Citrix Systems 4.2 manual Isolation in Advanced Zone Using Private Vlan, About Private Vlan

Page 210

Chapter 16. Managing Networks and Traffic

9.To remove a VPN connection, click the Delete VPN connection button

To restart a VPN connection, click the Reset VPN connection button present in the Details tab.

16.25. Isolation in Advanced Zone Using Private VLAN

Isolation of guest traffic in shared networks can be achieved by using Private VLANs (PVLAN). PVLANs provide Layer 2 isolation between ports within the same VLAN. In a PVLAN-enabled shared network, a user VM cannot reach other user VM though they can reach the DHCP server and gateway, this would in turn allow users to control traffic within a network and help them deploy multiple applications without communication between application as well as prevent communication with other users’ VMs.

Isolate VMs in a shared networks by using Private VLANs.

Supported on KVM, XenServer, and VMware hypervisors

PVLAN-enabled shared network can be a part of multiple networks of a guest VM.

16.25.1. About Private VLAN

In an Ethernet switch, a VLAN is a broadcast domain where hosts can establish direct communication with each another at Layer 2. Private VLAN is designed as an extension of VLAN standard to add further segmentation of the logical broadcast domain. A regular VLAN is a single broadcast domain, whereas a private VLAN partitions a larger VLAN broadcast domain into smaller sub-domains. A sub- domain is represented by a pair of VLANs: a Primary VLAN and a Secondary VLAN. The original VLAN that is being divided into smaller groups is called Primary, which implies that all VLAN pairs in a private VLAN share the same Primary VLAN. All the secondary VLANs exist only inside the Primary. Each Secondary VLAN has a specific VLAN ID associated to it, which differentiates one sub-domain from another.

Three types of ports exist in a private VLAN domain, which essentially determine the behaviour of the participating hosts. Each ports will have its own unique set of rules, which regulate a connected host's ability to communicate with other connected host within the same private VLAN domain. Configure each host that is part of a PVLAN pair can be by using one of these three port designation:

Promiscuous: A promiscuous port can communicate with all the interfaces, including the community and isolated host ports that belong to the secondary VLANs. In Promiscuous mode, hosts are connected to promiscuous ports and are able to communicate directly with resources on both primary and secondary VLAN. Routers, DHCP servers, and other trusted devices are typically attached to promiscuous ports.

Isolated VLANs: The ports within an isolated VLAN cannot communicate with each other at the layer-2 level. The hosts that are connected to Isolated ports can directly communicate only with the Promiscuous resources. If your customer device needs to have access only to a gateway router, attach it to an isolated port.

Community VLANs: The ports within a community VLAN can communicate with each other and with the promiscuous ports, but they cannot communicate with the ports in other communities at the layer-2 level. In a Community mode, direct communication is permitted only with the hosts in the same community and those that are connected to the Primary PVLAN in promiscuous mode. If your customer has two devices that need to be isolated from other customers' devices, but to be able to communicate among themselves, deploy them in community ports.

For further reading:

200

Image 210
Contents Page Page Concepts User Services OverviewGetting More Information and Help Cloud Infrastructure ConceptsService Offerings Setting Up Networking for UsersSteps to Provisioning Your Cloud Infrastructure Working With Virtual Machines Working With Hosts 103Working with Templates 113 Working With Storage 129Working with Usage 141 Managing Networks and Traffic 147Page Working with System Virtual Machines 229 Tuning 249Troubleshooting 251 System Reliability and High Availability 233Event Types 259 Alerts 261 Citrix Knowledge Center Contacting Support Getting More Information and HelpAdditional Documentation Available ChapterPage What Can CloudPlatform Do? What Is CloudPlatform?Concepts Multiple Hypervisor SupportDeployment Architecture Overview Management Server Overview Cloud Infrastructure OverviewNetworking Overview More InformationPage Page Cloud Infrastructure Concepts About RegionsAbout Zones Cloud Infrastructure Concepts About Pods About Clusters About Hosts About Primary StorageAbout Secondary Storage About Physical NetworksBasic Zone Network Traffic Types Basic Zone Guest IP Addresses Advanced Zone Network Traffic TypesAdvanced Zone Guest IP Addresses All zones Advanced Zone Public IP AddressesSystem Reserved IP Addresses A zone that uses advanced networkingPage Accounts Accounts, Users, and DomainsHow to Use Dedicated Hosts Dedicating Resources to Accounts and DomainsBehavior of Dedicated Hosts, Clusters, Pods, and Zones Using an Ldap Server for User Authentication Configuring an Ldap ServerAdding an Ldap Server Trust Store Trust Store Password Example Ldap Configuration Commands Removing an Ldap ConfigurationSearch Base Query Filter Active DirectoryApacheDS SSL Keystore Path and Password Search User Bind DNPage User Services Overview Page Log In to the UI User InterfaceSupported Browsers End Users UI OverviewRoot Administrators UI Overview Logging In as the Root AdministratorUsing SSH Keys for Authentication Changing the Root PasswordCreating an Instance from a Template that Supports SSH Keys Output is something similar to what is given below Creating the SSH KeypairLogging In Using the SSH Keypair Resetting SSH KeysCreating an Instance Page Setting Up Invitations Using Projects to Organize Users and ResourcesConfiguring Projects Overview of ProjectsSetting Resource Limits for Projects Setting Project Creator PermissionsCreating a New Project Adding Members to a ProjectSending Project Membership Invitations Accepting a Membership Invitation Adding Project Members From the UIUsing the Project View Suspending or Deleting a ProjectPage Steps to Provisioning Your Cloud Infrastructure Overview of Provisioning StepsFirst Region The Default Region Adding Regions optionalAdding a Region Adding Third and Subsequent Regions Deleting a Region Adding a Zone Create a Secondary Storage Mount Point for the New ZonePrepare the System VM Template Steps to Add a New Zone Basic Zone Configuration Network Offering DescriptionSteps to Provisioning Your Cloud Infrastructure Page Advanced Zone Configuration Page Steps to Provisioning Your Cloud Infrastructure Page NFS Adding a Pod VmfsAdding a Cluster Add Cluster KVM or XenServerAdd Cluster OVM Add Cluster vSphere VMware Cluster Size LimitAdding a vSphere Cluster Steps to Provisioning Your Cloud Infrastructure Page Adding a Host Adding a Host XenServer, KVM, or OVMRequirements for XenServer, KVM, and OVM Hosts Warning Adding a XenServer, KVM, or OVM Host KVM Host Additional RequirementsAdding Primary Storage Adding a Host vSphereAdding Secondary Storage Adding an NFS Secondary Staging Store for Each Zone Initialize and Test Steps to Provisioning Your Cloud Infrastructure Service Offerings Compute and Disk Service OfferingsCreating a New Compute Offering Creating a New Disk Offering System Service Offerings Modifying or Deleting a Service OfferingCreating a New System Service Offering For more information, see .7, Stopping and Starting VMs Page Page About Virtual Networks Setting Up Networking for UsersOverview of Setting Up Networking for Users Isolated NetworksRuntime Allocation of Virtual Network Resources Network Service ProvidersNetwork Service Providers Support Matrix IndividualSupport Matrix for an Isolated Network Combination ACLSupport Matrix for Shared Network Combination Network Offerings Support Matrix for Basic ZoneCreating a New Network Offering Supported Services Description Isolated Shared See Section Remote Access VPN Changing the Network Offering on a Guest Network Creating and Changing a Virtual Router Network Offering Page Page Working With Virtual Machines About Working with Virtual MachinesBest Practices for Virtual Machines Install Required Tools and Drivers VM LifecycleMonitor VMs for Max Capacity Creating VMs Creating a VM from a templateConfiguring Usage of Linked Clones on VMware Creating a VM from an ISOAccessing VMs Appending a Display Name to the Guest VM’s Internal NameStopping and Starting VMs Assigning VMs to HostsAssign a New VM to an Affinity Group Affinity GroupsCreating a New Affinity Group Change Affinity Group for an Existing VMVirtual Machine Snapshots for VMware View Members of an Affinity GroupDelete an Affinity Group Configuring VM Snapshots Using VM SnapshotsLimitations on VM Snapshots Changing the VM Name, OS, or Group Changing the Service Offering for a VM CPU and Memory Scaling for Running VMsUpdating Existing VMs Configuring Dynamic CPU and RAM ScalingHow to Dynamically Scale CPU and RAM LimitationsResetting the Virtual Machine Root Volume on Reboot Moving VMs Between Hosts Manual Live MigrationRecovering a Destroyed VM Deleting VMsWorking with ISOs Adding an ISO Attaching an ISO to a VM Changing a VMs Base ImagePage 102 XenServer and Maintenance Mode Scheduled Maintenance and Maintenance Mode for HostsVCenter and Maintenance Mode Working With HostsRemoving Hosts To take a server out of Maintenance ModeDisabling and Enabling Zones, Pods, and Clusters Working With HostsMaintaining Hypervisors on Hosts Re-Installing HostsUsing Cisco UCS as Bare Metal Host CloudPlatform Removing XenServer and KVM HostsRegistering a UCS Manager Associating a Profile with a UCS BladeChanging Host Password Disassociating a Profile from a UCS BladeOver-Provisioning and Service Offering Limits Requirements for Over-Provisioning Setting Over-Provisioning RatiosLimitations on Over-Provisioning in XenServer and KVM Balloon DriverService Offering Limits and Over-Provisioning Vlan ProvisioningVlan Allocation Example Adding Non Contiguous Vlan RangesAssigning VLANs to Isolated Networks Creating Templates Overview Default TemplateWorking with Templates Requirements for TemplatesPrivate and Public Templates Creating a Template from an Existing Virtual MachineWorking with Templates Creating a Template from a Snapshot Uploading TemplatesWorking with Templates Exporting Templates Creating a Windows TemplateSystem Preparation for Windows Server 2008 R2 Working with Templates Page Working with Templates System Preparation for Windows Server 2003 R2 Importing Amazon Machine Images Create a grub entry in /boot/grub/grub.conf Exit out of chroot Converting a Hyper-V VM to a Template Adding Password Management to Your Templates Linux OS Installation Windows OS InstallationDeleting Templates 128 Working With Storage Storage OverviewPrimary Storage Fiber Channel support Storage TagsWorking With Storage NFS support Local storage support Storage over-provisioningBest Practices for Secondary Storage Maintenance Mode for Primary StorageSecondary Storage Changing the Secondary Storage IP AddressUsing Local Storage for Data Volumes Working With VolumesCreating a New Volume Changing Secondary Storage ServersUploading an Existing Volume to a Virtual Machine To Create a New VolumeAttaching a Volume Hypervisor Disk Image FormatDetaching and Moving Volumes VM Storage MigrationMigrating a Data Volume to a New Storage Pool Migrating a VM Root Volume to a New Storage PoolResizing Volumes To enable root disk reset on VM reboot Reset VM to New Root Disk on RebootVolume Deletion and Garbage Collection Working with SnapshotsIncremental Snapshots and Backup Volume StatusAutomatic Snapshot Creation and Retention Snapshot Restore VMware Volume Snapshot PerformanceSnapshot Job Throttling Configuring the Usage Server Working with UsageWorking with Usage Alerttypeusagesanityresult =Setting Usage Limits Globally Configured Limits Parameter Name DefinitionDefault Account Resource Limits Per-Domain Limits Managing Networks and Traffic Guest TrafficNetworking in a Pod Networking in a Zone Managing Networks and TrafficBasic Zone Physical Network Configuration Advanced Zone Physical Network ConfigurationConfiguring Isolated Guest Network Configure Public Traffic in an Advanced Zone Configuring a Shared Guest Network Security Groups in Advanced Zones KVM Only Using Security Groups to Control Traffic to VMsAbout Security Groups LimitationEnabling Security Groups Adding a Security GroupAdding Ingress and Egress Rules to a Security Group External Firewalls and Load Balancers About Using a NetScaler Load Balancer MPXConfiguring SNMPCommunity String on a Rhel Server VPXInitial Setup of External Firewalls and Load Balancers Load Balancer Rules Adding a Load Balancer RuleConfiguring AutoScale Prerequisites Configuration Managing Networks and Traffic Disabling and Enabling an AutoScale Configuration Updating an AutoScale ConfigurationSticky Session Policies for Load Balancer Rules Health Checks for Load Balancer RulesRuntime Considerations Global Server Load Balancing About Global Server Load BalancingComponents of Gslb How Gslb Works in CloudPlatform Configuring Gslb For more information, see Configuring a Gslb Virtual Server4 Prerequisites and Guidelines Enabling Gslb in NetScalerAdding a Gslb Rule Assigning Load Balancing Rules to Gslb Using Multiple Guest Networks Reconfiguring Networks in VMsAdding an Additional Guest Network Adding a Network Selecting the Default NetworkPrerequisites Removing a NetworkGuest IP Ranges Acquiring a New IP AddressReleasing an IP Address Reserving Public IP Addresses and VLANs for Accounts Dedicating IP Address Ranges to an AccountDedicating Vlan Ranges to an Account Gateway NetmaskStart IP End IP IP Reservation in Isolated Guest Networks IP Reservation ConsiderationsConfiguring Multiple IP Addresses on a Single NIC Best PracticesReserving an IP Range Guidelines Port Forwarding and StaticNAT Services ChangesUse Cases Assigning Additional IPs to a VMMultiple Subnets in Shared Network Prerequisites and GuidelinesAdding Multiple Subnets to a Shared Network About Elastic IP Managing Networks and Traffic Portable IPs About Portable IPConfiguring Portable IPs Acquiring a Portable IPGuidelines Static NAT Transferring Portable IPEnabling or Disabling Static NAT Configuring an Egress Firewall Rule IP Forwarding and FirewallingEgress Firewall Rules in an Advanced Zone Configuring the Default Egress Policy AllowDeny Firewall Rules IP Load Balancing Port ForwardingRemote Access VPN Configuring Remote Access VPNDNS and Dhcp Using Remote Access VPN with Windows Using Remote Access VPN with Mac OS Setting Up a Site-to-Site VPN ConnectionSee .27, Configuring a Virtual Private Cloud Creating and Updating a VPN Customer Gateway NoteManaging Networks and Traffic Page Creating a VPN gateway for the VPC Updating and Removing a VPN Customer GatewayCreating a VPN Connection Note CidrManaging Networks and Traffic Restarting and Removing a VPN Connection Isolation in Advanced Zone Using Private Vlan About Private VlanCreating a PVLAN-Enabled Guest Network PrerequisitesAbout Inter-VLAN Routing Page Configuring a Virtual Private Cloud About Virtual Private CloudsMajor Components of a VPC Network Architecture in a VPC Connectivity Options for a VPCVPC Network Considerations Adding a Virtual Private Cloud Adding Tiers Managing Networks and Traffic Configuring Network Access Control List About Network ACL ListsCreating ACL Lists Creating an ACL Rule Creating a Tier with Custom ACL List Assigning a Custom ACL List to a TierAdding a Private Gateway to a VPC Source NAT on Private Gateway See .27.5.2, ACL on Private GatewayACL on Private Gateway Creating a Static RouteDeploying VMs to the Tier Deploying VMs to VPC Tier and Shared NetworksBlacklisting Routes Acquiring a New IP Address for a VPC Releasing an IP Address Alloted to a VPC Enabling or Disabling Static NAT on a VPC Adding Load Balancing Rules on a VPC Load Balancing Public Traffic Public LBCreating a Network Offering for Public LB Creating a Public LB Rule Load Balancing Tier-to-Tier traffic Internal LB How Does Internal LB Work in VPC?Enabling Internal LB on a VPC Tier Creating an Internal LB Rule Adding a Port Forwarding Rule on a VPC Removing Tiers TCP UDPPersistent Networks Editing, Restarting, and Removing a Virtual Private CloudPersistent Network Considerations Creating a Persistent Guest Network Multiple System VM Support for VMware Working with System Virtual MachinesSystem VM Template Console ProxyChanging the Console Proxy SSL Certificate and Domain Working with System Virtual MachinesConfiguring the Virtual Router Virtual RouterUpgrading a Virtual Router with System Service Offerings Secondary Storage VMBest Practices for Virtual Routers HA for Management Server HA-Enabled Virtual MachinesSystem Reliability and High Availability Dedicated HA HostsSecondary Storage Outage and Data Loss Configuring the API Request RatePrimary Storage Outage and Data Loss Limiting the Rate of API RequestsLimitations on API Throttling 236 Using Tags to Organize Resources in the Cloud Managing the CloudSetting Configuration Parameters About Configuration ParametersManaging the Cloud Setting Global Configuration Parameters Setting Local Configuration ParametersGranular Global Configuration Parameters Cluster.cpu.allocated.capacity.disablThethr Changing the Database Configuration Administrator AlertsCustomizing Alerts with Global Configuration Settings Sending Alerts to External Snmp and Syslog ManagersSnmp Alert Details Configuring Snmp and Syslog Managers Syslog Alert DetailsCustomizing the Network Domain Name Deleting an Snmp or Syslog ManagerStopping and Restarting the Management Server Allocators Provisioning and Authentication APICloudPlatform API User Data and Meta DataCloudPlatform API Increase Management Server Maximum Memory TuningPerformance Monitoring Set Database Buffer Pool SizeConfigure XenServer dom0 Memory TuningSet and Monitor Total VM Limits per Host Event Logs TroubleshootingEvents Event NotificationTroubleshooting Standard EventsLong Running Job Events Event Log Queries Deleting and Archiving Events and AlertsProcedure Working with Server LogsPermissions Log Collection Utility cloud-bugtool Using cloud-bugtoolSymptom Data Loss on Exported Primary StorageSolution Recovering a Lost Virtual RouterMaintenance mode not working on vCenter CauseUnable to power on virtual machine on VMware Unable to deploy VMs from uploaded vSphere templateLoad balancer rules fail after changing network offering Appendix A. Event Types 260 Appendix B. Alerts Appendix B. Alerts
Related manuals
Manual 6 pages 23.94 Kb Manual 194 pages 3.03 Kb

4.2 specifications

Citrix Systems, a leading provider of virtualization solutions and cloud computing technologies, released version 4.2 of its popular software, Citrix XenApp, which was previously known as Presentation Server. This version marked a significant evolution in providing users with remote access to applications and desktops, emphasizing simplicity, performance, and security.

One of the standout features of Citrix XenApp 4.2 is its improved application streaming capabilities. This technology allows applications to be delivered to users in real-time, reducing the need for extensive local installations and enhancing the user experience. With application streaming, administrators can efficiently manage applications on a central server while ensuring that users have immediate access to the necessary tools.

Another highlight of this version is the enhanced security measures put in place to protect sensitive data. Citrix XenApp 4.2 includes support for SSL encryption, providing a secure communication channel for data transmitted between the server and clients. This is particularly crucial for businesses that need to comply with strict data protection regulations. Additionally, the integration of endpoint security features ensures that unauthorized access to applications is minimized.

Performance enhancements are also a critical focus in this release. Citrix optimized the delivery of applications over various network conditions, ensuring that users experience minimal latency regardless of their location. This was achieved through the incorporation of SmartAccess and SmartControl technologies, which allow administrators to set policies based on user roles, device types, and network conditions. This level of granularity enables organization-wide security without compromising on usability.

The user experience was further improved with a revamped interface, making it easier for end-users to access their applications and data. Simplified menus, clear navigation paths, and the ability to customize user settings contributed to a more efficient workflow, allowing users to focus on their tasks rather than struggling with the software.

Finally, Citrix XenApp 4.2 was designed to be highly scalable. Organizations of all sizes could deploy this solution to deliver applications efficiently, adapting to their specific needs as their user base grows or changes. This flexibility is crucial for businesses looking to future-proof their IT investments while maintaining optimal performance.

In summary, Citrix XenApp 4.2 stands out with its enhanced application streaming, robust security features, improved performance under varying conditions, user-friendly interface, and scalability, making it an ideal choice for organizations seeking to leverage virtualization for remote access to applications and desktops.