I just got back from our annual ServTech conference in Minneapolis and I did a session on one of my favorite topics: Scalability. I’ve done this session a few times before, as things change pretty quickly in this tech world, but this time was different — I presented several non-XenApp/XenDesktop items related to scalability. And one of the items that drew the most blank stares from the crowd was HDX Insight “2.0”. And that’s actually a name I made up — I believe the new official name is Lightweight HDX Insight or High-Performance HDX Insight. But I want to take a minute and tell you about this re-invention of HDX Insight because it’s a serious game-changer.

So, what is HDX Insight 2.0? Well, a quick history lesson first. Insight, powered by AppFlow, was a feature we debuted over 5 years ago if you can believe that. Customers quickly fell in love with the idea of Insight because we capture granular network latency metrics to help troubleshoot tough performance issues. But we learned one thing fairly quickly after enabling AppFlow — it can be a bit of a resource hog. I’ve seen all sorts of stuff in the field — memory exhaustion, NetScaler CPU get pegged, magical reoccurring reboots, etc…and it’s always a bummer because the information AppFlow is collecting is so valuable to administrators! After all, Insight is a key feature we’re counting on to provide extra visibility across the entire ICA stack.

One of the reasons HDX Insight “1.0” is so resource-intensive is that the data being gathered is spread across several ICA virtual channels. So, the NetScaler is sort of scanning all of those various VCs, and to make matters worse, it’s doing compression and encryption “in line” on each and every packet. The result is additional processing power is required. And in extreme scenarios, it sometimes meant buying bigger NetScaler boxes (scaling up) or buying more boxes (scaling out). And that’s not a great solution for anyone.

So, a little over a year ago, we set off to re-architect HDX Insight from the ground up. And I’m proud to announce that we got all the pieces into the code about a month ago. So, how did we do it? The first thing we had to do was invent a new virtual channel (the 28th VC by my count!) so all Insight data was “sourced” from one location — this really simplifies what the NetScaler has to do on the back end. And it allows the NetScaler to effectively not parse any of the other 27 VCs. The next thing we tackled was the inspection/compression/encryption piece. Instead of compressing and inspecting every Insight-related packet, we now send the Insight data uncompressed which is much faster. “Basic” ICA encryption is still required and we also support stronger 128-bit RC5 “Secure ICA” encryption as well. I mention this because if we detect that ICA-level encryption is not enabled, our new VC will effectively be closed for business. Most customers can just continue doing what they’re doing today though — basic encryption for ICA (which is on by default)… and TLS for transport-level encryption as part of the overall NS session.

We accomplish all of this using a new dedicated, uncompressed VC called NetScaler App Experience or NSAP. If you look in the Receiver “module.ini” file, registry or even the NetScaler release notes, you’ll see mention of “NSAP”. Here are a few screenshots from my local machine so you can see this glorious new 28th virtual channel/driver in action:

What does it all mean? If you’ve got a Receiver client with NSAP support and you’ve got a NetScaler that can parse the data coming from the NSAP VC, then your Insight scalability becomes A LOT better. How much better exactly? We ran one test with a single NS packet engine and looked at 1250 ICA connections @ 125 kbps bandwidth. When we enabled the “old” Insight, we could only get about 500 ICA connections through the box. With the new Insight, we could now get about 1200! And looking at the CPU of the NetScaler, we were routinely pushing 90%+ with the old implementation — now it just added about 8% additional CPU and the box is “chillaxin” around 25% like it should be (17% was the “baseline” CPU in this example with 1250 connections BTW). So this is a serious game-changer and I hope you’re as excited about this re-architecture as I am.

I’m sure this sounds too good to be true. And you’re probably asking, “What’s the catch?” Well, there are a couple. The first is we only have this NSAP VC on our Windows, Mac, and iOS clients right now. And we just put it in that client-side code earlier this year. So Receiver 4.10+, Mac 12.8+ and iOS 7.5.4+ are required to take advantage. On the server side, we require XenApp/XenDesktop VDA 7.16+ and we only support ICA over TCP today (no EDT support yet). And we added some additional metrics in the 7.17 VDA so it’s best to use the latest CR. And before you ask, no, we won’t be back-porting this to LTSR as far as I know. 😉

On the NetScaler side, this is even newer. It made its debut into the 12.0 codebase in mid-June — specifically the 57.24 release (search for “NSAP” and you’ll find the blurb in the release notes). I also saw it made its way into the latest 58.15 release of 12.0 that was released about a week ago. I believe those are the ONLY two specific releases that support this today. I searched all the release notes for 11.1 and 12.1 and couldn’t find mention of NSAP anywhere. I’m sure it’s just a matter of time before it shows up in 12.1, but similar to LTSR for XenApp, I doubt you’ll see this get back-ported to 11.1.

One other note — I’ve been talking “HDX Insight” the whole time here but the evolution of Insight, aka NetScaler MAS, is also powered by AppFlow. So all of this also applies to NMAS as well. And my Networking colleagues recommend the latest 12.1 release on the NMAS side to ensure the latest enhancements and bug fixes.

And that’s really it – HDX Insight and NMAS, powered by AppFlow, have been re-architected pretty much from scratch and it’s time to take it for another spin! I hope you’ll enjoy our 28th Virtual Channel. 🙂

Cheers,
Nick

Nick Rintalan, Principal Architect, Citrix Consulting Services (CCS)


Citrix TechBytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.

Click here for more TechBytes and subscribe.

Want specific TechBytes? Let us know! tech-content-feedback@citrix.com