Jump to content
  • GSLB with CADS service Multi-Site Application Delivery


    Nagaraj Harikar 2
    • Validation Status: Validated
      Summary: GSLB solution for your multi-datacenter applications
      Has Video?: No

    CADS Service is a SaaS from Citrix, that radically simplifies application delivery and security and accelerates IT modernization by bringing intent-based configuration, automated self-healing and internet awareness to hybrid multi-cloud deployments (more info).

    CADS service will improve and simplify your secure app delivery and ensure compliance by deploying and configuring infrastructure in your public cloud data center in line with your business intent. CADS also provides Internet state awareness with billions of real users’ measurements a day, from every corner of the internet. It monitors internet traffic issues in real time and automatically steers your user traffic to an optimal site. Whether you host your applications and content on premises, in the cloud or in content delivery networks (CDNs), CADS service allows you to globally load balance all traffic, dynamically optimizing the user experience and lowering service costs. Real user monitoring (RUM) gives a direct understanding of how internet performance impacts customer satisfaction and engagement. CADS service gathers RUM data from clients as they access applications across clouds, data centers, and CDNs, and builds a holistic picture of internet health.

     

    Use-Case:

    Resilient delivery of applications for globally-distributed  publicly deployed application workloads in hybrid data centres.

     

    Architecture:

    With the Citrix Managed multi-site application feature, you can configure Global Server Load Balancing (GSLB) to deliver applications from multiple cloud environments for high availability and reliability. GSLB enables fast site failover, disaster recovery and improved user experience.

    When an application is deployed across multiple sites, requests can be intelligently distributed across all of an organization’s data centers. Once an application is configured as multi-site, CADS services will monitor the health and availability of each site. The latency from users across the globe to each PoP is measured using real user measurements (RUM) in near real-time. For more details click here.  Figure 1 shows a multi-site set up where both a Citrix-Managed deployment of CADS service and independent sites are configured into CADS service. This can improve the experience for each individual user as they access the application from across the globe. When an application is configured as a multi-site application on CADS Service, client requests are routed to the optimal data center for each individual user. This minimizes network latency and improves user experience by accelerating application response time. For more information click here.

    image.jpg.82682d6a2f73bcce2d39b75045cbe8cc.jpg

    Figure 1: Architecture for CADS and ITM integration for global application delivery

    Pre-Requisites

    Before you deliver a multi-site application, you must complete the following preliminary steps: 

     

    Steps to deploy a CADS service managed Application as your GSLB site

     

    1. Your Citrix manged application will be available in the CADS service user interface (UI) under Applications. The following example shows two Citrix Managed deployments with applications in the Virginia-Prod-Site and the EU-Prod-Env in the AWS North Virginia and Ireland regions respectively. image.jpg.f350a693f0b818df92fb1bf28f4b4678.jpg

    Figure 2: Existing applications on your Citrix Managed Datacenter

     

    1. You need to configure your Multi-Site application by clicking on New Multi-Site Application. There are three steps to configure your Multi-Site Application delivery.
      1. Specify the name “GlobalApp”, you can choose the application FQDN type as “User Defined” for Route53 Hosted Zones or CADS service will generate an FQDN if the “Auto-allocated” option is selected (#.itm.appdeliverysecurity.com). You can also specify the DNS time to live as show in Figure 3.

    image.jpg.e3696a92010329e8860b3d7e0576043e.jpg

    Figure 3: Create new multi-site application

     

      1. Specify the Site details. In this example, as shown in Figure 4, we will add the two managed Sites that are shown in Step 1

    image.jpg.24b7af141bd867361fdea7099f2d5620.jpg

    Figure 4: Create site1 from available Citrix Managed site

    Select Managed, specify the Site name “Site1”. Select the Application “Virginia-Prod-Site” and the Endpoint. The FQDN, the Location and Monitor details are auto-populated. You may, optionally, select Geo Fencing to ensure users from a particular region access a particular site (North American users will be sent to Virginia in this example) as shown in Figure 5.

    image.jpg.353ebe223b765286391c54cb19f3e0b4.jpg

    Figure 5: Geo fencing settings

    Add the Second Site, “Site2” for the Application “EU-Prod-Env” and endpoint and Add Site as shown in Figure 6

    image.jpg.3d14307f281b7355b5bd6c1c36c30387.jpg

    Figure 6: Add Site2

    Now the Citrix Managed Sites are added as shown in Figure 7.

    Note: Here we have added Citrix-managed sites. If you would like to add sites which are user defined or self manged, refer to Appendix 4.a

    image.jpg.627b87207be8c8e4899bff4154f5bc0b.jpg

    Figure 7: Site and location details added for Site1 and Site2

     

      1. Select the GSLB Algorithm and Stickiness settings as shown in Figure 8. CADS Service supports three Algorithms – “Failover”, “Round Robin” and “Optimal RTT”. In this example deployment Optimal RTT is used. For detailed steps refer to this document.

    image.jpg.0a209f7ee099f3c86236b4a879c78ea0.jpg

    Figure 8 : GSLB method and stickiness configuration for the GSLB sites

     

    Once the deployment is successful as shown in Figure 9, Click “Manage Multi-Site Applications” to see the FQDN generated for the APP as shown in Figure 10.

    image.jpg.e51142e90088a0b8fc70c4ede4d6670c.jpg

    Figure 9:  Deploying Multi-site application on CADS service

    image.jpg.e4c267387b6bc1429a7476986ccc78f8.jpg

    Figure 10:  Multi-site application details

    If you selected Route53 the autogenerated FQDN is automatically mapped to a friendly FQDN name, otherwise, you can Map your multi-site application FQDN to “0014.16ed2.itm.appdeliverysecurity.cloud.com” in your DNS provider (CNAME entry).

      1. Now you can test the application traffic routing in dnscheker.org, From the diagram it can be seen that all North America users are routed to North Virginia Site with IP 34.231.174.213 as shown in Figure 11.

    image.jpg.8976e426b332eda3bdcc9fa305b4d19a.jpg

    image.jpg.3c0ea9a88292a2e3b59a0540ee36d0b0.jpg

    Figure 11:  DNS checker results for the multi-site application

      1. Analytics for your multi-site application

    image.jpg.460e24370e383ef8b9f76dfd240bb632.jpg

    Figure 12: Site health information for selected duration

    The GlobalApp’s status is shown in Figure 12. There are legends which describe the site status. Namely, Health, Unhealthy (When all sites are down), Degraded (when some of the sites are down), Maintenance, Not Deployed.  Figure 13 shows the max and average user request rate for your Multi-Site Application.

     image.jpg.5bee1aa5f277018c2d580831581a6a8c.jpg

    Figure 13:  Application user’s request rate

     

    Geo based access data is show in Figure 14. Which displays the total number of application requests that are received by CADS service, Top 5 locations from where the user traffic is originating.

     image.jpg.dcdb660cbf9eeffdb5b6c11732f451f4.jpg

    Figure 14:  Geo map showing the top five locations of users accessing the multi-site application

     

    1. Conclusion

    CADS Service provides a simplified way to configure an internet-aware, intelligent global server load balancing solution for a multi-cloud environment. In this example Geo Fencing has been used to ensure application traffic from users accessing from a particular location are steered to a specific site. With this, the overall user experience will be improved with the use of the Optimal RTT algorithm offered by CADS service. Since the users are always routed to an optimal performing site, this implicitly provides disaster recovery across all the configured sites.

     

    1. Appendix
      1. Adding a non Citrix Managed Site

    image.jpg.a285a64b3742e5beea142e2098e50ad3.jpg

    You can Select “User-Defined” and specify the IP Address (v4 or v6) or FQDN names where the application is deployed publicly. Note: In order to configure Optimal RTT as the GSLB Algorithm, you need to enable “Configure Radar” in - Refer to section 4.2.

      1. Enable “Configure Radar” Option for the Site by specifying the path to the r20.gif on your server and location of the Site. If you do not have the radar tags configured, you can host it on an Apache server (Step 4.3)

    image.jpg.33de840e77c09121d3fd0e20422343d7.jpg

      1. Steps to deploy our Radar Objects on a host with Apache2

    Note: The instructions were tested against Ubuntu20, but the Radar Objects can be served by any modern operating system and webserver.

        1. Install required packages

    sudo apt-get install apache2 git

        1. Create the Apache2 directory and populate it

    sudo mkdir -p /var/www/radar-objects

    sudo git clone https://github.com/cedexis/testobjects /var/www/radar-objects/

        1. Disable the default Apache2 VirtualHost

    sudo rm /etc/apache2/sites-enabled/000-default.conf

        1. Enable required Apache2 mods

    sudo a2enmod headers

    sudo a2enmod rewrite

    sudo a2enmod ssl

    sudo systemctl restart apache2

        1. Add the Apache2 site configuration

    cat > /etc/apache2/sites-available/radar-objects.conf << 'EOF'

    ErrorLog ${APACHE_LOG_DIR}/error.log

    CustomLog ${APACHE_LOG_DIR}/access.log combined

     

    DocumentRoot /var/www/radar-objects

    Header add "Timing-Allow-Origin" "*"

     

    RewriteEngine on

    RedirectMatch 404 /\.git

     

    <VirtualHost *:80>

        RewriteRule ^/img/(.*)/(.*)$ /img/$2 [L]

        RewriteRule ^/sm/(.*)/(.*)$ /sm/$2 [L]

    </VirtualHost>

     

    SSLStaplingCache shmcb:${APACHE_RUN_DIR}/logs/stapling_cache(128000)

    SSLSessionCache shmcb:${APACHE_RUN_DIR}/logs/ssl_scache(512000)

     

    <VirtualHost *:443>

    SSLEngine On

    SSLCertificateFile /etc/ssl/public.crt

    SSLCertificateKeyFile /etc/ssl/private.key

    SSLCACertificateFile /etc/ssl/ca-certs.pem

    SSLProtocol -all +TLSv1.3 +TLSv1.2

    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

    SSLUseStapling On

    SSLSessionCacheTimeout 300

     

        RewriteRule ^/img/(.*)/(.*)$ /img/$2 [L]

        RewriteRule ^/sm/(.*)/(.*)$ /sm/$2 [L]

    </VirtualHost>

    EOF

        1. Enable the new Apache site and restart Apache2

    sudo ln -s /etc/apache2/sites-available/radar-objects.conf /etc/apache2/sites-enabled/radar-objects.conf

    sudo systemctl restart apache2

        1. Verify that the Radar Objects are being served

    curl https://<FQDN>/img/r20.gif

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...