The distributed enterprise requires a solution that ensures users remain connected at all times, one that strengthens security and that provides end-to-end visibility without adding complexity.
Whether the company has 20 sites or 2000, one needs to ensure that the SD-WAN network can scale and accommodate future growth.
Businesses rely on branch offices or remote employees to serve customers, to be near partners and suppliers and to expand into new markets. Also, as application and desktop virtualisation increase or applications move to the cloud, IT managers face the challenge of providing these applications without a performance penalty to branch and mobile users.
NetScaler SD-WAN can effectively and economically increase WAN throughput while accelerating enterprise applications, ensuring the performance and availability of mission critical applications, and simplifying the branch network.
There are some aspects of scale that need to be considered: the number of branch locations is expanding, bandwidth demand is growing, IoT is creating more endpoints, cloud migration is adding more content locations, applications are proliferating, and, frequently, the number of staff to deal with this growth is shrinking.
Troye managing director Helen Kruger says with the recent release of NetScaler SD-WAN 10.0, Citrix evaluated scale along many dimensions and from the perspectives of different organisations and people.
“Citrix wanted to make sure that when asked whether customers can operate their NetScaler SD-WAN networks at scale, they could answer with a definitive yes, while knowing that we had an architecture that would further scale to future networks as well,” she explains.
This release formally introduced the concept of regions to NetScaler SD-WAN, it enables customers to subdivide their network into smaller sub-networks. These can be organised regionally, as the name implies, but can also easily be used to group sites of a similar size, function, network design, or any organising principle that makes sense in the specific environment.
“Each region can contain up to 550 sites, allowing you to break your network into smaller manageable groups, and each region has a regional control node (RCN). A network-wide master control node (MCN) provides key management plane functions across all regions,” she adds.
Using this architecture, the network can continue to grow, as large networks can be broken into regions. As one looks at how to address all the dimensions of scale, regions are key because generally, actions can be taken against an individual location, a region, or the entire WAN.
“In fact, regions are such a helpful way to organise your network, you may choose to use them for reasons other than scale, and even small networks can benefit from this approach. Recognising that regions may be used just to organise the network, we enabled up to 64 regions in a network,” says Kruger.
Network Configuration can be done via SD-WAN Centre. Users that want to build a network configuration with the SD-WAN Centre GUI will see changes that make the GUI intuitive regardless of network size. Configuration templates can be defined and applied at the region level. Also, when it’s necessary to look at an individual site configuration, it’s easy to locate that site with easy search capabilities.
License management has also been centralised so that applying licenses to new locations is seamless. When a new location comes online, it can check out one of the available licenses in the license pool from SD-WAN Centre. There is no need to explicitly apply a license or mess with license files and keys.
Kruger says sites that are unable to immediately acquire a license will have a grace period of 30 days to enable installing the license and proceed. “A simple interface displays what licenses are in use, when they’re going to expire, and how many are available. So, whether you have 25 sites or 2 500, managing all of your licenses is easy and no site will stop functioning because of a license issue.”
Upgrading the network can be time-consuming and finding a maintenance window can be difficult. With this latest release, upgrades don’t have to be done all at once. One can upgrade a portion of the network, test the upgrade, and then proceed with additional upgrades when required. Sites within a region or across regions will continue to inter-operate indefinitely at different release levels.
One of the difficult things about managing a large network is focusing attention on areas that need attention without getting lost in the clutter of too much data. This release introduces a new management portal that allows you to see at a glance the status of the network as a whole, while highlighting any locations, networks or applications that need attention.
“We’ve received lots of positive feedback on the amount and detail of data that we make available through NetScaler SD-WAN Centre, Citrix NetScaler MAS and Citrix Analytics. But the larger the network, the more data there is to collect,” she says.
So, with this release, it uses the regional control nodes as local data collectors, allowing data collection to be a distributed function. Data from each region is aggregated at SD-WAN Centre, where it can then be sent to Citrix Analytics, NetScaler MAS, or to another management system one may be using. This approach ensures no data is lost while preventing management data from impacting network data functions.
More locations and more users usually equals more routes. Therefore, with this release, the routing table was dramatically expanded. In addition, administrators familiar with managing routes via command line interfaces now have access to some easy commands for viewing active routes, easing troubleshooting in any size network.
One of the most commonly used features in large networks is IP multi-cast. Whether it is videos, digital displays or other such massive data distribution activities, multi-cast makes life easy, and now it is enabled on NetScaler SD-WAN.
The NetScaler SD-WAN solution for direct internet breakout from the branch expanded in this release with the ability to identify web and SaaS applications and selectively steer traffic directly to the Internet, through a secure web gateway, or backhauled through a data centre.
The combination of the integrated firewall in NetScaler SD-WAN, a frequently updated library of over 4000 applications, and policy-based application steering makes it easy to identify applications and block or send application traffic directly to the Internet, reducing the impact of those applications on the WAN while maintaining security.
Large networks often have lots of smaller sites, even home offices or unmanned outlets filled with things. The 10.0 release of NetScaler SD-WAN also introduces the 210 appliance, which is a modem sized, fan-less appliance suitable for small locations, and with a price to match.
The 210, while small in size, still supports the full SD-WAN application set, dynamic routing, firewall, zero-touch deployment and contains fail-to-wire ports. This appliance makes deployments at massive scale cost-effective, especially when used as the gateway router.
When it comes to really large networks, many companies will choose to automate configuration and ongoing management. With this release, NetScaler SD-WAN now contains a full set of APIs to allow one to do just that.
Using REST APIs, one can use an external orchestration system or script to automate a complete configuration build, modify selected attributes, push a new configuration, collect data and receive alerts.
Kruger says there’s always the option of making it someone else’s responsibility. “Citrix has a large and growing portfolio of managed service providers that offer Citrix SD-WAN as a service. This includes Citrix Solution Providers like RapidScale that have added managed SD-WAN to their other applications services.”