AD/Citrix Bandwidth questions

K

Karandras

[H]ard|Gawd
Joined
Feb 16, 2001
Messages
1,873
Alright first off I've never used Citrix so my knowledge on that software is limited to the manuals and such.

First question - Does Active Directory run through Citrix? I'm going to guess yes....power the computer on, connect to the Citrix network and Active Directory through the Citrix connection. All the Active Directory content is secured through the Citrix connection.

Second question - If Active Directory is not going through Citrix, how much bandwidth would it use if it's conenction is through a 2 mbps WAN connection. Can you throttle the bandwidth that AD uses, like a certain percentage of the connection?

Third question - If the answer to question #1 is Yes, will Citrix throttle the AD bandwidth?


I'm doing research to see what an impact AD would be on a 200 machine network spread across 14 remote locations (all about 2 mbps lines).
google isn't helping me too much on this one. I've been searching for the last 4 hours and I've found some stuff but not the answer I'm looking for. I'm hoping that someone out there has run into this question before and can help me with an answer.

Thanks.
 
Citrix uses AD to authenticate users. So for authentication its going to depend on your AD setup, Citrix should only use the same amount of bandwidth to login as when you login to your pc. Citrix itself has its own bandwidth usage over a WAN but one of the reasons you use citrix is its very minimal. I am no expert myself though, just started getting into everything Citrix.
 
Why are you using Citrix?

you can just use terminal services. The cost of Citrix is quite expensive as you have to pay for TS licenses and then Citrix licenses as well. Citirx is just an add on to Windows 2000 / 2003 terminal services. Can you not just use Terminal Services?

I would advise you to have you AD/ file server on one server and your TS on another (I would use 2 or more servers with load balancing)

What is your main server locations upload speed? I think each user will consume about 5 - 25kbps depending on what they are doing. AD does not use any bandwidth as far as I know but you need it for Citrix to work.

I would also look at using two lines for your internet, you can buy VPN routers that will load balance over both lines, give you a better upload and backup. I would think about internet usage as well, people using the internet over Citrix will slow the connection for every one else. This is where you need to use either QoS or maybe even route internet usage over a third line?

lots to think about there. I used Citrix for 18 months, it was good but to be honest It didn't really add anything that I couldn't really do over TS (apart from the publish application options)
 
The client that I'm doing the research for already has Citrix enabled but wants to add in AD to the equation but they want to know how much of a hit their network is going to take by adding this in.
 
Karandras69 said:
The client that I'm doing the research for already has Citrix enabled but wants to add in AD to the equation but they want to know how much of a hit their network is going to take by adding this in.
Click to expand...
What exactly do you mean by "AD to the equation"? Are you talking about authentication Citrix users or connections? If so, the traffic is minimal. A query will have to be executed during the initial connection of the client, but a persistent connection form Citrix to AD doesn't need to be maintained. Plus, this is all done on the back end on the internal network. This traffic wouldn't need to traverse the WAN.
 
hold on they have citirx but no Active Directory? or do they want to have AD in another location to the citrix servers?
 
You should only need AD at your HQ where your Citrix server resides. I have remote locations that citrix back to Corporate.

The following resides at the remote office.

-WAN Router
-Local PC (they login locally to the pc)
-Citrix client installed on the PC
-Through citrix they auth. to the domain (email, mapped drives though citrix)
 
Jay_oasis said:
hold on they have citirx but no Active Directory? or do they want to have AD in another location to the citrix servers?
Click to expand...

They have Citrix but no AD.

JayAre said:
You should only need AD at your HQ where your Citrix server resides. I have remote locations that citrix back to Corporate.

The following resides at the remote office.

-WAN Router
-Local PC (they login locally to the pc)
-Citrix client installed on the PC
-Through citrix they auth. to the domain (email, mapped drives though citrix)
Click to expand...

To my understanding (I don't have the network topology) that is what they have going. The central location (head office) is on a 30 mbps line right now.
 
Heh, no a good question. I sorta know how it works. it a remote desktop/VPN software.

Now that I'm writing this I'm thinking that the user has to log onto the comptuer first (AD) then log onto Citrix...right? great, I thought I sorta knew how the process works but I guess not. I'm going to read up more on Citrix.

However that's not really what my research is all about. I'm mainly curious on how much bandwidth AD sucks up when it calls home and/or users log in.

Thanks again for everyone's help.
 
Karandras69 said:
They have Citrix but no AD.



To my understanding (I don't have the network topology) that is what they have going. The central location (head office) is on a 30 mbps line right now.
Click to expand...

30mbps would be overkill....but hey...why the heck not. We're running 2mbps lines and we have 2-15 users at each site and it runs fine. Citrix traffic is VERY minimal. However, depending on what other applications are running on your WAN, it may appear that Citrix is running "slow". You may need to put bandwidth limitations (i.e. packet shaper or some other sort of device)
 
Karandras69 said:
However that's not really what my research is all about. I'm mainly curious on how much bandwidth AD sucks up when it calls home and/or users log in.
Click to expand...
Not to be harsh, but you should read up on how Active Directory works as well. When a roaming user logs into a machine and the machine can not locate a domain controller, it won't use any bandwidth as it will use cached credentials. When it can locate a DC, the amount of bandwidth used will vary depending on how many policies/software applications you have assigned.
 
Karandras69 said:
Heh, no a good question. I sorta know how it works. it a remote desktop/VPN software.

Now that I'm writing this I'm thinking that the user has to log onto the comptuer first (AD) then log onto Citrix...right? great, I thought I sorta knew how the process works but I guess not. I'm going to read up more on Citrix.

However that's not really what my research is all about. I'm mainly curious on how much bandwidth AD sucks up when it calls home and/or users log in.

Thanks again for everyone's help.
Click to expand...

you don't need to have users logon to the local systems. I would use a cut down version of windows XP, Linux or even better thin clients the log onto to a local account with just the Citrix ICA icon on. You then log on to the Citrix server using the citrix ICA program (This is where the AD comes in) I really don't know how they have had citrix without AD?

what you get with citrix ICA is a screen with the logon screen to the server (like remote desktop), from here they put their own user name and password and they are into their own desktop.

the server hosts the session so if you look in the servers task manager you will see all the users explorer.exe and every program they are using. If one user crashes their word file and word.exe is stuck on the screen you can go to the server and end the process. The word document will then disappear from their screen. The users local system does nothing other than host the ICA client

each client will only use 2 - 25kbps no matter if you have AD or not all the work is done at the site and then only the desktop is streamed over the net to the end user. The local system does not connect to AD at all it just connects to the server where the desktop is hosted and project to. All the AD, citrix connections are done on site via the LAN.
 
Alright, went and talked to my boss on how their setup works:

On the local network, all the computers have AD and have Citrix for programs. They have all the documents and such stored on a File server and users have their own home directories.
On the remote locations they log in locally then load up the Citrix session for the programs. All the documents and such are stored locally.
They want to enable AD on the remote machines for added security and policies.

I'm sorry that I'm not up to par on my AD and Citrix knowledge, I'm being thrown into this situation and I thank all of you for your patience while describing stuff to me. Currently I'm going through all the reading material I can find and there is lots.

Thanks.

PS - I definately understand much better on how citrix works...very cool program for network admins and corporations that are looking to save time and money.



So I guess what I'm looking for:
When someone logs into their computer that connects to the domain how much bandwidth is created from that process (ie: master browser, local policies). No roaming profiles on these remote computers.
 
don't worry about it! Citrix is confusing at times!!

ok

I think this network has been setup wrong!

the way things should be done is that the local network hosts all the files, desktops, prifiles and software (this is the point of citirx!)

you really need to see about changing the way this is setup, your not really using citrix in a safe way.

You need to use you AD to lock down the user profiles. One group for admin one for thin clients. The admin group has full acess to the network and server the thin client AD is locked down via GPO to have no access to C: D: etc drive only H: (we will come to this in a second). No right click on the main screen, no my network places, no shutdown etc.

setup a share for each user on the file server, then connect the users Via AD as a network drive (drive H: ). On this drive you need to have their my documents (change the location via right clicking on their my documents icon) Once you have set the user up move them in AD to the thin client area. Noe they have their setting locked down, they should only have access to drive H: and their my documents (also on drive H: )

Now this give citrix users a full functioning desktop, 128bit encryption and a fully safe, locked down desktop they can access from anywhere in the world. If they then go to the local LAN they can log on to any system and get the same desktop.

This is best done via a VPN as well. This means that people cant just connect to the Citrix server and brute force it they would have to bruit force a VPN and then a Citrix logon. 2 x 128 bit encryption... no chance! I think the above will do everything you need

now

Bandwidth, Citrix bandwidth isn't that bad what is the killer is remote printing. I would advise you to get a PDF printing solution. When a remote user wants to print to a local printer the print job is created on the server and then has to be uploaded from the server back to the remote users local printer, you will notice this when the network is busy. the PDF solution will compress the print job.
 
Jay_oasis you rock, thanks for all the great information. However I'm not the administrator of this network, just an employee for a company that has been hired to give an assesment on how much of a bandwidth hit their WAN is going to take if they implement certain programs on X amount of computers. So really all I'm looking for is numbers to tell the client.
Once they implement AD I'm sure the network will change to what you just described, at least that would make sense to me.

So The bandwidth question is pretty much geared toward AD logins and other AD activities not Citrix.
 
I'm still hoping someone out there has some numbers that I can use for creating a bandwidth model for this client as I can't find anything through google or AD forums.

thanks all.
 
to do this they would need to join the domain from a remote location.... am i right in thinking that?
 
That's to my understanding, yes. The remote locations are on 2mbps lines connecting to the central office 30 mbps line.
 
You must log in or register to reply here.
Back
Top