SECURE DIGITAL WORKSPACE
Arizona State University (ASU) is the largest public research university in the United States under a single administration. For the Fall 2010 semester, ASU achieved a new enrollment record of over 70,000 undergraduate and graduate students. The university also has nearly 3,000 academic staff members involved in both teaching and research.
While ASU is quite large by several measures—operating fourteen colleges and schools spread over four major campuses in the Phoenix Metropolitan Area—its mission is to be the model for higher education in the 21st Century, a New American University. With almost a third of freshmen students in the top 10 percent of their high school class, ASU has a solid foundation for building that future.
Meeting the information technology needs of any sizeable organization can be daunting. At ASU, the responsibility for enabling and empowering faculty, staff and students through IT belongs to the University Technology Office (UTO). In order to keep up with demands, UTO developed a five-year plan which outlines its major technology initiatives. The ASU Information Technology Strategic Plan 2010-2014 describes a climate of "escalating expectations," "increasing pace of innovation," and the need for "achieving more with less." These are characteristics that should resonate with most any IT organization.
Network bandwidth demands are ever increasing, so it shouldn't be surprising that the UTO strategic plan addresses a number of network related goals and objectives. According to the plan, "Most students now bring several technology devices to campus and expect them to integrate easily into the University's cyber infrastructure and for them to be useful in their studies." Even as more devices are connected, the strategic plan has UTO working toward ensuring ASU's network is operational 99.9% of the time.
Greg Wilson is a Project Manager and IT Systems Architect leading the Security and Network team within the UTO Operations. He has provided valuable information regarding how ASU uses Citrix NetScalers for web application delivery, load balancing, security and more. ASU is currently using more than ten Citrix NetScalers including both NetScaler MPX 7500 and NetScaler 7000 physical appliances. The university has chosen Platinum Edition NetScalers for enhanced features such as Citrix Application Firewall™. The NetScalers are fronting hundreds of servers and services for ASU.
ASU has been using Citrix NetScalers for more than five years. In 2005, ASU had been using BIG-IP appliances from F5. It was time for a hardware upgrade cycle and the Citrix NetScalers were chosen as the new standard. Price was initially a key factor in the selection process. Ease of management, performance and scalability were also deciding factors in switching from F5 BIG-IP to NetScaler. According to Wilson, "NetScaler was a good choice. I really like the management. I think the NetScalers are extremely good—very few problems, very solid."
Jack Hsu, Senior Director of System and Security within the UTO, is responsible for information infrastructure at Arizona State University. Hsu indicated additional factors in the selection process. "From my perspective, the NetScalers provide a lot of capabilities in one device. The fact that NetScaler integrates so well with our Citrix XenApp deployment to support high availability and secure access was another key factor in ASU's selection of NetScaler."
ASU uses NetScalers to serve the entire www.asu.edu domain. For redundancy and performance, NetScalers are used to distribute website traffic to two separate locations. A NetScaler MPX 7500 serves traffic from an on-premises ASU datacenter while a NetScaler 7000 serves traffic from an offsite location. Normally, half the traffic goes to the ASU datacenter and the other half goes to an out of state datacenter. Hsu indicates, as many as "10,000 to 20,000 users may access the ASU website concurrently."
Wilson adds, "Once the traffic arrives, we use the load balancer as a proxy to determine which site is really up or not via NetScaler's application health monitoring functionality. Visitors always go to one location or the other when they view the ASU website. They need a good experience even if one site is down." As noted in the UTO strategic plan, "Many prospective students' first impressions of the University now come from interacting with its website to learn more about the campus, investigate majors and courses of study, and manage the stages of the application process."
ASU also employs NetScalers for a variety of enterprise applications. "We do load balancing in front of our main e-mail services and our spam filters. We have quite a few services behind it besides the website that we load balance," Wilson explains. "We use NetScaler for load balancing XenApp and for Citrix Access Gateway functionality." A new SharePoint environment is under development. "Our new SharePoint environment is behind the same NetScaler that supports XenApp."
Beyond traffic distribution and load balancing, ASU uses the SSL VPN and SSL offload capabilities of the NetScalers. Wilson is also beginning to take advantage of the application firewall functionality for logging purposes. Additionally, other groups and organizations throughout the university are utilizing NetScalers. For development and QA use a single NetScaler 7000s and the Library uses a pair of NetScaler 7000s.
The firewall is also helping ASU with compliance related issues. The university is not currently using NetScaler for Payment Card Industry Data Security Standard (PCI DSS) compliance. Instead, they are using NetScaler Application Firewall to detect and flag use of credit cards. According to Hsu, "One of the purposes of this application firewall is to make sure no one is using credit cards with ASU. We don't want anyone doing transactions that require PCI compliance."
The purchase price of the NetScalers was one of the key attractions initially. Since then, other cost benefits have emerged. Ease of management has led to additional cost savings through increased staff efficiency. Fewer servers have been purchased due to the SSL offload feature. The university has also avoided replacement costs due to high device reliability. Wilson explains, "I've only had one piece of hardware go the whole time I've had them. It was in a cabinet that was sealed off and it got too hot, and that's the only time I've ever had any hardware problems with them."
At ASU, Citrix NetScalers are meeting the performance and scalability needs of the largest public research university in the United States. However, Wilson sees increased service availability as the biggest benefit provided by the NetScalers. "Just the basic load balancing gives us better uptime. If we have a hardware or software problem, our website and other services are still there. That is a huge benefit." One of Wilson's colleagues added, "And capacity, too. They'll handle a lot of hits coming in and not really work too hard at it. They're efficient."
As with many IT organizations, server consolidation has been a primary driver of initial virtualization projects at ASU. One of the key goals outlined in the UTO strategic plan, within the area of IT infrastructure, is to "consolidate servers within a single secure virtualized environment." Further, "by creating a single yet redundant environment, computing cycles and storage can be provided much more efficiently with greater security and reliability."
ASU started using server virtualization in 2008. Hsu provided an overview. "We started with a pilot on VMware. After about a year or so we started migrating all the original VMware virtual machines to the Citrix environment. There are only a handful of VMware virtual machines left. We will continue moving forward, hoping that by the end of this year there will be no VMware in our data center. We have standardized on XenServer across the University Data Center."
The current XenServer deployment managed by Hsu and his team within UTO Operations consists of about 100 servers running more than 800 virtual machines. The university is now using XenServer Platinum Edition with a roughly equal mix of versions 5.5 and 5.6. The initial attraction to XenServer was twofold. Hsu explained, "We're a university. We like open source because it provides a better secure environment, helps to reduce costs and enables us to customize to meet our exact needs. As a result, we encourage open source whenever possible."
Like Greg Wilson who provided information on the use of NetScaler's at ASU, Brent Dunlock is a Project Manager and IT Systems Architect reporting to Jack Hsu. Dunlock joined Hsu in the conversation on XenServer. Dunlock added, "We've saved a lot of money with open source over the years."
ASU is running nearly all of its applications on virtualized servers. For most applications, there is a corresponding server to support that application in development, QA and production. Dunlock said, "We have hundreds of applications, Java applications for our web pages, and MySQL for database. There are a lot of them out there." Hsu added, "MS SQL, Sybase, and Active Directory. The SharePoint application is virtualized and we're debating the rest of database right now. Exchange will be virtualized when we move to the Exchange 2010."
XenServer supports ASU's core needs, including basic infrastructure and back office applications. "We also provide infrastructure services to individual colleges and departments. We provision servers for them and provide what we call a managed service for individual college." Server consolidation throughout ASU has resulted in higher, more efficient levels of server utilization. Having a centralized, virtual infrastructure has meant improved responsiveness and more satisfied customers as well as much improved data center environmentals.
While ASU is still making gains through additional consolidation, it is also taking advantage of other features and capabilities of XenServer. For example, XenServer High Availability makes sure protected VMs are always running. ASU is using XenServer HA by creating virtual server farms across multiple physical servers. This way, if a physical server fails, the protected VM is migrated to another server with minimal downtime.
For even higher levels of business continuity, ASU is starting to use Citrix® StorageLink® Site Recovery for XenServer Virtual Machines which is part of XenServer 5.6. Site Recovery is a disaster recovery feature which allows customers to automatically create warm standby sites for their VMs. Hsu said, "There is one environment we need to have covered under DR which we're almost finished virtualizing. We need to virtualize everything before we step up the DR. We already created servers on the DR site to get ready to roll. The project is ongoing." XenServer makes it easy to take applications that have been virtualized during consolidation projects and set them up for disaster recovery or disaster protection.
ASU has made great progress in server consolidation in just the last three years. "Right now we are approaching 70% virtualization. We're targeting 85% across all our servers," said Hsu. Of course one of the primary benefits of consolidation is cost savings. "Just by reducing the total number of servers, we've come from spending almost a million a year to, I would say, maybe a quarter million now per year."
Over time, millions of dollars are being saved in server hardware purchases alone. Corresponding to the reduction in servers, more is being saved through reductions in space, power and cooling. And, even more is being saved relative to VMware by avoiding licensing costs. Virtualization licensing and maintenance costs relative to VMware are also lower. Hsu said, "From a total purchase cost perspective, it's about one-third for pricing."
While the cost savings provided by XenServer are quite high, agility is a more visible benefit for ASU IT consumers. In the past, if a new machine was needed, it could take weeks or months to get the proper approvals, order the server and make it usable. Dunlock described the last part of the process. "In the old days we had to build a machine from CDs and hardware. Now we can build a machine by just clicking. We can deliver a new system within just a few minutes. We have virtual machines just sitting there, with templates, ready to go. When somebody asks for a new virtual machine, we just click and it comes up."
The ability to respond quickly—or simply the ability to say yes—can make all the difference when it comes to satisfying IT customers.
There is always more to do. When the current objectives in the University Technology Office strategic plan have been met, more goals will surely be added. When it comes to Jack Hsu's organization, Greg Wilson and Brent Dunlock already have more on their agendas. Leveraging even more features of NetScaler and XenServer is certainly part of that.
For NetScaler, Application Firewall use is expanding to include enforcement rather than just monitoring and logging. Wilson says, "We're also going to put more Citrix services like XenDesktop behind it. We've been using Citrix Access Gateway for some of that. We can consolidate that functionality with the NetScalers." He adds, "We'll look more at the acceleration features in NetScaler, like caching and compression when we have the resources. We also want to evaluate the NetScaler VPX virtual appliance." Hsu concurred, "The VPX would help us eliminate more physical devices. It could help as we move to the cloud too."
Dunlock has more plans for XenServer. He says, "We'd like to try the workload balancing feature. It's just a matter of getting around to doing it. We're already looking at dynamic memory as we roll out new VMs." ASU is also interested in using XenServer instances both on- and off-premises in a hybrid cloud model. Some public clouds already use XenServer as the underlying virtualization layer and others support XenServer virtual machines running within them. Dunlock is interested in one day using XenCenter to manage XenServer virtual machines across a hybrid cloud environment.
ASU currently uses a variety of products from Citrix, including XenDesktop, XenApp, Access Gateway, NetScaler and XenServer. These are integrated rather than isolated products with NetScaler and XenServer making the other offerings more valuable and efficient than they would be on their own. This level of integration is possible because the products are developed by a single vendor under the same roof. According to Hsu, "With Citrix, we just need one vendor for virtualization across desktops, applications and servers. Then we get better performance and availability for all those by adding NetScaler. It's really an integrated end to end solution."
The drive to do more with less initially attracted ASU to Citrix for server virtualization and application delivery management. At the same time, discussions with members of UTO's Operations organization revealed that additional benefits—including agility, responsiveness, performance, availability, reliability, scalability and others—were also achieved. NetScaler and XenServer don't just improve other Citrix technologies. They are building blocks for improving all types of IT services for leading organizations like Arizona State University.
Citrix XenDesktop is a desktop virtualization solution that delivers Windows desktops as an on-demand service to any user, anywhere. Citrix XenApp is an on-demand application delivery solution that enables applications to be centralized and managed in the datacenter and instantly delivered as a service to users anywhere. Citrix NetScaler, available as a network device or as a virtualized appliance, makes web applications run 5x better by accelerating application performance, optimizing application availability, and enhancing web application security while substantially lowering costs.
©2011 Citrix Systems, Inc. All rights reserved. Citrix®, XenDesktop®, NetScaler®, Citrix Workflow Studio™, HDX™ and XenApp™ are trademarks or registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. Microsoft®, Windows®, Windows Media® and Windows Server® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.