BY USE CASE
Secure Distributed Work
Citrix-on-Citrix is an initiative the company undertook to capitalize on its own technology. A global SD-WAN deployment moves Citrix closer to delivering a great employee experience and simultaneous cost savings around the world.
In an initiative known as Citrix-on-Citrix, CIO Meerah Rajavel singled out workstyle choices, employee experience, and corporate culture as crucial components of a holistic and productive work environment. She also noted the importance of getting relevant information to all employees when they need it – on the devices of choice regardless of the workers' locations.
The Network Architecture team, part of Citrix Enterprise Infrastructure Services, is focused on providing end-to-end network solutions for internal Citrix customers. One of the group's priorities is driving the adoption and usage of current and emerging SD-WAN technologies. Citrix SD-WAN delivers a reliable, high-performance user experience to distributed workforces anywhere.
Citrix maintains a total of 50 sites with four major data centers, three contact centers, and other Tier-1 campus sites that provide similar, smaller-scale data center services. Nearly a dozen of the sites required private connectivity; of these, some run core applications, including voice, Citrix Workspace, and the Microsoft Office 365 suite of applications.
Citrix Enterprise Infrastructure Services had been using Multiprotocol Label Switching (MPLS) and Dynamic Multipoint VPN (DMVPN) networking technologies to connect its sites, but MPLS costs were high, and outages sometimes affected worker productivity. The team knew they needed to update the network to keep up with business demands. This was not possible with the existing MPLS network: it was cost-prohibitive to upgrade and could not handle internet breakout.
As the team began to explore an MPLS alternative that could facilitate the adoption of the internet as its public infrastructure, the group wanted to ensure a smooth transition with no impact to the user experience. A great deal of time was dedicated to strategizing and planning how to choose the internet circuits to ensure a successful transformation. The team knew that more bandwidth was required, but costs could not exceed current fees for MPLS.
Another requirement was that an alternative solution was needed to increase resiliency. Because Citrix no longer was forced to limit its contractual relationships to a single carrier as it was with MPLS, IT can explore many network providers in order to meet the needs of all teams around the globe.
It was not an easy task for IT. John Volter, senior manager of IT Systems Engineering, and his team had to test local service providers all over the world. For countries with stringent government regulations such as China, IT undertook additional planning, research, and in-depth testing to ensure alignment with its enterprise carrier strategy. This enabled Citrix to select the best carriers to satisfy its WAN connectivity requirements.
What's more, they wanted a solution that would help them gain control over local business units that were currently procuring their own circuits. This had resulted in a collection of many different types of installations without centralized IT visibility, which made it more difficult to meet compliance or governance standards. IT needed to consolidate WAN connectivity procurement and management for all of the various Citrix Business Units and become a central point of contact for these units.
Given the fact that the team had already adopted Citrix SD-WAN on a smaller scale, they looked to expand their deployment as it addressed many current and future requirements. Due to past challenges, as Volter's team moved to the PoC phase for Citrix SD-WAN, they initially encountered some concerns from IT in deploying the technology. . The first PoC was to deploy Citrix SD-WAN with limited functionalities. Once stability was verified, it paved the way for a PoC with two sites, Costa Rica and Johannesburg, with Miami as the SD-WAN head-end known as the MCN (master control node).
Now, with SD-WAN fully deployed, business units can simply request connectivity needs from IT and tell them where they need to connect. IT then implements the configuration once they agree on requirements. Citrix allows for easy multi-tenancy; in this case it's used for managing internal business units' networks. Each business unit essentially has its own private network now that is fully isolated so any changes made won't impact other business units.
IT now follows a standardized design and deployment across the entire network, so uniformity and security are ensured. "With Citrix SD-WAN, local teams don't need to manage their own network needs; everything for them is behind the scenes now," says Paolo Rodriguez, Citrix IT systems engineer.
"We have, in effect, become our own WAN connectivity provider for all business units in Citrix," says Volter. This not only increased IT's confidence in the product, but also, fundamentally changed the overall strategy for how the company buys circuits. "We have control over purchasing and managing all the company's circuits, which ensures we are compliant," continues Volter. "Citrix SD-WAN makes it easier to adhere to CIS Controls and protect data from cybersecurity threats."
Citrix IT expects to see a 42% annual cost savings versus what they experienced with the MPLS solution from a leading carrier. This is 12% higher than their initial 30% projection savings. This savings allows Citrix IT to invest in future strategic projects. It also enables the company to address business demand and deliver a 10X increase in aggregate bandwidth that can increase even more on-demand.
Citrix SD-WAN creates an intelligent secure overlay on top of the existing network infrastructure. Anthony Gallo, director of engineering, states, "this allows IT to move links into and out of the secure SD-WAN overlay network to add bandwidth or add another site without impacting the security infrastructure. The reason that security remains unaffected is that the network layer is separated from the overall security layer, even if they run workloads from a public cloud."
The team plans to enable Citrix Secure Internet Access in the future to complement Citrix SD-WAN through a unified SASE framework. Having security at the edge is vital to securing workers -- not only while in the office, but also, when they work remotely. This will help provide secure direct access to SaaS apps.
The team made a bold move to roll out SD-WAN at the Costa Rica Global Call Center first. This facility is comprised of support engineers handling over 3,000 calls per month. The branch requires excellent continuous connectivity to enable support staff to fully assist with Citrix customer and partner issues. Volter's team started with this location due to a major incident in which all support calls were impacted by severely degraded network conditions until the team could switch to the backup link.
Citrix SD-WAN leverages all the available internet links simultaneously, providing higher bandwidth that scales on-demand. Rodriguez states, "This enables support engineers in the branch to improve application performance with applications like the Virtual Desktop Infrastructure (VDI) by applying extra bandwidth as needed."
Now, support engineers are able to perform their tasks without the worry of network issues. Any problem is essentially transparent to the users. According to Volter, "The operations manager said he didn't remember when the last time was that he had to touch the infrastructure in Costa Rica."
With Citrix SD-WAN in place, Volter's team now can anticipate moving to the cloud. In the meantime, the team is excited to roll out the latest enhancements for Microsoft Office 365 with local internet breakout to help improve the customer experience with Microsoft Team's calls. Citrix SD-WAN has rich REST API integration with Microsoft Cloud, allowing for optimized and simple direct breakout for the lowest latency and highest performance.
Having successfully deployed Citrix SD-WAN across the entire network has provided numerous benefits, including maximum uptime, reduced reliance on costly MPLS, resilient broadband, improved visibility without buying additional tools, and confidence with a cloud-ready network. Volter also looks forward to rolling out the SD-WAN 110 platform which adds resiliency and bandwidth for a robust work-from-home solution that his team can mange remotely.