Introduction
The challenge of managing
applications and desktop environments across the enterprise is
becoming more formidable as the range of applications supporting
employee productivity and business operations continues to grow. IT
organizations are often stretched to the limit performing such
routine operational tasks as:
• Deploying applications and application upgrades
• Provisioning new desktop systems
• Installing patches to keep desktop machines and applications up
to date
• Securing systems and data from intrusions
• Providing help desk support
• Maintaining control of the desktop environment to ensure
demonstrable compliance with regulatory mandates
The increasing percentage of employees located in a branch office
or other remote location exacerbates the problem. Since most branch
offices have limited or no IT staff, the IT organization must
centrally manage each of the tasks listed above for the branch
office. Remote locations also often require more stringent security
measures due to a lack of physical security and the frequent
presence of guests, business partners and other visitors.
Application virtualization and desktop virtualization are two
effective technologies that simplify the management of user devices
by streamlining the IT tasks listed above. According to industry
metrics, virtualizing applications and desktops can reduce the cost
of testing, packaging and supporting
application delivery by up to 50 percent.
Many large scale application and desktop virtualization deployments
are at central sites where a high speed LAN delivers applications
from servers to the client systems. However, with the appropriate
application delivery infrastructure, these technologies can also be
effectively deployed to support
branch office workers and other remote employees.
The goal of this white paper is to analyze application
virtualization technology and to show how branch optimization
solutions can overcome distance and bandwidth constraints, and
allow IT organizations to fully realize the benefits of desktop and
application virtualization.
Overview of application virtualization
Application virtualization centralizes the management of both
applications hosted at the central site and delivered over an
optimized protocol (hosted application virtualization), and
applications that are streamed on-demand to client devices (local
application virtualization). In both of these models, the
application is virtualized because it is installed in the
datacenter, but appears to be installed on the client device. A
single application repository that hosts or streams applications to
users dramatically reduces the cost and complexity of managing
applications and desktop environments.
Hosted application virtualization
With
hosted application virtualization, the application and data reside
on a central server farm and the application interface is presented
to the user over the network, as shown in Figure 1. Only screen
displays, keyboard entries and mouse movements are transmitted
across the network using a lightweight delivery protocol. This
minimizes the bandwidth required to deliver an application to a
remote user. Hosted application virtualization maximizes IT’s
central control over both applications and data, and enables rapid
delivery of Windows® applications over virtually any type of
network connection. Hosted application virtualization also does not
require the user device to have a full-functioned operating system,
allowing desktops to be replaced with lower cost thin client
terminals. A primary advantage of hosted application virtualization
is that the application can be securely accessed from home
computer, airport Internet kiosks, smart phones and other devices
external to the enterprise network. From the perspective of mobile
users, they can log in to their corporate network over the Internet
and securely access all of the applications they would normally use
at work.
Local application virtualization (streaming)
Local application virtualization is composed of two primary
functions: application isolation and application streaming.
• In application isolation, an abstraction layer inserted between
the application and the operating system of the client device
encapsulates the application. The virtualized application is
isolated both from other applications and the operating system.
This isolation eliminates any possible application conflicts or
operating system instability.
• In application streaming, a virtualized application is
delivered to a user device’s isolation environment from a
centralized application repository or application hub in an
on-demand fashion.
The combination of application isolation and application streaming
eliminates much of the cost associated with regression testing,
certification of applications for regulatory compliance,
deployment, maintenance, updates and the de-provisioning of
applications running on endpoint devices. Application streaming
also lowers support costs by automatically updating and repairing
applications every time they are streamed and by enhancing security
through control of applications regardless of the user’s endpoint
device or network location.
Figure 2 shows the delivery of a streamed application to a user
device. Application streaming is selective in the sense that only
the required application libraries are streamed to the user’s
device. The streamed application’s code is isolated and not
installed on the user device. The user can also have the option to
cache the virtual application’s code on the user device. Caching
greatly reduces the volume of download traffic for streamed
applications and is particularly effective for applications that
are infrequently updated.
Caching also allows applications to be run locally on the client
without the use of streaming in the event of network outages or
other situations where the user’s device lacks network
connectivity.
Challenges in extending application virtualization to the
branch office
The primary challenge associated with
the delivery of virtualized applications to branch offices is to
ensure adequate levels of performance over the WAN (Wide Area
Network) and meet the application experience expectations of the
users. Widespread adoption of virtualized applications requires the
ability to deliver a high-performance, personalized experience that
is as good as when applications are natively installed on the
desktop.
Protocol efficiency
A complicating factor is
that the response time for the completion of a task depends on the
number of application turns per task and the payload that is
transferred per task. As shown in Figure 2, native application
protocols such as CIFS, MAPI and HTTP require a large number of
application turns and transfer a large amount of data per turn.
This slows response times, particularly when WAN bandwidth is
limited. Applications that require many application turns per task
are also highly susceptible to the effects of high latency and
packet loss.
Protocols optimized for hosted application virtualization (ICA and
RDP) are far more efficient in their bandwidth consumption and
their response times are correspondingly far less susceptible to
latency and packet loss.
However, as these protocols have matured, they have been enhanced
to transmit more than just lightweight presentation data. For
example, they now carry bulk data such as print jobs and files
saved to locally mapped drives. This alters their bandwidth profile
making them more sensitive to network conditions.
Streamed applications are less efficient than hosted applications
on the network, as they use the same protocols that are native to
the application (CIFS, MAPI and HTTP). Furthermore, streamed
applications create additional challenges for branch offices
because a large application package must be streamed across the WAN
when the application is initially delivered to the branch.
All forms of application delivery over the WAN, including
virtualized applications, have to cope with the same set of
constraints of the WAN as a packet delivery medium:
Limited WAN bandwidth – Bandwidth connecting remote offices to
central sites is still expensive and generally cannot be
provisioned at levels that comfortably accommodate peaks in
business activity in spite of some gradual improvement in the price
and performance of WAN services. Increasing levels of user and
application density within the branch office exacerbates the
limited bandwidth problem. When a number of users at the branch
office use the same application over the course of the business
day, a large amount of identical data is transmitted repeatedly
between the central site and the branch office.
Such traffic redundancy can be highly wasteful of limited WAN
bandwidth. As shown in Figure 2, the protocols that support hosted
applications and desktops (ICA and RDP) are inherently bandwidth
efficient. However, significant levels of traffic redundancy still
occur with these technologies when multiple users access the same
standardized virtual desktops or print common documents. As
previously mentioned, streamed applications are less bandwidth
efficient because large data transfers are required when the
application is first streamed and every time it is patched.
Latency – End-to-end propagation delay is the primary cause of
latency over the WAN. High latency limits the potential throughput
via transport protocols (e.g., TCP) that require acknowledgements
of previously sent packets before additional packets can be
forwarded. While latency affects all
TCP-based transfers, as noted earlier, the greatest effect is
generally felt by users of chatty protocols (i.e., CIFS, MAPI, and
HTTP). Reducing the number of application turns per task is the
best approach to mitigate latency.
Packet loss – When packets are dropped or delivered out of order
due to congestion in the WAN, TCP reduces its window size and
retransmits the lost packets. The result of packet loss is
therefore a reduction in bandwidth efficiency and an increase in
response time. Like latency, packet loss affects all
TCP-based transfers. The effect of packet loss is somewhat
magnified for large transfers that use larger TCP windows to
transmit data, such as for large file transfers or initial delivery
of a streamed application. However, interactive ICA and RDP
traffic, which also rely on TCP as a transport protocol, can be
negatively affected by packet loss.
Adapting WAN optimization techniques to application
virtualization
Over the last few years, most IT
organizations have begun to address the challenges that are
associated with delivering centralized applications to branch
offices and other remote sites. IT organizations have responded by
implementing a variety of solutions that optimize the performance
of native (i.e., non-virtual) applications over the WAN. Given the
growing interest in deploying both hosted and local application
virtualization, traditional WAN optimization techniques are being
enhanced to provide similar performance benefits to the delivery of
virtualized applications.
WAN optimization techniques appropriate for virtualized
applications include:
Compression and caching – There are a variety of techniques that
can be used to reduce network payloads and thereby reduce bandwidth
consumption and user response time. Compression generally involves
replacing repetitive data patterns of various lengths by small
tokens. Locally caching copies of
frequently accessed data and graphics eliminates much of the
redundancy in WAN traffic, reducing bandwidth consumption and user
response time. Another form of caching is de-duplication, whereby
only the changes in previously transmitted data objects are sent
over the WAN. Compression, caching and de-duplication benefit
streamed and hosted application usage where there is a high degree
of traffic redundancy.
Staging – Pre-positioning large files in the branch office
enables IT organizations to deliver these files directly over the
LAN when they are requested by a user. This technique can be used
with local application virtualization to reduce the initial launch
times and to avoid streaming the application
across the WAN multiple times.
Protocol optimization – The inefficiencies of TCP, CIFS, HTTP and
MAPI over WAN links with high latency and low bandwidth can be
mitigated with protocol optimization techniques. TCP protocol
optimization involves making changes to the standard error handling
and flow control behaviors (window size and slow start) to improve
network efficiency and help mitigate latency issues. TCP
optimization benefits both streamed and hosted applications.
Reducing both chattiness and payloads, as shown for CIFS in Figure
2, optimizes inefficient application protocols. Application
protocol optimization is especially important for streamed
applications that make use of native application protocols (i.e.,
CIFS, HTTP, MAPI)
instead of a more efficient protocol such as ICA or RDP.
Quality of Service (QoS) – Prioritizing WAN traffic can ensure
that critical application traffic is given higher priority service,
reducing the effects of additional latency due to congestion and
resulting packet drops. WAN traffic from both types of virtual
applications can benefit significantly from QoS. For hosted
application virtualization, QoS is even more valuable if it can
differentiate among and prioritize different virtual channel types
used within the delivery protocol (e.g., the screen refresh virtual
channel vs. printing virtual channel).
Taking an end-to-end view of branch
optimization
In addition to deploying these enhanced
optimization techniques, IT organizations need to rethink what they
want from an application branch optimization solution. Most
optimization solutions available today work in isolation within the
network, focusing on just a portion of the overall application
delivery system.
While this approach provides value, to fully realize the benefits
of application virtualization, IT organizations must implement
solutions that work in concert with the entire end-to-end delivery
system to apply the right mix of optimization technologies for each
situation. For example, protocols such as ICA and RDP incorporate a
number of compression techniques including bitmap image
compression, screen refresh compression and general data
compression. As a result, any compression performed by a branch
optimization solution must orchestrate with the hosted
virtualization infrastructure to prevent compressing the traffic
twice—a condition that can increase the size of the compressed
payload and introduce additional latency.
Citrix branch optimization
Over 220,000 customers worldwide already use Citrix XenApp™ and
Citrix XenDesktop™ to support application and desktop
virtualization. Citrix Branch Repeater™ is a branch optimization
solution that accelerates virtual application delivery to globally
distributed users while dramatically reducing bandwidth costs and
simplifying branch infrastructure. By accelerating application
delivery to the branch, Branch Repeater enables IT resource
consolidation without compromising the high-definition experience
that users expect.
HDX IntelliCache and HDX Broadcast
Branch
Repeater incorporates two groundbreaking Citrix HDX™ technologies
(Figure 3) to optimize both hosted and streamed applications
delivered to the branch:
HDX IntelliCache – Optimizes performance for multiple users
accessing virtual applications from branch offices by locally
caching and de-duplicating bandwidth intensive data and graphics
transmitted and by locally staging streamed application
packages.
HDX Broadcast – Provides a set of technologies that adaptively
tune to real-time conditions to optimize network traffic and
deliver a high definition experience for any application regardless
of network latencies, bandwidth availability and network
reliability.
These complement other HDX technologies found in the datacenter and
on the device. Citrix has designed the entire HDX framework to work
in concert through innovative adaptive orchestration
technology.
This process senses the underlying capabilities in the datacenter,
network and device, and dynamically applies the best combination of
Citrix HDX technologies to ensure a high-definition experience to
meet each unique user scenario.
Figure 3: Citrix Branch Repeater HDX Technology
Integrated Windows services
Citrix Branch Repeater with Windows Server® further enhances
branch optimization and consolidation by including a full-function
Windows Server along with Citrix HDX technology for the branch.
Branch Repeater with Windows Server consolidates essential services
that must remain in the branch office such as file, print, Active
Directory (Domain Controller), Domain Name System (DNS) and Dynamic
Host Configuration Protocol (DHCP). The approach eliminates the
need for an additional dedicated server in the branch office.
Branch Repeater with Windows Server also supports Microsoft ISA Web
caching and can act as a secondary site for Microsoft SMS allowing
for even greater server consolidation at each branch site.
Citrix Branch Repeater with Windows Server supports native Windows
management tools, such as Microsoft System Center Operations
Manager and Windows Management Interface (WMI). These management
extensions cover all acceleration and optimization functionality in
addition to the Windows
operating system. This means that the entire branch office
infrastructure can be centrally managed with a single set of
familiar Windows-based tools.
Conclusion
Application virtualization offers
IT groups an opportunity to further consolidate and centralize
their operational tasks by extending the concept of virtualization
to include deploying and managing the full suite of Windows
application and desktops throughout the enterprise.
As with other styles of remotely accessing centralized
applications, virtual applications face WAN challenges of limited
bandwidth, high latency, congestion and packet loss. However, IT
organizations can offset these challenges by implementing a
comprehensive approach to branch optimization that is based on
network-level optimizations adapted for virtual applications that
tightly integrate with the rest of the application delivery
infrastructure. Citrix delivers a comprehensive solution for
application and desktop virtualization that seamlessly work
together to address the entire issue of effectively delivering
applications to globally distributed users.
