Infographic
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Infographic
The views expressed here are my own and do not necessarily reflect the views of Citrix.
In recent article βAccelerate migrations to the CVAD Serviceβ – http://axendatacentre.com/blog/2021/09/30/accelerate-migrations-to-the-cvad-service/ I explored and shared how to accelerate and migrate an on-premises Citrix Virtual Apps & Desktops (CVAD) environment to the CVAD Service from a field perspective working with customers in the City of Greater London – England. Often another prominent and common question rears its head how do I migrate to your Gateway Service, how does the Gateway Service differ from the a traditional Gateway physical or virtual appliance deployment strategy?
Accelerate and Automate your Migration Strategy to @Citrix CVAD Service with less effort + friction while reducing technical debit + financial costs by adopting the Gateway Service – https://t.co/PE4DIuTPjY for CVAD workloads. Donβt forget to pause & reflect for fleet mgmt v/aβs pic.twitter.com/MECOHQcRdA
— Lyndon-Jon (L-J) Martin π¨π»βπ» π² (@lyndonjonmartin) October 18, 2021
There are handful of migration strategyβs to moving to the Gateway Service from an on-premises Gateway V/A environment:
Start A-Fresh
If you have a IT team that is battling with the economics of time, restricted financial budget(s) for projects, doesnβt have the required Citrix ADC networking skill sets due to M&A activities or people movements e.t.c then reset and restart by standardising and unlocking the IT and Employee affordance of the Citrix Gateway Service which is a turn-key service in the Citrix Cloud Platform and enabled by default for any βNewβ Citrix Cloud RLβs out of the box.
Evaluate & Pivot
There are a handful of very important technology and business reasons why you would want to pause before exciting this strategy, before adopting the Gateway Service for the CVAD Service.
Automate & Migrate
Current existing Citrix ADC virtual appliances (V/A) are only utilising the Gateway functionality for ICA Proxy enabling secure remote access to apps and data anytime, anywhere on any device. This strategy considerably reduces CAPEX and OPEX expenditures over a contract term reducing costs licensing the V/A; Premium Hypervisor (Optional); VM Instance costs – (v)CPU, RAM and HDD (IaaS vs. Other Cloud); Complexity of IT logical costs e.g Identity and Access Management (IAM), IP traffic routing e.t.c. This strategy significantly reduces the IT administrative and technical debit through a smile and single βToogleβ per Citrix Cloud Resource Location (RL) – https://docs.citrix.com/en-us/citrix-gateway-service/support-for-citrix-virtual-apps-and-desktops.html#enable-the-citrix-gateway-service, by default now the Gateway Service is enabled for all βNewβ Citrix Cloud RLβs out of the box.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Consider this an evergreen post as of 22/09/2020
Introduction
I smile consistently these days hearing how organisations are keeping the UK economic moving forward, pivoting day 1 of the UK COVID-19 lockdown to full-time frictionless secure remote flexible working styles with minimal IT effort + friction powered by Citrix technologies.
I hear many unconsidered benefits from my customers, examples include keeping businesses operating helping their customers and supporting them during the height of the lock down to leap frogging competitors gaining significant market share through to winning new business because operationally they where available and ready with a Citrix powered securely centralised hybrid multi-cloud delivery strategy, when backed with a robust and annually tested Business Continuity Plan (BCP) set them up for instance successful shifting from day one of the UK COVID-19 lockdown to full-time work from home without any major hiccups.
For organisations that weren’t fully Citrix and had a hybrid strategy achieved full work from home swiftly swell using one or more of the following strategies:
1. Many existing hybrid Citrix customers scaled up licensing and re-framed physical workstations sat in the office through Citrix Workspace app to employees now sat at home using a browser on a personal device at home. To the employee everything is where it should be within there virtual desktop, for many this has now fundamentally changed perceptions of why they need to sat in an office for 5 working days in a post COVID-19 non-lockdown world.
2. Scaling up CVAD usage by optimising existing workloads or unlocking dark capacity turned off and deallocated ready within the data centre wherever they choose that to be.
3. The most popular one was to extend into one or multiple public clouds (AWS, Azure) to supporting elastic Citrix Virtual Apps & Desktops (CVAD) workloads whilst remaining in control of public cloud cost economics utilising Citrix AutoScale – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/manage-deployment/autoscale.html which is part of the CVAD Service.
Finally organisations shifted to focusing on strengthening security within 1-2 weeks, implementing contextual device security powered by Citrix Smart Control and Smart Access technologies beyond IT non-managed devices, as not every employee could take a device home, they didn’t have a device they could use or they just didn’t have the physical space for it at home as you just don’t know your employees WFH requirements, needs and including @home personal circumstances behind closed doors.
In these many organisations hearing all these great stories I noticed a common theme reoccurring in lock down months 1-2. I have a percentage of employees and its all abeit random across the entire organisation encountering good vs. fair vs. poor experiences. Due to the random nature pin pointing the issue was a huge challenge as by the time IT investigated the problem it was largely self-resolved if by magic? My response have you heard about and or deployed and are running Citrix Application Delivery Management (ADM)? A resounding NO 95% of the time. The below diagram 1 visualises the traffic flow of where I am vs. where my delivered Citrix Virtual Desktop is run out of, it likewise can visualise to IT the overhaul traffic, load demand, security & infrastructure health status ref diagram 2.
Diagram 1
Building an IT Experience Scorecard is critical in helping to remediate issues while employees are working from home using a @citrix #Workspace powered by @CitrixNetwork consuming #virtualdesktops and or #virtualapps#HDX #ICA pic.twitter.com/MoNh1CW0VJ
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) September 22, 2020
“Not visualising the employees “Workspace” traffic flow, is where the value of Citrix and ANY Workspace solution is LOST in IT Service delivery. Citrix Application Delivery Management (ADM) is a key enabler in helping remediate employee experience issues, whilst providing a crucial IT Employee Experience Scorecard.” Lyndon-Jon Martin June 2020
The Business IT Value of Citrix ADM
A modern flexible platform with two unique halves much like our human brains with left vs. right hemispheres connected by a nervous system, however in this case ADM has analytical vs. management hemispheres providing fleet management with different roles vs. function; employee, security & infrastructure insights supported by a hybrid multi-cloud architectural strategy enabling less IT Ops friction and complexity on a daily basis. ADM’s centralised management + sense architecture provide simple and or advanced operational experience scorecards for auditors (PCI/DSS/ISO27001 with RBAC for read-only access), security + network teams, IT and Citrix System Administrators alike from a single framed lens who’s nervous system is connected to a hybrid multi-cloud fabric providing unconsidered insights and visibility into capacity, strengthened security posture through monitoring change control and config drifts incl automated fleet management which can be executed across multiple instances in ANY cloud simultaneously or on your own terms. ADM gives IT back the right level of “Control” enabling the less friction shifting workloads with true licensing flexibility + agility to the most commercially attractive vs. the most innovate cloud platform which suites IT and their business demands.
Diagram 2
The Business IT Value for me with @citrix ADM powered by @CitrixNetwork beyond all the features is that it allows IT to build out an IT + Employee experience scorecard. pic.twitter.com/Ny4LMRIcwU
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) September 22, 2020
Having had the privilege of working with world class engineers in the past helping a single customer to process a Β£1 million pounds per minute through a payment gateway beyond typical web, app traffic of a front door of there website. I learnt that you always require something that you as the MSP or your customer can “Control” in an ANY Cloud + Services architecture for Business Continuity Planning (BCP) and sound IT Operational excellence so you can make better decisions at pace from more accurate data insights visualised. Placing your “Eggs” aka IT Business platform into a single supplier framework even the most trusted IaaS provider and enforcing that your preferred IaaS region is properly fault tolerant and highly-available is equally expensive in cost and complexity much like on-premises, do not be fooled. The IT Complexity Index increases significantly when consuming for example IaaS native site recovery services to enable near to real-time failover in another region when your primary region experience’s an (planned) outage or degraded performance, these services help to keep-a-live those existing “Sticky” connections which will eventually complete a transaction of some kind e.g credit card donation.
I’m all for public cloud in fact two operating styles “Native” vs. “Managed” Public Clouds strategies. I’ve ran my personal lab in AWS EC2 since 2016, easily amortised Β£1000 over these past 4 years with plenty of cashflow free. Really? How? Having a strong background + experience in the MSP world on the edge of the City of London and working with “Managed” Public Clouds platform I began to respect + understand how all IaaS providers operate inclusive of the full lifecycle management of workloads + the data centre platform itself which is to not leave everything on like you do at home or in a traditional managed colocation data centre. In a native vs. managed IaaS world you’ll turn off and deallocate capacity if you don’t require it and scale it up as you equally require it with little to no friction. I’ve digressed enough back to the IT Employees Experience Scorecard.
A number of my customers have overcome that randomness or pockets of employees complaining about a poor experience post deploying Citrix ADM as the issue can now be identified and remediated pretty efficiently. The solution is simple, deploy and run Citrix ADM for up to a week continuing as is, no changes and then run a report similar to the above and in parallel visualise all those support cases from your service desk platform and marry up employee names and you’ll quickly notice a pattern forming between employees with poor experiences vs. support cases + the number of them.
I suggested to organisations survey those employees and ask them a few simple questions the best ones “Who is your home broadband provider?” and the second “How many devices are connected in the house to the internet and number of people?”. The first question revealed what I expected its the employees consumer ISP and the suggested remediation could well be provide them a “stipend” exclusively for mobile data onto personal contracts or ship them a 4G mobile hub/dongle to use instead and the problem vanishes over night almost every time and video conferencing platforms perform better as a net result equating to happier employees with a better experience.
The second question is about understanding what is happening within the home and as a result tweak or deploy a new HDX policy which again almost every time the employee experience was significantly improved. An example is switching out “Thinwire” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/graphics/thinwire.html for “EDT” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-overview/hdx/adaptive-transport.html or visa versa. You can Optimise the “EDT” HDX protocol bandwidth over high latency connections – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-overview/hdx/bandwidth-connections.html as its roots are entrenched from the “Framehawk” protocol which was originally engineered from the ground up to deliver a better experience with macro rising increases of spectral interference and multipath propagation, you can learn more about that by reading this article – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/graphics/framehawk.html. An important note you should be actively using the “EDT” protocol with or beyond 1912 LTSR if you want something like “Framehawk“.
Getting Started with Citrix Application Delivery Management (ADM)
It can be consumed as a Citrix Cloud Service – https://docs.citrix.com/en-us/citrix-application-delivery-management-service.html or you can deploy a customer owned and operated platform – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13.html.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Introduction
In my first blog post http://axendatacentre.com/blog/2020/04/22/zoom-hdx-offloading-for-citrix-virtual-desktops-part-1/ I explored how frictionless it was to setup and deploy Zoom in a Citrix Virtual Desktop, this post builds upon my initial post looking at a wider device spectrum, fallback scenarios and further testing using iGel thin clients.
Overview of Optimised vs. Un-Optimised Zoom Meetings in Citrix VDI (DaaS)
The below image represents both an (un)optimised Zoom meeting running within a Citrix virtual desktop. If an employee access’s his/her Citrix virtual desktop from an endpoint e.g BYO that doesn’t have the βZoom Media Pluginβ installed like it was on there e.g CORP device then the once “Optimised” HDX offloaded A/V traffic for there Zoom Meeting is effectively now “Un-Optimised” and the A/V processing that was shifted onto the employee’s endpoint will now be processed within the Citrix virtual desktop in the resource location (data centre) causing a degraded experience, macro uplift in computing and networking resources to process the A/V for the Zoom meeting and the A/V traffic sent and received from the employees endpoint which is then sent out via the Zoom client within the Citrix virtual desktop.
@zoom_us Optimised vs. Un-Optimised #HDX Offloading of #Zoommeeting in a #Citrix #virtualdesktop pic.twitter.com/7mOXiZGoHI
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) May 7, 2020
UPDATED Zoom Pre-requisites & System Requirements
Follow my original guidance at – http://axendatacentre.com/blog/2020/04/22/zoom-hdx-offloading-for-citrix-virtual-desktops-part-1/. My initial test focused on testing the viability of using Zoom meetings in a Citrix virtual desktop when HDX Offloading was enabled to “Optimise” Zoom meetings and improve the employee experience by shift the A/V processing to the employee’s endpoint, the initial results where hugely promising with minimal effort.
I found some time to continue with further tests but I hit a wall the βZoom Client for VDIβ was displaying a “Grey blank screen” during the meeting and when checking the video settings within the “Zoom Client for VDI” app in system tray, you get the same result a “Grey blank screen” even though Citrix Workspace app is doing its job of automatically connecting “Microphones and Webcams” as I tested a GoToMeeing without any issues so I knew there where no policies conflicts or issues. I googled the problem briefly and found nothing useful, I then decide to revisit Zoom’s on-line documentation and found this important notification published within the last 6 days of this blog post stating that Zoom now requires both the βZoom Media Pluginβ + βZoom Client for VDIβ to match exactly from version 2.1.5 documented at – https://support.zoom.us/hc/en-us/articles/360031768011-New-Updates-for-Virtual-Desktop-Infrastructure-VDI- as, anything prior to the pending date 30/05/2020 you can configure the MinPluginVersion via registry settings – https://support.zoom.us/hc/en-us/articles/360032343371 to be able to use older versions for backwards compatibility – https://support.zoom.us/hc/en-us/articles/360041602711.
Zoom Meeting Test & Citrix Lab Overview
1.CVAD 1912 LTSR running in my personal AWS EC2 in N.Virgina, USA delivering a Citrix virtual desktop to me in London, England. The virtual desktop is running Windows Server 2019 its a “t2.medium” instance type running the 1912 LTSR Virtual Delivery Agent (VDA), also installed was the βZoom Client for VDIβ product version 4.6.15322 used during my orginal testing – https://twitter.com/lyndonjonmartin/status/1253036938992529408?s=20. To resolve the “Grey blank screen” download and install the latest product version I was running 4.6.15630.
2. Personal iPhone 7S running Zoom app setup with my account to start/stop Zoom meetings.
3. Zoom doesn’t support HDX Offloading on MacBooks therefore I used my wife Windows 10 laptop in these tests, which is running Citrix Workspace app 1912, and I installed the Zoom Plugin for Citrix Receiver product version 4.6.15630. You’ll notice that the product versions between the Citrix virtual desktop running the “Zoom Client for VDI” – https://zoom.us/download/vdi/ZoomInstallerVDI.msi and the Zoom Plugin “Zoom Media Plugin” – https://zoom.us/download/vdi/ZoomCitrixHDXMediaPlugin.msi on the endpoint are an exact match.
4. Zoom have published a VDI Backward Compatibility Matrix which is available at – https://support.zoom.us/hc/en-us/articles/360041602711.
Demonstration of a @zoom_us #secure #VirtualMeeting room that is @citrix #HDX Offloaded (Optimised) to process A/V on the employees endpoint providing a HD #EmployeeExperience. #zoommeeting#citrixworkspace#Citrix pic.twitter.com/YYHO8EUmIl
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) May 7, 2020
Zoom VDI Optimisation Management
I think its important to recognise, when rolling out the Citrix + Zoom “Optimisation” capability you need to include both the “Zoom Client for VDI” + “Zoom Media Plugin” as part of your internal and external software deployment strategy. It is also worth noting the differences between Zoom meetings within “Citrix” VDI and on other platforms, Zoom has put together a comparison feature matrix at – https://support.zoom.us/hc/en-us/articles/360031441671-VDI-Client-Features-Comparison?zcid=1231#h_fceae51c-f385-4a20-bd54-c7c50f186c15. You should also be mindful of the native features by platform which is available at – https://support.zoom.us/hc/en-us/articles/360027397692.
Internal Strategy
Manage the “Zoom Client for VDI” using a Citrix App Layering “App Layer” – https://docs.citrix.com/en-us/citrix-app-layering/4/layer/create-app-layer.html in conjunction or separately with your existing preferred Citrix provisioning technology e.g Machine Creation Services (MSC) or Provisioning Services (PVS).
External Strategy
Management of the “Zoom Media Plugin” is better controlled for security + avoid breaking the employee experience on supported endpoints – https://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI by enrolling the endpoints into Citrix Endpoint Management (CEM). For Windows endpoints use the *.MSI installer with the “Windows Agent” – https://docs.citrix.com/en-us/citrix-endpoint-management/policies/windows-agent-policy.html to deploy a script to update the “Zoom Media Plugin” and for iOS and Android you could send a push notification to employees to update to the latest Zoom app available in the public app store so that you have app versioning + device spectrum consistently re feature + security parity across the organisation.
LTSR vs. CR vs. Citrix Cloud Strategy for HDX Offloading of Zoom?
Zoom is not embedded into the Citrix stack like Teams is, therefore you can choose to deploy your own Zoom + Citrix HDX Offloading inline with your preferred CVAD release strategy BUT you must align to Zoom’s leading practises for “Citrix” VDI and Citrix’s for release strategy type. The reason this is possible it because you need to manually or automate the installation of the “Zoom Media Plugin” + Zoom Client for VDI” software both client and server/workstation sides outside of the Citrix stack, remembering that the Teams HDX offloading components are part of the VDA (server/workstation) and the CWa (client) – http://axendatacentre.com/blog/2019/08/06/hdx-offloading-for-microsoft-teams-within-a-citrix-virtual-desktop/.
Zoom 90 Day Security Plan Facts & Personal Opinions
Zoom recently published an updated communications on there 90 Day Security & Privacy Plan for June available to read at – https://blog.zoom.us/wordpress/2020/06/03/90-day-security-plan-progress-report-june-3/*. Since the beginning of this journey I will continue to update the security & privacy portion of this blog post below. Zoom is so committed to this its CEO Eric Yaun and “leader” holds LiVE sessions entitled “Ask Eric Anything“. If you wish to register to join these sessions LiVE register at – https://zoom.us/webinar/register/WN_9jdr63uuRuSRBX-yEJ2zVQ?id=3IWjZb4JTJm0II3A4lkBOg&zcid=1231 and if you want to ask a question email answers@zoom.us as per the blog post*. If you have doubts, you heard a “Chinese Whisper” surrounding Zooms security or privacy then you should watch the below, and be sure to submit that question to Zoom’s leader and his leadership team to reply on “Ask Eric Anything“.
I’ve yet to see a leader openly committed to and inclusive of customer, business, community and peer feedback to drive CHANGE and INNOVATION. Upon reflection I’m actually not surprised he’s an “Entrepreneur Leader” and therefore both change and innovation are built into his DNA likewise to learn from failure fast and then act to achieve continued success. These two values for me is missed while driving (Digital) Transformation in any organisation from paper to paperless vs. manual to co-hybrid automation.
Security & Privacy
Zoom is continuing to take security and privacy seriously and they continue to communicate that publicly on the company blog, they have as of releasing this blog post published the following blog articles – https://blog.zoom.us/wordpress/2020/05/04/navigating-a-new-chapter-for-zoom/, https://blog.zoom.us/wordpress/2020/05/05/use-zoom-to-securely-host-virtual-board-meeting/ and https://blog.zoom.us/wordpress/2020/05/05/zoom-disable-pmi-security-updates-for-basic-accounts-may-9/. The collective sum of these post indicates that Zoom is giving IT more security controls for Zoom meetings in an enterprises. The following list is just a high level summary of what can be found in the above blog pots on https://blog.zoom.us/.
-Zoom Encryption whitepaper published April 2020 – https://zoom.us/docs/doc/Zoom%20Encryption%20Whitepaper.pdf discussing the use of TLS 1.2, AES, AES-256 and SRTP or Secure Real-time Transport Protocol for Zoom to Zoom communication. The whitepaper looks at clients, browsers and 3rd party devices/services.
-Zoom client connection progress whitepaper published April 2020 – https://zoom.us/docs/doc/Zoom_Client_Connection%20Process_Whitepaper.pdf
-Leading practices when using a Zoom Personal Meeting IDs (PMI)
-Zoom 5.0 supports AES 256-bit GCM encryption*
-Scheduled security changes to come to FREE Zoom accounts
-Zoom watermarks in two flavours
-Industry certifications e.g SOC2 Type II, Privacy Shield Certified, GDPR e.t.c – https://zoom.us/docs/ent/privacy-and-security.html
-Lock meetings and require authentication –
https://support.zoom.us/hc/en-us/articles/360041848151-In-meeting-security-options?mobile_site=true
Final Thoughts
Zoom continue to step up on security and privacy frontier, and the second round of tests continue to demonstrate a real WOW moment for me in how frictionless the experience has been as a IT Professional and as an consumer of Zoom meetings personally within my lab. I will time permitting continue with my full tests in the future expanding the device spectrum being inclusive of employee experience optimisation strategies.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Introduction
Zoom developed a VDI optimisation solution that enables and allows for Audio and Video (A/V) processing similar to that of Microsoft Teams today and Skype for Business originally deploying and leveraging a client and backend service software components. Zoom refers to the backend as a “Zoom Client for VDI” and then the endpoint runs the “Zoom Media Plugin” processes and handles the A/V data traffic.
High level overview of @zoom_us #VDI Optimisation working with a @citrix #virtualdesktop pic.twitter.com/PzLfQ8BFjy
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) April 22, 2020
Zoom Pre-requisites & System Requirements
1.Prepare your UAT provisioned Citrix Virtual Desktop image to install the “Zoom Client for VDI” downloadable at – https://zoom.us/download/vdi/ZoomInstallerVDI.msi which is also referred to as the “Zoom Installer VDI” and or “Host Installer”.
2. Prepare an endpoint running a supported OS to run the “Zoom Media Plugin” Windows, iGel, eLux, HP ThinPro OS and Ubuntu. In this example we’ll focus on installing the “Citrix HDX Media Plugin” for Zoom which you can download at – https://zoom.us/download/vdi/ZoomCitrixHDXMediaPlugin.msi. The full list of available Zoom Media Plugins for Citrix is available at – https://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI#h_44458af3-695a-44f0-9cbc-b753f00b3c00.
3. Initiate a test Zoom video conference call and observe HDX offloading of A/V from the Citrix Virtual Desktop to the endpoint running the “Zoom Media Plugin“, which is passing the A/V data traffic to the Zoom Cloud MMR platform reference the Zoom VDI Optimisation node at – https://support.zoom.us/hc/en-us/articles/360031441671#h_70badc99-f2fd-417e-bd46-59493ab7047b.
4. I didn’t have to configure anything within the Zoom Cloud MMR, neither my personal Zoom account it all worked out of the box.
Citrix Pre-requisites & System Requirements
You’ll need a CVAD UAT environment to deploy fresh VM to install the “”Zoom Client for VDI” and a test Windows endpoint to install the “Zoom Media Plugin” onto. In my initial testing I am running a freshly installed Citrix Virtual Apps & Desktops (CVAD) 1912 Long Term Service Release (LTSR) which is run in my own personal “cloud” home lab in AWS EC2 geographically located in N.Virgina, USA. Zoom is also listed within the Citrix Ready website at – https://citrixready.citrix.com/category-results.html?search=Zoom.
Deployment Overview
The installation and configuration for Zoom Optimisation Meetings for VDI is incredible frictionless that it took me less than 5 minutes to complete the deployment, then test my first ever Zoom video conference call running in a Citrix Virtual Desktop. The following in order of events.
1.Download “ZoomInstallerVDI.msi” and install the “Zoom Client for VDI” within my PoV Citrix Virtual Desktop.
2.Download “ZoomCitrixHDXMediaPlugin.msi” and install the “Zoom Media Plugin” onto my Windows endpoint where I connect to my Citrix Virtual Desktop through Citrix Workspace app for Windows CR.
3. Downloaded the Zoom app from the Apple App store – https://apps.apple.com/gb/app/zoom-cloud-meetings/id546505307, please this link if for the UK Apple app store. I completed the first user experience and register myself a Zoom account.
4. I started Zoom instant meeting and then invited another participants using a meeting ID# and by default each room as a unique password to join, for more on the security of Zoom see towards the end.
5. I successfully logged into my Citrix Virtual Desktop and run “Task Manager” likewise I started “Task Manger” on my local Windows endpoint.
6. I clicked to start “Zoom VDI” app within my Citrix Virtual Desktop which there prompts you to enter in “Meeting ID” (preferred as it’s always a unique #) or “Personal Link Name”, select your preferences for audio and video upon joining. Next by default I expected to join the virtual meeting but was halted as I was required to enter in a passcode/password to actually “join” Zoom video conference call currently in progress.
6. Zoom video conference call started and immediately VDI optimised with the A/V traffic been processed locally on my local Windows endpoint.
Important Note: I only tested VDI Optimisation from within my AWS EC2 personal lab boundary as I don’t have a physical Windows endpoint at home to test it with so that will be included in part 2, my goal was to see how easy it was and if it worked a frictionless as I thought it might just by reading through Zooms online documentation.
Demonstration of Zoom A/V Offloading
In the initial demo below for part 1, I connected to a Citrix virtual desktop running in AWS EC2 (N.Virginia) in a double hop scenario, as Zoom don’t currently support Apple Mac endpoints for any Zoom VDI offloading. The video of me you see in the demo video is from my personal iPhone (London, England) connected to the Citrix virtual desktop (N.Virginia, USA). Note I didn’t test bi-directional video and or audio communication, and a few other topics, which I will follow-up in the future time permitting, but as you can see the Zoom video conference call offloads the Zoom A/V traffic to the connected Windows endpoint effortlessly! Great work Zoom I am well impressed with my initial testing today.
Initial demo of @zoom_us #VDI Optimisation running with a @citrix #virtualdesktop #CitrixCTA #Zoom #CitrixWorkspace #workingfromhome pic.twitter.com/k0Fe11eaik
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) April 22, 2020
Employee Experience VDI Limitations
Zoom and provided a high level feature “comparison” matrix – https://support.zoom.us/hc/en-us/articles/360031441671-VDI-client-features-comparison#h_fceae51c-f385-4a20-bd54-c7c50f186c15 depicting the differences between the Zoom VDI client vs. the Desktop and Web clients. Its important to be mindful of these differences in order to properly educate your employees when dealing with service desk requests or better prior to rollout by posting an internal article on your companies intra or extranet. The following for me are important limitations to be aware of, when deploying and consuming Zoom through a Citrix Workspace lens.
– Maximum resolution of 1080p and up to 380p for thin client h/w.
– No dual monitor support
– Support for up to 9 visible video participants
– No Apple Mac device support for HDX offloading of Zoom A/V data traffic
Security & Privacy
Zoom has recently been in the press surrounding security and privacy practises “Google it”, with that been said its worth noting that Zoom as an organisation committed to a 90 day security plan centred on its platform + client security, today 22/04/2020 they published the following article on there corporate blog “Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0” – https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/, so be sure to read through it.
Final Thoughts
I have alot more questions and tests to do the above is only the very beginning, next I’ll be evaluating fallback scenarios, more of a focus employee experience use-cases including unconsidered needs, tweaks of course and finally testing a π endpoints in London, England whilst my Citrix Virtual Desktop in N.Virgina, USA as this is how I have tested these types of Unified Communications (UC) or Video Conference platforms all the way back to Lync with the Citrix HDX Optimisation pack.
I honestly found the setup and deployment of Zoom’s VDI Optimisation ridiculously simple its incredibly frictionless! I guess thats why many folks are still continuing to consume and use Zoom for video conferencing.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Does it even actually exist? Truthfully it depends on how we as humans (employees) choose to consume the apps, data and network services on them for the purposes of personal and workplace usage.
In preparing to write this article I googled “The Nirvana Phone” the top search result is a Wikipedia entry – https://en.wikipedia.org/wiki/Nirvana_Phone (huge smile) along with 3 YouTube videos and very very very familiar face followed by yet another huge smile + found memory flashback because its Citrix CTO of Emerging Technologies Chris Fleck demonstrating using an iPhone 4 running a Windows 7 VDI (DaaS) delivered by Citrix Receiver on iOS connected to a monitor with a Apple VGA adaptor and portable paired Bluetooth keyboard. This is actually a key subconscious moment for me that has had a profound affect on me, and how I approach and look at the world around me today. So when I first saw that video I immediately hunted among work colleagues and friends for that Apple VGA cable adaptor to test it out for myself with my iPhone 4 and oh boy I was NOT disappointed yes it still had a way to go but as a real world working prototype concept enabling anyone in the world who uses Citrix and is the owner of an Apple iPhone 4 to use it in such a way is mind blowing even now while also demonstrating the WOW effect that this gaming changing technology will have on the workplace, even today nearly a decade on I am using one of many Nirvana Phones out there in the market running Citrix Workspace app available from all major app stores to actively take full advantage of my iPhone XR “Nirvana Phone” as it was intended in Chris Flecks original video below to be flexible and adaptable between sandbox vs. native mobile apps, browser based SaaS web apps and of course Citrix virtual apps* & desktops** formerly known as XenApp* and XenDesktop**.
I mentioned earlier it was a “key subconscious moment” for me personally as it validated and meant to me that I can use a devices as such as the Apple iPad or iPhone as a work device this is super cool and practically appealing to me, even today at Citrix they are evolving this a reality of the “Nirvana Phone” with the Intelligent Experience – https://www.citrix.com/lp/intelligent-workspace.html by distilling the friction + complexity of apps into simple to consume actions and insights from Citrix Workspace app vs. web portal.
Lets go back in time to late 2012, I’ve joined Citrix and at Christmas I’m gifted with an Apple iPad Mini which I used a lot running and working from @WorkMail, @WorkWeb (inclusive of my iPhone) and occasionally I consume my Windows 7 VDI on my iPad Mini because I can’t find a Bluetooth enabled mouse that works with it but it does work great for tasks such as lengthily emails using the soft/digital keyboard while travelling to and from events around the world like Citrix Summit and ServTech likewise locally on trains tethered to my iPhone as train Wi-Fi does not really exist in the 2012.
Fast world to 2015 and Citrix releases a prototype Bluetooth enabled mouse called the “Citrix X1 Mouse” and who is back demoing this capability? Yes Chris Fleck is back again continuing to edge closer to the “The Nirvana Phone” workplace operating model. What most folks are not aware of I could not make Citrix Summit that year due to a family member whom was medical very unwell, yet one of the best humans I have ever had the privilege of working with in my professional working career is Caz and she brought me back an original X1 Mouse prototype because she knew its importance and value to me with my digital first nature with modern touch enabled devices like iPhone’s and iPad’s beyond today’s modern day typewriters which to be honest looking back I was held back by the technology interfaces of my time VGA to HDMI and finally entering into the main stream market late 2018 and into 2019 casting capabilities matching what we use at home Google Casting for example now coming into the Workplace like Click Share but for me they are still both a v1 they need to mature over time.
Fast forward later in May of 2015 and the final piece for me falls into place with the Citrix Workspace Hub prototype demonstrated again by Chris Fleck with the at current CEO Mark B Templeton.
Fast forward again now its 2018 and the Citrix Workspace Hub officially launches and is available through select thin client vendors that choose to be in the program. I get a Citrix WorkspaceHub device for my own personal usage from Citrix ServTech and the first thing I do when I get home is plug it in and start using it, you can see me demoing it the first time I used it at home in 2018 from my annual series of “How I worked in 20XN” obviously 2018 edition which is embedded below, fast forward to 2 minutes, 30 seconds to watch it.
Today its 2019 the current year of this post and well lets say I have totally shifted to using “The Nirvana Phone within the Workplace” because I choose to but more important the technology of my current time allows me to, and I’ve ditched the modern day typewriters up to 12-17% of my total workplace through-out 2019. You still need a larger screen and laptop for creator personna’s but for the consumer personna’s personally I don’t believe you do at a high level. You can read my journey over 2019 transferring to the “The Nirvana Phone” operating model in the workplace, starting with the original post in the series of “The Future of Work is Today NOT Tomorrow” – https://www.mycugc.org/blogs/lyndon-jon-martin/2019/03/17/the-future-of-work-is-today-not-tomorrow-part-1, followed by part 2 –https://www.mycugc.org/blogs/lyndon-jon-martin/2019/03/28/future-of-work-is-today-not-tomorrow-part-2 and part 3 – <coming>.
In closing part 2 series will focus on how to get started and work they way I do every working day at Citrix where ever I am.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Consider this an evergreen article with *pro-active adds/moves/changes inclusive of errors/mistakes until I remove this statement.
The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering Microsoft teams within a Citrix virtual desktop powered by Citrix Virtual Apps & Desktops (CVAD) Service – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service.html in Citrix Cloud prior to deploying in a PoC, Pilot or Production environment. The views, opinions and concepts expressed here are those by the author only and do not necessarily conform to industry descriptions nor leading practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
SKYPE FOR BUSINESS β skype4b
CITRIX VIRTUAL DESKTOP – cvd
CITRIX VIRTUAL APP & DESKTOP – cvad
VIRTUAL DELIVERY AGENT β vda
HIGH DEFINITION EXPERIENCE β hdx
VIRTUAL DESKTOP β vd
VIRTUAL APPS β va
REALTIME MEDIA ENGINE β rtme
CITRIX WORKSPACE APP – cwa
MICROSOFT TEAMS – teams
CURRENT RELEASE – cr
LONG TERM SERVICE RELEASE – ltsr
Very Importantly Notice*
“This feature depends on a future Microsoft Teams release. We will update this description as information about the version and release date become available.” referenced directly from – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#system-requirements.
Introduction
In May 2016 I published the following blog post entitled “Deploying Skype for Business 2015-16 (Offloaded) from a Citrix HDX Optimised Virtual App or Desktop” available at – https://axendatacentre.com/blog/2016/04/25/deploying-skype4b-2015-offloaded-from-a-citrix-hdx-virtual-app-or-desktop/. Suggested before you continue reading this post please read the “Optimization for Microsoft Teams” documentation on Citrix eDoc’s at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html or study if you are pressed for time the below architecture diagram for ease of use, of the joint Citrix + Microsoft solution to offload the audio/video processing of Teams from a Citrix Virtual Desktop to the employees local endpoint that is required to run a supported OS + Citrix Workspace app + Real-Time Media Engine (RTME). I still encourage you to please read the documentation in full prior to continuing reading.
Check out the Architecture for the HDX Offloading for #Teams with @Citrix – https://t.co/iUxrG9l8M4 – Optimization for Microsoft Teams p.s please read the NOTE at the top of the document article. pic.twitter.com/PXq0mYaitI
β Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) August 6, 2019
It is also worth understanding Microsofts basic architecture overview of the solution which is available at – https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#teams-on-vdi-with-calling-and-meetings.
The Employee Experiences with Teams HDX Offloaded
Windows
Linux (x64 Linux distributions only)
Understanding a HDX Optimised vs. Non-Optimised CVAD Deployment
The following HTML diagram depicts the differences between (un)optimised, I’ve also included a few suggested considerations as well.
Non-Optimised | Optimised for HDX Teams Offloading | ||||||||||||||||||||||||||||||
|
|
1. It’s very important to recognise that employees will find themselves in a situation where the connected end-point is unoptimised during work from home scenario e.g COVID-19 and therefore you should plan for these scenarios by implementing the right vs. relevant HDX policy strategy “Balanced” vs. “Preferred” see below guidance.
2. Educate employees when using a non corporate device e.g personal device at home during to COVID-19 they will likely be consuming an un-optimised version of Teams in CVAD, its important to set a exception to avoid unnecessary help desk tickets/calls.
3. Any and all exchanged IM’s and documents live within the CVAD lens meaning that your IP + Pii in any documents lives within the employees CVAD resource e.g Virtual Desktops when they exported it from a IM’s vs. channel(s) in Teams. It is also important to recognise that those same IMs’ vs. channel(s) originate and are available in Microsoft Teams on any device as the source, so if employees re-frame teams outside of your Citrix virtual desktop your IP + Pii in documents could be exfiltrated if the employee device(s) are not properly managed by IT e.g MEM, UEM, MAM, Secure SaaS check out – https://www.mycugc.org/blogs/lyndon-jon-martin/2020/03/27/secure-saas-on-zero-trusted-vs-earned-trusted-devi for more information.
LTSR vs. CR Strategy for HDX Offloading of Microsoft Teams?
It’s worth understanding that if your CVAD deployment strategy is to use the Long Term Service Release (LTSR) then you will not receive any new features only bug fixes this thinking keeps inline with the current CVAD strategy between CR vs. LTSR (stability and long-term – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr.html) release cycles. Consuming a CR branch means that you can unlock new features as they become available by upgrading your CVAD on-premises of upgrade the CVAD Service components within your Resource Locations (RL).
Release Strategy | New Features | Bug Fixes | Documentation |
---|---|---|---|
CVAD Service | |||
On-premises Current Release (CR) | https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html | ||
Long Term Service Release (LTSR) | https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/multimedia/opt-ms-teams.html |
Pre-requisites & System Requirements Key Highlights Only
The full and complete list is available at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html*, there is also a Citrix TechZone article published at – https://docs.citrix.com/en-us/tech-zone/design/reference-architectures/optimizing-unified-communications-solutions.html. The below are the key highlights that should be focused on to be successful.
1. You will require the following MSFT teams version “1.2.00.31357” in order to be able to take advantage off the HDX Offloading capabilities within a supported CVAD environment. The following Citrix Workspace app (CWa) versions are the suggested vs. minimal versions that will be required to HDX offload Teams A/V traffic onto the employees endpoint:
Windows
Minimum Version: Citrix Workspace app 1911 for Windows
Download (1911): https://www.citrix.com/en-gb/downloads/workspace-app/legacy-workspace-app-for-windows/workspace-app-for-windows-1911.html
PDF Documentation (1911): https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/1911/citrix-workspace-app-for-windows-1911.pdf
Linux
Minimum Version: Citrix Workspace app 2006 for Linux running on x64 Linux distributions.
Download (2006): https://www.citrix.com/en-gb/downloads/workspace-app/linux/workspace-app-for-linux-latest.html
PDF Documentation (CR): https://docs.citrix.com/en-us/citrix-workspace-app-for-linux/citrix-workspace-app-for-linux.pdf
Mac – Technology Preview
Technology Preview Version: Citrix Workspace app 2009 for Mac OSX running on 10.15.
Download (2009): https://www.citrix.com/en-in/downloads/workspace-app/betas-and-tech-previews/workspace-app-tp-for-mac.html
Provide Feedback https://podio.com/webforms/22969502/1632225
2. Avoid using the .exe installer for Teams – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#microsoft-teams-installation.
3.The Citrix HDX Teams policy “Microsoft Teams redirection” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/policies/reference/ica-policy-settings/multimedia-policy-settings.html#microsoft-teams-redirection, is ON by default as per https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#microsoft-teams-installation.
4.CTXMTOP
is a Citrix HDX virtual channel used for command and control purposes and no media is therefore exchanged between the CWa running on the end-point and the VDA running in the resource location (data centre).
5. In terms of network connectivity requirements PLEASE NOTE that MSFT Teams utilises Media Processor servers in Office 365 for meetings which affects the behaviour of two peers in point-to-point call scenarios, you can learn more at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#network-requirements, you should be thinking about near to local breakout from end-points to ensure IP transmits to Office365 over the most efficient and faster available route to avoid any/all employee experience degradation this will also directly apply to any MSFT teams clients on native devices that aren’t HDX Offloaded so take note! If you are a Citrix SD-WAN customer take a look at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#citrix-sd-wan-optimized-network-connectivity-for-microsoft-teams likewise if you are not a Citrix SD-WAN customer please take the opportunity to understand why you need to be thinking about an SD-WAN solution for your modern workplace.
6. You will need to update your Windows Firewall ACL on Windows endpoints to avoid the offloading failing by allowing “HdxTeams.exe (HDX Overlay Teams)“, you learn more at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#firewall-considerations.
7. Understanding Screen sharing – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#screen-sharing-in-microsoft-teams.
Deploying HDX Offloading (HDX Optimisation Pack ) for Microsoft Teams in a Citrix Virtual App vs. Virtual Desktop
1.The minimum on-premises control plane required is 1906 running the 1906.2 VDA reference – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#system-requirements and
2.You need to enable the following policy in Studio for 1906 see page at 668 – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/downloads/citrix-virtual-apps-and-desktops-1906.pdf to enable “Microsoft Teams redirection” which is also documented at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#system-requirements.
3.Endpoints should be running Citrix Workspace app for Windows 1907 but the recommended version is 1909 and be sure to configure the Windows ACL for Windows Defender Firewall to allow the “HDX Overlay Teams” app to traverse the right vs. relevant networks for more information please check out – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#firewall-considerations.
4. The Citrix TechZone micro-site includes few detailed Proof of Concept web document at – https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/microsoft-teams-optimizations.html#policy-settings entitled “Proof of Concept guide for Microsoft Teams optimization in Citrix Virtual Apps and Desktops environments” to help you setup, configure and deploy Microsoft Teams through a CVAD session or lens. It is a must read and therefore I have chosen to not repeat of any of the authors great work expect what was in my original post 06/08/2019. A fellow Citrix colleague Wendy Gay, published a simple guided step by step overview at – https://citrixie.com/2020/04/14/installing-teams-optimization-pack/ which is worth reading.
Microsoft Teams Leading Deployment Practises for Teams in Citrix VDI
1. Migrate Teams on VDI with chat and collaboration to Citrix with calling and meetings – https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#migrate-teams-on-vdi-with-chat-and-collaboration-to-citrix-with-calling-and-meetings.
2. Teams on VDI performance considerations – https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#teams-on-vdi-performance-considerations.
3. Known issues and limitations – https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#known-issues-and-limitations
CWa Endpoint Update Release Strategy
It is important to recognise that you will need to manage the versions of supported CWa out in the field to avoid the HDX Offloading of Teams breaking and causing a degraded employee experience reverting to fallback of A/V. Please note that each supported OS platform has a different management strategy. You should also please take into account Microsofts recommendations – https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#install-or-update-the-teams-desktop-app-on-vdi.
Platform | Manual | Automatic | IT Controlled | Link |
---|---|---|---|---|
Windows | https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/update.html#advanced-configuration-for-automatic-updates-citrix-workspace-updates | |||
Linux | https://docs.citrix.com/en-us/citrix-workspace-app-for-linux/install.html#update |
Tech Insight – Microsoft Teams Optimization with Citrix
This video provides a detailed guided overview of the joint architecture, employee experience, optimisations inclusive of using Citrix SD-WAN, teams call routing and more. Originally posted to the Citrix TechZone at – https://docs.citrix.com/en-us/tech-zone/learn/tech-insights/microsoft-teams-optimization.html.
Suggested HDX Broadcast (Remote Graphics Mode) Policy for 7.15 Long Term Service Release (LTSR)
*Please be aware that Citrix eDocs is very clear when it states that Citrix does NOT support Teams HDX Offloading Optimisation for 7.15 Long Term Service Release (LTSR) as it is NOT listed as a supported CVAD platform, you still may wish however to test Microsoft Teams operationally e.g test out its impact on compute, I/O, user profile e.t.c and then purely for fallback failures aka NO HDX Offloading Optimisation BUT you will not be able to test the employee experience of HDX Offloading the audio/video traffic as it is NOT supported remember*). You’ll make use of your UAT 7.15 LTSR environment to be ready for a 2020-21 deployment on a supported CVAD release that supports HDX Offloading for Microsoft Teams, therefore use the built-in default HDX policy “Use video codec for compression” selecting “Use video codec when preferred” which means the following “This is the default setting. No additional configuration is required. Keeping this setting as the default ensures that Thinwire is selected for all Citrix connections, and is optimized for scalability, bandwidth, and superior image quality for typical desktop workloads.” reference the 7.15 LTSR documentation at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/graphics/thinwire.html which will probably be ok for testing under the current release that you are consuming. Final Remember: CVAD formerly XAD 7.15 LTSR platform is NOT supported for Teams Optimisation. TIP: Definitions can change between CR vs. LTSR within the HDX stack which is consistently improving and being updated to offer better employee experiences all the time e.g introduction of net new H.264 standards so always be sure to check the differences between CR vs. LTSR and CR vs. CR versions.
Transitioning from Skype for Business to Teams
A number of few folks have asked the question can I mix and match Skype for Business and the Teams Optimisation Packs together? Its actually a complex answer but the immediate answer as of 03/08/2019 is below, BUT always be sure to circle back and review Citrix’s documentation for the latest supporting statements and interoperability at – https://docs.citrix.com around Teams Optimisation and when searching use “Teams Optimization”. Tip use American spelling for better results.
We only support windows CWA at the moment, which can coexist with RTME. A Mac CWA will be simply not load Teams in optimized VDI mode so we fall back to server side rendering.
β Fernando Klurfan (@CitrixFerK) August 3, 2019
The response is complex and is as follows, answers received vary dependant upon your role Citrix vs. Skpye4B/Teams SysAdmin or Consultant. As I work at Citrix today (Aug 2019) lets focus on a Citrix based role to Teams response:
1. Complete LOB app readiness of Teams including new HDX services/API’s to enable HDX Offloading within a the master image but hidden + unavailable using techniques like disabling the services for each (whatever you prefer), Citrix app layering, MSFT app masking e.t.c. TIP: Pay attention to understand the compute utilisation differences between Teams vs. Skype4B there is a difference.
2. I still need to push out the required RTME to all employee end-points so I don’t want to break the employee experience while we transition to Teams. It is expected to have backwards compatible within Citrix Workspace app for older Virtual Delivery Agent (VDA) versions check eDocs for the backwards compatibility.
3. I only want to transition employees by AD or Citrix Delivery group (department, trusted test groups e.t.c) to Teams based upon point 2 and perform a staggered canary rollout like Citrix Cloud does for each of its services.
4. The person(s) within the Skype for Business/Teams based role(s) need to setup/conf and then test the audio/video codecs prior to enabling Teams at a company wide scale, for me personally this point is actually the most critical because as you offloading the audio/video to the end-point when using HDX Offloading the back-end compute + network resources low aka aren’t taken any much of a real hit HOWEVER if the HDX Offloading fails then you really, really need to understand the impact of processing of the A/V within the Citrix session and what affect it will have on the employees experience so when he/she is completed there final tests, you should prior to a final rollout perform a test side by side two identical end-points one optimised and the other un-optimised and be sure to capture the compute + network requirements client and server side, including the network traffic and score the experience out of 10 for voice and video, the test should be done with wired (where possible today), wireless (Wi-Fi) and 4G internet connectivity in two separate locations an Office (think QoS) and at home (no QoS).
5. Once you have the results from point 4 you may want to re-evaluate your existing HDX Broadcast policies (remote graphics mode e.t.c) and take into account a fall-back scenario if HDX Offloading fails whatever the reason, you may also prefer to leave it as is, however I would strongly suggest creating an emergency fallback HDX Broadcast policy stack but it should be DISABLED and only manually pushed out only if required. The fallback HDX Broadcast policy stack is to preserve the employee experience as best you can if something goes wrong and when I mean something goes wrong I mean a non-Citrix update breaks the optimisation somehow as in reality the Citrix components e.g VDA, HDX Services/API, RTME and Citrix Workspace app are less likely to change within a 12 month period.
6. Citrix’s CR documentation for CVAD is updated to include a digram and overview of “Microsoft Teams and Skype for Business Coexistance” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#microsoft-teams-and-skype-for-business-coexistance.
Managing Employee Experience when Teams HDX Offloading is NOT available
Most folks are not aware that you can control what happens when Microsoft Teams is NOT been HDX offloaded also referred to as Optimised in a Citrix Virtual Apps & Desktops session. You can achieve or rather control the following when βFallback Modeβ occurs either when a the employees connects from an unsupported endpoint + CWa version e.g CWa for HTML5 or they switch from a IT managed endpoint to a BYO endpoint with the incorrect CWa installed (older and unsupported) or IT has not updated the VDA stack within the master image within the Citrix Cloud Resource Location or preferred cloud data centre type.
You can when the optimisation is unavailable enforce no fallback or audio only (suggested and preferred), if you donβt set either of these options the default is to fallback to allowing the Citrix ICA/HDX protocol to do what it does best optimises the remoted session, you can learn more at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#peripherals-in-microsoft-teams.
Suggested “Balanced” HDX Broadcast (Remote Graphics Mode) Policy for Fallback
In 2016 I proposed the following HDX policy for remote graphics βUse video codec for compressionβ to be set to “For actively changing regionsβ to preserve the employee experience in a fallback scenario, its now 2019 and my Suggested HDX policy remains unchanged as long as the key goal is to preserve the employee experience to meet that HD experience and it will come at a back-end compute + network traffic spike, including increased network traffic between server and client to process the video H.264/H.265 streams.
Once upon a time I was a SysAdmin and still am at my core so I’ll have an emergency HDX policy in place BUT disabled I call it “HDX Adaptive Display v2 (Balanced)” you configure it as follows selecting the following HDX policies in Studio:
1.”Use video codec for compression” then select “For actively changing regions“
2. “Preferred color depth for simple graphics” then select “16 bits per pixel” and also try 24.
3. Select “Frames Per Second” and select the target FPS to circa 25 from the default which is 30.
NEW 11/10/2019 you could look to utilise “Progressive Mode” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/graphics/thinwire.html#progressive-mode, I have not tested this myself yet however it may work for your organisation if you already have it in-place actively.
I wrote a myCUGC article entitled “HDX Leading Best Practices for your Modern Secure Workspace” at – https://www.mycugc.org/blogs/cugc-blogs/2017/09/15/hdx-leading-best-practices-for-your-modern-secure which has some interesting thoughts and insights from nearly 2 years ago which you may find useful and yes I will write an updated article this year time permitting to complete my testing which requires extensive field testing with different devices I don’t just use a lab + network at home, I base 95% of all my article suggestions of what/how to configure settings vs. practises from my personal lab hosted in AWS EC2 in N.Virginia to delivered to end-points in the City of and Greater London, England so its not definitely poppy cop its real world + life scenarios and use cases that I test.
Suggested “Preferred” HDX Broadcast/RealTime/MediaStream (Remote Graphics Mode, Audio and Video) Policy inclusive of Fallback
YES I am contradicting the above suggested HDX Broadcast fallback policy, which I have now renamed to “Balanced” from my initial post and why it still remains is that it will support organisations of any size vs. scale vs. deployment rollout vs. connected devices supporting a balance between video, audio and the remoted display so when an outage occurs and neither I nor will you know what its going to be impacted for example it could be 1x MPLS circuit failure (tip check out Citrix SD-WAN link bonding demo from Jan 2016 vs. case study vs. product page) vs. degradation of all internet circuits due to bad BGP route injections, you get the idea. I’m cautious being an ex-SysAdmin/Consultant and therefore I will summary the key differentiators from my own perspectives as follows in order:
1. How important is the employee experience? For me personally this is always #1 as today’s 2019 reality, employees want an HD 4K experience consistently therefore my personal advise is utilise the built-in default HDX policies within the Current Release (CR) typically minus 2/3 of current CVAD release with your desired HDX employee experience policy tweaks.
2. Once you understand how the humans (employees) within your organisation work using Skype for Business vs. Teams you will have better context as to the WHAT should be in your fallback policy for DR, business continuity or just individual employee devices going into fallback mode. For example understanding your employees is key lets take a look at a practical example by industry vertical, a call centre employee is more interested in better audio quality with customers vs. a clinician on a video call discussing a patients surgical/recovery plan looking at patient records.
3. Re-evaluate once every 3-4 months by asking, polling quick surveys and looking at the metrics made available in both Skype for Business vs. Teams as lets be honest its not a light switch its a journey from one to the other.
Now that you understand your humans (employees) keeping point 3 in mind and begin building out your HDX employee experience policy which most likely be the using the defaults in the 19XN releases as the HDX product management team have done an brilliant job working with engineering decreasing the amount of toggles and dials to tweak the HDX protocol and its now these days automatically adapting and adjusting to maintain the human (employee) experience.
1.”Use video codec for compression” then select “Use video codec when preferred“
2. Select “Frames Per Second” use the default which is 30 or increase up to a maximum of 60.
3. Select “Visual quality” set to “High” going beyond this will incur high network bandwidth utilisation, but going beyond this is ok but remember if you are having continual networking performance issues unrelated to Citrix or the HDX offloading capability and employee experience has decreased overall think about a micro change for the current window and then revert. An example of using “Always lossless” is the clinician use case described above.
Tech Insight – Microsoft Teams Optimisation with Citrix
What Supported Hardware Can I Use With Microsoft Teams?
Strongly suggested to only use Microsoft Teams certified headsets, speaker phones, conference phones, cameras e.t.c are listed and available at – https://products.office.com/en-us/microsoft-teams/across-devices/devices. Are my existing Citrix Ready thin clients, headsets, cameras e.t.c using with Skype for Business using Citrix’s HDX Offloading capability compatible? You will need to check with your vendor for there support status with the new optimisation pack for Teams and Microsoft Teams as there have been changes made from both Citrix + Microsoft.
Collection of Suggested Troubleshooting for Microsoft Teams HDX Offloading in CVAD
Understand what Audio & Video (A/V) can be re-direction e.g web camera from supported Operating System (OS) vs. Citrix Workspace app (CWa) – https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/citrix-workspace-app-feature-matrix.pdf – Citrix Workspace App (Earlier known as Citrix Receiver) Feature Matrix.
1. The Citrix Support site has a detailed article – https://support.citrix.com/article/CTX253754 which covers off multiple topics for troubleshooting failed HDX optimisations in a CVAD session.
2. How do I know if Teams is Optimised? https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#enable-optimization-of-microsoft-teams.
3. Troubleshoot MSFT Teams – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/opt-ms-teams.html#troubleshoot.
4. Chromebook – Teams webcam audio problem – https://discussions.citrix.com/topic/408319-chromebook-teams-webcam-audio-problem/#comment-2063142.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
The views expressed here are my own and do not necessarily reflect the views of Citrix.
Introduction
What is Citrix Workspace app? It brings together all your LOB tools which in todays modern world consists of (virtual/micro/installed/mobile) apps, SaaS, desktops & content. I’ve embedded a sample of what this actually looks like below.
My #1 feature in @citrix #Workspace app is that now my @sharefile content is available in the same app and any content I favourite is available easily in the favourite view via the Home tab/icon | #CitrixLife #HowTheFutureWorks #Citrix #CitrixCTA #CitrixWorkspace pic.twitter.com/TBhYzbhsav
— Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) August 9, 2018
Overview
The new Citrix Workspace app way more than purely an upgrade of Citrix Receiver e.g grey to blue icon and a skin change, this NEW Citrix client app release is simply extraordinary, working for Citrix I can be considered bias however once you actually begin to consume the Citrix Workspace app you’ll understand exactly what I mean. Citrix Workspace app is for me all about an experience, and that experience is extraordinarily AWESOME! As I begin consuming my LOB (Line of Business) tools wherever I am + want and in a setting/context that suites me (home, Paddington vs. partner offices, trains, taxi e.t.c) the chosen LOB tool delivered context can change dependant upon criteria (I won’t be covering this today) or how IT (say YES!) has chosen to deliver the LOB tool through Citrix Access Control Service – https://docs.citrix.com/en-us/citrix-cloud/access-control/get-started.html.
I now have all my content available all in the same AWESOME app thank you Citrix Content & Collaboration aka ShareFile. I can upload, download and even favourite particular content e.g “L-J’s H1/2 Citrix Partner Tech Super Deck” which is then available directly from the home view/tab. In the below example I am uploading the LeasePlan Citrix SD-WAN case study – https://www.citrix.co.uk/customers/leaseplan-en.html and the actual video is available at – https://www.youtube.com/watch?v=4Hq-yryxfS0 take a look and remember to listen to the outcomes Citrix SD-WAN provides LeasePlan.
How do I get started today?
Firstly I will do a more detail blog post on getting it all up and running with use cases time dependant of course.
1.Start by navigating to https://docs.citrix.com/en-us/citrix-workspace-app.html and then goto Citrix.com and login with your access details, next navigate to https://www.citrix.com/downloads/workspace-app/ and download Citrix Workspace app for your chosen end-point. If you are running a TP of Citrix Workspace app code base please UNINSTALL it prior to installing the GA production code base as a few community individuals I know had issues upgrading from TP code base. I would like to state for the record I upgraded from PRODUCTION Citrix Receiver to the Citrix Workspace app for Mac 1808 on my Mac without ANY issues see below tweet.
Hello World @Citrix Workspace simple + easy upgrade on #Mac from #CitrixReceiver to #CitirxWorkspace in 1 minute! | Great work to the Citrix Engineering + PM teams on getting this out the door awesome job team & well done! #CitrixLife ππ pic.twitter.com/DQ1SM58Kqy
— Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) August 8, 2018
2. Please carefully read the System Requirements for your chosen platform here is the link for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/system-requirements.html and Windows https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/system-requirements.html.
3. Review the installation guidance for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/install-configure.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html.
4. Please carefully read the configuration of Workspace app for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/configure.html
and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html e.t.c. for other platform and if you are looking for multi-monitor support or Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/improve-user-experience.html#using-multiple-monitors for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/improve.html#multi-monitor-support, and securing communications between Workspace app and your StoreFront for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/secure-communications.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication.html (Pay attention to deprecated cipher suites node) and finally if your are you a Smart Card user pay attention to the recitations at the bottom of both docs for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/requirements-for-smartcard-authentication.html and for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/authentication/config-smart-card.html and for WIF 5.4 (yes I know really however some of you still may need it while your upgrading to XAD 7.x platform) https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication/config-smart-card–for-web-interface.html.
5. Sign-up vs. Login to Citrix Cloud today and trial vs. acquire a Citrix Cloud service e.g ShareFile Service or the XAD Service and if you want to aggregate on-premises LOB apps into the new Citrix Workspace experience then setup “Site Aggregation” today. To learn how please read this CTXS blog post and watch the embedded YouTUBE video which provides a how-to overview at – https://www.citrix.com/blogs/2018/08/03/site-aggregation-for-citrix-workspace-is-now-ga/.
Thats all folks for now on the technical overview its brief I know so I will follow-up in future with more detailed overview + how-to e.t.c either here or on the https://www.mycugc.org website in the experts area.
Upgrading to Citrix Workspace from Citrix Receiver for smart devices
Upgrading to #CitrixWorkspace ……. pic.twitter.com/XA0ps4dDNl
— Lyndon-Jon Martin π¨π»βπ» (@lyndonjonmartin) August 22, 2018
In Closing
I work for Citrix, I have been a Citrix + IaaS advocate for well over a decade (now SD-WAN swell) so I am mostly likely bias you’ll think however Citrix Workspace app is truly AWESOME and way more than what you see at a glance, I encourage you all to begin consuming it today to see for yourself just what I am talking about and why I personally say its “AWESOME“.
The following content is a brief and unofficial prerequisites guide to setup, configure and deploy the Tech Preview of the Citrix Ready WorkspaceHub using an Android Receiver on a mobile smart phone (April 2018) with XenApp & XenDesktop 7.6+ LTSR. The views, opinions, and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
SECURITY – sec
NETSCALER – ns
NETSCALER GATEWAY SERVICE – nsg service
WINDOWS – win
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
WORKSPACEHUB – wh
Introduction
Citrix has recently announced the availability of the Tech Preview of the Citrix Ready WorkspaceHub at – https://www.citrix.com/blogs/2018/04/04/its-here-download-the-citrix-ready-workspace-hub-tech-preview-today/. So what exactly is it? Its a Raspberry Pi 3 platform at its core with Citrix technology + innovation built into it to provide a number of innovative capabilities for the Digital Workplace #thisishowthefutureworks. For me seeing is believing so the below embedded Tweet by Bas Stapelbroek – @hapster84 or https://twitter.com/hapster84 is a short video clip that demonstrates just one of the many powerful capabilities (sign-on to a thin client using a QR code while your virtual desktop still runs on your smart phone smooth roaming +++++ I like to say) available as part of the Citrix Ready Workspace Hub.
Trying out the NComputing Pi with the new Citrix Workspace Hub π#citrix #ncomputing with @MarkTilleman pic.twitter.com/xtiAaJfJ4T
— Bas Stapelbroek (@hapster84) April 5, 2018
Full credit of the above goes out to Bas Stapelbroek – @hapster84 and thank you for allowing me to include it in my blog post.
You’re probably asking yourself how do you manage them you ask? You leverage Stratodesk NoTouch – https://www.stratodesk.com/products/workspace-hub/ whom work with our supported Citrix Ready Partners that provide the Citrix Ready WorkspaceHub for Internal or external you can use Citrix XenMobile+.
Please visit the StratoDesk webpages for nComputing – https://www.stratodesk.com/products/workspace-hub/ncomputing-rx-hdx-citrix/ and ViewSonic – https://www.stratodesk.com/products/workspace-hub/viewsonic-sc-t25-citrix-hdx-ready-pi/ for more details around the capabilities, specifications e.t.c of each platform.
You can put the device down and lock it but be sure to refer to *page 14 for helpful tips.
Pre-requitstes & System Requirements
You’ll need to sign-up to the Tech Preview program at – https://podio.com/webforms/20685654/1419376 however I urge you to please please please read through this Citrix Forum Discussions post at – https://discussions.citrix.com/topic/394304-welcome-to-the-tech-preview-of-the-citrix-ready-workspace-hub/ and finally you should before you get started once you have your h/w and have been accepted into the program read through the the TP documentation available at – * https://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/current-release/downloads/workspace-hub-preview-2018.pdf which is the below in more detail.
– Your require at a bare minimum XenApp 7.6 LTSR environment running 7.6 VDA for Windows Server (remember this is a Tech Preview ONLY as of April 2018)
– You require a physical Citrix Ready WorkspaceHub device – http://citrixreadyprogram.com/workspace-hub/ which currently includes thin client vendors in alphabetical order nComputing and ViewSonic. If you have had it for a while e.g 2017 firmware please read pages 2 (end)-3(top) for instructions on where to obtain the firmware updates. See page 2 for full h/w details.
– TP only supports Android Receiver 3.13.5 or later for Mobile devices + Bluetooth for
– Networking persecutive your require Android smart phone and WorkspaceHub to be on the same Wi-Fi network with the following open ports 55555, 55556 (default port for SSL connections) and ports 1494 and 8500 must not be blocked for Citrix Casting to work between the Android Receiver on Mobile Device <-> Citrix WorkspaceHub.
– Internal centralised management utilises Stratodesk https://www.stratodesk.com/kb/Main_Page to get started or for external management you can use XenMobile+ also on page 3.
– If you’re looking for Skype for Business support check out page 5
– Recommended HDX Graphics Mode and policy for the TP is to set and enable H.264 for fullscreen the policy is “Use video codec for compression” setting to “For the entire screen”
– Setting up Receiver page 7 ensuring that you DO NOT SELECT e.g UNTICK “Add account type as Web Interface” and during the setup you’ve need to complete the Touch-Free mode for proximity authentication enabled vs. disabled page 8-9. Now test the proximity referring to page 10.
– Setting up the session roaming with a QR code, TLS/SSL (requires SHA256is covered in pages 11-15 with Stratodesk NoTouch
– Please please please read through thoroughly the known limitations within the TP on page 16 and finally there is Citrix Discussions Forum available for support during the TP at https://discussions.citrix.com/forum/1726-citrix-ready-workspace-hub-preview/.
In Closing
I hope you found this blog post useful as I have written it due to the number of people contacting me via social platforms, Slack and of course traditional communications like telephone calls, text/sms and yes email. A final thought, be sure to check out a short demonstration + talk on Citrix Casting and a lot more detail at – https://www.citrix.com/products/citrix-workspace/iot.html.
Disclaimer
Please read the “Citrix Ready Workspace Hub PreviewDisclaimerCitrix Ready Workspace Hub Preview Citrix Ready Workspace Hub Preview” on page 1* and a note to Citrix Investors is listed at the bottom of the blog post announcement of the TP program of the Citrix Ready WorkspaceHub at – https://www.citrix.com/blogs/2018/04/04/its-here-download-the-citrix-ready-workspace-hub-tech-preview-today/.
The following content is a brief and unofficial prerequisites guide to setup, configure and deploy Session Watermark policy feature with the XenApp & XenDesktop Service (April 2018) or XenApp & XenDesktop 7.17 on-premises prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
Shortened Names
SECURITY – sec
NETSCALER – ns
NETSCALER GATEWAY SERVICE – nsg service
WINDOWS – win
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
Introduction to “Session Watermark”
The latest release of the XenApp & XenDesktop Service powered by Citrix Cloud or if you are performing a private cloud (on-premises) upgrade or net new installation of XenApp & XenDesktop 7.17 has some NEW features (another post brewing) and one that I have been waiting on for quiet sometime now has not finally arrived (WAHOO!) and its VERY VERY simple to configure and aids in improving your security posture (I believe) for delivery of apps & desktops powered by Citrix against e.g IP theft. In the below tweet can you see it?
App & Desktop #Security made simple with #Citrix @XenApp & @XenDesktop Service powered by @CitrixCloud although my #ISP needs nudge once again!!!!! pic.twitter.com/fKAPXxNiT8
— Lyndon-Jon Martin (@lyndonjonmartin) April 3, 2018
The above is from my initial tests using a Windows Server 2016 VM hosted in Azure Northern Europe region running the 7.17 VDA configured to my Citrite #CitrixCloud XenApp & XenDesktop Service so I did not need to upgrade anything to get this new SHINY cool feature yes I said it SHINY. All I was required to do was deploy a new Windows Server 2016 VM from the Azure marketplace, domain join it, install the VDA and connect it to my Cloud Connector and I was ready in less than 25 minutes from initially deploying the VM from the marketplace.
Finally on a personal note for me Citrix SysAdmins enabling the “Session Watermark” feature obviously initally tested in a safe environment e.g UAT with a few users from a couple of departments and then rolling it out into production (as when/how your ready) will be making IT the modern “App & Desktop Security Heroes“. IT can apply and configure these new policies to be the most right vs. relevant for your organisations security needs while not hindering the end-users Rich HD eXperience.
Session Watermark Policies
You have 8 watermarking policies to apply with the 9th one enabling this security capability or feature set with the following list of quirks, suggested policy configuration and more available at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/policies/reference/ica-policy-settings/session-watermark-policy-setting.html.
Before we get started it is worth mentioning that this feature does add an overhead to the compute on the backend (VDA side) and therefore it is suggested to enable up to two water marking features or items. In my overview of this feature I will wont cover off the cost of implementing this security policy as there are multiple variables to consider e.g HDX Graphics Mode and associated policies to provide the right vs. relevant end-user experience vs. how many watermark items do I apply? I have begun testing so bare with me and I’ll publish my findings either on my personal blog here or on https://www.mycugc.org under the “Expert Insights” area.
“Enable session watermark”
By default this feature is DISABLED as the default behaviour which I believe is the right approach considering its Citrix’s initial release of this #security feature (in my personal view) and secondly online documentation at eDocs suggested recommendations it to enable NOT more than two watermark text items. Finally * indicates that this policy is DISABLED by default when Session Watermark is enabled.
Include client IP address
* This is the IP addr of the device connecting to the virtual app & desktop.
Include connection time
* Utilises the following format yyyy/mm/dd hh:mm to display the users initial connection time to there virtual app or desktop.
Include logon user name
ENABLED by default when you enable Session Watermark as a policy and uses the following format USERNAME@DOMAINNAME is most optimise for 20 characters or less otherwise truncation might occur of the users logon username.
Include VDA host name
ENABLED by default when you enable Session Watermark as a policy and provides the VDA hostname e.g ne1vad01
Include VDA IP address
* Provides the internal IP addr that corresponding the VDA’s hostname e.g ne1vad01 = 10.1.0.7
Session watermark style
ENABLED by default using “Multiple e.g displays five watermark labels” when you enable Session Watermark as a policy or you can configure “Single e.g displays a single watermark label in the centre of the session“. TIP switching to SINGLE and sticking to two watermark text items for me in my initial tests is a good starting policy however time will tell as I continue to test out this new feature and its capabilities with different HDX Graphics Modes and associated tweaks.
Watermark custom text
* A unicode maximum of 25 characters is supported if you exceed this limit it will be truncated.
Watermark transparency
ENABLED by default set to “17 out of 100” when you enable Session Watermark as a policy, personally I think setting it to just 1 is fine in my initial tests as you want it to be not so in your face to the end-users to be bluntly honest.