Configuring Optimization Features : Configuring Citrix optimization
  
Configuring Citrix optimization
You enable and modify Citrix optimization settings in the Optimization > Protocols: Citrix page.
Citrix optimization features
Citrix optimization has the following features:
Classification and shaping of Citrix ICA traffic using Riverbed QoS to improve the end-user desktop experience
Bandwidth reduction of compressed and encrypted Citrix ICA traffic using SteelHead Citrix optimization
Latency optimization for client drive mapping in the Citrix ICA session
Optimization of Citrix sessions over SSL using Citrix Access Gateway (CAG)
SteelHead Citrix Optimization for Multi-Port ICA traffic
Traffic optimization for enhanced data reduction for small Citrix packets.
Citrix enhancements by RiOS version
RiOS 9.0.x has enhancements to QoS that classify Citrix ICA traffic based on its ICA priority group using Multi-Stream with Multi-Port.
RiOS 9.1 and later include an autonegotiation of Multi-Stream ICA feature which classifies Citrix ICA traffic based on its ICA priority group.
Citrix version support
Support is provided for the following Citrix software components.
Citrix Receiver or ICA client versions:
Online plug-in version 9.x
Online plug-in version 10.x
Online plug-in version 11.x
Online plug-in version 12.x
Online plug-in version13.x (Receiver version 3.x)
Receiver for Windows version 4.x
Citrix XenDesktop:
XenDesktop 4
XenDesktop 5
XenDesktop 5.5
XenDesktop 5.6
XenDesktop 7.x
Citrix XenApp:
Presentation Server 4.5
XenApp Server 5
XenApp Server 6
XenApp Server 6.5
XenApp Server 7.x
In addition, RiOS supports encrypted and compressed Citrix ICA traffic optimization.
For more information about Citrix optimization, see the SteelHead Deployment Guide - Protocols, the Riverbed Command-Line Interface Reference Manual, and the white paper Optimizing Citrix ICA Traffic.
For appliances with feature-tier licensing, you can configure and enable Citrix optimization even if the feature is not licensed; however, the feature needs to be both enabled and licensed to work. If the feature is not licensed, the interface displays an alert. For more information, see Feature-tier licensing.
To configure Citrix optimization
1. Choose Networking > App Definitions: Ports Labels to display the Ports Labels page.
2. Select the Interactive port label in the Port Labels list to display the Editing Port Labels Interactive group.
Editing Port Labels page
3. Under Editing Port Label Interactive, remove Citrix ICA ports 1494 and 2598 from the Ports text box.
4. Click Apply to save your settings to the running configuration.
5. Choose Optimization > Protocols: Citrix to display the Citrix page.
6. Under Settings, complete the configuration on the client-side and server-side SteelHeads as described in this table.
Control
Description
Enable Citrix Optimization
Optimizes the native Citrix traffic bandwidth. By default, Citrix optimization is disabled.
Enabling Citrix optimization requires an optimization service restart.
ICA Port
Specify the port on the Presentation Server for inbound traffic. The default port is 1494.
Session Reliability (CGP) Port
Specify the port number for Common Gateway Protocol (CGP) connections. CGP uses the session reliability port to keep the session window open even if there’s an interruption on the network connection to the server. The default port is 2598.
Enable SecureICA Encryption
Enables SDR and Citrix optimizations, while securing communication sent between a MetaFrame Presentation Server and a client.
RiOS supports optimization of Citrix ICA sessions with SecureICA set to RC5 40-bit, 56-bit, and 128-bit encryption. By default, RiOS can optimize Citrix ICA traffic with SecureICA set to basic ICA protocol encryption. You must enable SecureICA encryption to allow RiOS to optimize ICA sessions with SecureICA encryption set to RC5 on the client-side SteelHeads.
Enable Citrix CDM Optimization
Enable this control on the client-side and server-side SteelHeads to provide latency optimization for file transfers that use client drive mapping (CDM) between the Citrix client and server. CDM allows a remote application running on the server to access disk drives attached to the local client machine. The applications and system resources appear to the user at the client machine as if they’re running locally during the session. For example, in the remote session, C: is the C drive of the remote machine and the C drive of the local thin client appears as H:.
Bidirectional file transfers between the local and remote drives use one of many virtual channels within the ICA protocol. The individual data streams that form the communication in each virtual channel are all multiplexed onto a single ICA data stream. This feature provides latency optimization for file transfers in both directions.
You can use CDM optimization with or without secure ICA encryption.
By default, CDM optimization is disabled.
Enabling CDM optimization requires an optimization service restart.
CDM optimization doesn’t include support for CGP (port 2598).
Enable Auto-Negotiation of Multi-Stream ICA
Enable this control on the client-side SteelHead to automatically negotiate ICA to use Multi-Stream ICA and carry the ICA traffic over four TCP connections instead of one.
The ICA traffic within a Citrix session comprises many categories of traffic called virtual channels. A virtual channel provides a specific function of Citrix ICA remote computing architecture, such as print, CDM, audio, video, and so on. The ICA traffic within a Citrix session is also categorized by priority, in which virtual channels carrying real-time traffic, such as audio and video, are flagged with higher priority than virtual channels carrying bulk transfer traffic such as print and CDM.
When enabled, the SteelHead splits traffic on virtual channels into a separate TCP stream (by ICA priorities) so that QoS can be applied to each individual stream. This feature is applicable for both CGP and ICA connections. This allows finer QoS shaping and marking of Citrix traffic. You can also use this feature with path selection to select and prioritize four separate TCP connections.
You can use this feature with both inbound and outbound QoS. Both SteelHeads must be running RiOS 9.1 or later. To view the multistream connections, choose Reports > Networking: Current Connections. When the connection is classified by QoS on the SteelHead, the Application column lists the connection as Citrix-Multi-Stream-ICA along with its priority. You can also choose Reports > Networking: Inbound QoS and Outbound QoS to view the connection classifications.
Four applications are available by default under Networking > App Definitions: Applications > Business VDI for QoS classification:
Citrix-Multi-Stream-ICA-Priority-0
Citrix-Multi-Stream-ICA-Priority-1
Citrix-Multi-Stream-ICA-Priority-2
Citrix-Multi-Stream-ICA-Priority-3
No configuration is required on the server-side SteelHead.
The Citrix deployment must support Multi-Stream ICA: the clients must be running Citrix Receiver 3.0 or later. The servers must be running XenApp 6.5 or later or XenDesktop 5.5 or later.
Enabling this feature doesn’t require an optimization service restart.
Enable MultiPort ICA
Enable this control on the client-side SteelHead to provide multiport ICA support. For thin-client applications, Citrix has a protocol that segregates the network traffic between a client and a server. Typically, all of the traffic is routed through the same port on the server. Enabling multiport ICA lets you group the traffic into multiple CGP ports using priorities based on data type (mouse clicks, window updates, print traffic, and so on).
After you enable multiport ICA, you can assign a port number to each of the configurable priorities. You can’t assign the same port number to more than one priority. You can also leave a priority port blank and route that traffic through some other means—which doesn’t have to be a SteelHead.
Perform these steps:
1. From the Citrix server, enable and configure the multiport policy for the computer configuration policy in the Group Policy Editor or Citrix AppCenter. By default, port 2598 has high priority (value 1) and is not configurable. You can configure port values 0, 2, and 3.
Use these application priorities for multiport ICA:
Very high = 0, for audio
High = 1, for ThinWire/DX command remoting, seamless, MSFT TS licensing, SmartCard redirection, control virtual channel, mouse events, window updates, end-user experience monitoring.
Medium = 2, for MediaStream (Windows media and Flash), USB redirection, clipboard, and client drive mapping.
Low = 3, for printing, client COM port mapping, LPT port mapping, and legacy OEM virtual channels.
2. Restart the Citrix server. You can then go to Reports > Networking: Current Connections to view the TCP connections in the ICA session.
3. On the client-side SteelHead, specify the same CGP ports configured on the Citrix server in the Priority Port fields. You can then return to Reports > Networking: Current Connections to view the four unique TCP connections in the ICA session.
If you have a port label to represent all ICA traffic over ports 1494 and 2598, you must add the new CGP ports to support multiport ICA.
Make sure that any ports you configure on the Citrix server don’t conflict with the ports used on the preconfigured port labels on the SteelHead. The port labels use default pass-through rules to automatically forward traffic. To view the default port labels, choose Networking > App Definitions: Port Labels.
You can resolve a port conflict as follows:
To configure a standard port that is associated with the RBT-Proto, Secure, or Interactive port labels and can’t be removed, use a different port number on the Citrix server configuration.
Otherwise, remove the port from the port label.
7. Click Apply to apply your settings to the running configuration.
8. Click Save to Disk to save your settings permanently.
9. If you have enabled or disabled Citrix optimization or Citrix CDM optimization or changed the port, you must restart the optimization service. For details, see Starting and stopping the optimization service.
Citrix traffic fallback behavior
This table describes how the SteelHeads handle Citrix traffic as a secure protocol after a secure inner channel setup failure.
Client-side SteelHead traffic type setting
Server-side SteelHead traffic type setting
Client-side SteelHead fallback setting
Server-side SteelHead fallback setting
Traffic-Flow type, if SSL secure inner channel setup fails
SSL and secure protocols
SSL and secure protocols
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Optimized without encryption
SSL and secure protocols
SSL and secure protocols
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Strict. Fallback to No Encryption is disabled.
Passed through
SSL and secure protocols
SSL and secure protocols
Strict. Fallback to No Encryption is disabled.
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Passed through
SSL and secure protocols
SSL and secure protocols
Strict. Fallback to No Encryption is disabled.
Strict. Fallback to No Encryption is disabled.
Passed through
SSL and secure protocols
All
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Optimized without encryption
SSL and secure protocols
All
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Strict. Fallback to No Encryption is disabled.
Passed through
 
SSL and secure protocols
All
Strict. Fallback to No Encryption is disabled.
Lenient. Fallback to No Encryption is enabled, allowing fallback.
Passed through
SSL and secure protocols
All
Strict. Fallback to No Encryption is disabled.
Strict. Fallback to No Encryption is disabled.
Passed through
Related topics
Configuring in-path rules
Configuring port labels
Adding QoS profiles
Configuring secure peers