Category Archives: Citrix Virtual Apps and Desktop Service

What BCP Availability Strategy for Citrix DaaS? Service Continuity (SC) or Local Host Cache (LHC)

Consider this an evergreen article with *pro-active adds/moves/changes inclusive of errors/mistakes until I remove this statement.

Architectural Doodle
The diagram below provides a high level architectural difference between Local Host Cache (LHC) v Service Continuity (SC) and how you can weaponise Citrix Analytics for Performance to enable pro-active management of your workloads in a single hypersacler cloud or multi-cloud hyperscater strategy.

Visualising the Value of Change using a Force Field Analysis (FFA)
A FFA is a business methodology helping to visualise through a meaningful contextual analysis, why a business and or e.g technology decision for “change” is the right and relevant direction of travel. It helps by amplifying the understanding of ”the what the change is, the how, the what if and the why change” towards anew future desired state e.g buy a music title per song vs. a music subscription to rent the music over a period of time.

The example analysis below is a technology change decision shifting from Local Host Cache (LHC) current to Service Continuity (SC) future state – improving IT’s operational resiliency capability and capacity considering todays current climate and threat of digital warfare aligned to internal business priorities and or executive KPIs ranging from strict security compliance & governance, hybrid multi-cloud failover (between cloud hyperscalers) to becoming cloud first/native adopting aaS tooling where right and relevant e.g I/PaaS to help IT accelerate DEX at the required pace and execution agility.

This example analysis is representative of my personal field technologist landscape experience and backed by a robust and diverse pool of customers ranging in size and verticalisation. Remember you do not have to agree with my field experience the concept is to weaponise this business tool as a force for good change in organisations wanting change that is well meaningful and or to back and better understand cost v value driven business strategies during forces of change.

Score Hindering Forces Service Continuity (SC) Driving Forces Score
3 Traditional method doesn’t rely on cloud services Modern method to reduce and derisk operational outage 5
5 Strict Governance & Compliance requirements for on-premises workloads only – High security organisations e.g UK Gov entities e.g MoD/M6 Better employee affordance during outages with SC 5
5 Security requirement for on-premises remote access Gateway POP’s controlled by IT/Security to reduce attack surfaces by adversaries including derisking operational outages Cloud first Turn-Key Global v Regional POP Gateway as a Service Strategy 5
2 No support for Citrix Workspace Site Aggregation to On-Premises CVAD environment No technical implementation debit 5
2 â–“ Limitations of Service Continuity for Internet Browsers – use case 3rd parties VPN-Less access without installing CWa on supported endpoints No technical waste and debit – LHC management & monitoring 5
3 Citrix Receiver not supported – use case support for outdated thin clients Citrix Workspace app (CWa) aligned to employee affordance (EX strategy) – Business KPI 5
Alignment to Cloud first Time to Value strategy – Business KPI 5
No LHC BCP testing program to valid solution and verify sizing & scaling annualised changes 5

20

40

â–“ Updated 07/03/2022 – Several SC limitations e.g Internet Browsers as a barrier to adoption have now been address learn at – https://www.citrix.com/blogs/2022/03/01/service-continuity-in-citrix-cloud-a-recipe-for-resiliency/.

The outcome of this analysis reveals that while a number of key inner or outer loop stakeholders maybe opposed to the technology change strategy, the FFA outcome is well clear that the driving forces for change is in favour of Service Continuity (SC). You should make every attempt to remediate against the identified hindering forces for change which could be the simple result of:

1. The decision maker(s) perception through experience wasn’t positive.
2. Company culture is adverse to agile change.
3. IT Operations is required to retain more “control” when consuming cloud based I/PaaS services to better derisk outages.
3. Cloud security policies and frameworks have not been approved to enable new types of technologies like SC to be on-boarded and accepted by Enterprise/Cloud/Security Architects.
4. Accept the current business risks are they are and re-evaluate at a future time as the current value out weighs the micro hindering forces.

Understanding Service Continuity (SC)
This a modern way to reduce and derisk availability access to (virtual) applications and desktop during an outage provided the employees endpoint has the capability to access Citrix workloads within your hybrid and or hybrid multi-cloud resource location(s).

Cost v Value Driven Strategies
The following are generic but meaningful examples of the cost and value driven strategies why adopting Service Continuity (SC) to underpin your BCP/DR strategy is the right strategy.

  1. Modern field leading practise or method to reduce and derisk PaaS outages.
  2. Time to value is immediate – its a turn-key out of the box SaaS style experience with no configuration nor IT skills required, no technical nor technology debit incurred.
  3. Leverages Citrix Cloud global turn-key Gateway Service fabric – its service availability uptime is healthy as it operates between two hyperscaler public cloud providers, details accessible using the “Cloud Assurance” micro site on the Citrix Trust Centre at – https://www.citrix.com/about/trust-center/cloud-assurance.html then filtering to the Gateway service + Gateway POPs.
  4. No requirement for bi-annual v annual stress testing and compliance checks for BCP/DR testing. Typically this would involve up to 2-3 days (or more) for enterprise organisations to stress test each site/resource location excluding a further 5 full  business days of planning activities, virtual meetings, whiteboards, approvals e.t.c with multiple stakeholders prior to testing – its an expensive exercise.
  5. No pro-active requirement to manage and monitor a StoreFront pair/cluster configuration, SSL/TLS certificate management, LHC cache integrity at each site/resource location which significantly reduces overhead of monitoring and associated OS licensing and VM operating costs.
  6. The employee affordance (experience) is far superior vs Local Host Cache as a strategy – Icons are greyed out amplifying to the employee that his/her (virtual) application or desktop is unavailable while anything coloured is still accessible and available – this design thinking affordance feature is often overlooked by IT Professionals but evaluation through the lens of a employee e.g PA amplify what is and what is not available.
  7. Supports modern authentication however there are limitations that will occur when SC is evoked see – https://docs.citrix.com/en-us/citrix-workspace/optimize-cvad/service-continuity.html#requirements-and-limitations.

Service Continuity Support Matrix

Platform/Feature/Service Learn More Supported Notes
Citrix Workspace for Web (Chrome/Edge) https://docs.citrix.com/en-us/citrix-workspace/optimize-cvad/service-continuity.html#service-continuity-in-browser âś“* 1.*Requires CWa for Mac 2112 or Windows 2109
2.Kiosk usage is not supported e.g Hotdesking
3.Support internet browsers Google Chrome and Microsoft Edge with plug-in’s installed.
Mac https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/whats-new.html#2112 âś“ CWa 2106+
Windows https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/about.html#21121 âś“ CWa 2106+
Andriod https://docs.citrix.com/en-us/citrix-workspace-app-for-android/whats-new.html#whats-new-in-2220 âś“ CWa 22.2.0
Linux https://docs.citrix.com/en-us/citrix-workspace-app-for-linux/whats-new.html#2109 âś“ CWa 2106 (GA 2109)
iOS https://docs.citrix.com/en-us/citrix-workspace-app-for-ios/whats-new.html#whats-new-in-2225 âś“ CWa 22.2.5 Tech Preview 03/2022
Security & Connectivity Limitations:
EPA Scans
Enlightened Data Transport (EDT) – During outages
Citrix Workspace IdP (Authentication) https://docs.citrix.com/en-us/citrix-workspace/optimize-cvad/service-continuity.html#requirements-and-limitations SAML 2.0
AD
AD plus Token
Azure AD
OKTA
Citrix Gateway (primary user claim must be from AD)
Authentication limitations:
SSO for FAS
SSO to VDA
Local mapped accounts
Only AD Domain joined VDAs are supported as of 03/2022

Technical Deep Dive
One of my fellow Citrix Technology Advocates (CTA) and current fellow Citrites Gavin Connolly – https://citrixie.wordpress.com/author/technologistgav/ has written a brilliant in-depth blog post on how it works, how to configure + test it and the employee experience “Affordance” – https://citrixie.wordpress.com/2020/12/22/service-continuity-for-virtual-apps-and-desktop-service/ – Service Continuity for Virtual Apps and Desktop Service.

Understanding Local Host Cache (LHC)
This is the traditional method while equally robust it requires a fair bit of feeding and watering to ensure cache accuracy and resiliency at scale when required to derisk PaaS or a hyperscaler region outage.

Cost v Value Driven Strategies
The following are generic but meaningful examples of the cost and value driven strategies why retaining your current strategy of using Local Host Cache (LHC) which underpins your BCP/DR strategy is the right strategy under the current strict compliance and or risk requirements.

  1. Strict regulatory compliance to maintain some form of “control” when using cloud services.
  2. Industry Specific by Certification and or Government regulation requirements that prohibit cloud based services from being consumed and where an on-premises IT strategy is the only viable option on the table.
  3. Greater control through a co-shared IT responsible operating model e.g brokering workloads using the vendors PaaS but owning the outage risk.
  4. Profound value based platform reliability and stability for bad app farms delivering mission cirtical line of business virtual apps that cant be moved to modern OSes and if become unavaiable may cause significant fiancial harm e.g Utilities
  5. Long term service release strategy alignment objectives

Understanding Citrix Analytics Service (CAS) for Performance
Coming…

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Accelerate migrations to the CVAD Service

A question I’m often asked in the field is how do I get to the Citrix Virtual Apps and Desktops (CVAD) Service at pace or more importantly on my own terms?

The answer can be simple and complex at the same time the previously consultant in me says now says “well it depends”. The challenge with the tag line of “well it depends” often can lead to assumptions like migrating from an on-premises CVAD environment to the CVAD Service is a long and lengthy process that’s cumbersome, however today it couldn’t be further from the truth.

I have worked with many a customer that rotated to the CVAD Service in less than a month to keep either business operations continuing at a time when a crisis hit or a number of impending mergers where occurring and they needed an agile and flexible IT delivery strategy which Citrix Cloud platform is well placed to facilitate and orchestrate bringing together many different workload types in any cloud type – private, public, hybrid and most importantly hybrid multi-cloud environments.

How did these customers achieve this feat? Before I get there remember there is a lot more that needs to be consider with a traditional CVAD deployment (install, upgrade etc), requiring multiple teams to be engaged simultaneously as one (a huge feat in itself which rarely works well as a well oiled machine) from IT to InfoSec, Network and Security teams e.t.c, when you pivot to the Citrix Cloud platform you’re moving to a combination of SaaS (Gateway Service) and PaaS (CVAD Service) and equally removing a fair amount of unnecessary technical and culture debit + resistance. The lost time and productivity due to culture resistance to changing operating models and moving to the CVAD Service cannot be measured but is by far the biggest barrier in my personal field perspective. 

So how can you narrow the economic’s of time of getting to the CVAD Service? Citrix built and released an incredibly powerful tool called the “Automated Configuration Tool” or ACT for short, which allows for the exfiltration of your CVAD operational business logic which can be exported then evaluated and imported into your CVAD Service tenant in the Citrix Cloud by your chosen region e.g https://eu.cloud.com/. Light Bulb moment!

I previously wrote this article in http://axendatacentre.com/blog/2020/11/07/citrix-virtual-apps-desktops-or-cvad-service-migration-strategies/ – “Citrix Virtual Apps & Desktops or CVAD Service Migration Strategies” and the above and below expands upon this brief article from 2020, due to personal circumstances I stepped away largely from many communities and activities.

There are three migration strategy’s to moving to the CVAD Service from an on-premises CVAD environment:

Start A-Fresh
A complete re-evaluation of policies – employee experience vs. security, provisioning strategy. This strategy is wise if you’re well unfamiliar with new enhancements in a multi-dimensional way and been honest with that yourself your CVAD on-premises environment has not been well looked after e.g feed and watered. 

Evaluate & Pivot
Migrate only key business operational IT logic requirements e.g. policies – employee experience vs. security and rebuild Machine Catalogs based upon you’re net new provisioning strategy e.g. MCS from PVS to support hybrid multi-cloud portable workloads. This strategy implies that you keep your on-premises CVAD environment feed and watered often and updated at minimum once every 12 months.

Automate & Migrate
Ingest the entire business operational IT logic from Machine Catalogs, Delivery Groups, Policies and Zones into the CVAD Service from your on-premises e.g. CVAD 1912 Long Term Service Release (LTSR) environment or preferred Current Release (CR) provided that this environment has been well looked after proactively. You will still require a brief evaluate phase during the migration as part of good leading practise and hygiene. 

To get started with how-to use and get the ACT tool checkout this useful Citrix TechZone PoC guide/article – https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/citrix-automated-configuration.html.

Finally the simplest and most powerful strategy is to not move any business operational IT logic at all to the CVAD Service initially but you leverage the power of “Affordance” or the appearance of providing the employee with the Citrix Workspace experience vs. StoreFront but technically nothing has changed, all that you are doing is changing the access the lens/portal to be Citrix Workspace. This strategy is fundamentally critical in enabling IT to pivot to the CVAD Service on there own terms as once the employee culture or shock has worn off with this new looking interface IT can in the background begin to use things like the ACT to migrate to the CVAD Service on there own terms and then equally shift there existing ICA proxy configurations to a turn-key SaaS operating model by unlocking the Gateway Service in the Citrix Cloud for the CVAD Service and many others Citrix Cloud Services e.g Secure Workspace Access, the Gateway Service in the Citrix Cloud platform is the default how-to access CVAD workloads, but if you still prefer an on-premises Citrix (ADC) Gateway V/A it’s a case of toggling off the Gateway Service. Customers choose to keep there Citrix ADC V/A for many different reasons and still highly relevant use cases and business or security and governance requirements.

To learn more about the “Site Aggregation” check out – https://docs.citrix.com/en-us/citrix-workspace/add-on-premises-site.html to get stated and to begin your pivot to CVAD Service on your own terms.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Citrix Virtual Apps & Desktops 7 2012 Unlocking Potential with What’s New

The following article blends describes feature capabilities and changes to the Citrix Virtual Apps & Desktops (CVAD) 2012 Current Release (CR) either used on-premises or via the CVAD Service in Citrix Cloud platform – http://citrix.cloud.com/. The current documentation is officially accessible under the current release node within Citrix eDocs at What’s New* accessible at –
https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/whats-new.html.

Suggested Upgrade Guidance to CVAD 7 2012
Citrix have published the following micro site “Citrix Upgrade Guide” – https://docs.citrix.com/en-us/upgrade, it is worth mentioning when using this web tool to understand the source vs. target release strategies, you’ll need to factor in the name change from e.g XenApp to Citrix Virtual Apps when using the tool.

It is advisable prior to embarking on any potential upgrades as a good leading and practical practise, perform due diligence review of connected endpoint ecosystem, thus ensuring and avoiding any potential blockers. Every Citrix Administrator (Admin) should bookmark the following online PDF document entitled – “Citrix Workspace app Feature Matrix” https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/citrix-workspace-app-feature-matrix.pdf.

Alternatively if you are finding it a challenge to successful prepare a plan to upgrade your CVAD environment from its current release cycle to the current 2012 release, then perhaps you should be evaluating a shift towards consuming your on-premises Access and Control Layers as a Service operating model from Citrix Cloud CVAD Service. There is a detailed online document available at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/migrate.html and if you require a reminder of who manages what then before sure to read the following technical security overview for the CVAD Service available at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/secure.html#security-overview which covers off the high level architecture, credential handling and the follow of data and isolation.

Overview of What’s New and Changes to CVAD 7 2012 Current Release (CR)

IT Administration
1.While this is NOT new please be minded that hosting connections to public clouds e.g CloudPlatform, AWS EC2, Azure and of course GCP are not supported with CVAD current releases (CR) – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/upgrade-migrate/upgrade.html#remove-pvd-appdisks-and-unsupported-hosts, if you require this capability you’ll need to adopt a Citrix Virtual Apps & Desktops (CVAD) Service operating model from the Citrix Cloud or standardise on the last Long Term Service Release (LTSR) which is 1912 – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr.
2.Citrix Workspace Environment Management (WEM) 2012 agent is now bundled into the Virtual Delivery Agent (VDA) installer for the GUI – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-vdas.html#step-7-wem-agent and for automation purposes – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-command.html#command-line-options-for-installing-a-vda which allowing you to configure WEM ACL f/w; agent port/cache location/data sync port; connectors vs. WEM server. The agent now includes new cache utility options (-RefreshSettins or -S; Reinitalize or -I); An optimised startup workflow which been resolved including a new Citrix Cloud connector behavioural awareness strategy; WEM agent is retiring associated legacy agent cache sync service inline with the End of Life (EoL) Microsoft Sync Framework 2.1 see – https://docs.citrix.com/en-us/workspace-environment-management/current-release/whats-new.html for move details and remediation readiness.
3.Support for transparent and non-transparent proxies for “Rendezvous” check out – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/hdx/rendezvous-protocol.html#proxy-configuration, to validate the configuration launch “cut session.exe. -v” in console and evaluate the output referencing – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/hdx/rendezvous-protocol.html#rendezvous-validation. If you are using a data/network redirection agent to fwd your network traffic to cloud like ZScaler Private Access (ZPA) be mindful of the current leading recommendations – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/hdx/rendezvous-protocol.html#additional-considerations. If you are not familiar with what and why “Rendezvous” then learn and understand how it works which includes a detailed connection flow diagram – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/hdx/rendezvous-protocol.html#how-rendezvous-works.
4. The 2012 Linux VDA supports Machine Creation Services (MCS) on Google Cloud Platform (GCP) which you can learn to setup and configure at – https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/installation-overview/use-mcs-to-create-linux-vms.html#use-mcs-to-create-linux-vms-on-gcp; continuing efforts to remote physical standard vs. high-end workstations sat in the Workplace the Wake on Local Area Network (LAN) capability is now available for Linux endpoints; finally support for new Linux distro releases Ubuntu 20.04 and RHEL 7.9 and 8.3; you can learn more about what else is new at – https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/whats-new.html.
5.Citrix Provisioning Service (PVS) 2012 includes a wealth of fixed issues – https://docs.citrix.com/en-us/provisioning/current-release/fixed-issues.html.

Employee Experience
1.Drag and Drop to copy files between your local endpoint and the delivered Citrix virtual app and or desktop. To learn more check out the “CTXDND” under “Multi-Stream virtual channel assignment setting” at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/policies/reference/ica-policy-settings/multistream-connections-policy-settings.html#multi-stream-virtual-channel-assignment-settings, also be mindful or the current known limitations in the What’s New for Citrix Virtual Apps and Desktops (CVAD) 2012*.
2.Web Camera redirection issues resolved for Microsoft Surface Pro 4 endpoints*.
3.Support for the Windows Image Acquisition (WIA) API framework allows and enable scanning/imaging Citrix virtual apps feature and function access on scanning endpoints themselves.* You can learn more at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/devices/twain-devices.html.
4.The Linux Virtual Delivery Agent (VDA) 2012 release introduced a macro amount of meaningful experience features like automatically MTU discovery to avoid performance degradation and session connection failures of CVAD ICA/HDX sessions; support for the “Rendezvous protocol” allowing Linux ICA/HDX to bypass the Citrix Cloud Connector when using the Citrix Gateway Service with CVAD Services.
5.Drag and then drop files between a Citrix ICA/HDX session and the employees local endpoint*, this feature requires Windows CWa 2002 for Windows.

Security
1.Familiarise yourself withy the Deprecation announcements – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/whats-new/removed-features.html.
2.*While the drag and drop files features in CVAD 2012 offers a brilliant and frictionless employee experience, you should consider the security risks, prior to implementation for example do all employee’s require this feature? Evaluate who actually would benefit from the capability and do they have a managed endpoint which IT controls? I would also ask yourself to assess the risk by the employees role and function within the organisation e.g key revenue generating employees?
2.CTXS licensing server build 33000 now includes updated versions of Apache 2.4.46 and OpenSSL 1.1.1g and new conf options for usage telemetry, which cover off Personally Identifiable Information (Pii) options and associated descriptions, learn more at – https://docs.citrix.com/en-us/licensing/current-release/citrix-licensing-manager/settings.html#configure-usage-telemetry.
3. Federated Authentication Service (FAS) 2012 fixes a disconnect-on-lock feature ref [AUTH-787] if you are experiencing this issue you can find more detail at – https://docs.citrix.com/en-us/federated-authentication-service/whats-new/fixed-issues.html.
4. Session Recording (SR) 2012 adds a wealth of good new features and continues to keep employees working from home compliant in regulated industries or it can be used for internal training. Some of the new features incl support for blocking of sensitive information – https://docs.citrix.com/en-us/session-recording/current-release/log-events.html#sensitive-information-blocking;

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Citrix Virtual Apps & Desktops or CVAD Service Migration Strategies

The path to operating from the Citrix Cloud Platform for Citrix Virtual Apps and Desktops often can appear like your need to climb to the summit of K2, this is purely because for IT its foreseen as another key yet, rapid IT Transformation project to solve a multitude of business and business IT challenges (its different organisation by organisation). I’ve therefore put together a simple blended digital doodle on this very topic highlighting some key learnings, leading practises from the field and my own thoughts and thinking on this very topic.

If you want to go deep or even get started on your own migration project today, then i strongly recommend that you read and review the “Proof of Concept: Automated Configuration Tool” available at – https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/citrix-automated-configuration.html, which covers off a step by step guide from installation to migration of on-premises CVAD configurations to the CVAD Service operating and run in the Citrix Cloud Platform – https://citrix.cloud.com. The following series of TechZone articles list at – https://docs.citrix.com/en-us/tech-zone.html#citrix-virtual-apps-and-desktops will also add value in your pivot to the CVAD Service.

If you have the right subscription access at https://training.citrix.com, then you can also complete the following on-demand eLearning course “eCWS-2014 | Automated Configuration Tool for Virtual Apps and Desktops” – https://training.citrix.com/elearning/coursequests/1/quest/184, which took me around 45 minutes to complete.

The views expressed here are my own and do not necessarily reflect the views of Citrix.