If you’re one of the thousands of customers migrating your Citrix Virtual Apps and Desktops workloads to the cloud, you should know that Citrix SD-WAN is our recommended connectivity solution. This isn’t just because of the cost savings that are possible by avoiding expensive MPLS-based private network connections like Azure ExpressRoute and AWS Direct Connect at branch offices. Reliable, secure, high-performance network connectivity with QoS is critical to providing a great user experience with virtual apps and desktops, and Citrix SD-WAN offers unique integration with Citrix Virtual Apps and Desktops to deliver exactly that and more.
If you neglect to include Citrix SD-WAN in your architecture for cloud-hosted virtual apps and desktops, your network might not be engineered to optimally route and prioritize critical traffic. This can cause unpredictable and detrimental impacts to the application experience. You don’t want users to see this on their screen:
Or, even worse, the dreaded Connection Interrupted pop-up:
Citrix SD-WAN masks network glitches with multi-link packet-level processing so users enjoy a continuous, high-performance connection. And, when it comes to the cloud, Citrix SD-WAN is available for Microsoft Azure, Amazon Web Services, Google Cloud Platform, Equinix Cloud Exchange, and (in tech preview) Oracle Cloud Infrastructure.
How Is Citrix SD-WAN Different?
When users connect from branch offices and other sites to cloud-hosted Citrix Virtual Apps and Desktops over a Citrix SD-WAN overlay (a “virtual path”), an extensive set of technologies protects the quality of their experience. With proprietary integration with the Citrix HDX technology stack, Citrix SD-WAN prioritizes real-time and interactive traffic ahead of bulk and background traffic. Every user’s session remains responsive even when someone else at the same location is printing a graphics-intensive document or transferring a huge file. User input (keyboard, mouse, touch) can be sent to the cloud over two links using “packet racing,” a technique that minimizes latency to maintain a snappy user experience.
ICA Connectivity and More
At the heart of the HDX technology stack is the ICA protocol. The Citrix Virtual Apps and Desktops Virtual Delivery Agent (VDA) manages the ICA connection between each user and their virtual apps and desktops. While that’s the most critical connection (and especially benefits from Citrix SD-WAN’s deep visibility into HDX traffic), it’s actually just one of several network connections involved in delivering virtual apps and desktops. The following diagram illustrates the multiple links needed to support Citrix Virtual Apps and Desktops in the cloud:
Citrix SD-WAN enhances every network link to give users the best possible experience with their virtual apps and desktops, while providing reliable, always-on connectivity.
In the past, if you used the Citrix Gateway service (a Citrix Cloud offering) to provide connectivity to remote workers, it had to also be used for your on-premises workers. This was not ideal because HDX traffic had to “hairpin” through the Gateway service to reach the VDA, often in a different cloud. This topology unnecessarily extended the network path, adding latency — the enemy of user experience.
Happily, that issue has disappeared with the new Network Location Service, a Citrix Cloud service that enables direct workload connection from locations on the corporate network. With a direct path from the user to Citrix Virtual Apps and Desktops, HDX sessions are faster. Direct workload connection also enables Citrix SD-WAN to provide HDX AutoQoS, a valuable user experience feature that automates QoS through cooperative processing with Citrix Virtual Apps and Desktops.
Integration with HDX also enables Citrix SD-WAN to provide IT staff with Quality-of-Experience reports and details on ICA traffic down to the individual user level. And integration with HDX Insight (and, soon, with Citrix Analytics) is available for end-to-end cross-product visibility, enabling administrators to tune application performance, optimize IT operations, and quickly troubleshoot issues.
Delivering the Best Unified Communications (UCaaS) Experience
Consider how Citrix SD-WAN optimizes Unified Communications applications like Microsoft Teams. Whenever possible, HDX redirects real-time audio-video to the user device for local processing using the media engine in the Citrix Workspace app. This approach reduces cloud operating costs and delivers the best user experience.
Citrix SD-WAN manages the real-time protocol (RTP) connection from the user’s location directly to the cloud, avoiding unnecessary routing and network hops. Customers report that our SD-WAN technologies have raised their audio quality MOS scores from the 1-3 range to 4-plus. That’s huge because it means far fewer audio dropouts or instances of robotic voice.
But the Internet Isn’t Secure
With Citrix SD-WAN, cloud-bound traffic can directly egress from each site, instead of being routed back to a data center. This architecture is the new standard for networking, and with SD-WAN, it doesn’t require expensive MPLS connections from each site. Citrix offers a choice of security solutions to protect against outside influence for any traffic that is broken out at the site locations. Citrix SD-WAN includes a stateful, application-aware firewall that is ICSA certified. Citrix SD-WAN also gives organizations the flexibility to augment their security protection in the cloud or on premises by partnering with industry-leading security vendors such as Zscaler and Palo Alto Networks.
By combining two business broadband links, or by using LTE as a fallback, Citrix SD-WAN delivers highly reliable, secure, and performant connectivity at lower cost than alternatives such as MPLS with Azure ExpressRoute or AWS Direct Connect. And if you have a data center with existing MPLS connectivity to the cloud, you can augment that with Citrix SD-WAN to economically increase bandwidth.
Setting up Citrix SD-WAN is easier than ever, whether you choose a managed service provider to do it for you or take a DIY approach with our automated provisioning tools. Thanks to zero-touch deployment (ZTD), adding SD-WAN appliances merely requires someone at the office to connect the network and power cables; there’s no need to dispatch a technician. The appliance calls Citrix Cloud to authenticate, discover, and register the network.
Once Citrix authenticates the device and confirms its owner, Citrix SD-WAN automatically configures the device remotely. The central management tool enables monitoring and configuration of thousands of sites simultaneously, simplifying the configuration with site profile capabilities allowing for single configuration changes which can replicate to all or a subset of the sites, as desired.
Example: A Bank with Branches across the Continent
Let’s consider, as an example, a bank with branches across the continent. This particular bank has chosen to run their Citrix Virtual Apps and Desktops workloads on Microsoft Azure. Using two Azure regions, the bank has a robust disaster recovery architecture. Each branch requires secure, direct connectivity to the virtual desktops and applications running on Azure. The bank has selected a Citrix Service Provider (CSP) to manage their infrastructure.
The CSP deploys a Citrix SD-WAN virtual appliance (VPX) in each Azure VNet. Each branch receives an SD-WAN hardware appliance, sized according to the aggregated bandwidth requirements of that site. One of the SD-WAN appliances (physical or virtual) is configured as the Master Control Node (MCN) for the network. Multiple connectivity options are available, and the solution provides flexibility in deployment no matter what each site’s unique requirements happen to be.
The bank has chosen to use broadband connections from two different internet service providers to offer higher reliability with available WAN links to create a virtual private network (VPN) connecting all cloud and site locations. The SD-WAN branch appliance also supports LTE, which is useful in the event of a primary connectivity failure (as in, a backhoe!). AES 256 encryption, with optional IPsec, secures the connections from each branch to Azure, where the Citrix Virtual Apps and Desktops workloads are running. Adaptive Transport delivers the HDX traffic over Citrix’s proprietary UDP-based EDT protocol, using multi-stream ICA for QoS. Users at the bank branches enjoy a highly responsive, “like-local” experience.
Learn More
Citrix SD-WAN is the recommended connectivity solution for Citrix Virtual Apps and Desktops. So, if you are migrating Citrix Virtual Apps and Desktops workloads to the cloud, be sure to factor Citrix SD-WAN into your plans. Learn more about Citrix SD-WAN and don’t hesitate to request a demo. Your users will thank you for it.