Monthly Archives: April 2018

Citrix Innovation Award Finalists for #CitrixSynergy 2018

Its that time of the year where you Citrix customers, partners can vote for your favourite Citrix Innovation Award Finalist.

This year see’s a great mixture of customers in different markets all leveraging Citrix technologies as the enabler for transformation within there organisations to embrace a new way of working or #ThisIsHowTheFutureWorks powered by Citrix Networking, Workspace and Security & Platform Analytics from https://www.cloud.com/.

I would encourage you to watch all three videos describing there journey before casting your vote as there is some really great innovation happening within these Citrix customers and if you want to get started visit https://www.citrix.com or https://www.cloud.com/ today.

Beazley from the UK – Insurance

Quote “A new mindset to work wherever I am, because I have the tools that Citrix provides and Beazley…” – @dalesteggles

Health Choice Network, US – Healthcare

WAGO, Germany – Engineering

All the very best to this years Finalists.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Citrix Ready WorkspaceHub Tech Preview (TP) Getting Started?

The following content is a brief and unofficial prerequisites guide to setup, configure and deploy the Tech Preview of the Citrix Ready WorkspaceHub using an Android Receiver on a mobile smart phone (April 2018) with XenApp & XenDesktop 7.6+ LTSR. The views, opinions, and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
SECURITY – sec
NETSCALER – ns
NETSCALER GATEWAY SERVICE – nsg service
WINDOWS – win
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
WORKSPACEHUB – wh

Introduction
Citrix has recently announced the availability of the Tech Preview of the Citrix Ready WorkspaceHub at – https://www.citrix.com/blogs/2018/04/04/its-here-download-the-citrix-ready-workspace-hub-tech-preview-today/. So what exactly is it? Its a Raspberry Pi 3 platform at its core with Citrix technology + innovation built into it to provide a number of innovative capabilities for the Digital Workplace #thisishowthefutureworks. For me seeing is believing so the below embedded Tweet by Bas Stapelbroek – @hapster84 or https://twitter.com/hapster84 is a short video clip that demonstrates just one of the many powerful capabilities (sign-on to a thin client using a QR code while your virtual desktop still runs on your smart phone smooth roaming +++++ I like to say) available as part of the Citrix Ready Workspace Hub.

Full credit of the above goes out to Bas Stapelbroek – @hapster84 and thank you for allowing me to include it in my blog post.

You’re probably asking yourself how do you manage them you ask? You leverage Stratodesk NoTouch – https://www.stratodesk.com/products/workspace-hub/ whom work with our supported Citrix Ready Partners that provide the Citrix Ready WorkspaceHub for Internal or external you can use Citrix XenMobile+.

Please visit the StratoDesk webpages for nComputing – https://www.stratodesk.com/products/workspace-hub/ncomputing-rx-hdx-citrix/ and ViewSonic – https://www.stratodesk.com/products/workspace-hub/viewsonic-sc-t25-citrix-hdx-ready-pi/ for more details around the capabilities, specifications e.t.c of each platform.

You can put the device down and lock it but be sure to refer to *page 14 for helpful tips.

Pre-requitstes & System Requirements
You’ll need to sign-up to the Tech Preview program at – https://podio.com/webforms/20685654/1419376 however I urge you to please please please read through this Citrix Forum Discussions post at – https://discussions.citrix.com/topic/394304-welcome-to-the-tech-preview-of-the-citrix-ready-workspace-hub/ and finally you should before you get started once you have your h/w and have been accepted into the program read through the the TP documentation available at – * https://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/current-release/downloads/workspace-hub-preview-2018.pdf which is the below in more detail.

– Your require at a bare minimum XenApp 7.6 LTSR environment running 7.6 VDA for Windows Server (remember this is a Tech Preview ONLY as of April 2018)
– You require a physical Citrix Ready WorkspaceHub device – http://citrixreadyprogram.com/workspace-hub/ which currently includes thin client vendors in alphabetical order nComputing and ViewSonic. If you have had it for a while e.g 2017 firmware please read pages 2 (end)-3(top) for instructions on where to obtain the firmware updates. See page 2 for full h/w details.
– TP only supports Android Receiver 3.13.5 or later for Mobile devices + Bluetooth for
– Networking persecutive your require Android smart phone and WorkspaceHub to be on the same Wi-Fi network with the following open ports 55555, 55556 (default port for SSL connections) and ports 1494 and 8500 must not be blocked for Citrix Casting to work between the Android Receiver on Mobile Device <-> Citrix WorkspaceHub.
– Internal centralised management utilises Stratodesk https://www.stratodesk.com/kb/Main_Page to get started or for external management you can use XenMobile+ also on page 3.
– If you’re looking for Skype for Business support check out page 5
– Recommended HDX Graphics Mode and policy for the TP is to set and enable H.264 for fullscreen the policy is “Use video codec for compression” setting to “For the entire screen
– Setting up Receiver page 7 ensuring that you DO NOT SELECT e.g UNTICK “Add account type as Web Interface” and during the setup you’ve need to complete the Touch-Free mode for proximity authentication enabled vs. disabled page 8-9. Now test the proximity referring to page 10.
– Setting up the session roaming with a QR code, TLS/SSL (requires SHA256is covered in pages 11-15 with Stratodesk NoTouch
– Please please please read through thoroughly the known limitations within the TP on page 16 and finally there is Citrix Discussions Forum available for support during the TP at https://discussions.citrix.com/forum/1726-citrix-ready-workspace-hub-preview/.

In Closing
I hope you found this blog post useful as I have written it due to the number of people contacting me via social platforms, Slack and of course traditional communications like telephone calls, text/sms and yes email. A final thought, be sure to check out a short demonstration + talk on Citrix Casting and a lot more detail at – https://www.citrix.com/products/citrix-workspace/iot.html.

Disclaimer
Please read the “Citrix Ready Workspace Hub PreviewDisclaimerCitrix Ready Workspace Hub Preview Citrix Ready Workspace Hub Preview” on page 1* and a note to Citrix Investors is listed at the bottom of the blog post announcement of the TP program of the Citrix Ready WorkspaceHub at – https://www.citrix.com/blogs/2018/04/04/its-here-download-the-citrix-ready-workspace-hub-tech-preview-today/.

Session Watermarking for App & Desktop Security by Citrix XenApp & XenDesktop 7.17 or #CitrixCloud

The following content is a brief and unofficial prerequisites guide to setup, configure and deploy Session Watermark policy feature with the XenApp & XenDesktop Service (April 2018) or XenApp & XenDesktop 7.17 on-premises prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
SECURITY – sec
NETSCALER – ns
NETSCALER GATEWAY SERVICE – nsg service
WINDOWS – win
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad

Introduction to “Session Watermark”
The latest release of the XenApp & XenDesktop Service powered by Citrix Cloud or if you are performing a private cloud (on-premises) upgrade or net new installation of XenApp & XenDesktop 7.17 has some NEW features (another post brewing) and one that I have been waiting on for quiet sometime now has not finally arrived (WAHOO!) and its VERY VERY simple to configure and aids in improving your security posture (I believe) for delivery of apps & desktops powered by Citrix against e.g IP theft. In the below tweet can you see it?

The above is from my initial tests using a Windows Server 2016 VM hosted in Azure Northern Europe region running the 7.17 VDA configured to my Citrite #CitrixCloud XenApp & XenDesktop Service so I did not need to upgrade anything to get this new SHINY cool feature yes I said it SHINY. All I was required to do was deploy a new Windows Server 2016 VM from the Azure marketplace, domain join it, install the VDA and connect it to my Cloud Connector and I was ready in less than 25 minutes from initially deploying the VM from the marketplace.

Finally on a personal note for me Citrix SysAdmins enabling the “Session Watermark” feature obviously initally tested in a safe environment e.g UAT with a few users from a couple of departments and then rolling it out into production (as when/how your ready) will be making IT the modern “App & Desktop Security Heroes“. IT can apply and configure these new policies to be the most right vs. relevant for your organisations security needs while not hindering the end-users Rich HD eXperience.

Session Watermark Policies
You have 8 watermarking policies to apply with the 9th one enabling this security capability or feature set with the following list of quirks, suggested policy configuration and more available at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/policies/reference/ica-policy-settings/session-watermark-policy-setting.html.

Before we get started it is worth mentioning that this feature does add an overhead to the compute on the backend (VDA side) and therefore it is suggested to enable up to two water marking features or items. In my overview of this feature I will wont cover off the cost of implementing this security policy as there are multiple variables to consider e.g HDX Graphics Mode and associated policies to provide the right vs. relevant end-user experience vs. how many watermark items do I apply? I have begun testing so bare with me and I’ll publish my findings either on my personal blog here or on https://www.mycugc.org under the “Expert Insights” area.

Enable session watermark
By default this feature is DISABLED as the default behaviour which I believe is the right approach considering its Citrix’s initial release of this #security feature (in my personal view) and secondly online documentation at eDocs suggested recommendations it to enable NOT more than two watermark text items. Finally * indicates that this policy is DISABLED by default when Session Watermark is enabled.

Include client IP address
* This is the IP addr of the device connecting to the virtual app & desktop.

Include connection time
* Utilises the following format yyyy/mm/dd hh:mm to display the users initial connection time to there virtual app or desktop.

Include logon user name
ENABLED by default when you enable Session Watermark as a policy and uses the following format USERNAME@DOMAINNAME is most optimise for 20 characters or less otherwise truncation might occur of the users logon username.

Include VDA host name
ENABLED by default when you enable Session Watermark as a policy and provides the VDA hostname e.g ne1vad01

Include VDA IP address
* Provides the internal IP addr that corresponding the VDA’s hostname e.g ne1vad01 = 10.1.0.7

Session watermark style
ENABLED by default using “Multiple e.g displays five watermark labels” when you enable Session Watermark as a policy or you can configure “Single e.g displays a single watermark label in the centre of the session“. TIP switching to SINGLE and sticking to two watermark text items for me in my initial tests is a good starting policy however time will tell as I continue to test out this new feature and its capabilities with different HDX Graphics Modes and associated tweaks.

Watermark custom text
* A unicode maximum of 25 characters is supported if you exceed this limit it will be truncated.

Watermark transparency
ENABLED by default set to “17 out of 100” when you enable Session Watermark as a policy, personally I think setting it to just 1 is fine in my initial tests as you want it to be not so in your face to the end-users to be bluntly honest.