Link to home
Create AccountLog in
Avatar of jetli87
jetli87

asked on

Monitoring Citrix bandwidth usage and Internet deployment

Hi Citrix/Network Experts,

I had a few questions about Citrix and overall bandwidth monitoring for a new company I started work at:

1) what's a good/best method to monitor/analyze bandwidth usage/needs for Citrix?  Basically we have a dedicated DSL line @ 6MB/768kb for about 25 remote citrix users that access remote desktop (to use MS office, access network docs, and other apps) on the server via direct internet, so I'm in the process of upgrading our bandwidth and wanted to see exactly what our needs are.  I have the decision to either upgrade to a 1.5mb/1.5mb or 3mb/3mb pipe for remote users and wanted to be sure that I pick the appropriate service.

2)  Prior to this company, I deployed remote citrix connections via cisco vpn connection and it seems to perform better although it was with less users.  What's a better method to deploy citrix in terms of performance?  VPN or direct internet connection?   I mean to me VPN would suck up more bandwidth on top of the citrix connection plus i believe Citrix connections are already encrypted as well...Can someone educate me on the difference?
Avatar of chuckyh
chuckyh
Flag of United States of America image

2.  You don't want to open up citrix directly to the internet, you should look into using Citrix Secure Gateway, or an appliance such as a Citrix Access Gateway.  Citrix connections are encrypted but it's not secure at all. Using the CSG or a CAG will give you SSL encryption which is much more robust.
Avatar of jetli87
jetli87

ASKER

Thanks for the response...I'm thinking about deploying our citrix clients via Cisco SSL vpn.

but per my question, even though Citrix Encryption isn't secure (something I definitely did not know), is there a performance different if citrix is deployed via direct internet or ssl method?

also can you provide a bit more info why or a link that documents about Citrix's encryption not actually being that secured?
ASKER CERTIFIED SOLUTION
Avatar of chuckyh
chuckyh
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of jetli87

ASKER

I'm sorry i didn't specify, but yeah, our Citrix clients are deployed over the internet ussing SSL.
Avatar of jetli87

ASKER

I was referring more towards using a Cisco SSL client and piping the SecureICA underneath that connection.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of jetli87

ASKER

KrAzY:

first off, thanks for the response...

So correct me if I'm wrong, from your post, I should try the following:

Simulate a typical user session while having wireshark/ethereal capture the session...calculate the average consumption of KBs during the sim then multiply by number of sessions?

Sounds very logical...I will definitely try.
Sorry... been away, but yes that is what you sould try.  Remember there a alot of variables, but if you can get an average you could multiply that by the sessions.

Let me know if you need more info...
Avatar of jetli87

ASKER

do you have a basic configuration I can follow?

I'm a newbie with wireshark...I think so far I  kinda get how to capture a filtered session between a remote interface and the server...but I still lost with how to ascertain the size of the packets and calculate the total.
Bast Monitoring:

www.bastmonitoring.com

easily my favourite. its managed so if the software goes down or machine hosting it, you are alerted by an offsite server.

the do all the usual management / monitoring stuff but have extras like trend analysis and fault history. SMS alerting. centrally managed so its set up by professionals so you dont find out later that you set your monitoring up wrong :op

they also do workstation monitoring and its really cheap. useful for health checks and detecting faults with clients. helps us with our budgetting for new gear, etc....

they set it all up for you so its guarrenteed to work