Deploying a Hyper Responsive Web Service with(out) NetScaler?

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
CONTENT DELIVERY NETWORK – cdn
SECURITY ASSERTION MARKUP LANGUAGE – saml
FEDERATED AUTHENTICATION SERVICE – fas
LOAD-BALANCING – l/b
NETSCALER UNIFIED GATEWAY – nug or netscaler ug
NETSCALER – ns
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
INTERNET SERVICE PROVIDER – isp
MANAGED SERVICE PROVIDER – msp

Introduction
Yes I will be talking about Citrix NetScaler only here as I am a Citrite, this blog post is more about methods vs. technical guidance so lets begin. In a previous life prior to my current role at Citrix I worked for a managed Internet Service Provider (mISP) or MSP where the customers I used to manage where required to deploy app, database & web servers (infrastructure) to service + support customer transactions at a massive scale but also ensuring a fast vs. efficient user experience at scale vs. normal usage. Today I am go explore how to optimise the delivery of web-based service fronted with(out) a Citrix NetScaler from startup to a global organisation we all can’t live without!

My scenario will focus on taking a web based service that you’ve developed as a start-up running on a single VM at instance type of any size running LAMP to be a continually hyper responsive web service as the load increases or popularity of the web service by first implementing simple but very effecting SysAdmin techniques. Your company is now born you’ve found a niche in a market segment/vertical and you’ve adopted a framework for development to build your web service platform on and you’ve identified where to host vs. run your web service from.

Optimising your Web Service to be Hyper Responsive with(out) NetScaler

You can deploy a successful vs. highly available web service without any ADC yes that is right, however there does come a point when its right vs. relevant and you will need to implement an ADC like Citrix NetScaler. So how can you? Well it comes down to thinking like a SysAdmin sometimes how can I optimise by removing stuff vs. consolidating roles or migrating them to alternative platforms.

Lets examine your Web Service that we’ve just launched its currently a single VM instance for argument sake its hosted in a public cloud like AWS vs. Azure vs. GCP or even a private cloud perhaps running on a XenServer host :-). You’re happy and believe your ready to begin your journey with your new startup so you begin promoting it socially on Twitter, LinkedIn, Instagram e.t.c and slowly over a few weeks the demand for the web service begins to grow steadily and you notice that the responsiveness isn’t 100% what it was a the time of launch so you schedule a maintenance window at say 04:00 GMT and scale up the VM instances compute resources to 4vCPU and 24GB of RAM including attaching another SSD HDD and you shift the content e.g images, CCS style sheets and JQuery files onto this HDD to improve performance by shifting I/O Reads for content onto another HDD.

Customers
EDGE
Web, Database & Content Roles running on a single Web Server

Happy days your web service is now back to that 100% (Initial launch experience) but now fast forward a few more weeks vs. months and your web services popularity increases organically vs. social and traditional marketing campaigns so your back to its not quiet as responsiveness anymore vs. isn’t 100% what it was a the time of launch so you schedule a maintenance window to perform some careful real-time investigation work to understand where are the bottle neck(s)? Each Web Service today in my personal opinion will have difference bottle neck(s) this is down to how its developed to run (standard alone vs. h/a cluster vs. globally distributed) vs. coded (framework vs. ground up framework) so careful monitoring of your web service platform from inception to the current date and the future is critical to help you continually truly scale your web service.

After reviewing the gathered insights from various tool(s)* you can see that the number of Reads to the HDD is quiet high and all to often I have seen decisions made to shift the database away from the web service onto another VM instance without checking what service is responsible for all those Reads and what location on the HDD the Reads are occurring from!? In my personal experience its mostly like not the database BUT the content e.g images, scripts, stylesheets that cause the high I/O Reads on the HDD when serving up content to load the web pages for customers on there end-points however with proper coding of your web service you can reduce this by caching the content on the users device (Laptop, PC, Mac, Smartphone, Tablet, Thin client) so when they change web pages there isn’t a hit on the web server (look at NetScalers HTTP Compression technology aswell) for the exact same content BUT only for what has changed perhaps image(s) of items they you want to acquire including its price + title + description collected from the database e.g change of search or click on the next/back buttons of there found vs. filtered results.

At this point you can do one of three things (1) you can migrate the database to an external VM instance and change the web service to connect to the database on now a remote server which is most commonly down without proper investigative work (2) if your in a public cloud you could choose to utilise a PaaS database service this option is not for everyone in my personal opinion just yet and its not necessarily a technology vs. security adoption blocker but I believe its a analytics blocker if the public cloud provider chooses to come into my market and also its way to NEW for me most common theme (3) keep the database exactly where is it and begin to or shift to delivering your Content via a CDN model or sometimes referred to as an Image Farm i.e the bits that make your website look good and the way it looks e.g images, logo, CCS style sheets, JQuery scripts that provide functionality + experience. This approach will help improve the users overhaul experience at any stage because the content is delivered via CDN model or method – https://en.wikipedia.org/wiki/Content_delivery_network (Example www.youtube.com) and not via the web server servicing up the webpage(s) from the web service anymore and typically the responsiveness of web service leads to a better experience for customers and there satisfaction goes up using your web service! This approach free’s up vital compute + I/O resources on your web server running your web service. Visit your favourite online retailer, ISV e.t.c and view the HTML source you’ll see what I mean! Most organisations typically don’t implement this earlier enough and often will implement this strategy after the ADC is deployed as the right vs. relevant skillset for managing your web service at scale simply is not available within the business yet.

Customers
EDGE
Web & Content Roles on single Web Server
Database Role on separate remote Server

Happy days! Your developer suggests to implement lets just keep it simple Round-robin DNS https://en.wikipedia.org/wiki/Round-robin_DNS so that he can make the web service multi web server enlightened e.g clustering so after some tests he/she deploys the new code onto the PROD web server and deploys 1-2 more web servers completes his tests and implements and deploys Round-robin DNS. Personally this is NOT something I would ever implement as if you don’t manage your DNS correctly with someone who knows what they are doing you could fall victim to DNS cache poisoning – https://en.wikipedia.org/wiki/DNS_spoofing or worse and bye bye web service = bye bye business! In a previously life prior to Citrix working at a mSP DNS management was taken very seriously for customers as without it your business would not be available online and the net outcome is simple you cannot transaction business to turn a profit and keep shareholders happy! Back to the blog so you know have a cluster enlightened web service platform to give you scale although its not prefect in my personal opinion with this strategy.

Customers
DNS
Round-robin DNS
EDGE
Web & Content Roles on Web Server
■ ■ ■
Database Role on separate remote Server

Happier Days lie ahead as more bottle necks in your web service have been resolved and the web service is becoming even more and more popular with customers in the particular City vs. County that you initially launched the web service from BUT now as more time passes and the business continues to growth from strength to strength, month on month you once again notice that the responsiveness isn’t 100% what it was a the time of launch vs. the last architectural change(s) that where made to enlightening web service platform and that you choose to switch the database to a remote VM instance, and I also am going to assume you did not implement the CDN concept for content (images, CCS, scripts e.t.c). So your business is now profitable and at a level where you have on-boarded the right vs. relevant skillset within the business to help take your web service to the next level i.e regional vs. GEO vs. global scale or you hire in external but experienced ADC professionals to help with the re-architecture of your web service platform or your go Serverless (Follow-up article!) but we’ll leave that one for todays post as its another blog post all on its own.

Upon investigation utilising various *tools (Network, Cacti, SmokePing, TOP e.t.c.), reviewing historical data points vs. graphs the decision is made that your web service platform now needs to adopt an (NetScaler) Application Delivery Controller (ADC) to scale smarter, intelligently and more efficently on-demand as the business grows while also ensuring high-availability 99.xxxxx% (You choose your 9’s) uptime 24/7/365 and to also maintain that initial customer experience during your startup phase or day 1 trading of business. In my view when implementing an ADC correctly the responsiveness should equal at scale if not be better than that first time you deployed your web service. At this stage most likely dependant upon the web service (What is it? game platform vs. online store e.t.c) you’ll potentially implement the following architecture to easily support a GEO or a region(s) within a GEO e.g EMEA or global scale and remove that Round-robin DNS method!

Content via CDN
Customers
EDGE
NetScaler ADC
□ □
Web/App Servers
■ ■ ■ ■ ■
Database Servers
■ ■
Content Servers
■ ■

What is NetScaler?
It’s a Layer 4-7 networking appliance https://www.citrix.com/networking/ that allows for securing and acceleration of workspace, web and app workloads while remaining transparent to customers. It comes in many different flavours vs. roles from providing secure BUT contextual remote access for SaaS, Web apps, virtual apps & desktops, R/A VPN with end-point scanning, microVPN e.g XenMobile apps e.t.c to virtualising your WAN by bonding multiple internet uplinks together through to supporting and monitoring a deployed web service(s) at local, regional, GEO or global scales all the while also providing deep insight and analytics into your organisation see the below video and much much more.

So Why Implement a NetScaler?
Implementing an NetScaler has many benefits it allows for offloading of TLS or HTTPS traffic https://docs.citrix.com/en-us/netscaler/12/ssl.html freeing up vital compute resources or cycles spent on decrypting the traffic where as now the web servers running your web service can have greater scale as they are now free to get on process transactions, monitor the health – https://docs.citrix.com/en-us/netscaler/12/load-balancing/load-balancing-builtin-monitors.html of each web server that is load-balanced (l/b) – https://docs.citrix.com/en-us/netscaler/12/load-balancing/load-balancing-how-it-works.html by NetScaler and if one or more web server(s) are performing poorly it will receive less transactions until it becomes more responsive, Datastream – https://docs.citrix.com/en-us/netscaler/12/datastream.html enables connection multiplexing to your database servers e.g more efficient writes + reads means faster transactions which means better performance of the web service with a net outcome of better user experience for customers, if don’t use the CDN concept for content take a look at the integrated cache feature – https://docs.citrix.com/en-us/netscaler/12/optimization/integrated-caching.html which allows the NetScaler to store and serve specific content saving a request to the server holding the desired content this further improving the responsiveness of your web service, support for Googles SPDY (Speedy) https://docs.citrix.com/en-us/netscaler/12/optimization/spdy.html and or implement HTTP Compression – https://docs.citrix.com/en-us/netscaler/12/optimization/http-compression.html which compresses responses from servers to compression aware-browsers example – https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/optimize-encoding-and-transfer even enable and allow SAML and OAuth – https://docs.citrix.com/en-us/netscaler/12/aaa-tm/oauth-authentication.html logins to now only SaaS apps but also Windows apps used inline with FAS within XAD 7.9+. The list goes on and on so be sure to check out the NetScaler online documentation at – https://docs.citrix.com/en-us/netscaler/12.html and remember NetScaler is an advanced ADC but can also do the following Secure Web Gateway, Web AppFirewall, Unified Gateway and SD-WAN.

My 30 Days of Citrix SecureNotes

The views expressed here are my own and do not necessarily reflect the views of Citrix.

The past 30 days I thought I’d try a XenMobile secure app I’d honestly never really used before as I store my notes within a secure app which is only accessible from my Citrite Windows 7-10 virtual desktop. This blog is a summary of my views about using Citrix Secure Notes why I am now going to switch to Secure notes from my primary note taking app and its NOT a traditional noting taking app at all!. It is also worth mentioning that before I begin discussing Secure Notes I personally have never really found a note taking app that meets my personal requirements vs. DEMANDS maybe that is because I been doing personal/business web development with languages such as PHP, HTML(5), CSS, Javascript in my personal time since I was a teenage so prehaps I’m looking for something that looks vs. feels like something i’d develop one day? Who knows! For now I’ll leave this thought as it stands and back to Secure Notes!

I thought i first start off with a tour of Secure Notes followed on by my personal views and thoughts of using Citrix’s Secure Notes thereafter.

Tour of Secure Notes

1. You can login from a web browser at http://securenotes.citrix.com and if you want to sign-in via your organisations IdP select “Log in with my company credentials
2.Enter in your organisations ShareFile subdomain e.g MyOrgName
3. It will redirect you to you’re organisations IdP login where you will be prompted for a username + password and potentially another form of authentication like a receiving a telephone call, virtual token or asked to verify yourself using your biometric authentication.
4. Once you are signed in your can begin creating a note (secure website version of Secure Notes) by providing it a heading and then in the body text your notes or drag and drop pictures, tag your notes and assign it to a notebook (collection of notes perhaps by project vs. organisation vs. team meetings e.t.c), delete unwanted or irrelevant notes, set a reminder against a note, favourite the note or search of other notes that you’ve created.
5. Now you can see in this image that I have been using for sometime now its still less than 30 days but I’m using notebooks to assign my notes by partner, customer vs. major events and i’ve tagged selective notes that require a follow-up and then I remove tags once its completed.
6. I have switched to the Notebooks view from theAll Notes which organises your notes based upon your created notebooks in my case by customer, partner & events and then I assign my notes to these notebooks so i can easily navigate notes for example by a partner or just use the search filter (whats right vs. relevant to you).
7. All your notes are stored securely within your ShareFile personal folder, and if your using Drive Mapper with your Citrix virtual apps & desktops the path to see your notes is at – “S:\Personal Folders\WorxNotes.root” and it does not matter whether your creating your notes using the website version of Secure Notes at – http://securenotes.citrix.com or even if you create your notes using the secure XenMobile enabled app called “Secure Notes” which is available from the public app store for iOS – https://itunes.apple.com/us/app/citrix-secure-notes/id1157570015?mt=8 and Android – https://play.google.com/store/apps/details?id=com.citrix.note.droid&hl=en_GB and controlled by XenMobile MDX technology to stop cut, copy and paste. You can learn more about MDX by reading the XenMobile security white paper available at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security-understanding-the-technology-used-by-xenmobile.pdf.
8. If I now switch to a mobile world and I mean using a smart phone or tablet and for convenience sake I’ll be using the Secure Notes app I can see that I have the similar same capabilities and functionality vs. the secure website versions.
9. I can insert a picture, tag it, favourite it, set a reminder e.t.c but now I can record audio.
10. I can create my notes offline and when your back online it will sync your note(s) back up to ShareFile and you’ll notice the red cloud icon disappear.
11. Send your notes as an embedded message within Secure Mail body vs. PDF file attachment by selecting your preferred choice.

My Personal Views
Coming….

Lite Tech Overview of Secure Notes
Review all the features and caveat at – https://docs.citrix.com/en-us/xenmobile-apps/10/secure-notes.html

1. Currently only iOS 9-10, Android 5-8 phones BUT its not supported on Tablets!*
2. Selecting a storage location for your notes upon setting up the app your asked if your prefer to store your notes in Microsoft Exchange Server or for your Secure Notes + within a ShareFile StorageZone. You can provide users with a choice of both upon on-boarding within the Secure Notes app.
3. Once users have been setup the XenMobile Secure Hub agent can handle SSO or push the app to users whom have enrolled into XenMobile’s MDM.
4. Supported file formats include – *.M4A, *.JPEG, *.PNG, *.BMP, *.GIF, *.WebP for rich editing experience.

I’ll be presenting at UCDay 2017 and why you should consider attending yourself!

The views expressed here are my own and do not necessarily reflect the views of Citrix.

This year I am honoured to be presenting at UCDay 2017 (founded by MVP Andrew J. Price) which is described as being the UK’s Premier Microsoft Community Conference (check out the speakers for a starters!) which is to be held on 9th October at National Motorcycle Museum, Birmingham, UK with this years sessions key focus on Microsoft Azure, Skype for Business, Office365, Exchange & Cloud. Personally I’ll be delivering the following community session entitled “Deploying Citrix (Cloud) Workloads in Azure and Beyond ARA” details about my session are available at – http://www.ucday.co.uk/timetable/event/deploying-citrix-cloud-workloads-in-azure-and-beyond-ara/ and if you have any asks vs. requests for me to cover during my session please feel free to DM on Twitter @ https://twitter.com/lyndonjonmartin or LinkedIn @ https://www.linkedin.com/in/lyndonjonmartin.

On a personal note I am seriously keen myself to take the opportunity to learn, network, connect with my peers and attend some of the other knock out sessions (when its NOT my session), so be sure to check out all the sessions at – http://www.ucday.co.uk/schedule/#not-set:all delivered by community IT Pro’s focused on EUC, UEM, Workspaces, Public Cloud (Azure), UC & Collaboration and more and then get registered for a ticket at – http://www.ucday.co.uk. For me attending UCDay is an absolutely MUST weather you’re a customer vs. partner vs. consultant vs. vendor (think Microsoft eco-system) and it will enable you to gain invaluable insights from industry experts focused on the above topics and more from around the globe YES thats right not just the UK! Check out the speakers bios at – http://www.ucday.co.uk/ourspeakers/.

As I published this blog post it got me thinking as this is my very first UCDay I’d like to understand the origins of UCDay, how as a presenter vs. attendee on the day I can benefit from attending this great event. So I posed the following questions to the Founder of UC and Cloud Day Andrew J. Price http://lyncme.co.uk (Personal Site) whom is also an Office Servers and Services MVP.

1. How has UCDay changed vs. evolved since you first founded it and delivered that first opening keynote?

UC Day has evolved from a dedicated Microsoft UC Event into a leading Community Conference focusing on all the whole Microsoft 365 stack. When I originally started this journey I never expected it to grow as much as its done over the past 3 years. There is a lot of work happening in the background to continue the growth of this event to becoming a leading EMEA region conference that is free for all to attend.

2. What can attendees expect from the day based upon your experience?

Attendees can expect an action pack day full of networking with sponsors, peers and industry leaders in all things Microsoft Cloud related. UC and Cloud Day is a perfect platform for like minded invidiuduals to learn and grow as IT Professional and create new partnerships with our sponsors.

3. What are the key takeaways for attendees about the day vs. sessions?

Attendees will be able to take away knowledge from real world scenarios that our speakers encounter during their engagements with customers, as well new professional contacts that may assist with existing or future projects.

4. You are a MVP for Office Servers and Services what is it and how many other MVP’s will be at UCDay?

MVP Status is given to community leaders who go above and beyond the call of duty to share their experience with the Microsoft Community. I am recognised as Office Servers and Service MVP for my work within the Office 365 and Skype for Business communities. This year we will have over 20 MVPS across multiple award categories from around the global.

5. Any hints for what you’ll be discussing in your keynote at UCDay this year?

I will be talking about the “evolution” of UC Day and handing over to Microsoft who will be delivering the latest message about the “evolving” marketspace.


I hope to see you at UCDay this year.

All the best,
L-J

myCUGC announces Citrix Technology Advocates (CTA) class of 2017

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Today Citrix community leader Stephanie Roper – https://twitter.com/Roperjs announced the class of “Community Champions: Citrix Technology Advocates (CTA) for 2017” at – https://www.mycugc.org/blog/community-champions-cta which I have been honoured and humbled to become part of with a few other fellow Citrites whom consistently like our fellow CTA’s and CTP’s for that matter advocate and more often than not eat, sleep and breathe Citrix technologies daily. Finally thank you to, Stephanie Roper for leading the CTA programme, the #myCUGC team https://www.mycugc.org/ and of course the great company that I work for which is of course https://www.citrix.com.

2017 UKI #CitrixPartnerLove Challenge #8 Find My Location

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://t.co/TutUZ9taVS to print.

2017 UKI #CitrixPartnerLove Challenge #7 Stop the Difference

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://t.co/nqooPlWElw to print.

SAML Sign-in to Virtual Smartcard for Virtual Apps & Desktops

The following content is a brief and unofficial prerequisites guide to setup, configure and test accessing virtual apps and desktops authenticated via SAML IdP (Google OAuth) powered by XenApp & XenDesktop 7.14.1+ and NetScaler Unified Gateway 11.1 prior to deploying a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
FEDERATED AUTHENTICATION SERVICE – fas
SECURITY ASSERTION MARKUP LANGUAGE – saml
IDENTITY PROVIDER – idp
SERVICE PROVIDER – sp
USER AGENT – ug
NETSCALER UNIFIED GATEWAY – nug or netscaler ug
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
STOREFRONT – sf

What is OAuth?
Wikipedia definition – https://en.wikipedia.org/wiki/OAuth and Google’s definiton – https://developers.google.com/identity/protocols/OAuth2.

What is SAML?
Wikipedia definition – https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language.

Why this blog article?
For me as organisations begin shifting to a Cloud native or Cloud First (i prefer hybrid cloud) stratergy they begin too embrace PaaS e.g Citrix Cloud, Office 365 BUT a common major problem is where does the users identity live and do I need replicate it (read-only, passwd hashes e.t.c) and secondly mobilising of data repositories is another major requirement vs. problem. ShareFile can help in solving your data mobilisation problems which I will follow up in a separate blog article in the future to expand upon this, but for now back to SAML and Identity.

Utilising the Federation Authentication Service or FAS for short which is part of XenApp and XenDesktop (see feature matrix – https://www.citrix.co.uk/products/xenapp-xendesktop/feature-matrix.html) in-line with NetScaler UG enables organisations to solve numerous problems about identity (where is lives vs. its synced to data centres A through C e.t.c) enabling access to any type of app fronted by NetScaler Unified Gateway working inline with FAS.

NetScaler for me is your organisations front door (knock knock) e.g https://go.axendec.com or if you know me #10 Downing Street from on any device and it controls how the users authenticates requirements e.g AD, AAD, SAML vs. OAuth 2.0, Biometrics (e.g VeridiumID watch – https://www.veridiumid.com/video-citrix-ready-partnerspeak-veridium/ which is Citrix Ready and be sure to check out https://www.veridiumid.com/biometric-authentication-technology/biometric-connectors/), however in this scenario i’ll focus on access from devices that support a modern web browser (HTML5) to keep it simple. The below table depicts a user that has successfully loaded onto NUG with SMAL vs. OAuth 2.0 credentials and they can go left towards SaaS web apps or right towards virtual apps & desktops where FAS + StoreFront + Int Windows CA will generate a virtual smart card from the SAML token passed from NetScaler to SSO onto the required resource e.g Windows Server 2016 virtual desktop.

SaaS NetScaler Unified Gateway Virtual Apps & Desktops
User logins with SAML credentials e.g AAD, Google OAuth 2.0
← SAML or OAuth 2.0 Token →
Office365 XenApp & XenDesktop,
StoreFront, FAS & Internal Windows CA

PoC SuGgEsTeD Architecture Diagram – BASIC
I have gone for a very simple diagram approach here to help those will little to no knowledge on SAML, OAuth 2.0, AD Shadow accts, virtual smart cards get up to speed.

User Login Flow (Not Step by Step its High Level)
1. The user navigates to the SAML IdP logon webpage setup, configured and hosted by NetScaler UG.
2. The user is automatically redirect to the Google auth login web page to authenticate.
3. Once the user is successfully authenticated at Google they are re-directed back to the NetScaler UG and auto signed in and auto redirected (Responder Policy) to the configured Unified Gateway (my use case here) or ICA Proxy vServer.
4. The user can then select from a choice of Full vs. Clientless VPN or Virtual Apps & Desktops (Selected). Note that in the username will be user@domain while still on the NetScaler UG.
5. The user is SSO onto ReceiverforWeb hosted + powered by StoreFront and the user selects to launch an there choosen HDX virtual app and or desktop(s), you’ll now notice that the username is now first, last name.
6. StoreFront initiates and generates a ICA/HDX file for the user while communicating with FAS + internal Windows CA to generate a virtual smart card for the user that will be used to SSO the user onto there requested resource(s) e.g a Virtual Desktop.
7. The user receives the ICA/HDX file and Receiver automatically launches his/her virtual app and or desktop.

Demonstration WhoamI?

PoC SuGgEsTeD Architecture Diagram – ADVANCED

The Actual Login Flow
Coming…*

Pre-requistes & System Requirements – Google OAuth 2.0
1. Navigate to https://console.developers.google.com/projectselector/apis/credentials and sign-in with your Google credentials.
2. Select “Credentials” under API Manager then select to “Create” a Project
3. Enter in a new “Project Name” and read and review Googles EULA and notification service about updates etc.
4. Google will create your Project
5. Select “Create credentials” and from the drop down select “OAuth client ID”
6. Configure “OAuth consent screen” the bare minimum is to select “Product name shown to users” e.g MYProJectName and then select “Save” you can return later and complete …
7. Now you need to create a client ID select the application type to be “Web Application”
Enter in a friendly name:
– For “Authorized JavaScript origins” enter in “:4443”
– https://YOUR-FQDN:4443
– For “Authorized redirect URIs” enter in “:4443”
– https://YOUR-FQDN:4443/oauth/login
– Select “Create” twice
Google will now create your OAuth credentials and a popup screen will appear with your “Client ID” e.g xnxnxnxnxnxnxnxnxnxnx.apps.googleusercontent.com and “Client Secret” e.g 123456789xnxnxn
8. Now store of copy of these for later in a safe please as you’ll need it for the NetScaler configuration later.

Pre-requistes & System Requirements – Citrix
NetScaler
1. Review the deploying NetScaler guide for your chosen resource location at – http://docs.citrix.com/en-us/netscaler/12/deploying-vpx.html. If your wondering what a Resource Location click this link – http://docs.citrix.com/en-us/citrix-cloud/overview/about/what-are-resource-locations.html.
2. Download vs. deploy your NetScaler virtual appliance on your own terms e.g upload and boot on a hypervisor vs. deployed via a IaaS market place.

– Traditional hypervisors configurations for PoC vs. Home purposes only 2vCPU 2-4GB of RAM
– Cloud hypervisors e.g Azure, AWS for PoC vs. Home purposes only 2vCPU 3.5GB or RAM

3. Licensing Your NetScaler
3.1 You’ll need to license the appliance so obtain trial of e.g VPX 1000 and or 3000 from http://store.citrix.com/store/citrix/en_US/pd/productID.278306700/ThemeID.33753000 or search for Citrix Eval Store at Google.com.
3.2 The above link should redirect your to the NetScaler ADC part of the Eval Store
3.4 Select model type of “VPX” then select variation e.g “1000 vs. 3000 Platinum” and for duration select “30, 60 or 90 Days“.
3.5 Complete the onscreen steps and please note that you will require a valid Citrix.com account or you need to create an account in order to complete the trial request to obtain the eval license.
3.6 Once you’ve received your eval license via email navigate to at https://www.citrix.com/account/toolbox/manage-licenses/allocate.html and select find and allocate your licenses or look for the licensing button (link) and select it.
3.7 If your eval license it not visible e.g created by a Citrix rep or one of our partners –https://www.citrix.com/buy/partnerlocator/ select “Don’t see your product?” top right-hand side (small text!). A pop-up appears now enter in the eval lic provided in the format of “NNNN-XXXXX-XXXXX-XXXXX-XXXXX” and select to continue.
3.8 You will need to enter in the Host Id of your NetScaler it can be found once logged in using the NS Admin Web UI “NetScaler -> System -> System Information” then look under the heading “Hardware Information” and you find “Host Id” copy and paste it into the required field and then download the license file.
3.9 In the NS Admin Web UI click the cog icon top right then select licensing and upload the license and select to reboot the NS to apply the license.
3.10 Your NetScaler is now licensed now simple enable the required features that you need vs. require by right clicking a feature e.g NetScaler Gateway select “enable” e.t.c

4. If your in a Public Cloud setup your (Network) Security Groups to allow you external traffic to your NetScaler and i’d suggest that your disable SSH on port 22 from the world and only enable https 443 and use a Windows server + PuTTY within your Azure RG vs. EC2 VPC to interact with your NetScaler. Note: I am keeping it simple here re DMZ/Edge vs. TRU vs. Mgmt networks. Traditional rules apply for Private Cloud setups or WWW vs. DMZ vs. TRU vs. Mgmt networks.

Federated Authentication Service (FAS)
1. Download FAS Software is part of the XAD 7.9+ ISO – https://www.citrix.co.uk/downloads/xenapp-and-xendesktop/ and select 7.15 LTSR
2.
System Requirements – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html
3. Deploy GPO Policies – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_6ba9/
– List + Enable XAD Broker/Controller
– Enable in-session certificate support
4. Certificate Authority – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_27dd. You may require or choose an Internal Microsoft Windows CA 2012 R2 or 2016 (Test with in this PoC)
Active Directory Certificate Services – https://technet.microsoft.com/en-us/library/hh831740.aspx
– Configuring Windows for Certificate Logon – http://support.citrix.com/article/CTX206156
– Setup Certificate Authority – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_8dfa
5. VERY IMPORTSANT When Configuring User Rules for FAS list all the required StoreFront Servers, VDA’s and User(s) either by individual object or group e.g. AD Security group PoC SAML Users – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_6ba3
6. Enable FAS for the default or custom Store on StoreFront – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-13/secure/federated-authentication-service.html#par_anchortitle_32e2
7. A full AD Admin account for all components will help and save time during the PoC

Deploying @gmail login to NetScaler using OAuth 2.0 / SAML
Coming….

Recommended Reading
Credit to Citrix *CTP Dave Brett – http://bretty.me.uk/citrix-xendesktop-7-9-google-accounts-and-fas-for-xendesktop/ and I’d strongly recommend your read his blog post! His approach vs. requirements differs slightly from that of my own requirements. He saved me a lot of time and in testing + reading through eDocs so @dbretty thank you!


#CitrixPartnerLove
However in the *interim if your a Citrix Partner and you want to learn more and how to deploy this today! You can access the following on-demand entitled “SAML to Virtual Smartcard Sign-in for Virtual Apps & Desktops” at – http://enablement.citrix.com/library/items/1261 BUT you will require a valid Citrix partner login.

2017 UKI #CitrixPartnerLove Challenge #6 Traffic Flows

The views expressed here are my own and do not necessarily reflect the views of Citrix.

You can download the image at https://lnkd.in/dN74-97 to print.

Why You’ll Love ShareFiles Workflows and eSignature Features

The following content is a brief and unofficial guide to testing and using ShareFile Workflows prior to implmenting it for a PoC. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
SHAREFILE – sf
WORKFLOWS – wf
CITRIX – ctx

Understanding what is ShareFile?
Its a cloud-based file sharing service that enables users to easily and securely exchange documents from any cloud to any device or location around the global securely (HTTPS) with auditing, eSignature, document workflow, check in/out, multi-factor auth capabilties and so much more! For a good overview visit https://www.sharefile.com/features.

I love this why ShareFile video its simply brilliant! A good 2 minutes well spent that leaves you felling happy and understanding why ShareFile?

What are ShareFile Workflows?
It’s about wrapping a collaborative workflow around the actual document to acheive an outcome more efficently at a faster pace that before as all invited parties are able to collobrate on the same document by annotating with comments in any area and start a conversational thread with the ability to finally mark the annotated comment(s) as “Resolved” and the initiator of the Workflow can “Agree” to comment(s) using a simple thumbs up. Finally the invited party(s) have the ability to approve the workflow.

Approving the Workflow disables any further collaborating capabilities and therefore allows the initiator and most likely the document author to begin making necessary changes to the documents via a traditional installed, web or virtual Office app.

You can read more about – https://support.citrix.com/article/CTX213782

A Sample Workflow Explained


High resolutions image available at – https://pbs.twimg.com/media/DBZ5PcWXYAAgHfW.png:large

1. Login into https://*.sharefile.eu or .com from your favourite internet browser.
2. Once logged into select to Upload a sample Word or PowerPoint document with a screenshot of your organisations website and some text from a different webpage beneath it. If you’re already using ShareFile Drive Mapper drop it into a folder within your “Personal Folder” and if you have no idea what I am talking about you should def 100% STOP download it now from – https://www.citrix.co.uk/downloads/sharefile/clients-and-plug-ins/sharefile-drive-mapper.html and then read this CTX article before continuing to read further – https://support.citrix.com/article/CTX207791.
3.Once you’ve upload or synced the sample document refresh your internet browser and under “Recent Files” select the file and your see a preview (powered by MS Office365 Preview) of the document on the left and some actions on the right hand side look for “Initiate Approval” and select it which will open up a new browser tab with the following URL e.g https://citrixworkflows.sharefile.com/workflows/new?sharefileStreamId=xxxxxxxx where xxxxxxxx represents the ID of this workflow.
4. You’ll see a preview of your document on the right hand-side and on the left hand side your see a three workflow types (a) Get Approval (b) Collect Feedback (c) Create Request List
5. For this sample workflow we’ll going with option (a) Get Approval so select it
6. Select a due date e.g the next days date or a date within 7 days from the date of initiating the workflow so your approvers have time to respond if you aren’t able to view there calendar(s) so they can provide annotate and provide feedback on the sample document.
7. Add Approver(s) (Add people who are required to approve this document) E-mail address and Name (optional but preferred) and you can require that they have to login and I love this check box feature “Every approver must re-approve newly uploaded versions”!
8. My next favourite feature “CC’s” allows you to include any individual(s) whom can access the workflow workspace and comment, BUT they cannot approve the document workflow 🙂 !
9. You can also add message that the recipients will receive when you start the workflow.
10. Review your approvers, CC’s and message and then select to “Start Workflow”.
11. You can begin to annotate the document in your chosen area(s) including starting a conversation with all participant(s), while ShareFile e-mails them.
12. Approvers and CC’s receive an e-mail notification with a secure link too join the ShareFile workflow workspace that you have already started to work on.
13. You’ll receive notifications that participant(s) are commenting on your annotations, replying to your activity thread.
14. The Approver in this case has now agreed to all my annotations and has chosen to “Approve” the document approval workflow as he/she agrees with the suggested document changes, which the author can now begin to edit the way he/she would like to e.g online directly from ShareFile provided that you have the correct Office 365 subscription for more info check out “CTX208340 ShareFile Office Online Editing” – https://support.citrix.com/article/CTX208340.
15. You’ll also receive an e-mail notifying you that the workflow has been approved!.

There is also a simple overview of the Feedback and Approvals Workflow by Citrix ShareFile available at – https://www.youtube.com/watch?v=ASEUqcaOt7k or watch the embedded video below.

In summary ShareFile Workflows helps you and your organisation collaborate on documents more efficiently to acheive outcomes at pace with better results!

Workflow API’s
Quiet often I’m asked are there any available APIs for ShareFile Workflows? Yes! Its accessible at the following URL at – http://api.sharefile.com/rest/docs/resource.aspx?name=Workflows.

eSignature ShareFile RightSignature
The eSignature capabilities within Citrix ShareFile is powered by the acquisition of RightSignature with more details available at https://www.sharefile.com/resources/rightsignature and https://rightsignature.com.

I’ll be providing a tour of eSignatures in due course…

My Best of #CitrixSynergy 2017

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
CITRIX USER GROUP COMMUNITY – cugc
HYPER CONVERGED INFRASTRUCTURE – hci

Introduction
Its my 5th #CitrixSynergy and this is def one of the best Synergy’s I have ever had the privilege of watching virtually from London, England. Why not in person? I prefer to watch virtually as I am to consume more content faster and translate that into content to update Citrix partners/customers in a timely manner at high level and tech deep dive where required in particular areas or topics. Finally this blog post will most likely change over the next 2-3 weeks as I consume all of the Synergy 2017 content as when/how I can.

My Highlights of the Key Notes
Vision Keynote

– 4:45 Citrix User Group Community – https://www.mycugc.org THANK YOU! Join the community today its powered by some of the most passionate Citrix and Technology advocates from around the global!
– 11:00 Red Bull Racing I’m not going to say anything you need to watch it!
– 21:45 Cloud powers the world
– 27:00 Digital Frontier Companies
– 39:00 Citrix Secure Digital Workspace with a software-defined preimeter
– 40:57 Citrix Workspace Services and a brief demonstration by Citrix’s CEO
– 42:25 SD-WAN / Gateway / WebApp Firewall / DDoS (NS 12+) as a Service
– 47:35 Citrix Analytics Service
– 1:01:00 “Better Together” and video message from Microsoft CEO Satya Nadella
– 1:12:25 Citrix + Google Chromebook (Skype for Business, Office365 and much more…)
– 1:18:00 Healthcare customer story “Partners Healthcare”

Technology Keynote

– 22:00 Unified Workspace (its Adaptive and Contextual by device/location and it changes the users published resources and its access type!) which brings together some of the most crucial aspects of todays modern apps, desktops, data & your location in a single view with casting capabilities but not demoed as instead instead*
– 29:00 *Workspace IoT (SmartSpaces) demonstration with a users own mobile phone enables an auto login to a Win 10 VD at guest location including welcoming the user based upon his/her smart phone used as there identity. Security people feel free or you will be going nuts right now!
– 32:30 Its all about layering you guessed it Citrix App Layer enabling IT to say YES! Note demo was demoed using a Samsung DEX check it out – https://www.citrix.com/blogs/2017/03/29/instant-desktop-computing-from-the-new-samsung-galaxy-s8-smartphone/
– 39:40 Workspace Appliance Program e.g HCI
– 42:35 Protect against Zero day attacks with XenServer and BitDefender which is available but is something which Citrix announced on 21/06/2016 yes thats right 2016 entitled “A Revolutionary Approach to Advanced Malware Protection” – https://www.citrix.com/blogs/2016/06/21/a-revolutionary-approach-to-advanced-malware-protection/ 21/06/2016 yes 2016!
– 47:00 Brad Anderson Corporate Vice President of the Enterprise Client & Mobility @Microsoft discusses shortly and then prefers to demonstrates our joint Citrix + Microsoft “Better Together” capabilities in Mobility, Virtualisation delivery from Azure and more.
– 1:01:38 Digital Jungle discussion its def worth your time if you about security and managing the experiences of your users workspace!
– 1:47:25 Vision of how the Digital Workspace is going to evolve

Citrix Synergy TV Breakout Sessions
The following are my current top sessions to watch in no particular order that I believe you’ll gain a lot of value out of watching BUT note that this may change as I continue to consume more of the on-demand content from Synergy 2017.

– SYN318 A to Z: best practices for delivering XenApp, XenDesktop – https://www.youtube.com/watch?v=jnnZTKBy18c&feature=youtu.be

– SYN111 – What’s new with Citrix Cloud and what’s to come – https://www.youtube.com/watch?v=C-UunHGKqLY

– SYN120 – NetScaler SD-WAN updates – https://www.youtube.com/watch?v=CdqIkCb86uU

– SYN103 – Citrix App Layering – https://www.youtube.com/watch?v=KBYoVeAYnSA

– SYN118 – What’s new with NetScaler ADC – https://www.youtube.com/watch?v=uMefjGwRMeU

– SYN121 – What’s new with NetScaler Unified Gateway – https://www.youtube.com/watch?v=-ovb4TIb5JY&t=28s

– SYN115 – Why should I use ShareFile if I already have Office 365? – https://www.youtube.com/watch?v=kESgKT7_mJw

Innovation Super Session
Awaiting for the on-demand video publication but for now I will leave you with the following Tweet as a thought or rather a reminder to make sure that you watch it if you missed it!

Synergy 2017 Advocates Blog Posts
Citrix Synergy 2017 – It’s a Wrap – See all the most important announcements listed here! By Christiaan Brinkhoff. – https://blog.infrashare.net/2017/05/29/citrix-synergy-2017-its-a-wrap-see-all-the-most-important-announcements-listed-here/