Category: Technology

Long Live Citrix Virtual Apps and Desktops – Key Highlights from Citrix Synergy 2019!

This year was my 9th year attending Citrix Synergy, but somehow the feeling never gets old. Its always great to meet colleagues, friends from the community, customers and others and learn about their challenges, their perception of Citrix and how we help address their challenges. This year was no different! One of the common themes I heard though from many was that Citrix is no longer serious about Virtual Apps and Desktops (CVAD)! Many felt a lack of love to the loyal base who have been CVAD customers for many many years. This sentiment while understandable couldn’t be farther from the truth and that is exactly why I decided to spend some time blogging about all the innovation around CVAD that was discussed in many of the breakout sessions and highlighted in the expo hall. I have linked the relevant sessions and demos when possible. So here goes…

ITSM Adapter for ServiceNow has come a long way!!!

One of the major announcements at Synergy 2018 was the ITSM Adapter for ServiceNow. The initial release primarily focused around allocating pre-provisioned virtual apps and desktops to users based on approval workflows via ServiceNow and logging this in the CMDB. However the PM and engineering team have been hard at work on many new exciting features based on feedback from our customers. Here are a few that come to mind:

  • If a user requests a desktop (Dedicated or otherwise) and if it does not exist, the desktop will be provisioned. In the past the desktop had to be pre-provisioned.
  • If pre-defined performance thresholds are exceeded, one can automate the addition of capacity to delivery groups.
  • Integration with Director whereby if an alert is triggered, a ticket can automatically be created in ServiceNow. These could be related to license usage, connection failure, CPU usage etc to name a few. Similarly App Probing failures
  • Citrix Analytics Integration
  • Citrix Endpoint Management Integration such as enrolling devices from service catalog self service and in bulk by admins.
  • Citrix Access Control integration (automate the addition of users to SaaS apps)

ITSM Adapter: App Provisioning Demo

ITSM Adapter: Director Integration Demo

ITSM Adapter: MCS Provisioning

ITSM Adapter: UEM Integration Demo

So Much HDX Goodness!

HDX has been the secret sauce for many many years and innovation hasn’t stopped. There were plenty of updates shared at Synergy that I will try to summarize below. However I highly recommend that you watch the HDX session (SYN211) led by our PM team that I have embedded here.

  • Citrix VDA Update Service: Cloud service fully managed by Citrix. No requirement for customer to have a Citrix cloud entitlement. Cloud agent goes on Cloud connector (for cloud customers) or delivery controller (on-prem customers). Cloud agent informs service on VDA versions within customer environment and the service informs customer about current versions and if an upgrade is recommended. Customer can then either do a manual update or schedule an automated update based on scheduled maintenance window or idle time. This is particularly useful when it comes to persistent desktops or Remote PC deployments as you no longer need software distribution tools to manage the upgrades.
  • VDA installer improvements: Enhancements to the VDA installers to improve the upgrade process and reduce upgrade errors.
  • VDA Rollback: During the upgrade process, all changes are written to an XML file. If the VDA upgrade process fails, the XML file is read to determine the changes that were made and those changes can then be undone.
  • Unified Communications:
    • Microsoft Teams:
      • Optimization for the web client was introduced in the CVAD 1809 release with Browser Content Redirection on chrome browser. Linux will soon be supported as well.
      • Teams Desktop App will be supported in the upcoming CVAD 1906 release. The media engine is now integrated into Workspace App (WSA) and no separate installation is necessary. The desktop version will support optimization for audio, video and screen-sharing. Policies will be controlled via Studio. One major improvement is that the new teams client will be installed to C:\Program Files (x86) as opposed to AppData. This bodes well for shared environments. This also means that future enhancements will be delivered via WSA. So if teams optimization is something that you are keen on, then you are better off sticking to the current release as opposed to LTSR (at least when it comes to the client).
  • Other Platforms:
    • Cisco is working closely with Citrix on a Webex optimization pack for both Web and the Desktop version of the Webex. Jabber optimization pack already exists and is available through Cisco.
    • Zoom has also released an optimization pack for CVAD.
    • Other vendors with optimization packs include BlueJeans, Avaya etc.
    • Citrix will also be working with Google in the near future for optimization packs for their multimedia collaboration solutions.
  • Protocol Enhancements:
    • Adaptive Throughput (1811): Increases maximum throughput of ICA over TCP leading to a better overall user experience. Throughput is adjusted based on session interactivity. Up to 5x improvement in file transfer speeds.
    • EDT Lossy + Enlightened Virtual Channels: Individual virtual channels can elect which protocol to use leading to overall improved performance. The demo in the session showed a 3D image of a car rendered with almost no lag over a 300msec link with 5% packet loss.
    • Local Text Echo is back in 1811! The functionality is on par with XA 6.5 but future releases will add enhancements.
  • Graphics:
    • Automatic Graphic Providers: No need anymore to install separate 3DPro VDA. Unified VDA installation package detects GPU at run time and installs necessary components.
    • Generic GPU support (Citrix Indirect Display Driver)
    • Preferred Modes: Understand client capabilities during session establishment and switch settings as needed.
    • Thinwire+Progressive Display: Dynamic image quality based on bandwidth availability
    • H.264 Build to Lossless: Pixel perfect image quality for the most demanding use cases.
    • Lossy Graphics: Unifying Thinwire and Framehawk (leveraging EDT Lossy)
    • Dynamic 3D Pro: Optimize for 3D workloads automatically in session.
    • HDX Graphics Monitor: In session details about graphics mode in use. Admin can enable or disable this feature. GPU is not a requirement.
    • Virtual Display Layout: Slice a single monitor into multiple displays. Allows customers to use a single large monitor and slice it however they like.
  • Other Updates:
    • Workspace Printing: Mobile print solution that gives you the ability to print from the virtual session but save the document outside the session as a pdf in Sharefile which can then be accessed via Workspace App.
    • CVAD 1903 and up now supports Stylus for note taking on Windows devices.
    • Biometric Authentication using FIDO2: FIDO2 is based on asymmetric cryptography with the goal of eliminating passwords as a whole. Biometrics can be used as a second form of authentication or the primary authentication mechanism. The goal is to support FIDO2 based biometric authentication within a virtual session via USB redirection. The other use case would be to leverage integrated biometrics (Windows Hello, TPM) etc for authentication within a virtual session.

Identity Story Beefs Up With Okta Integration and more to follow!

When it comes to IdP vendors, Okta probably has a significant market share and a lot of customers have made sizeable investments in their identity platform and hence want to make the most of their investment and leverage Okta as the identity provider for Citrix Workspace. At Synergy, we announced that we will integrate Workspace with Okta such that users can authenticate with Okta and login to Citrix Workspace. Furthermore Citrix Cloud Federated Authentication Service can be used in conjunction with Okta to provide single sign on Citrix virtual apps and desktops.

In the near future, Okta SaaS and web apps can be delivered within the Citrix workspace such that users will have unified access to both the Citrix delivered apps and Okta apps within Citrix Workspace with SSO.

Okta integration will go into public tech preview in the coming weeks.

In order to learn more, do watch the session below. The live demo starts around the 12:11 timestamp.

In addition to the Okta integration, Citrix also announced plans to integrate with Google Identity Platform as an identity provider for Citrix workspace.

Customers can also leverage their on premises Netscaler to integrate with third party identity providers and authenticate with Citrix Workspace. This capability is currently in tech preview and expected to release later in Q3.

Citrix App Protection Policies To The Rescue

Citrix Armored Client was announced at Summit earlier this year. This has now been re-branded to Citrix App Protection Policies. Citrix App Protection Policies allow administrators to protect HDX, SaaS and Web App delivered via the Workspace App from key-loggers and screen capture tools installed locally on the users endpoint. This takes security to a whole new level especially when combined with the existing HDX policies, and Citrix ADC End Point Analysis in conjunction with SmartAccess, SmartControl. Scott Lane demonstrates these new capabilities in the video above (25:15 time stamp)

Citrix Managed Desktops! A True DaaS Solution!

Citrix Managed Desktops (CMD) was officially announced at Synergy and compliments the Citrix Virtual Apps and Desktops offerings. CMD is meant for niche use cases like seasonal workloads, temporary workers, mergers and acquisitions, business continuity, or for SMB customers who have limited requirements. The main advantage of CMD is the consumption based billing or the “Pay As You Go” model. Some key highlights:

  • Supports domain joined or non domain joined desktops
  • Designed for Windows Virtual Desktop (Multi session Win 10)
  • Supports network connectivity to backend resources on premises.
  • Buy the whole solution from Citrix
  • Customers can bring their own image or Citrix can provide customers a base image with all the patches and updates.
  • Leverages the industry leading HDX protocol.
  • Consumption based billing
  • 11 Global Azure Gateway POPs can be leveraged.
  • Been in limited tech preview since Jan. Opening up tech preview to more customers after Synergy. General Availability slated for Q3.
  • VM types include B2s, D2sv3, D4sv3 and D8sv3 as of today
  • Regions include East US, Australia East, West Europe and West US today.
  • Basic monitoring is also provided as part of the solution.

Citrix Managed Desktops: Pricing

Do watch the session below for more details including a detailed demo (32:31 time stamp)

Performance Analytics For All!

Performance Analytics was one of the most exciting announcements for most customers. Performance analytics can provide user experience scores across all Citrix products taking into account both the end user and the infrastructure point of view to calculate the score. Today customers use multiple tools to assess and troubleshoot performance issues and even with all these tools, they struggle to understand what user experience is really like as there is no end to end visibility. They are inundated with data but very little insights. This is the problem that performance analytics attempts to solve. Some highlights below:

  • User-centric experience score that helps quantify user experience. These scores can be used to identify users experiencing poor performance and correlate with potential infrastructure issues.
  • Quantify app performance
  • Multi site aggregation and reporting
  • Available for both on premises and cloud CVAD customers.
  • Visibility into ICA traffic channels
  • Actionable insights
  • Drill down views available to determine what exactly is causing poor user performance (Eg: slow logons, GPO policies, network latency etc)
  • On premises customers need to upgrade DDC and Director to 1906. Customers require a Citrix Analytics Service account and outbound connectivity on port 443.
  • Next LTSR release slated for Q4, 2019 will have performance analytics integration.
  • Q2 Tech Preview
  • To address data sovereignty concerns, the goal is to have targeted availability in EMEA and APAC

Performance Analytics: How To Get Started

Watch the recorded session above for further details including a demo (24:00 time stamp)

Citrix Virtual Apps and Desktops Service Updates

  • Auto scale: Available via Citrix Cloud Studio. Schedule based or load based power management for workloads (power up or power down VMs to keep public cloud consumption costs under control. Capacity and cost savings information will be available with Director.
  • Delegated Admin and Config Logging now available for CVAD service
  • Machine Creation Services support on Google Cloud Platform is coming soon. This will allow customers to leverage GCP as a resource location with CVAD service and automate the provisioning of workloads. In addition Linux Virtual Apps and Desktops is now certified for GCP
  • App Layering enhancements include Azure Gov support, Office 2019 certification as an App Layer and Server 2019 certification as an OS layer.
  • License management and reporting capabilities have improved significantly including daily active use and monthly active use reporting. Admins can also release licenses from users that have changed roles or left the company.
  • There is a lot of focus on an API drive approach including enabling direct API access for seamless automation. An Orchestration API is now available as a limited tech preview. Customers can also leverage OData APIs for reporting.
  • Citrix Brand Personalization Service is now in public tech preview and allows customers to personalize application name, icons, app color themes etc for Workspace App and other Citrix products like Secure Mail, Secure Web and Citrix Files.
  • Secure Browser service has a number of updates including auto-selection of region for best user experience, client drive mapping, expanded region support and admin localization.

Watch the session below to learn more!

Access Control for SaaS and Web Apps with On-Premises Storefront

One of the major challenges preventing customers from adopting Citrix Access Control was the dependency on the Citrix Workspace service. Most customers still leverage on premises Citrix ADC and Storefront to aggregate their resources and not ready to migrate from Storefront to Citrix Workspace. In order to enable these customers to be able to adopt Citrix Access Control, Citrix announced Access control integration with on premises Storefront. This new capability allows customers to secure SaaS and Web Apps using the Access Control capabilities and deliver these apps either using the embedded browser within Workspace App or via the Secure Browser depending on the use case. To learn more about these capabilities, review this blog post by Chris Fleck.

Citrix Workspace: Addressing The Security Conundrum [Session Recorded at Citrix Synergy 2019 in Atlanta, Georgia]

 

Scott Lane and I had the privilege to lead a session at Citrix Synergy this year around the security benefits of Citrix Workspace. When most people think about the Citrix Workspace, then tend to focus on the user experience and productivity benefits. While these are very important, there are also a number of security use cases that the solution addresses. The goal of this session was to walk through these benefits with a demo centric approach. We also had Chris Fleck (Vice President and Technical Fellow at Citrix) join us as our mystery speaker and he shared some cool projects that he’s currently working on. Hope you enjoy this session! I would love to get your feedback!

 

Key Takeaways from Citrix Synergy 2018 Announcements That Did Not Make The Keynote

Just like many of you, I had the pleasure of attending another awesome Citrix Synergy last week in Anaheim. Had the chance to meet many of the community members, customers and fellow Citrites in person. As is always the case, I was not able to attend a lot of sessions due to customer/internal meetings and such and spent some time this week catching up on content. While Workspace, ServiceNow Integration and Analytics were front and center, what I’m realizing is that there were plenty of great announcements made during the breakout sessions that many of you probably missed. If you want to learn more about what was announced as part of the keynote read Jason Samuel’s blog post.  I wanted to spend some time summarizing some of the most interesting announcements that were not part of the keynote. I am still in the process of reviewing the sessions and will update this post over time.

Workspace Environment Management (WEM) To Be Offered As A Citrix Cloud Service

WEM is Citrix’s solution for user environment management and resource optimization along with UPM. On average, customers see a 30% improvement in server scalability and login times can also be improved significantly. WEM did require certain infrastructure components to be deployed. However, at Synergy it was announced that the Citrix will be offering a WEM service essentially hosting, managing and maintaining all the infrastructure components such that the customer only has to deploy the agents and the cloud connector. This should make the solution even more appealing to customers and help with server scalability and user experience in a hybrid cloud environment. 

Learn more about this announcement in SYN231 (Recording below. Start at around 6:15)

Seamless Roaming O365 Outlook Email Cache and Search Index Database using UPM

A new feature is coming in UPM that allows handling of large files specifically designed for O365. And it is controlled with a single policy setting in UPM. Once the policy is enabled, a per user search index db is created and all outlook requests are redirected to the database thus enabling a roaming search index for the user for both virtual apps and desktops. Its limited to 32 bit version of Office for now. The search index and OST file will be wrapped in a VHDX container and stored in the profile. Learn more about this feature in the SYN231 video posted above. Start watching at 22:30. 

 

WEM and UPM Capabilities Now Extended To Manage Physical Endpoints

As part of Citrix’s Unified Endpoint Management strategy, WEM and UPM will soon be able to manage physical endpoints. This is a welcome change and will help customers use the same solution set to manage both physical endpoints and the virtual workloads. Learn more in the SYN231 video above. Start watching at 30:52.

PVS Management Directly From Citrix Cloud

On prem PVS workloads can soon be managed directly from Citrix Cloud. In addition a new PVS cloud license will be introduced. A customer can download the PVS cloud license from MyCitrix and install on onprem license server to manage PVS from Citrix cloud.

More info in the SYN131 video below. Watch from 28:40

Azure QuickDeploy for XenApp and XenDesktop Service

Azure Quickdeploy is a feature that is available for the XenApp Essential customers that makes it extremely easy to build Citrix workloads in Azure. The same wizard has now been ported over to XA/XD service. You can specify your Azure subscription info, connect to a resource location, upload a custom image, provide domain information and the machine catalog will be created for you. This is perfect for small deployments and POC’s. This feature will be released in the coming weeks for XA/XD service. It will only support Server VDAs. Also important to note that Quick deploy cant be used in conjunction with studio. Its an either/or. To learn more in the video. Watch from 32:00

 

Extending Citrix Cloud Support For Google Cloud Platform and Oracle Cloud

While Google cloud got plenty of attention at the keynote (and I will have a follow up blog looking specifically into Citrix Cloud and GCP), it is also worth noting that we will be extending platform support for Oracle cloud infrastructure. This is of particular interest for customers who have a significant investment in Oracle cloud today. Its all Hyper-V based which is also appealing to many customers. There is an Oracle deployment guide already published and the planned availability for support in Oracle cloud is Q2, 2018. Learn more in the SYN131 video above and start watching at 34:20

 

 

 

Citrix Director Enhancements

There were a lot of Citrix Director enhancements announced including Resource App prediction based helping admins predict future resource usage, ability to generate custom reports, a set of predefined default smart alerts (as opposed to admins having to go and define alerts manually), detailed breakdown of logon duration including a breakdown of “interactive session”, NMAS integration, the ability to troubleshoot XenMobile devices right from Director and last but not the least App Probing. App probing in particular is really exciting as it allows you to define and automate app probes for your published apps and desktops thereby helping admins be proactive about how the published resources are performing and getting ahead of potential issues. Lots of features to get excited about!! Watch SYN126 (below) for further details.

The New Citrix Files Application

The new Citrix Files application (new Sharefile client for desktop) has combined the capabilities of Sync, Drive Mapper and Deskop into a single application. Just like drive mapper, it provides a single pane of glass for all your data (network drives, sharepoint, personal cloud, OneDrive For Business etc). You also now have the ability to perform workflows directly from windows explorer or finder. You now also have the ability to map multiple drives to specific sub folders within sharefile or connectors like OneDrive for Business. The configuration can be through Citrix policies within Studio. Watch SYN100 below from 19:25 to learn more.

Intelligent Traffic Management (formerly Cedexis) Is Awesome!

Earlier this year, Citrix announced the acquisition of Cedexis to add to the Netscaler portfolio. People like to describe Cedexis as the Waze of Traffic Management. Its not far from the truth. Cedexis collects 14 billion data points on a daily basis from over 900 millon end user sessions and 40,000+ networks around the world to intelligently route traffic thereby offering the best possible user experience and intelligently avoiding application disruptions. Watch SYN123 below to get a quick overview of Cedexis.

HDX Enhancements

There were quite a few updates covered in SYN206 around HDX. I’ve tried to highlight a few below. I would highly recommend reviewing the recording below.

Browser Content Redirection 2.0

Backported as a stand-alone compatible component with LTSR 7.15. Chrome (Q3) and Edge will also be supported. Modern portocols such as HLS, DASH and Web Assembly will be supported. The rendering engine will be made part of the Workspace App. Browser content redirection 2.0 will be able to offload WebRTC as well!

Citrix Ready Partners in the Video multicasting industry like Qumu, vBrick, Ramp and Haivision will support Client side fetching and Browser content redirection for live video events where Receiver client side fetch can fetch the video from the branch office edge caching appliance.

Real Time Optimization

Skype RealTime Optimization Pack support coming for Chromebooks (that can run android apps) in H2 2018. Hardware acceleration for endpoints with AMD GPUs is also expected around the same time frame. 

Microsoft Teams Support Strategy 

In the short term, Citrix plans to support the Microsoft teams web client with browser content redirection 2.0. Chrome browser will be the first to be supported and windows endpoints will initially be supported with Linux endpoints to follow. File uploads might have limitations with browser content redirection 2.0 and MS Teams. The workaround is to use Sharefile or other such solutions to upload the files. 

Long term goal is to develop a receiver side media engine on all supported platforms (Windows/Mac/Linux) for real time optimization of MS Teams UC content. 

Delivery of Cisco Jabber from virtualized desktops

 

Workspace App and Citrix Receiver

After the keynote, in conversations with customers and partners there were a lot of questions around Workspace App and what it means for customers running Citrix receiver today. This is covered in great detail in SYN133. If you are a customer leveraging Citrix receiver, it will be automatically upgraded to Workspace app via Citrix auto update and it is fully backward compatible. All the new Workspace capabilities above and beyond virtual apps and desktops will only get enabled if you subscribe to the various Citrix Workspace services. So in other words, if you are an on premises customer leveraging  Storefront or an on premises customer leveraging Citrix Workspace just for site aggregation (more below on site aggregation), your client will be automatically updated to Citrix Workspace app but none of the functionality changes other than than UI having a new look. Watch the video below from 21:10. The session also provides a deep dive into Citrix Workspace App and demos of the new capabilities. 

Workspace and Site Aggregation

The new site aggregation feature now allows customers to tie their existing on premises deployments to Citrix Workspace (four step workflow). For customers who are on Web Interface or an older version of Storefront now have the option of leveraging Workspace to aggregate their virtual apps and desktops and deliver it to their end users with the new modern user experience. Moreover with Workspace, customers no longer have to worry about upgrading (as you would with on premises storefront) as Citrix manages and maintains the Workspace. 

Gateway Service Updates

When the Gateway service was introduced a while ago, the primary function of the service was secure ICA proxy. The service has evolved quite a bit and now supports single sign on to Enterprise Web and SaaS apps including a library of 40+ pre-defined SaaS templates. Gateway service can also be integrated with an on premises storefront deployment and supports hybrid deployments as well with Workspace aggregation. Direct connect to VDA without the need for connectors was also announced which will lead to increased scalability. Another key announcement was the much requested two factor authentication natively through the gateway service. This will be made possible with native One Time Password (OTP) support.

For an update on all Citrix Cloud services, I highly recommend watching SYN100. It also includes a lot of great demos. 

Citrix Synergy 2018 – Breakout sessions you do not want to miss!

Every year, I publish a list of my recommended Citrix Synergy breakout sessions. A number of people asked me if I had put one together this year and while its late this year, better late than never! As always I tend to pick sessions based on topics that are most relevant to customers and the quality of content and speakers. So here are my top 20 for this year!

SYN231: Manage your user experience from Workspace Environment Management Service

Who should attend: XenApp/XenDesktop Administrators, EUC Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=110

SYN233: The geek’s guide to the workspace 

Who should attend: EUC/Cloud Architects, Management

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=112

SYN123: Deliver the best user experience for your customers and users with Intelligent Traffic Management (Cedexis) 

Who should attend: Network Administrators, Network Architects, EUC Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=61

SYN704: Deep insights across the Citrix portfolio with Citrix Analytics 

Who should attend: EUC Architects, Citrix administrators, Security Architects, Management

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=149

SYN238: Implementing Federated Authentication Service: real world examples

Who should attend: Identity/Cloud/XenApp/XenDesktop Architects, XA/XD Adminstrators

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=117

SYN230: Discover Citrix Workspace Hub

Who should attend: Desktop Adminstrators, XA/XD administrators, EUC Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=109

SYN504: Security: getting the most from your resources

Who should attend: C level executives, Security Architects, EUC Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=295

SYN714: Citrix Rx for success in healthcare

Who should attend: Healthcare customers

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=157

SYN207: XenApp and XenDesktop tech update (May 2018 edition)

Who should attend: Everyone 

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=86

SYN131: Central image management: Provisioning Services and Machine Creation Services today, tomorrow and beyond

Who should attend: XenApp/XenDesktop Administrators, EUC Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=69

SYN239: From StoreFront to Citrix Workspace

Who should attend: XenApp/XenDesktop Administrators, Cloud Architects, EUC Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=119

SYN127: Everything you need to know about Windows 10, Server and Citrix

Who should attend: XA/XD Administrators, EUC and Cloud Architects, Management

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=210

SYN201: Citrix App Layering: top 10 lessons learned

Who should attend: XA/XD Administrators, EUC architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=213

SYN204: Identity and access management and SSO with NetScaler Gateway Service

Who should attend: Netscaler Administrators, XA/XD Administrators, EUC/Network/Cloud Architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=83

SYN241: How to break the cyber kill chain of ransomware

Who should attend: Security Architects, EUC architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=172

SYN226: Demystifying NetScaler SD-WAN for infrastructure architects

Who should attend: Network administrators, Network architects

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=105

SYN224: How to deploy NetScaler in public clouds and use it to provide SSO to on-prem and SaaS apps

Who should attend: Netscaler Administrators, Cloud Architects

 More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=103

SYN222: Next-gen of Native-OTP: now with Push Notification

Who should attend: EUC/Security/Network Architects, Netscaler administrator

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=101

SYN103: Expand the value of Office 365 with ShareFile

Who should attend: EUC architect, Management, Cloud architect

More info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=41&conference=synergy

SYN501: Workspace IoT

Who should attend: Executives, EUC/Cloud/Network/Security architects, IoT enthusiasts 

More Info: https://citrix.g2planet.com/citrixsynergy2018/myevent_session_view.php?agenda_session_id=290

In addition to these, I will be co-presenting two sessions at Citrix Synergy both cloud focused. The first, with Christiaan Brinkhoff, will focus around best practices and architectural considerations when deploying cloud workloads. The second, with Daniel Feller, takes a look at innovative and cost effective approaches to business continuity by leveraging Citrix Cloud. Details about the sessions below.

Look forward to seeing you at Synergy!

Sites vs Zones in XenApp/XenDesktop 7.x – Design Considerations When Choosing Between The Two

Introduction

Zones, a key design element that administrators and architects have learned to love in XenApp 6.5 was reintroduced in Xenapp and XenDesktop 7.7 FMA architecture. Prior to 7.7, building multiple sites was generally recommended when spanning multiple data centers or regions but now customers  now have the option of leveraging Zones. While Zones is a potential option, it might not always be the right option based on your situation. In this post, my goal is to review basic concepts around Sites and Zones and dig into design considerations to help choose between the two.

Primer on Sites and Zones

Sites

A site is what you define when you deploy XenApp or XenDesktop under the FMA architecture. It acts as a logical boundary with all objects defined being part of that site. It is also an administrative boundary. Each site has one or more delivery controllers and requires its own site configuration database. A site always have one primary zone defined by default. Sites can span multiple data centers and regions but there are a number of factors that need to be taken into consideration and we will review these a little later.

Zones

Zones are defined within a site to keep applications and desktops close to the user location while also simplifying administration by leveraging a single instance of Studio, Director and configuration database regardless of the number of zones. With zones, users in remote regions can get to their resources without having to traverse the WAN.

There are two types of zones – Primary zones and Satellite zones. Primary zones typically have two or more controllers and have the site configuration database locally whereas satellite zones can have a single controller or more. While similar, zones in the new FMA architecture in 7.x is not the same as XenApp 6.5. For instance, the concept of a zone data collector no longer exists.

With the introduction of Zone preference in conjunction with Optimal Gateway Routing, users can be homed to a specific zone when accessing their apps and desktops based on predefined conditions and rules. This greatly improves the user experience. Disaster recovery can also be handled intelligently.

For detailed information on Zones and Zone preference I would recommend you review the official documentation. Carl Stalhood has a very good blog on this topic as well.

There is also a great overview of Zone Preference in the XenDesktop 7.11 Master Class starting at the 58 minute mark.

When to use Sites

While zones simplifies overall administrative overheard and potentially infrastructure requirements, leveraging sites is a more prudent choice in certain scenarios. Lets look into these:

Latency

Latency will impact user performance. Latency and concurrent user requests should be taken into consideration and tested before deciding to use zones. See the chart above for different scenarios tested. There are two great blogs, one by Chris Gilbert and another by William Charnell on how latency affects brokering performance from satellite zones in XA/XD 7.7 where they collect metrics under various latency conditions. Definitely worth a read. However these metrics have improved significantly in 7.11 and above. In fact, 250 ms latency, XenApp and XenDesktop 7.11 outperforms the 7.7 code at 90 ms. With 7.11 or later, users experience quicker brokering of resources, even with latency between a broker and the SQL server. The official citrix documentation covers latency and the impact on zones, registration storm impact and how this can be tuned in great detail.

Fault Domains

When we talk about large deployments with greater than 5000 users, it is best practice to break the environment down into smaller PODs. This helps split the enviroment into multiple fault domains such that when any of the pods are affected, only a small set of users are impacted if any. Even when all users connect in to a single datacenter, it is still beneficial to break the infrastructure down to multiple sites and PODs. Here are the slides from a great session at Synergy 2015 that covered the benefits of a POD based architecture. This blog is also worth a read.

Administrative Boundaries/Regulatory Compliance

For environments that require complete administrative isolation between different regions or business units, going with separate sites is recommended. While Role Based Access Control is available, it does not meet the needs of every customer. In addition I have worked with customers that have gone with multiple sites so as to isolate environments to meet compliance requirements such as PCI or regulated environments where upgrades are not as frequent.

While multiple sites requires additional infrastructure, the resources from the various PODs can be aggregated from a user access perspective. Monitoring and troubleshooting can also be simplified as Director can manage multiple sites. A number of the tasks can also be automated by leveraging script. Image management can be greatly simplified by leveraging PVS.

When to use Zones

When designing a XenApp/XenDesktop infrastructure for an environment with multiple datacenters with latency being a non factor (within acceptable limits), zones can certainly be an option. The number of users per satellite zone can play a factor when making that determination as discussed earlier. Fault tolerance should also be taken into account as all the zones share one common site configuration database and connectivity issues could impact all the users. The resources that users connect to can be controlled based on zone preference and failover. 

Using a combination of Sites and Zones is also an option. For instance if a customer environment is spread across the globe but also has multiple datacenters within each region, they could use Sites for each region and the leverage Zones for the datacenters within each region assuming low latency between the datacenters. This would help reduce the overall complexity and administrative overheard when compared to deploying a site per datacenter.

From The Field

Here is some feedback from Jason Samuel, one of our CTP‘s based on his experience.

“Most of my customers completed their migrations from 6.5 to 7.x when either zones weren’t available in FMA yet or was still new.  They went with a site per data center.  My bigger customers embraced localized pods within each datacenter itself.  This is often self contained pods built on HCI as the backend.  Application and image management is controlled through PowerShell scripts to help with administration of multiple sites.  Since these customers have been using this model for a few years now and it is a mature process for them, they continue with this approach.  My customers that are doing greenfield 7.x deployments are the ones that really consider zones vs. doing individual sites.”

Ryan Mcclure, Senior Architect at Citrix Systems had this to say: 

“So armed with this data and information, what should you do? Stick to multiple sites? Design with zones wherever possible? Some scenarios just beg for zones, while others are obvious use cases for sites/pods, but more commonly, both are technically viable and it is a matter of weighing the pros and cons. If your workload is mission critical and your deployment lives in one or two datacenters, multiple sites are probably a good option for you. They provide additional fault tolerance, shrink failure domains and increase flexibility during upgrades. If, on the other hand, you have a number of semi-well connected locations where application back-ends reside, one site per location may prove prohibitive from an administrative perspective. These sorts of deployments are where zones should really be considered. The combination of sites and zones also shouldn’t be overlooked. The geographic distribution cited above is one example, but sites and zones can also be combined to strike a balance between manageability and availability. Rather than all VDAs in a zone mapping to a single primary site, multiple primary sites can be deployed.

When the decision isn’t obvious, our most successful customers ask the same question:

“What are other customers in similar situations doing?”

The strategy around sites and zones definitely isn’t one size fits all, but up until now, most of our large enterprise customers have gravitated towards separate sites. Many do so based on their desire to shrink failure domains and minimize risk wherever possible. You may have even heard recommendations to skip zones because sites have been available longer in the FMA world. At the time, this recommendation may have made sense, but the IT space is as dynamic as ever and leading practices need to be updated with the times. Over the last few months, this trend around steering clear of zones has started to shift, and more customers are taking a hard look at how zones can help simplify environment management. In most scenarios, zones shouldn’t be viewed as a total replacement for sites, but if your deployment can be simplified and/or management streamlined by implementing zones where the make sense, now is the time to give them a good look.”

Final Thoughts

Zones in XenApp/XenDesktop 7.9+ is a welcome addition and offers greater flexibility when planning out deployments. However, it is not necessarily the solution for every use case as discussed above. Latency, number of users/location, concurrent logins etc need to be carefully considered before deciding whether to go with multiple sites or leverage zones instead.

 

 

 

Which Sessions Should I Attend at Citrix Synergy 2017? A Q&A approach!

 

Over the last couple of years I have been compiling a list of recommended synergy sessions  that I encourage my customers to attend. Since most attendees come with different objectives, coming up with a top 10 list didnt seem logical. So this year I decided to take a different approach and organize my picks based on the reasons why customers and partners have decided to attend Synergy.

My Top Picks Overall (In no specific order):

  • SYN301: XenApp and XenDesktop Tech Update: May 2017 edition

  • SYN134: Citrix Workspace User Experience

  • SYN412: StoreFront: top 10 lessons learned from the field

  • SYN102: Is it Time to Upgrade to XenApp 7.x?

  • SYN321: XenMobile Deployments

  • SYN330: Optimize and scale your XenApp and XenDesktop platform the CTP way

  • SYN303: Independent Citrix experts’ deep dive on Remote Graphics, user experience and GPUs

  • SYN316: Increase your security posture with Sharefile Enterprise

  • SYN115: Why should I use ShareFile if I already have Office 365?

  • SYN318: A to Z: best practices for delivering XenApp and XenDesktop from Microsoft Azure using Citrix Cloud

  • SYN103: XenApp and XenDesktop App Layering

  • SYN107: XenServer Tech Update

  • SYN111: What’s new with Citrix Cloud and what’s to come

  • SYN123: SD-WAN case study: How a XenApp customer improved application delivery to the branch

  • SYN118: What’s new with NetScaler ADC

  • SYN310: Powering the digital workspace using Citrix Cloud: a deep dive into architecture and configuration

  • SYN319: Securing devices, apps and data with XenMobile

  • SYN312: Authentication: deep dive on Citrix solutions

  • SYN712: Analysis of a hack: how to defend and protect with Citrix

  • SYN131: Citrix Workspace IoT

  • SYN127: Introducing Smart Tools for the Xen product family; faster POCs and efficient operations on-premises or in the cloud

  • SYN325: Automating NetScaler: talking NITRO with PowerShell

For existing XenApp/XenDesktop customers looking to optimize their environments and/or learn whats new:

  • SYN301: XenApp and XenDesktop Tech Update: May 2017 edition
  • SYN709: Monitoring the Citrix virtual workspace
  • SYN412: StoreFront: top 10 lessons learned from the field
  • SYN104: XenApp and XenDesktop: What’s new and roadmap
  • SYN103: XenApp and XenDesktop App Layering
  • SYN106: Fantastic four: the do’s, don’ts and lessons learned of Citrix implementations
  • SYN312: Authentication: deep dive on Citrix solutions
  • SYN111: What’s new with Citrix Cloud and what’s to come
  • SYN302: Keys to a successful XenApp and XenDesktop user experience
  • SYN102: Is it Time to Upgrade to XenApp 7.x?
  • SYN330: Optimize and scale your XenApp and XenDesktop platform the CTP way
    SYN706: Build a XenApp real-time session monitoring dashboard
  • SYN409: Overcoming challenges in a double-hop XenApp session
  • LAB609: Deploying Workspace Environment Management for XenApp and XenDesktop
  • LAB613: Configuring ShareFile in a Citrix environment
  • SYN303: Independent Citrix experts’ deep dive on Remote Graphics, user experience and GPUs
  • LAB610: Gain end-to-end insight and control with NetScaler Management & Analytics System

For attendees curious about how Citrix complements Microsoft Azure and O365:

  • SYN115: Why should I use ShareFile if I already have Office 365?
  • SYN318: A to Z: best practices for delivering XenApp and XenDesktop from Microsoft Azure using Citrix Cloud

For Microsoft Intune customers looking to see how XenMobile can complement their existing solution:

  • SYN415: XenMobile Essentials for Microsoft Enterprise Mobility Suite
  • SYN116: Admin and end user experience with XenMobile Essentials for Enterprise Mobility Suite

For attendees who would like to learn more about Sharefile, and how it compares with other solutions:

  • SYN316: Increase your security posture: deep dive on ShareFile security and compliance
  • SYN314: Extend existing storage investments with ShareFile
  • SYN702: Why choose ShareFile over Box, Dropbox, Egnyte, Syncplicity, and other EFSS vendors

If you are new to Citrix App Layering:

  • SYN103: XenApp and XenDesktop App Layering
  • LAB611: Installing and configuring application layering

Interested in learning more about Citrix Cloud:

  • LAB605: Deploying and configuring XenApp and XenDesktop Service on Citrix Cloud
  • SYN310: Powering the digital workspace using Citrix Cloud: a deep dive into architecture and configuration
  • SYN111: What’s new with Citrix Cloud and what’s to come
  • LAB615: Deploying and automating Citrix solutions with Citrix Cloud and AWS

Attendees who have a strong networking background or networking focused:

  • SYN123: SD-WAN case study: How a XenApp customer improved application delivery to the branch
  • SYN411: Guidelines for NetScaler ADC sizing and capacity planning
  • SYN118: What’s new with NetScaler ADC
  • LAB601: Increase your NetScaler IQ to better manage your NetScaler ADCs
  • LAB602: Gain competitive advantage with key new features in NetScaler SD-WAN
  • SYN130: Getting started with NetScaler Management and Analytics System
  • SYN323: Migrate your NetScaler deployments to the cloud
  • LAB610: Gain end-to-end insight and control with NetScaler Management & Analytics System

For those considering migrating workloads to a public cloud:

  • SYN318: A to Z: best practices for delivering XenApp and XenDesktop from Microsoft Azure using Citrix Cloud
  • SYN111: What’s new with Citrix Cloud and what’s to come
  • SYN310: Powering the digital workspace using Citrix Cloud: a deep dive into architecture and configuration
  • SYN313: Identity, security, availability: best practices with Citrix Cloud
  • LAB615: Deploying and automating Citrix solutions with Citrix Cloud and AWS
  • LAB612: Architecting Citrix in the cloud era with XenDesktop Essentials and NetScaler in Azure
  • SYN110: Select the right cloud or hybrid cloud for your deployment? How, when and where
  • SYN104: XenApp and XenDesktop: What’s new and roadmap
     

For attendees interested in learning more about XenMobile:

  • SYN117: XenMobile: What’s new and roadmap
  • SYN319: Securing devices, apps and data with XenMobile
  • LAB603: Implementing XenMobile Services within Citrix Cloud
  • SYN320: Take your XenMobile environment to the cloud
  • SYN405: Modernizing mobility in manufacturing

For attendees who have a strong security background/interest:

  • SYN312: Authentication: deep dive on Citrix solutions
  • SYN313: Identity, security, availability: best practices with Citrix Cloud
  • SYN316: Increase your security posture: deep dive on ShareFile security and compliance
  • SYN125: Security challenges and uses cases you can solve with Citrix Workspace Suite
  • SYN414: Access and authentication options in a Citrix environment
  • LAB607: Building a successful Federated Authentication Service POC
  • SYN124: Securing high-value applications in bank IT infrastructure
  • SYN329: FedRAMP – Security and compliance in a cloud world
  • SYN712: Analysis of a hack: how to defend and protect with Citrix

For attendees still running XenApp 6.5:

  • SYN102: Is it Time to Upgrade to XenApp 7.x?

For attendees evaluating VDI solutions and would like to compare and contrast XenApp and XenDesktop with VMware Horizon:

  • SYN304: Comparison: delivering virtual desktops with XenDesktop 7.x or Horizon 7.x

For current Azure Remote App customers:

  • SYN334: XenApp Essentials the fastest way to deliver apps from Azure

For those who are new to IoT and would like to learn about Octoblu:

  • SYN401: Fireside chat with IoT experts about automating Citrix with Octoblu
  • SYN131: Citrix Workspace IoT

For attendees looking to cut costs, specifically around hypervisor licensing:

  • SYN107: XenServer tech update: boot PVS desktops faster, protect against zero days, and patch without reboots
  • SYN416: XenServer for VMware admins
  • LAB617: Extending the security of your XenApp and XenDesktop environment with XenServer and Bitdefender Hypervisor Introspection (HVI)

If Automation and Orchestration peaks your curiosity :

  • SYN401: Fireside chat with IoT experts about automating Citrix with Octoblu
  • SYN127: Introducing Smart Tools for the Xen product family; faster POCs and efficient operations on-premises or in the cloud
  • LAB608: Workspace IoT makerspace
  • SYN325: Automating NetScaler: talking NITRO with PowerShell
  • SYN131: Citrix Workspace IoT
  • SYN322: Guidelines for automating service orchestration and analytics in your datacenter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Is Samsung Chromebook Plus The Perfect Chromebook?

Over the past couple of years I’ve been collecting a lot of chromebooks. As of the 13th of Feb, I now own 6, mostly Acer and Samsung devices. As much as I love the concept of a low cost, ultra portable and secure thin client with excellent battery life & then leveraging Citrix for my enterprise apps, it always felt like there was something missing. Some of the common complaints were display resolution, build quality, lack of offline access and lack of a good touch screen model under $500.

Needless to say I was extremely intrigued when Samsung announced the 12 inch Chromebook Plus and the price point. I pre-ordered the device and got mine earlier this week. My experience so far has been terrific. Lets look into why I feel this device is close to perfect.

Design

The Samsung Chromebook Pro is a  12.3-inch laptop that also converts into a tablet. It is powered by an OP1 Hexa-core (Dual A72, Quad A53) ARM processor with 4GB of RAM and 32GB of storage. It comes with two USB Type-C ports and a microSD slot. It has various display modes, very similar to the Lenovo Yoga. It has a full metal design that weighs just 2.4 pounds. It comes with a stylus that pops out of the right side of the system, letting you take notes with Google Keep and other apps and smart enough to recognize characters, allowing you to search through your handwritten notes afterwords.

Display Resolution

Resolution has been one of my biggest gripes with chromebooks so far. And boy does this device address that issue. The Chromebook pro comes with a quad HD (2400 x 1600) pixel screen made with Gorilla Glass 3. with a 3:2 aspect ratio. The high resolution means my Citrix VDI instance looks absolutely spectacular on this device. Lots of real estate too!

Battery Time

Based on my testing so far, the battery time of the Chromebook Plus is on par every other chromebook I own. I’m getting approximately 9-10 hrs. Keep in mind that the resolution for this device is also one of the best. So that the battery time extremely impressive.

Android Apps!

This to me is a GAME CHANGER!! As you know, Google announced support for Android apps on chromebooks last yr. The challenge was that just a handful of devices were actually supported, and even among the ones where it was supported there was only one that had a touch screen. Personally I believe Android app support is pointless if there is no touch screen. Thankfully the Chromebook plus does have one! The combination of android app support, great resolution and touch screen makes it the perfect device. I now have a number of key productivity apps, many of which I can use offline. Some of my favorites so far are Citrix Secure Mail, Secure Web, Sharefile (Enterprise File Share and Sync), Slack and Skype for Business to name a few.

Touch Screen

The touch screen is extremely responsive. No lags whatsoever. Works great in tablet mode. Also great when using Android apps. All chromebooks moving forward need to be touch enabled IMHO. You cannot effectively use Android apps without touch!

Stylus!

The Chromebook Plus comes with a pressure sensitive stylus that is on par with others like the Surfacebook. Is it perfect? No. But its quite good. I can totally see myself using this device to do a white board or sketch a design while I am at customers. Very handy!!

Final Thoughts

Today was my first day out on the road with just the chromebook pro. I honestly did not miss my XPS 13. I accessed my Citrix VDI instance the entire time and the experience has never been this good on any of the other chromebooks I own. I also used a number of android apps including Skype for Business, Sharefile, Secure Web and others. The combination of VDI, chrome browser and native mobile apps is quite amazing. I used the the system for around 5 hrs and did not run into any issues during that time.

At $449, this device is a steal! If you are looking for a chromebook today, this should be in the list of favs! If I were to change one thing, I would add more memory to this device. Android apps can eat up memory fast!

Kudos to Samsung for a job well done!

Citrix Monthly Newsletter – September ’16

General Announcement and News

Citrix Acquires Norskale: Making the Industry’s Best App & Desktop Delivery Performance Even Better

Throughout our history, Citrix has been a leader in delivering the best secure app delivery user experience available, a key reason customers choose our products and services. That commitment to provide the best experience possible continues with the acquisition of Norskale, a privately held user environment management (UEM) company.

XenApp and XenDesktop 7.11 is Here!

XenApp and XenDesktop 7.11 embraces the latest Microsoft platform offerings establishing the foundation for Day 1 support of Windows Server 2016, provisioning of app and desktop workloads on Azure Resource Manager and enhancements for App-V integration.

Admins now have advanced management options for delivering apps and desktops across geographically dispersed sites based on criteria such as user location, app location or user profile. Ongoing site management improvements deliver new performance metrics and alerts, easier self-service password reset configuration, and more provisioning options. This release continues to enhance the user experience with improved graphics rendering capabilities, new application delivery options for Linux, and profile management improvements. All these new capabilities and more converge with the 7.11 release to reaffirm XenApp and XenDesktop as the market-leading solution for virtual app and desktop delivery.

StoreFront 3.7 Has Been Released!

Storefront 3.7 was released earlier this month and with it comes a number of new features like Self Service Password Reset, Zone Preference Improvement, Receiver for Web Small Form Factor support etc. Find out more in this article.

Unified, Focused: Worx Apps Are Changing to XenMobile Apps

In Q4 of this year, we will be consolidating the number of XenMobile sub-brands by replacing “Worx” with “Secure.” Worx apps will undergo a name change only. The apps will look the same and function the same. This change in naming will not require users to re-enroll their devices or update the XenMobile Server. During the regular application update process, end-users will receive the newly named app, but all application data and workflows will remain exactly as they were before.

Citrix SCOM Management Pack for ShareFile is Here!

We are pleased to announce availability of a new Citrix SCOM Management Pack for ShareFile—a specialized monitoring and reporting console to further improve availability, performance, security and capacity-planning for a ShareFile deployment. The Citrix SCOM Management Pack for ShareFile is an add-on to Microsoft System Center Operations Manager (SCOM) to monitor product-specific metrics for ShareFile.

Receiver 12.3 for Mac Has Landed!

Mac OS 10.12 codenamed Sierra was recently released. Citrix is happy to announce that Receiver 12.3 for Mac has also been released.

AppDNA 7.11: Added Security & Server 2016 RTM Reporting

The release of XenDesktop 7.11 comes with the new version of Citrix AppDNA with a new reporting module for Server 2016 RTM and added security algorithms for the Security reporting feature introduced in 7.9.

Citrix Named a Leader in the Gartner Magic Quadrant for Application Delivery Controllers…Again!

Gartner has published the 2016 Magic Quadrant for Application Delivery Controllers. At Citrix, we are pleased to see that we are positioned as a leader in this space for the tenth year, and we are positioned furthest overall for completeness of vision.

Citrix XenServer Supports Microsoft Plans for Enhanced Virtualization Security

Today, Microsoft announced their intent to extend their Server Virtualization Validation Program (SVVP) with an Additional Qualification for third party hypervisors, such as Citrix XenServer, to support some Windows Server 2016 virtualization-based security features (VBS), notably Credential Guard (CG) and Device Guard (DG). Windows Server VMs running on SVVP validated platforms will be able to leverage the new VBS capabilities to strengthen the isolation of a number of security-sensitive components and deliver enhanced security for Windows applications and desktops.

Citrix wins virtual desktop interface shootout

Virtual Desktop Interface is becoming easier to do, with potentially killer graphics, reasonable port virtualization, fine-grained administrative control, and with potential hosts other than Windows.

While Citrix XenDesktop/XenApp remains the one to beat, two other VDI platforms we tested, Ericom Connect Enterprise and Parallels Remote Application Server, can provide for the publishing of diverse applications to desktops, while following “the rules” regarding resource accessibility and security.

In testing, we found Citrix leads the pack in terms of overall flexibility, although its vast feature sets can increase support burdens. If price-be-damned and you really want the venerable Full Meal Deal, it’s Citrix XenDesktop/XenApp Enterprise. We found it has almost everything you could ask for in a VDI product.

Is your security awareness training program working?

Employees at Axe Investment, the fictional firm of biollionaire Bobby Axelrod in Showtimes new series, Billions, were downright angry when they learned that surprise SEC raid was only a test. Axelrod, though, found the mock raid fruitful as it revealed the internal weak links of his organization.

These are metrics that enterprises should be using to evaluate the success of their security awareness programs. In order for awareness training to work, it has to keep everyone in the enterprise, well, aware.

Minimize Windows 10 migration headaches by freeing data from devices

Operating system migrations require detailed planning, as every part of the end-user computing “stack” – hardware, applications, data, and user profiles — needs to be assessed before proceeding. From an organizational productivity standpoint, maintaining the availability of the data people need to do their jobs is a top concern.

How to support Microsoft’s Skype for Business tool on virtual desktops

Microsoft was sluggish in providing a comprehensive enterprise unified communications (UC) product organizations could integrate into a virtual desktop deployment. Virtualization was always an afterthought with Microsoft’s Lync messaging platform, the predecessor to the Skype for Business tool before the company acquired Skype in 2011.

Now, the partnership between Citrix and Microsoft has spawned the HDX RealTime Optimization Pack 2.0, which puts the virtual desktop on par with its physical counterpart when it comes to UC support.

The reality is, in an enterprise environment, IoT will be much more complex than the individual smart device/smart thing relationship. It gets back to Tim O’Reilly’s point about systems. When we started talking IoT initiatives nearly two years ago, we found most people were not excited to talk about IoT as it related to a new sensor, device or gadget. Instead, they were intrigued when you talked about the potential for IoT to help solve complex business problems. As organizations become increasingly digital in all aspects of their business, new challenges in managing the connections, devices and applications that make up their digital business arise. This is especially relevant as enterprise applications evolve to be a collection of services and interactions spread across the cloud, on-premises systems and devices/sensors/things.

Why Citrix Is Better than VMware in Desktop Virtualization

Offerings that have to interoperate are always better between companies that cooperate than companies that don’t. And firms at war with each other seldom are successful with joint efforts. Often joint efforts between firms that actually want to work together fail due simply to cultural difference.

What gives Citrix the sustainable advantage is not only the fact it has a tighter relationship with Microsoft, but—because it appears to realize that it has to do most of the heavy lifting to maintain the relationship, there is none of the typical finger-pointing between the firms. Citrix owns the solution and responsibility and thus if Microsoft becomes distracted it is prepared to fill the gaps.

Yes, The Cloud Can Be A Security Win

There are so many different kinds of clouds — public, private, hybrid, internal — that many businesses and customers have difficulty deciding which is the right one for them. Furthermore, many businesses may use a few different variations of cloud environments — a private cloud for their own intranet, a hybrid cloud to keep some data on premises and some off premises to meet compliance regulations, and a public cloud for low-risk data.

These different types of environments make it difficult for IT and security teams to monitor every cloud on every device, or to monitor access requests for each different type of cloud environment. If you don’t control the cloud or where your data and apps reside, don’t manage them, or don’t know what you have in the cloud, your risk starts to sprawl and you don’t even know what’s happened when there’s a breach — or where to start to remediate. Follow these guidelines to make sure you avoid the cloud’s possible pitfalls.

Best Practices/Reference Architecture Documents/Blogs

XenMobile Touch ID Restriction Configuration & End User Experience

This blog describes how to configure Touch ID restriction on XenMobile Server and end user experience when Touch ID is enabled/Disabled for iOS devices.

Skype for Business from the Azure Cloud!

Times have changed! Today, calling from a cloud has a whole new meaning, with Skype for Business Online and Citrix XenApp and XenDesktop for Azure. Co-developed by Microsoft and Citrix, this unique solution brings not only telephony, but a full repertoire of Unified Communications features to the Azure cloud.

Introduction to Isolation Groups in XenDesktop

By design, App-V applications are isolated from each other and each AppV application is run within its own separate virtual environment—they do not share any data with other AppV applications. While this application isolation is welcome, as it promotes application compatibility by preventing any cross-application conflict, there is a need, at times, to overcome this restriction in certain strategic scenarios.

What Does Windows Server 2016 Day 1 Support Really Mean?

Citrix will support Windows Server 2016 on Day One! But what does that really mean? Does that mean that if I got my hands on the released bits of Windows Server 2016 on X Day of X Month (remember, I can’t tell you the actual release date) that I could then install XenApp and XenDesktop 7.11 on it and start using it? Immediately? Well, in a word, yes. Yes, it does. It’s really that simple. So, you see, there is no need to take the old approach to a new server OS and wait years to start working on it. You can truly start deploying and testing your own apps on Day 1 with XenApp and Windows Server 2016.

XenApp 7.11: Scalability & Economics on Microsoft Azure

Deploying Citrix XenApp 7.11 workloads from the Microsoft Azure cloud can give your IT organization a strategic advantage since it enables the delivery of desktops and applications in an agile way – you pay only for what you use. In fact, the price point for deploying a XenApp farm on Microsoft Azure can be as low as $6.89 per month per user.

XenApp & XenDesktop 7.x Server OS VDA Staggered Reboot Framework

This is the second version of the reboot framework for XenApp/XenDesktop Server OS VDAs.

Citrix Linux VDA 1.4 Introduces App Publishing with XenApp & More!

Linux VDA continues to evolve with every release, enabling more and more use cases. The Linux VDA 1.4 release is part of XenApp and XenDesktop 7.11 and it adds support for Linux application publishing with XenApp, anonymous login, policy management, USB redirection and expands HDX 3D Pro support on Linux.

Security and End-User Productivity with XenMobile & Office 365

Keeping pace with the rapid change from corporate-owned data centers to cloud services while maintaining tight control of your data and identity is a challenge.Mobile devices add an additional level of risk. However, Citrix XenMobile is built to bring a higher level of security to these platforms, no matter the location of your assets.

Configuring GSLB for XenMobile

Customers have many requirements. As I usually deal with large customers, a disaster recovery solution is always one of them. With XenMobile 10.x, things have gotten a lot easier: clustering is a piece of cake, and to direct traffic to the right data center we have NetScalers and GSLB (Global Server Load Balancing) at our disposal. This post is about configuring GSLB on NetScalers for XenMobile.

Self-Service Password Reset for FMA!

Learn more about Phase 2 of the Self Service Password Reset capabilities introduced in XenApp and Xendesktop 7.11.

Using Citrix Director in a MultiForest Environment

Citrix Director is capable of monitoring a XenDesktop and XenApp environment spanning a forest configuration where the users, XD Delivery controller, VDAs and Citrix Director can be located in same/different forests.

Step-by-Step Guide to Mac OS X Enrollment with XenMobile

Citrix has released XenMobile 10.3, which supports enrollment and management of the Mac OS X. Once the Mac OS X is enrolled, the administrator can manage the device by deploying multiple policies and perform various administrative tasks remotely thus making sure that they are complainant.This guide contains the step-by-step instructions accompanied with screenshots for a hassle-free Mac OS X enrollment. This guide also contains steps to collect the Mac OS X logs for troubleshooting when needed.

Using XenApp & XenDesktop in Azure Resource Manager

The recent addition of Azure Resource Manager support to Citrix Cloud’s XenApp and XenDesktop service provides a powerful new tool for creating and managing cloud hosted VDAs

nFactor authentication – MFA on steroids

The latest version of NetScaler has deeper integration with nFactor and can now be used with NetScaler Gateway and Unified Gateway. With nFactor you can configure an unlimited number of authentication factors. You are no longer limited to just two factors and you can get creative on how to chain them. Configuration will depend on the security policy and many times, user adoption and training are considerations to look at.

StoreFront Aggregation Groups Revisited

Over the past 12-18 months, we have seen a dramatic shift with the number of deployments using Web Interface versus StoreFront to the point that StoreFront is the de facto standard in new environment builds and migrations that we are seeing within Citrix Consulting. The majority of these deployments are also leveraging advanced multi-site settings in some way: either Optimal Gateway Routing to enable the use of HDX Insight for internal (non-Gateway users), user farm mapping to assign different groups of users to different farm sets, or aggregating resources from multiple farms/sites to collapse duplicate applications and/or desktops behind a single icon.

Extend the Microsoft RDS platform in Azure through Citrix solutions

Recording of a session from MS Ignite showcasing the new XenApp Express service in Azure that will replace RemoteApp.

Events/Webinars

Solution Webinar: How to deploy NetScaler Unified Gateway for Hybrid Cloud and secure access to Microsoft Office 365

Deep dive into how NetScaler Unified Gateway provides secure access to Office 365 and hybrid cloud workloads.

Register Now

Oct 5 – Master Class: NetScaler Rate Limiting and NetScaler and AAA

Live technical webinars to learn about the most critical elements of cloud infrastructures and enterprise datacenter architectures.

Register Now 

Desktop Master Class: September 2016

Register Now 

Solution Webinar: What’s New in XenApp and XenDesktop

Register Now  

Master Class: Mobility Master Class: September 2016

Register Now  

Solution Webinar:  Avoid Ransomware with a Published Browser

Register Now

Master Class: NetScaler 101- TCP optimizations and compression: delivering applications effectively across the Internet.  In the Spotlight – NetScaler in Citrix environments: remote access; high availability and visibility for XenApp/XenDesktop solved

Register Now 

Solution Webinar: Why Healthcare IT Prefers Citrix over VMware: A Dose of Security in an Unsecure World

Register Now 

Solution Webinar: Top six things you might not know about SD-WAN

Register Now 

Citrix and Microsoft: Making Cloud Simpler, Business Faster

Register Now

Getting Started with the Citrix HDX Pi – A step by step walkthrough

1463594298798

A few months back, I wrote a blog on how to configure the Raspberry Pi thin client to access Citrix workloads. If you are completely new to the HDX Pi and want to learn more about the benefits, this is a good place to start. Since then Citrix announced the HDX Pi and I have received requests from members of the community to blog on configuring the HDX Pi. So here it is!

What you need:

  • One or more HDX Pi’s ( Microcenter edition)
  • ThinLInx Managment Software

Configuration

The HDX Pi comes pre licensed for the ThinLinx Management Software (TMS). So you can go to the ThinLinx website and download TMS and install on a windows PC. Once installed, run TMS.

Connect the HDX Pi to the network in addition to the obvious (keyboard, mouse, display). Once the Pi boots up, you will see the client within TMS.

8-5-2016 4-23-57 PM

 

8-5-2016 4-24-25 PM

 

8-5-2016 4-24-44 PM

You can now update a number of parameters and push files to the device within TMS

  • Change the name
  • Change protocol to HDX if you prefer
  • Push SSL certs if needed (If you are using private certs on Storefront for instance)
  • Change network parameters (if you dont want to use DHCP for instance or use a custom DNS server)
  • Change display parameters.

8-5-2016 4-25-05 PM

 

8-5-2016 4-25-33 PM

 

 

8-5-2016 4-26-23 PM

TMS is also how you would push new firmware to the device.

Once you are done with the configuration changes, reboot the device. Once rebooted, you should see the updated parameters within TMS.

8-5-2016 4-26-43 PM

 

Once rebooted, you will have to specify the URL that you want the Pi to connect to. This is your Netscaler Gateway URL.

After you enter the URL, you will be prompted for credentials.

Once authenticated by the Netscaler, you get prompted to pick the Store after which you see your applications and desktops.

Some Caveats to keep in mind

One catch with TMS today is that the URL does not persist unless you save it at the Pi itself. To do this, while at the storefront screen, use the Ctrl+Alt+C key combination and hit “Save Settings”. Now reboot. The HDX Pi will now authenticate and take you right to your apps once rebooted.

The TMS server will only discover devices on the same subnet. So make sure that your TMS server and Pi are on the same subnet will configuring the devices or else discovery will fail.

Viewsonic version of the HDX Pi is also available. However the configuration procedure is a little different and will be covered in a future blog post.

Once the configuration URL is saved, as mentioned earlier the device will boot straight into storefront using credentials provided initially. In order to configure a new store, you can clear config and reset to default on the device or you can factory reset the device via TMS.

Keyboard Shortcuts:

  • ctrl alt r twice to factory reset
  • alt f4 to exit HDX screen
  • ctrl alt v – volume
  • ctrl alt c – config screen
  • ctrl alt t – terminal

To learn more about performance check my previous blog. I look forward to your feedback!

 

Citrix Appdisks How To Guide – Administration Basics and Gotchas

AppDisk, an application layering solution was part of XenApp/XenDesktop 7.8 released in late February this year. This post is not meant to cover the basics of application layering or image management as a whole. You can refer to my blog for a quick overview. My goal in this post is to cover the administrative aspects of application layering using Citrix AppDisks. With that said, lets dig right in!

Creating an AppDisk

There are couple of approaches to creating an AppDisk. The first method is to manually create it at the hypervisor level and then import it within studio. The second approach is to create and assign the AppDisk right from within Studio. You can read more about both approaches here.

To create an AppDisk from within Studio:

Click on the AppDisks node within Studio and then select “Create AppDisk” from the Actions menu.

3-29-2016 11-55-07 PM

On the next screen, select the size of the disk. There are predefined options of 3, 20 or 100 GB or you could pick a custom size. This is also where you would import an existing AppDisk that you have created manually. Keep in mind that on a 3GB AppDisk a good chunk of the space is already used up and you would most likely get less than 1 GB for any new applications you are looking to install into that layer. 

3-29-2016 11-55-53 PM

Next, you select the machine catalog you would use for the VM used to install applications into this AppDisk. Only the compatible options will be made available. For instance in the screenshot below, the only two options available are the NonPersistentVDI catalog and the Win 7 Pool. Reasons are provided as to why the remaining machine catalogs are not made available. Also worth noting that AppDisks can only be assigned random pool catalogs. The machine catalog should have at least one available VM for the AppDisk creation to work.

3-29-2016 11-58-49 PM

Next, give the AppDisk a name and the AppDisk creation process initiates. In my lab, I have seen anywhere from 10 minutes for a 3GB disk and under 20 minutes for a 20GB AppDisk (SATA storage). Creation of these disks on SSD storage was about 30% faster.

Once the AppDisk is created, you can install the required applications.

3-30-2016 11-33-18 AM

Installing Applications within an AppDisk

Within Studio, click on the newly created AppDisk. It should say “Ready to Install Applications”. Under the details section for the AppDisk, the preparation machine information is provided. Within the hypervisor management console, login to the preparation machine and install the required applications.

3-30-2016 11-33-48 AM

 

Once you have installed the applications, within studio, highlight the AppDisk and under the Actions pane, select “Seal AppDisk”. This starts the sealing process and once that is completed, you can run AppDNA compatibility analysis for that AppDisk.

3-30-2016 11-46-40 AM

 

 

3-30-2016 11-47-42 AM

 

Keep in mind that AppDisk Layering cannot be used for applications that have file system drivers and services.  AppDisk does not include application isolation. App-V or Turbo.net provides that functionality. 

Configuring AppDNA and Analyzing an AppDisk for Compatibility Issues

The main differentiator between AppDisk and the other layering technologies out there is the integration with AppDNA for Delivery group compatibility analysis. For instance, once we create an AppDisk we can test compatibility against multiple XenApp Images or a pooled Windows 10 delivery group as examples. This gives the administrator the assurance that the AppDisk is going to work with that delivery group without having to go through extensive regression testing. When you have multiple AppDisks assigned to a delivery group, the AppDNA compatibility analysis also makes sure that all the AppDisks play well together and reorders the AppDIsk assignment if need be based on the analysis. AppDNA integration is a XenApp/XenDesktop Platinum Only feature. 

Before you can run any compatibility analysis, AppDNA needs to be configured within Studio. Click on the AppDNA section under configuration and specify the AppDNA connection settings. Make sure the connection test passes.

3-30-2016 12-00-12 PM

Getting back to where we were in the AppDisk creation, we had just started the sealing process. Once this process is complete, the AppDNA compatibility analysis will automatically kick in if AppDNA connection settings are configured. The compatibility analysis is done against the machine catalog that the preparation machine belongs to. When you assign an AppDisk to a delivery group, compatibility analysis is carried out automatically against that delivery group. If there are multiple AppDisks assigned, then the AppDisks will be reordered if needed based on the analysis. There is an option to “Auto Order” the AppDisks when you assign an AppDisk to a delivery group. 

3-30-2016 11-53-32 AM

 

3-30-2016 12-00-00 PM

To view the report, click on “View Report” next to the AppDisk that you just sealed.

3-30-2016 12-01-10 PM

You can also view the reports from within the AppDNA console under the reports section. Here you have various views including the Application Issues, Application Actions, Issue View and Action View.

3-30-2016 12-58-45 PM

Assigning an AppDisk to a Delivery Group/Groups

To assign an application to a delivery group, click on Delivery Groups within Studio, highlight the Delivery Group that you want to assign the AppDisk to. Under the Actions pane, select “Manage AppDisks”.

3-30-2016 1-01-58 PM

The next screen shows you the currently assigned AppDisks and gives you the ability to add AppDisks. Once you assign your AppDisk, select Auto Order.

3-30-2016 1-02-12 PM

 

 

3-30-2016 1-02-28 PM

 

3-30-2016 1-02-48 PM

 

 

 

You can then select the rollout strategy. You can either reboot all the machines within that Delivery Group immediately or you can assign the AppDisk at the next machine reboot. You can then review the configuration and then click Finish. This initiates an AppDNA compability analysis if you have XenApp or XenDesktop Platinum entitlement and have configured your AppDNA server within Studio.

You can assign an AppDisk created with one OS to delivery groups running other OS’s as well so long as the application is compatible with the target OS. Within my lab, I tested assigning two AppDisks created with a Win2k12 preparation VM to a Win 7 random pool.

To assign an AppDisk to a delivery group, that delivery group needs to using the same storage. To assign an AppDisk to a delivery group on different storage, you would have to create a new VM at the hypervisor level tied to the target storage, clone and associate the AppDisk to the new VM and the reimport it within Studio. I am hoping this process will be simplified in upcoming releases of the product.

3-30-2016 1-03-01 PM

 

3-30-2016 1-03-09 PM

Updating an AppDisk

Currently there is no version management built into AppDisk. This means that each time you need to make an update, you are essentially cloning the existing AppDisk, making changes to it and then reassigning the new AppDisk to the Delivery Groups. It is also worth noting that you CANNOT resize an AppDisk when creating a new version.  

To update an AppDisk, click on the AppDisk node within Studio, highlight the AppDisk you would like to update and select “Create New Version” from the Action pane.

On the next screen, select the Pooled Random machine catalog that you would like to use for the preparation VM. Again a VM needs to be available within that Machine Catalog to perform the update.

You then name the AppDisk with version information and click “Create New Version”. This kicks off the AppDisk creation process as detailed earlier. AppDNA compatibility analysis will be carried out against the preparation VM machine catalog once the new version of the AppDisk is created.

Once the new version is ready, you can assign the AppDisk to the required delivery groups and unassign the old version. This will once again kick off the AppDNA compatibility analysis.

3-30-2016 1-21-46 PM

Resizing an AppDisk

There are no options to resize an AppDisk from within studio today. You would have to resize at the hypervisor level and then reimport and reassign the AppDisk. I am hoping that this is addressed in the near future.

Deleting an AppDisk

To delete an AppDisk within Studio, click on AppDisks, highlight the AppDisk you would like to delete and select “Delete AppDisk” from the Action pane.

3-30-2016 1-39-02 PM

 

Final Thoughts

As I described in my previous blog on Image Management, AppDisk takes us one step further in simplifying Image Management. However App Layering is not a one size fits all solution and should be used in conjunction with other solutions like application isolation and the likes. I am quite impressed with AppDisks for a v1 product. The performance has been very good considering I conducted most of my testing in my lab using SATA storage. However, I do hope that certain administrative tasks (like AppDisk resizing and versioning) improve in the near future.