total solutions inc. - coretek for epic-healthcare...delivering high value and innovative healthcare...
TRANSCRIPT
Azure SummitHigh-End Graphical Loads on Integrated Systems
Chris Shalda
Sr. Solutions Architect, Cloud Solutions
Coretek Services
Session Agenda
Wolverine Worldwide Use Case
Citrix Primer
Citrix on Azure Deployment Options
Citrix on Azure Architecture Considerations
Citrix Cloud Benefits
Demonstration & Discussion
Introduction
Presenter Information – Chris Shalda
11 years at Coretek ServicesFirst 8 years: IT Consultant (SMB through Large Enterprise)Next 2 years: Microsoft Solutions ArchitectNow: Sr. Solutions Architect, Cloud Solutions
P-CSA (apps & infra) – Chris is 1 of about 20 P-CSAs in the US
Enjoys architecting creative solutions for the most complex business and IT problems customers face to ultimately deliver success in the cloud.
Chr i s .Sha lda@coretek .com
Coretek ServicesA Systems Integration and IT consulting company delivering high value and innovative Healthcare solutions. A business driven by excellent people built with strong relationships. Project Success! No Exceptions.
Headquarters
Founded in 2005
Farmington, Michigan
110+ employees
85% of Staff is the Delivery Team
Culture
101 Best & Brightest Companies to Work for
National—5 Years in a Row
Metro Detroit—9 Years in a Row
Project Success! No Exceptions.
AWARDS
Coretek Services
A Systems Integration and IT consulting company delivering high value and innovative Healthcare solutions. A business driven by excellent people built with strong relationships. Project Success! No Exceptions.
PARTNERSHIPS
Over 300,000 Virtual Desktops Deployed Nationally0144
Write your subtitle in this line
Coretek Resources
Coretek Customers
Wolverine Worldwide Case StudyNew Citrix Technologies & Award Winning Designs
Wolverine Worldwide Case Study
The Product Development Opportunity
• Product idea to market takes 425 days
• Multiple systems contain material libraries and material costs
• Design changes are time consuming and costly
• Lack of one single version of the truth across all global functions in the Product Creation Process
The Product Development Goal
• Globally integrated virtual/digital product creation capability
• Reduce lead times and costs through virtual prototyping
• Bill Of Material construction and pattern analysis with 3D rapid prototyping and printing
• One globally accessible Single Version of the Truth
Technology Solution
Citrix XenApp/XenDesktop
Citrix NetScaler Microsoft Azure Strategies RomansCADPalo Alto with
Panorama Management
Technical Challenges
China firewall
Factories being able to access the application
• Infrastructures not within IT dept. control
Providing a fluid 3D design experience
Network latency Security
Single node Client/Server
architecture for 3D modeling and material library
solution
Different hardware resource needs
depending on time zone and
functionality
Citrix PrimerXenApp and XenDesktop
Experience
Deliver a consistent, high-definition user experience
on-demand
Security
Simplifying security and management
to streamline operations
Flexibility
Access, manage & support any device, app & cloud
&
Virtualizing Apps and Desktops
Flexible XenApp & XenDesktop Platform
One architecture for apps & desktops
Built in monitoring and support tools
One deployment supports multiple OS’es
Cloud enabled Management
Delivery Controller
XenApp & XenDesktop Platform
Win Server
2016
Apps & Desktops
Delivery Agent
Win Server
2012 R2
Apps & Desktops
Delivery Agent
Windows 10/
Linux
Apps & Desktops
Delivery Agent
One touch access to your virtual apps and desktops
Any Windows or Linux app
Any NetworkAny
Device
LaptopsTabletsSmartphones Desktops
Centralized security to protect sensitive information
User authorization required
Enable local USB devices
Allow local storage
Control cut-and-paste
Control audio/video record
Local Printing allowed
Control geographic location
Centrally secured apps or desktops in the data center delivered to any device eliminates VPN holes with ICA / NetScaler proxy
Multi-factor authentication, including SafeWord, SecureID, and RADIUS;
smartcards and biometrics with activity logging for auditing and compliance
SmartAccess™ fine-grained context-based policy controls for scenario-based access restrictions with NetScaler end point analysis
ShareFile integration for optimized on-demand, on or off-premise data sync and sharing (ShareFile purchased separately)
Drive productivity, employee retention and recruiting by supporting BYO demands
Nearly eliminate costs of employee onboarding, moves and exits
Eliminate “best-efforts” support for executives and top performers already using BYO
Leverage new devices without needing to support the hardware
Simplify IT support of BYO devices
Who are the users and their requirements
How do users gain access to our resources
What resources will we deliver to the users
How will we manage and maintain the solution
What platform(s) to use to run the solution
User Layer
Access Layer
Resource Layer
Control Layer
Hardware Layer
The Citrix 5-Layer Model
HardwareUsers
ResourceAccess
Control
Thinwire
H.264
DCR
Audio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard / Mouse
Printing
Mobile Sensors
Generic USB
Drives
Application Layer
CompressNetwork Compression
standard libraries (zlib)
Command Remoting
graphics commands
Render
Video Streaming
h.264
Render
Compress
Image Caching
jpeg, bitmap
Render
Compress
User Intent
scrolling, touching, navigating
Render
Intent
Application Layer
Adaptive Display
• Green = Video / 3D graphicsH.264 = Most efficient for video and 3D graphics, but with higher CPU usage
• Red = JPEG / ImagesThinwire = Most efficient for static images with low CPU usage
• Blue = TextOverlay lossless = Most precise for text to avoid blur
Overview
Adaptive Display
Thinwire
H.264
DCR
Audio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard / Mouse
Printing
Mobile Sensors
Generic USB
Drives
Application Layer
Adaptive Display
TCPAudio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard / Mouse
Printing
Mobile Sensors
Generic USB
Drives
Transport Layer
With TCP, as distance (latency) increases,
bandwidth utilization decreases
TCP
Adaptive TransportOverview
Adaptive Transport
(TCP or EDT)
Adaptive Display
Audio
Skype
Multimedia
Flash
Multitouch
SeamlessWindows
ICA Clipboard
Smartcards
Keyboard / Mouse
Printing
Mobile Sensors
Generic USB
Drives
SQL
Apps
Headquarters
Delivery Controller
Windows DesktopLinux Desktop
Satellite
Delivery Controller
Physical PC Windows Desktop
Satellite
Delivery Controller
SQLSQL
Single Site Implementation
Windows Desktop
Delivery Controller
Physical PC
Delivery Controller
Apps
Headquarters
Delivery Controller
Windows DesktopLinux Desktop
SQL
Satellite Satellite
Multi-site Implementation
Citrix Cloud on Microsoft AzureIntroduction
32
Hypervisors
Active Directory
NetScalerGateway
License Server
Studio Director
SQL
Server VDAs
Server VDAs
Server VDAs Server
VDAs
Server VDAs
Desktop VDAs
StoreFront/Receiver for
Web
Delivery Controllers
Customer/Partner managed
Apps & Desktops Management Service• Traditional Deployment
SQL
StoreFront/Receiver for
Web
Delivery Controllers
Hypervisors
Active Directory
NetScalerGateway
Server VDAs
Server VDAs
Server VDAs Server
VDAs
Server VDAs
Desktop VDAs
License Server
Studio Director
Customer/Partner managed
Workspace Cloud (operated by Citrix)
Apps & Desktops Management Service• What’s Changed
SQL
StoreFront/Receiver for
Web
Delivery Controllers
Hypervisors
Active Directory
NetScalerGateway
Server VDAs
Server VDAs
Server VDAs Server
VDAs
Server VDAs
Desktop VDAs
License Server
Studio Director
Customer/Partner managed
Workspace Cloud (operated by Citrix)
Apps & Desktops Management Service• What’s Changed
Cloud Connector
What is the cloud connector?Bridge the gap between the cloud and the customer's resource location
Cloud Connector
Internet facing
Customer network
• Simply to deploy; cloud managed• Does not operate as a VPN• All connections are egress (port 443 only)• Supports enterprise web proxies• Secured by service key per-connector• Self updating, evergreen
Connector to/from the cloud
HTTPS / API Calls Binary Encoded Message Passing
• Messages sent to the connector(s) rendezvous in the cloud at a special cloud service. Messages are then transferred via a Web Socket architecture
• These messages are load balanced across connectors
• Standard HTTPs Web requests …
Inbound
Outbound
Connector Communication
Simplified Setup Global POP Presence Citrix Managed
Secure delivery of virtual apps & desktops with optimal traffic routinge.g. Included with Citrix Cloud XenApp and XenDesktop Service and Workspace Services
Unified access to ICA, SaaS and corporate web apps with SSO & Advanced Authenticatione.g. Integrated with Workspace for a unified end-user experience
Easy NetScaler setup and management for XA-XD on-prem and hybrid deploymentse.g. Support for Storefront and Auth store on-premises
SaaS AppsEnterprise Cloud
Corporate DC Apps
XA / XD / XM
Secure Remote Access
NetScaler Gateway Service
• Landing page for administrators
• Navigate into service or platform interfaces
• View a summary of system objects and notifications
• View active and available services
Launchpad
• Manage a library or catalog of service offerings
• Control user and group access to apps, desktops and services using subscriptions
• Search and view offering details and assignments
Library
Unified Admin ExperienceSingle Sign on across all services in the control plane
• Create multiple resource locations to manage many datacenters and clouds
• Easily view health of connectors in each resource location; view any related alerts and messages
• Add/Remove resource locations
• Quickly download and deploy new connectors
Resource Locations
• Manage one or more domains within each resource location
• Cloud Connector discovers domains automatically during deployment
• Manage across AD forests, user and resource domains
Domains
Administrators
• Easily invite and manage administrators on the account
Notifications
• Centralized hub for notifications coming from platform and services
• Differentiate severity of notification based on type
• Act on and dismiss notifications to resolve issues
Scaling App and Desktop Workload
Deliver a compelling end user experience
Citrix Cloud on Microsoft AzureArchitecture and Design Considerations
XenApp & XenDesktop – On-Premises
XenApp & XenDesktop Service
XenApp & XenDesktop – On-Premises
55 © 2018 Citrix | Confidential Sensitivity: Public
Azure Agreement– EA, CSP or Direct (pay-as-you-go)
– Hard or soft quotas - VM core count per subscription (20 by default, per region)
• Need to create support case to increase quota - do this ahead of time
• Request approval is based on the “credit worthiness” of the account
Identity Options
– Traditional Active Directory
• Requires network connectivity to your AD infrastructure on-prem (if not a new/standalone AD forest in Azure)
– Azure AD Domain Services (AAD DS)
• Requires Azure AD Connect to sync users, password hashes and other information for access control
• Understand current limitations
– Azure AD
• Can be used as the authentication for users regardless of underlying server authentication option (traditional AD or AAD DS)
Azure Agreement and Identity Considerations
56 © 2018 Citrix | Confidential Sensitivity: Public
On-prem Connectivity
– Consider moving these applications to be close to Citrix workloads (in Azure)
– If applications need to stay on-prem, ensure bandwidth and reliable links are in place
• ExpressRoute
• Site-to-Site VPN
• SD-WAN
Security
– NSGs are important, but 3rd party Next Gen Firewall should be considered for better security posture
Networking and Security Considerations
57 © 2018 Citrix | Confidential Sensitivity: Public
Resource groups– Used to group related items together as a single administrative entity, separate resources for chargeback
– Consider resource group limits for number of resources per RG, especially quantity of VMs
• 240 VMs per catalog/RG today – 3 disks per VM, 800 disk limit per resource group
• Max API read/write requests to Azure Resource Manager are typically the limiting factor per subscription
• Typically recommended to stay under 1000 Citrix VDA workers per Azure subscription (if no other workloads in the same subscription)
– Recommended that Citrix components at least reside in a resource group that is separate than other infrastructure or application workloads
– Consider that other Azure workloads in the same Azure subscription could cause you to hit subscription limits
Resource Group Considerations
Azure Managed Disks
Azure Managed Disks
60 © 2018 Citrix | Confidential Sensitivity: Public
Choosing your disk type– Unmanaged Disk - most cost effective (thin provisioned), but slow for image updates
• Standard Storage - Max 40 highly utilized standard disks per storage account (20,000 IOPS limit)
• Premium Storage - Max 50Gbps throughput rate per storage account
• MCS should handle distributing disks for you into additional storage accounts, when needed
– Managed Disk - can be more costly (pay for full disk), but a lot less management and much faster for image updates
• 10,000 managed disks per region per subscription per disk type
• Each VM requires 3 managed disks (OS Disk, Identity Disk and Write-back Cache Disk)
• Effectively, maximum of 3,333 total Citrix VDAs per Azure subscription – but want to keep that under 1000 because of API request limits
– Cannot change storage type after catalog is created
Disks and Storage Account Considerations
61 © 2018 Citrix | Confidential Sensitivity: Public
Unmanaged vs. Managed Disk Performance
1000 Pooled MachinesTimes in [hours:minutes]
Unmanaged Disk Catalog Managed Disk Catalog
Create catalog 2:35 2:00
Start all machines 0:56 1:18
Stop all machines 0:51 0:51
Update catalog image 0:58 0:20
Delete catalog (Machines stopped) 0:56 1:28
Reference: https://www.citrix.com/blogs/2018/02/21/support-for-azure-managed-disks-goes-into-production/
62 © 2018 Citrix | Confidential Sensitivity: Public
File Storage
– If using profile management, need to point to file server in Azure for storage of profile data
– Consider availability needs versus cost for file server design
• Simple file server
• Storage Replica
• Storage Spaces Direct
Compute– F-series VM family for more compute heavy workloads
– D-series VM family for more memory heavy workloads
– Ideally determine a VM size that will support 6-12 user sessions
File Storage and Compute Considerations
63 © 2018 Citrix | Confidential Sensitivity: Public
Cost Optimization
– Set Smart Scale policies for minimizing compute costs based on your needs (schedule and load based)
• Use higher number of smaller VM sizes for XenApp where possible - allows for better power management and draining of VMs at low usage periods to reduce overall compute costs
• Configure relatively aggressive polices for idle and disconnect timers to reduce sessions being active when user isn’t actually active
– Understand your "base" Citrix VDA VMs always running
• Utilize VM Reserved Instances and Azure Hybrid Benefit for these VMs, pay as you go for rest of the Citrix VDA VMs that won't be"always on“ (Azure Hybrid Benefit requires new or existing Windows Server licensing with active Software Assurance)
• Reserved Instances can also guarantee capacity of VMs in Azure region
Estimating Cost– Two Cloud Connectors per catalog running in your Azure subscription 24x7 (A2v2 VM size)
– XenApp requires RDS CALs or Microsoft Remote Access Fee, per user
– XenDesktop requires Windows 10 Enterprise per user with SA (or through CSP subscription)
Cost Optimization and Estimation
Azure Reserved VM Instance Benefit
Pay-As-You-Go all-
inclusive Windows
Server virtual
machine
Save up to 82% with Reserved Instances and the Azure Hybrid Benefit
Reserved Instance +
Windows Server Core
meter
Up to 72%cost savings vs
Pay-As-You-Go
Reserved Instance +
Azure Hybrid BenefitUp to 82%cost savings vs
Pay-As-You-Go
65 © 2018 Citrix | Confidential Sensitivity: Public
• Start with pilot users first, gather feedback and make adjustments – especially user density, based on performance and user experience
• Use a phased approach to rollout to rest of users
• Have additional catalog setup for testing the next image to be deployed, add test users when ready to test
Rollout to End Users
StoreFront
Hosts
Virtual Machines
Hosts
Virtual Machines
Analysis
With cloud, focus on cost and not size
With cloud, focus on cost and not size
Power Off Savings
With cloud, focus on cost and not size
Schedule Based Scaling
Load Based Scaling
Smart Scale
Smart Scale
• Keep apps, user data and VDAs close (can use XenApp for on-prem apps with XenDesktop VDI in Azure, for example) or consider ExpressRoute
• Windows 10 licensing in Azure – requires Windows 10 Enterprise per user
• Network connection reliability – SDWAN might be a good option
• DR with Citrix in Azure - need to make sure applications are setup for DR to Azure as well
• Azure AD - can use MFA, SSO and other identity access capabilities
• Azure AD Domain Services – don’t have to stand up traditional AD in Azure in some cases
Other Considerations
Citrix CloudBenefits
Manage both your
cloud and on-prem
virtualization
solution from one
location
Key Benefits to XenApp and XenDesktop Service
Manage apps and
desktops centrally
across multiple
geographies and
resource locations
Reduce costs with
infrastructure
managed and
monitored by Citrix
Speed app and
desktop
deployment and
time-to-
production value
Why Choose XenApp and XenDesktop Service
Easily integrate with other Citrix Cloud services to provide complete secure digital workspaces
Reduce Manual Efforts
Citrix Apps and Desktop components Citrix cloud provisioning Traditional software deployment
Delivery Controllers Cloud service Manual setup
StoreFront or Web Interface Servers Cloud service Manual setup
SQL Server data store Cloud service Manual setup
Licensing Server Cloud service Manual setup
NetScaler Gateway Cloud service Manual setup
Studio and Director Cloud service Manual setup
Server VDAs Manual setup Manual setup
Desktop VDAs Manual setup Manual setup
Active Directory integration Manual setup Manual setup
Cloud Connectors Cloud service (n/a) Cloud service (n/a)
Where Citrix Cloud Helps
Reduction in overall complexity, infrastructure, time
Traditional SWDeployment
Citrix CloudHybrid Deployment
Citrix CloudCloud Deployment
IT E
ffo
rt
Upgrade cycles
HW procurement
Capacity/sizing
Software set-up
App/OS Virtualization
SW maintenance
Admin time
Admin time
App/OS Virtualization
Software set-upHW procurement
Capacity/sizing
Admin timeApp/OS Virtualization
Software set-up
Example: XenApp and XenDesktop Service
Demo & Discussion
Thank you!