This year was my 9th year attending Citrix Synergy, but somehow the feeling never gets old. Its always great to meet colleagues, friends from the community, customers and others and learn about their challenges, their perception of Citrix and how we help address their challenges. This year was no different! One of the common themes I heard though from many was that Citrix is no longer serious about Virtual Apps and Desktops (CVAD)! Many felt a lack of love to the loyal base who have been CVAD customers for many many years. This sentiment while understandable couldn’t be farther from the truth and that is exactly why I decided to spend some time blogging about all the innovation around CVAD that was discussed in many of the breakout sessions and highlighted in the expo hall. I have linked the relevant sessions and demos when possible. So here goes…
ITSM Adapter for ServiceNow has come a long way!!!
One of the major announcements at Synergy 2018 was the ITSM Adapter for ServiceNow. The initial release primarily focused around allocating pre-provisioned virtual apps and desktops to users based on approval workflows via ServiceNow and logging this in the CMDB. However the PM and engineering team have been hard at work on many new exciting features based on feedback from our customers. Here are a few that come to mind:
- If a user requests a desktop (Dedicated or otherwise) and if it does not exist, the desktop will be provisioned. In the past the desktop had to be pre-provisioned.
- If pre-defined performance thresholds are exceeded, one can automate the addition of capacity to delivery groups.
- Integration with Director whereby if an alert is triggered, a ticket can automatically be created in ServiceNow. These could be related to license usage, connection failure, CPU usage etc to name a few. Similarly App Probing failures
- Citrix Analytics Integration
- Citrix Endpoint Management Integration such as enrolling devices from service catalog self service and in bulk by admins.
- Citrix Access Control integration (automate the addition of users to SaaS apps)
ITSM Adapter: App Provisioning Demo
ITSM Adapter: Director Integration Demo
ITSM Adapter: MCS Provisioning
ITSM Adapter: UEM Integration Demo
So Much HDX Goodness!
HDX has been the secret sauce for many many years and innovation hasn’t stopped. There were plenty of updates shared at Synergy that I will try to summarize below. However I highly recommend that you watch the HDX session (SYN211) led by our PM team that I have embedded here.
- Citrix VDA Update Service: Cloud service fully managed by Citrix. No requirement for customer to have a Citrix cloud entitlement. Cloud agent goes on Cloud connector (for cloud customers) or delivery controller (on-prem customers). Cloud agent informs service on VDA versions within customer environment and the service informs customer about current versions and if an upgrade is recommended. Customer can then either do a manual update or schedule an automated update based on scheduled maintenance window or idle time. This is particularly useful when it comes to persistent desktops or Remote PC deployments as you no longer need software distribution tools to manage the upgrades.
- VDA installer improvements: Enhancements to the VDA installers to improve the upgrade process and reduce upgrade errors.
- VDA Rollback: During the upgrade process, all changes are written to an XML file. If the VDA upgrade process fails, the XML file is read to determine the changes that were made and those changes can then be undone.
- Unified Communications:
- Microsoft Teams:
- Optimization for the web client was introduced in the CVAD 1809 release with Browser Content Redirection on chrome browser. Linux will soon be supported as well.
- Teams Desktop App will be supported in the upcoming CVAD 1906 release. The media engine is now integrated into Workspace App (WSA) and no separate installation is necessary. The desktop version will support optimization for audio, video and screen-sharing. Policies will be controlled via Studio. One major improvement is that the new teams client will be installed to C:\Program Files (x86) as opposed to AppData. This bodes well for shared environments. This also means that future enhancements will be delivered via WSA. So if teams optimization is something that you are keen on, then you are better off sticking to the current release as opposed to LTSR (at least when it comes to the client).
- Microsoft Teams:
- Other Platforms:
- Cisco is working closely with Citrix on a Webex optimization pack for both Web and the Desktop version of the Webex. Jabber optimization pack already exists and is available through Cisco.
- Zoom has also released an optimization pack for CVAD.
- Other vendors with optimization packs include BlueJeans, Avaya etc.
- Citrix will also be working with Google in the near future for optimization packs for their multimedia collaboration solutions.
- Protocol Enhancements:
- Adaptive Throughput (1811): Increases maximum throughput of ICA over TCP leading to a better overall user experience. Throughput is adjusted based on session interactivity. Up to 5x improvement in file transfer speeds.
- EDT Lossy + Enlightened Virtual Channels: Individual virtual channels can elect which protocol to use leading to overall improved performance. The demo in the session showed a 3D image of a car rendered with almost no lag over a 300msec link with 5% packet loss.
- Local Text Echo is back in 1811! The functionality is on par with XA 6.5 but future releases will add enhancements.
- Automatic Graphic Providers: No need anymore to install separate 3DPro VDA. Unified VDA installation package detects GPU at run time and installs necessary components.
- Generic GPU support (Citrix Indirect Display Driver)
- Preferred Modes: Understand client capabilities during session establishment and switch settings as needed.
- Thinwire+Progressive Display: Dynamic image quality based on bandwidth availability
- H.264 Build to Lossless: Pixel perfect image quality for the most demanding use cases.
- Lossy Graphics: Unifying Thinwire and Framehawk (leveraging EDT Lossy)
- Dynamic 3D Pro: Optimize for 3D workloads automatically in session.
- HDX Graphics Monitor: In session details about graphics mode in use. Admin can enable or disable this feature. GPU is not a requirement.
- Virtual Display Layout: Slice a single monitor into multiple displays. Allows customers to use a single large monitor and slice it however they like.
- Other Updates:
- Workspace Printing: Mobile print solution that gives you the ability to print from the virtual session but save the document outside the session as a pdf in Sharefile which can then be accessed via Workspace App.
- CVAD 1903 and up now supports Stylus for note taking on Windows devices.
- Biometric Authentication using FIDO2: FIDO2 is based on asymmetric cryptography with the goal of eliminating passwords as a whole. Biometrics can be used as a second form of authentication or the primary authentication mechanism. The goal is to support FIDO2 based biometric authentication within a virtual session via USB redirection. The other use case would be to leverage integrated biometrics (Windows Hello, TPM) etc for authentication within a virtual session.
Identity Story Beefs Up With Okta Integration and more to follow!
When it comes to IdP vendors, Okta probably has a significant market share and a lot of customers have made sizeable investments in their identity platform and hence want to make the most of their investment and leverage Okta as the identity provider for Citrix Workspace. At Synergy, we announced that we will integrate Workspace with Okta such that users can authenticate with Okta and login to Citrix Workspace. Furthermore Citrix Cloud Federated Authentication Service can be used in conjunction with Okta to provide single sign on Citrix virtual apps and desktops.
In the near future, Okta SaaS and web apps can be delivered within the Citrix workspace such that users will have unified access to both the Citrix delivered apps and Okta apps within Citrix Workspace with SSO.
Okta integration will go into public tech preview in the coming weeks.
In order to learn more, do watch the session below. The live demo starts around the 12:11 timestamp.
In addition to the Okta integration, Citrix also announced plans to integrate with Google Identity Platform as an identity provider for Citrix workspace.
Customers can also leverage their on premises Netscaler to integrate with third party identity providers and authenticate with Citrix Workspace. This capability is currently in tech preview and expected to release later in Q3.
Citrix App Protection Policies To The Rescue
Citrix Armored Client was announced at Summit earlier this year. This has now been re-branded to Citrix App Protection Policies. Citrix App Protection Policies allow administrators to protect HDX, SaaS and Web App delivered via the Workspace App from key-loggers and screen capture tools installed locally on the users endpoint. This takes security to a whole new level especially when combined with the existing HDX policies, and Citrix ADC End Point Analysis in conjunction with SmartAccess, SmartControl. Scott Lane demonstrates these new capabilities in the video above (25:15 time stamp)
Citrix Managed Desktops! A True DaaS Solution!
Citrix Managed Desktops (CMD) was officially announced at Synergy and compliments the Citrix Virtual Apps and Desktops offerings. CMD is meant for niche use cases like seasonal workloads, temporary workers, mergers and acquisitions, business continuity, or for SMB customers who have limited requirements. The main advantage of CMD is the consumption based billing or the “Pay As You Go” model. Some key highlights:
- Supports domain joined or non domain joined desktops
- Designed for Windows Virtual Desktop (Multi session Win 10)
- Supports network connectivity to backend resources on premises.
- Buy the whole solution from Citrix
- Customers can bring their own image or Citrix can provide customers a base image with all the patches and updates.
- Leverages the industry leading HDX protocol.
- Consumption based billing
- 11 Global Azure Gateway POPs can be leveraged.
- Been in limited tech preview since Jan. Opening up tech preview to more customers after Synergy. General Availability slated for Q3.
- VM types include B2s, D2sv3, D4sv3 and D8sv3 as of today
- Regions include East US, Australia East, West Europe and West US today.
- Basic monitoring is also provided as part of the solution.
Citrix Managed Desktops: Pricing
Do watch the session below for more details including a detailed demo (32:31 time stamp)
Performance Analytics For All!
Performance Analytics was one of the most exciting announcements for most customers. Performance analytics can provide user experience scores across all Citrix products taking into account both the end user and the infrastructure point of view to calculate the score. Today customers use multiple tools to assess and troubleshoot performance issues and even with all these tools, they struggle to understand what user experience is really like as there is no end to end visibility. They are inundated with data but very little insights. This is the problem that performance analytics attempts to solve. Some highlights below:
- User-centric experience score that helps quantify user experience. These scores can be used to identify users experiencing poor performance and correlate with potential infrastructure issues.
- Quantify app performance
- Multi site aggregation and reporting
- Available for both on premises and cloud CVAD customers.
- Visibility into ICA traffic channels
- Actionable insights
- Drill down views available to determine what exactly is causing poor user performance (Eg: slow logons, GPO policies, network latency etc)
- On premises customers need to upgrade DDC and Director to 1906. Customers require a Citrix Analytics Service account and outbound connectivity on port 443.
- Next LTSR release slated for Q4, 2019 will have performance analytics integration.
- Q2 Tech Preview
- To address data sovereignty concerns, the goal is to have targeted availability in EMEA and APAC
Performance Analytics: How To Get Started
Watch the recorded session above for further details including a demo (24:00 time stamp)
Citrix Virtual Apps and Desktops Service Updates
- Auto scale: Available via Citrix Cloud Studio. Schedule based or load based power management for workloads (power up or power down VMs to keep public cloud consumption costs under control. Capacity and cost savings information will be available with Director.
- Delegated Admin and Config Logging now available for CVAD service
- Machine Creation Services support on Google Cloud Platform is coming soon. This will allow customers to leverage GCP as a resource location with CVAD service and automate the provisioning of workloads. In addition Linux Virtual Apps and Desktops is now certified for GCP
- App Layering enhancements include Azure Gov support, Office 2019 certification as an App Layer and Server 2019 certification as an OS layer.
- License management and reporting capabilities have improved significantly including daily active use and monthly active use reporting. Admins can also release licenses from users that have changed roles or left the company.
- There is a lot of focus on an API drive approach including enabling direct API access for seamless automation. An Orchestration API is now available as a limited tech preview. Customers can also leverage OData APIs for reporting.
- Citrix Brand Personalization Service is now in public tech preview and allows customers to personalize application name, icons, app color themes etc for Workspace App and other Citrix products like Secure Mail, Secure Web and Citrix Files.
- Secure Browser service has a number of updates including auto-selection of region for best user experience, client drive mapping, expanded region support and admin localization.
Watch the session below to learn more!
Access Control for SaaS and Web Apps with On-Premises Storefront
One of the major challenges preventing customers from adopting Citrix Access Control was the dependency on the Citrix Workspace service. Most customers still leverage on premises Citrix ADC and Storefront to aggregate their resources and not ready to migrate from Storefront to Citrix Workspace. In order to enable these customers to be able to adopt Citrix Access Control, Citrix announced Access control integration with on premises Storefront. This new capability allows customers to secure SaaS and Web Apps using the Access Control capabilities and deliver these apps either using the embedded browser within Workspace App or via the Secure Browser depending on the use case. To learn more about these capabilities, review this blog post by Chris Fleck.