Hi everyone, We have a customer using Citrix DaaS with on-prem workloads (Austria) for 3D CAD users. Performance in Europe is great, and the customer now wants to extend usage to users outside of Europe (e.g., UAE). It’s a requirement that the workloads must remain on-prem in Austria. Currently, there are no additional Citrix components on-prem and all traffic runs through Citrix Workspace and the Gateway Service. Our main challenge is latency optimization for remote users. From what we understand, Citrix uses the Azure backbone from the PoP (closest to the user endpoint) only if the workloads are hosted in Azure. Otherwise, HDX traffic travels over the public internet. This was confirmed by our Citrix contact. Now our idea was the following: We’re considering setting up a site-to-site VPN or ExpressRoute from the client’s HQ to the closest Azure DC (Austria East), then place Cloud Connectors there. The assumption is that the endpoint connects to the nearest PoP, then HDX traffic travels across the Azure backbone to the Cloud Connectors in Austria East, and from there via VPN to the on-prem datacenter. Does this approach make sense? What’s your experience or recommendation for optimizing latency in such scenarios?

I think you need to test to determine whats best we normally dont recommend routing through cloud connectors its much more efficient to use rendezvous. What is the latency you are seeing right now?

The customer did some tests and he reported about 500 ms latency for clients from UAE. Which seems quite high even if it's routed over public internet i guess

find out where their dns server is and you can check in montor which pop they are connecting to by looking at the gateway. They may be usinga dns server in another part of the world so they could be hairpinning

Ah thx, DNS might indeed be an issue because the customer is using Cloudflare DNS. Need to check with the customer.

You can create a separate resoutce lcoation then forde gateway service to connct to a region for that rl.

But for a new ressource location i'd also need to place cloud connectors in UAE right? Currently that's not an option since there is no fixed office in UAE, just some HomeOffice users

No you can create the rl wiht sa set of vdas and force whoever is connecting to gatewy service to attach to a pop in the asia region.

Ok nice. So we'll have a look at that. Might be easier than changing the customers DNS configuration.

yea thats why it was added but since we can only control one side or the other it can still be an issue depending on routing

Did you setup rendezvous so that the endpoints can connect directly to the workloads over the internet? That way you bypass the cloud connectors and reduce the packet overhead for VPN. Or can you not do that type of gateway service direct connectivity.

Rendezvous has not been set up but that will be our next step.

That or HDXDirect will give you the best performance. Less hops and windowing of network frames will give the best performance.

@Philipp Mair some points: • Traffic is routed the same through our Gateway service, independent on where the workload is running. We select the closest POP to the user. • I would highly recommend using Rendezvous V2 and utilize EDT to optimize the connectivity with latency • Once this works, I would test HDX-Direct to see if this further optimizes the latency. But this has additional requirements (STUN ports open etc), so I would first get Rendezvous V2 + EDT running

Thanks Rody, we'll try first Rendezvous and then maybe have a look at HDX-Direct. 🙂

Which VDA version are you using?

Still 2402

HDX Direct is GA with VDA 2503, so you would need to upgrade for that. Hence why I would recommend the Rendezvous V2 with EDT first

Great! I‘ll try and let you know