1© 2008 Citrix Systems, Inc. — All rights reserved
思杰虚拟化解决方案介绍
2© 2008 Citrix Systems, Inc. — All rights reserved
思杰系统 (Citrix Systems) –
全球领先的虚拟化专家
• 市场上领先的提供完整虚拟化方案的供应商
• 应用虚拟化、桌面虚拟化、服务器虚拟化
• 实现一体化应用交付
• NASDAQ 100 及 标准普尔500指数成份股 (CTXS),2008年营业收入
亿美元
• 全球35个国家4900+ 员工,在100多个国家有超过10000的代理商合作
伙伴
• 至今为止:
• 100%财富100强(北美)企业,99%财富500强(北美)企业
• 100%财富100强(全球)企业,99%财富500强(全球)企业
• 覆盖全球75%的互联网用户访问
• 完善的售后体系,SA专享升级服务
3© 2008 Citrix Systems, Inc. — All rights reserved
Citrix(思杰)在中国:Citrix 北京欢迎您!
• 持续的投入
• 2000年设置香港办事处
• 2003年设置上海办事处、2004年设置北京办事处
• 2008年成立北京公司,北京办事处乔迁新址
• 2008年底设置台北办事处
• 2009年,上海办事处也将计划扩大与搬迁
• 我们的队伍
• 2008年人员翻番,2009年稳步增长
• 我们的客户
• 从最初的制造发展到多行业应用,用户数已达数千
• 我们的合作伙伴
• 从最初的2、3家发展到目前的上百家
4© 2008 Citrix Systems, Inc. — All rights reserved
Citrix
XenServer
Citrix
XenDesktop
Citrix
XenApp
虚拟应用虚拟桌面 虚拟服务器Users Apps
虚拟化技术解决应用交付问题
5© 2008 Citrix Systems, Inc. — All rights reserved
虚拟应用虚拟应用——为什么?为什么?
6© 2008 Citrix Systems, Inc. — All rights reserved
业务系统迅速增加
用户 应用系统
7© 2008 Citrix Systems, Inc. — All rights reserved
正在发生变化的业务环境
用户离应用越来越远用户离应用越来越远
数据越来越集中数据越来越集中
业务越来越复杂业务越来越复杂
安全需求越来越强安全需求越来越强
8© 2008 Citrix Systems, Inc. — All rights reserved
HTTPS
VPN/Reverse
Proxy Server
Dial-In
ERP
&
Other DB
Configured Traffic
SAP Enterprise
Portal Server(s)
Your
Data
Mail
Server
传统应用交付的挑战
传统架构
1速度/效率
2管理
3安全
9© 2008 Citrix Systems, Inc. — All rights reserved
125 ms
125*8 ms
1000 ms
I want to open a file
\\dog\bone\blue
“Whatever”
John Whomever
Which fi
le?
Who are
you?
Passwo
rd?
OK, It’s
open!
1125 ms
Open \\dog\bone\blue
for John Whomever,
password “Whatever”
Without XenApp 延时比较
10© 2008 Citrix Systems, Inc. — All rights reserved
100K session/ per user
300User = 300*100K=30M
125*8 ms
1000 ms1125 ms
Without XenApp 带宽比较
I want to open a file
\\dog\bone\blue
“Whatever”
John Whomever
Which fi
le?
Who are
you?
Passwo
rd?
OK, It’s
open!
11© 2008 Citrix Systems, Inc. — All rights reserved
XenApp--虚拟化应用交付平台技术原理
12© 2008 Citrix Systems, Inc. — All rights reserved
Citrix的带宽消耗测试
从右图可以看出,应用的
带宽消耗和操作有关,有
些操作或模块会突然传输
3000K/分钟的数据(深蓝
色曲线),如果这时网络
无法保证带宽,给用户带
来的直接感受就是操作变
得很慢,而对应的CITRIX
带宽消耗(浅蓝色)一致
稳定在10K左右。
13© 2008 Citrix Systems, Inc. — All rights reserved
为什么能提升访问速度?
Client
Application
WAN
SQL command
and data
Database
ServerClient/ServerClient/Server
Client
WAN
Database
ServerServer-Based ComputingServer-Based Computing
LAN
screenshot ,
mouseclicks &
keystrokes
Citrix XenApp
Servers with
Client
Application
SQL command
and data
10-20 kb
100 kb-1 Mb
100 Mb, 1 Gb
14© 2008 Citrix Systems, Inc. — All rights reserved
1 ms
With XenApp
OK, It’s
open!
125 ms
I want to open a file
\\dog\bone\blue
“Whatever”
John Whomever
Which fi
le?
Who are
you?
Passwo
rd?
OK, It’s
open!
125 ms
251 ms
15© 2008 Citrix Systems, Inc. — All rights reserved
传输传输效率提高效率提高 倍倍
16© 2008 Citrix Systems, Inc. — All rights reserved
With XenApp
• 1 session/user =20K bps
• 300 user=20*300K= 6M
• 30M/6M=5 X
17© 2008 Citrix Systems, Inc. — All rights reserved
所有指定应用全部集中在数据中心
简便安装、管理、支持
到达终端的应用与数据从一开始就是被集中管理的
虚拟化支撑新型业务体系架构
– 集中式“交付”:安全、便捷、节能、随需而动
应用服务器
应用虚拟化服务器环境
XenApp
服务器端元件
网络应用
订制化应用
数据中心
桌面/终端
客户端元件
网络应用
桌面应用
18© 2008 Citrix Systems, Inc. — All rights reserved
Citrix XenApp 安全性分析
18 © 2005 Citrix Systems,
Inc. - All rights reserved
Deliver
Protect
Organize
Display
Manage
ApplicationsApplications
Accessed fromAccessed from
Any DeviceAny Device
Only screens, mouse clicks & Only screens, mouse clicks &
keystrokes travel the networkkeystrokes travel the network
Applications Install & Applications Install &
Run on Server FarmRun on Server Farm
19© 2008 Citrix Systems, Inc. — All rights reserved
Http vs ICA
19 © 2005 Citrix Systems, Inc. - All rights
reserved
20© 2008 Citrix Systems, Inc. — All rights reserved
HTTPS
ICA
Internet
Access Gateway
Citrix Xenapp
Server
Your
Data
XML/HTTP
ICA
Screen Refresh
Keystrokes
Mouse Movement
Secure Connection
128 bit cipher
Two Factor Authentication
ICA over SSL
iView
R/3
&
Other DBSAP EnterprisePortal Server(s)
Any
Device* Securely
应用虚拟化带来的改变
使用Citrix后的架构
10 – 20K
OA
1
2
3
21© 2008 Citrix Systems, Inc. — All rights reserved
虚拟应用可以解决的问题:
22© 2008 Citrix Systems, Inc. — All rights reserved
XenApp访问方式
Web Interface
PNA PN
23© 2008 Citrix Systems, Inc. — All rights reserved
Why Citrix
24© 2008 Citrix Systems, Inc. — All rights reserved
Case Study
25© 2008 Citrix Systems, Inc. — All rights reserved
Verizon10
44%3Com9
48%Citrix Systems8
54%McAfee7
61%Symantec6
64%Dell5
70%HP4
71%IBM3
74%Microsoft2
81%Cisco1
战略性基础设施供应商
48%Citrix Systems8
近年来在对(北美)CIO的数次调查中,Citrix已被不断重复地放置在十大战略性IT基础设施供应商之列
• 强大的行业用户群
• 金融服务业:全美前20位的商业银行,全球前50位商业及储蓄
银行
• 电信业:全美前10位及全球前20位的电信运营商
• 制造业:全球前20位的汽车制造商,前15位的电子制造商,前
10位的制药公司,全美前10位的高技术制造商,及前15位的化
工企业
• 政府:200+ 各类美国政府机构
• 医疗业:全球前5位的医疗机构,全美前15位的医疗机构
思杰强大的行业用户群
26© 2008 Citrix Systems, Inc. — All rights reserved
数据中心基础架构的提升
分支机构访
问
• 业务系统集中发布平台—客户端安装、配置维护
复杂,需要大量数据传输(如 ArcGIS SAP.)
• 终端标准化, 运维集中管理
• 远程访问提升访问速度。保证业务连续性
• 移动办公,全面支持各种终端应用
• C/S—B/S (企业Portal)
• 保证数据安全,XenApp+SmartAuditor
Web
服务器
局域网访问
远程用户访问
(低带宽)
Intranet
应用服
务器
业务服务
器
数据库服
务器
移动用户访问
安全域控
制器+Smart
auditor
Citrix服务器
群组 (负载
均衡)
运维集
中管理
Xenapp
发布应用
27© 2008 Citrix Systems, Inc. — All rights reserved
全球企业对思杰所代表的集中管控安全体系的
广泛采纳
•高盛集团于2007年9
月完成的对财富1000
企业的信息安全主管
的调查显示:虽然
Citrix (思杰)不是传统
意义上的安全厂商,
但却被最多的企业推
为其2008年首选安全
方案供应商!
28© 2008 Citrix Systems, Inc. — All rights reserved
安全措施-SmartAuditor 智能审计
PDA
Terminal
IP Phone
Deskto
p
Laptop
操作会话
ICA
SmartAuditor 服务器 文件服务器 监控台
策略实施
录像归档
录像回放
Citrix XenApp服务器
数据中心用户操作端
任何ICA客户端
录像驱动
录像服务
ICA协议流
29© 2008 Citrix Systems, Inc. — All rights reserved
The user accesses their
employee login page from the
corporate web site
The SmartAccess agent pre-scans the
workstation to detect the machine configuration
and compliance with access policies
JohnDoe
••••••••
••••••••
A post login scan is also initiated. This determines the
functions available to the user, based on access
policies.
Note that the user, in this case, is
granted full access, which includes
a full range of applications including
ERP and Payroll…
The user is also granted full
access to network shares and
document shares
The user is offered a range of
access modes to launch the
document. They also have the
option to download and save.
30© 2008 Citrix Systems, Inc. — All rights reserved
However, if the user logs in
from an unidentified
machine…
The pre-scan may indicate that the
machine hardware and configuration
meet the minimum requirements.
JohnDoe
••••••••
••••••••
However, the post login scan would apply the
access policies and may restrict access based
on the fact that the machine is not identified. Appropriate action can be taken, such as restricting the functionality available, offering
help, or remedial attention.
Note that the application list
presented may be restricted based
on the policies applied.
The user is offered restricted access, which
does not allow for downloading or opening
of the file. However, a new LiveEdit option is
included as well as a Preview option
The user does not
get an option to save
locally
Note that the user is not allowed to
save the file locally. They can save the
file on a network share as determined
by their Access Policies
31© 2008 Citrix Systems, Inc. — All rights reserved
Citrix平台的集群能力
•内置集群功能
•高可用性
•负载均衡
•自动优化
•用户可定制负载均衡算法
