterprise's CIO receives reliable data allowing it to decide that, for example, in a BR branch that consumes a lot of RDP traffic, it would be advisable to install a micro data center (which, by the way, can also be configured and maintained from HQ center, there are such micro-data centers on the market), and a BR-y branch, in which there is little staff and little traffic, it is better to leave it completely on the RDP protocol for remote workplaces.
In addition, full reporting (Reporting) on channel loading by various applications for a certain period of time is available:
This information can be obtained not only by applications, but also can be detailed by branch sites, services, virtual and physical routes, WAN links, see the order of MPLS channels for different classes of applications, to obtain an estimate of speech quality of VoIP (MOS Score), as well as the work of individual Ethernet interfaces, and the IPsec tunnels, GRE, etc..
for Maintenance (Service) system it is very important to have a complete picture of the state of the channel s. The figure below shows how much varied data on the status of the channels the Citrix SD-WAN Center management system gives the administrator.
The DPI-based firewall that is included with NetScaler can be configured quite flexibly (it is not configured in the figure below, but it is important to show the features, details and ease of configuration).
Although the Firewall built into NetScaler is not as powerful as, for example, the dedicated Firewall from Palo Alto, but it also has a sufficient range of settings to ensure the security of the enterprise network without too much restricting its functionality. A very important feature is the deep analysis of DPI packets, which allows us to determine not only the legitimacy of the packet, but also the flow of which application the packet belongs to. This allows the administrator to better control network traffic and prevent inappropriate use of enterprise resources (for example, to recognize who is chatting with friends on Facebook during working hours).
The configuration of the system (Configuration) allows the administrator to set a large range of parameters, for example, it is possible to enable or disable the DPI functionality:
As you can see, no multi-step manipulation is required for this.
The Citrix SD-WAN Center management system allows you to flexibly configure Notification system errors (Notification), for example, the system can automatically send notifications from your mailbox, for example, sd-wan_center@company.net to the system administrator's email, for example, admin @ company. net.
What do we have in the "bottom line"? It is not difficult to see that such a convenient and functional interface of the Citrix SD-WAN Center management system was made for a reason, and so that the user (enterprise), who decided to use SD-WAN in his distributed corporate network, could not only efficiently operate and maintain this network, but also significantly reduce their overhead. For example, Citrix SD-WAN Center allows it not to keep administrative IT staff in branch offices, and, with the help of a small team, to service the entire branch network (BR) centrally from the head office (HQ). This allows to reduce the expenses of the enterprise for business trips in the case of a network distributed across cities, as well as to reduce traveling within the city if the scale of the enterprise is limited to one city.
The functionality of the Citrix SD-WAN Center settings allows you to get additional benefits for the enterprise: significantly simplify the analysis of the network and simplify the process of making decisions about its development, optimize the work of branches, increase the efficiency of working time for their employees, and their interest in the results of their work.
The initial Citrix SD-WAN Center management screen looks like this:
There are three main sections of the Citrix SD-WAN Center: Dashboard (Console), Monitoring and Configuration. The system configuration is set here: the IP addresses of the hosts - the central and branch offices, the types of sessions are specified, the classes of flows are defined and other necessary settings are made.
In the Console section there is an interactive system diagram with a map on a geographic map. The picture for example shows a map of the network of a conditional enterprise, whose head office (HQ) is in Moscow, and its branch (BR-1) is located in Kamchatka.
In addition, a list of the most frequently used applications (Top Applications) and their families (Top Application Families), which work through the SD-WAN network between the head office and the branch and the volume of traffic consumed by them, is available in the Console. For example, we see that the application of a remote workplace in a branch whose virtual machine is located in the center (Remote Desktop) occupies 5.01% of the total traffic volume. Obviously, the working day in Kamchatka has already ended.
On the Monitoring tab there is an opportunity to set the time interval and see all the parameters of the channels (the operator sets the parameters for the review, as required), and the quality of the channel for the specified time interval. For example, this figure shows the channel parameters between the central office (HQ) and the branch (BR-1). For example, you can visually display the available channel bandwidth via the WAN (LAN to WAN Bandwidth).
You can select the interesting period of time and enlarged look at the diagram of the available bandwidth in this interval. This, among other things, is very useful for interacting with the communication channel operator, for example, as a documentary confirmation of the implementation of the last SLA (Service Level Agreement). The tenant of channels (the enterprise user of SD-WAN) always has on hand documentary evidence of the fulfillment or non-fulfillment by the operator of the promised SLA level. As channel quality parameters, you can also track the percentage of packet loss (in%), packet delay (in ms or ms) and other necessary parameters specified in the SLA contract in real time.
In addition to real time, the Citrix SD-WAN Center monitoring system allows you to monitor the integral parameters, for example, the time the channel is in good condition, when all the agreed SLA parameters are normal (Good Time), bad condition (Bad Time), the time period any parameter is out of the normal range or when the channel is dead (Dead Time). The administrator of the Citrix SD-WAN Center management system can flexibly indicate the time period for which he needs data and obtain an enlarged graphical representation of the behavior of a particular parameter during this period of time. This greatly facilitates troubleshooting, analysis of the quality of the system as a whole (for example, flexible load redistribution between BR-n branches (of which in practice, of course, much more than one), and also significantly increases the efficiency of decision-making on technical policy in the enterprise. For example, an enterprise's CIO receives reliable data allowing it to decide that, for example, in a BR branch that consumes a lot of RDP traffic, it would be advisable to install a micro data center (which, by the way, can also be configured and maintained from HQ center, there are such micro-data centers on the market), and a BR-y branch, in which there is little staff and little traffic, it is better to leave it completely on the RDP protocol for remote workplaces.
In addition, full reporting (Reporting) on channel loading by various applications for a certain period of time is available:
This information can be obtained not only by applications, but also can be detailed by branch sites, services, virtual and physical routes, WAN links, see the order of MPLS channels for different classes of applications, to obtain an estimate of speech quality of VoIP (MOS Score), as well as the work of individual Ethernet interfaces, and the IPsec tunnels, GRE, etc..
for Maintenance (Service) system it is very important to have a complete picture of the state of the channel s. The figure below shows how much varied data on the status of the channels the Citrix SD-WAN Center management system gives the administrator.
The DPI-based firewall that is included with NetScaler can be configured quite flexibly (it is not configured in the figure below, but it is important to show the features, details and ease of configuration).
Although the Firewall built into NetScaler is not as powerful as, for example, the dedicated Firewall from Palo Alto, but it also has a sufficient range of settings to ensure the security of the enterprise network without too much restricting its functionality. A very important feature is the deep analysis of DPI packets, which allows us to determine not only the legitimacy of the packet, but also the flow of which application the packet belongs to. This allows the administrator to better control network traffic and prevent inappropriate use of enterprise resources (for example, to recognize who is chatting with friends on Facebook during working hours).
The configuration of the system (Configuration) allows the administrator to set a large range of parameters, for example, it is possible to enable or disable the DPI functionality:
As you can see, no multi-step manipulation is required for this.
The Citrix SD-WAN Center management system allows you to flexibly configure Notification system errors (Notification), for example, the system can automatically send notifications from your mailbox, for example, sd-wan_center@company.net to the system administrator's email, for example, admin @ company. net.
What do we have in the "bottom line"? It is not difficult to see that such a convenient and functional interface of the Citrix SD-WAN Center management system was made for a reason, and so that the user (enterprise), who decided to use SD-WAN in his distributed corporate network, could not only efficiently operate and maintain this network, but also significantly reduce their overhead. For example, Citrix SD-WAN Center allows it not to keep administrative IT staff in branch offices, and, with the help of a small team, to service the entire branch network (BR) centrally from the head office (HQ). This allows to reduce the expenses of the enterprise for business trips in the case of a network distributed across cities, as well as to reduce traveling within the city if the scale of the enterprise is limited to one city.
The functionality of the Citrix SD-WAN Center settings allows you to get additional benefits for the enterprise: significantly simplify the analysis of the network and simplify the process of making decisions about its development, optimize the work of branches, increase the efficiency of working time for their employees, and their interest in the results of their work.