Category Archives: Zoom

Zoom in Citrix VDI (Part 2) HDX Offloading, Architecture and Zoom.us Security + Privacy

Introduction
In my first blog post http://axendatacentre.com/blog/2020/04/22/zoom-hdx-offloading-for-citrix-virtual-desktops-part-1/ I explored how frictionless it was to setup and deploy Zoom in a Citrix Virtual Desktop, this post builds upon my initial post looking at a wider device spectrum, fallback scenarios and further testing using iGel thin clients.

Overview of Optimised vs. Un-Optimised Zoom Meetings in Citrix VDI (DaaS)
The below image represents both an (un)optimised Zoom meeting running within a Citrix virtual desktop. If an employee access’s his/her Citrix virtual desktop from an endpoint e.g BYO that doesn’t have the “Zoom Media Plugin” installed like it was on there e.g CORP device then the once “Optimised” HDX offloaded A/V traffic for there Zoom Meeting is effectively now “Un-Optimised” and the A/V processing that was shifted onto the employee’s endpoint will now be processed within the Citrix virtual desktop in the resource location (data centre) causing a degraded experience, macro uplift in computing and networking resources to process the A/V for the Zoom meeting and the A/V traffic sent and received from the employees endpoint which is then sent out via the Zoom client within the Citrix virtual desktop.

UPDATED Zoom Pre-requisites & System Requirements
Follow my original guidance at – http://axendatacentre.com/blog/2020/04/22/zoom-hdx-offloading-for-citrix-virtual-desktops-part-1/. My initial test focused on testing the viability of using Zoom meetings in a Citrix virtual desktop when HDX Offloading was enabled to “Optimise” Zoom meetings and improve the employee experience by shift the A/V processing to the employee’s endpoint, the initial results where hugely promising with minimal effort.

I found some time to continue with further tests but I hit a wall the “Zoom Client for VDI” was displaying a “Grey blank screen” during the meeting and when checking the video settings within the “Zoom Client for VDI” app in system tray, you get the same result a “Grey blank screen” even though Citrix Workspace app is doing its job of automatically connecting “Microphones and Webcams” as I tested a GoToMeeing without any issues so I knew there where no policies conflicts or issues. I googled the problem briefly and found nothing useful, I then decide to revisit Zoom’s on-line documentation and found this important notification published within the last 6 days of this blog post stating that Zoom now requires both the “Zoom Media Plugin” + “Zoom Client for VDI” to match exactly from version 2.1.5 documented at – https://support.zoom.us/hc/en-us/articles/360031768011-New-Updates-for-Virtual-Desktop-Infrastructure-VDI- as, anything prior to the pending date 30/05/2020 you can configure the MinPluginVersion via registry settings – https://support.zoom.us/hc/en-us/articles/360032343371 to be able to use older versions for backwards compatibility – https://support.zoom.us/hc/en-us/articles/360041602711.

Zoom Meeting Test & Citrix Lab Overview
1.CVAD 1912 LTSR running in my personal AWS EC2 in N.Virgina, USA delivering a Citrix virtual desktop to me in London, England. The virtual desktop is running Windows Server 2019 its a “t2.medium” instance type running the 1912 LTSR Virtual Delivery Agent (VDA), also installed was the “Zoom Client for VDI” product version 4.6.15322 used during my orginal testing – https://twitter.com/lyndonjonmartin/status/1253036938992529408?s=20. To resolve the “Grey blank screen” download and install the latest product version I was running 4.6.15630.
2. Personal iPhone 7S running Zoom app setup with my account to start/stop Zoom meetings.
3. Zoom doesn’t support HDX Offloading on MacBooks therefore I used my wife Windows 10 laptop in these tests, which is running Citrix Workspace app 1912, and I installed the Zoom Plugin for Citrix Receiver product version 4.6.15630. You’ll notice that the product versions between the Citrix virtual desktop running the “Zoom Client for VDI” – https://zoom.us/download/vdi/ZoomInstallerVDI.msi and the Zoom Plugin “Zoom Media Plugin” – https://zoom.us/download/vdi/ZoomCitrixHDXMediaPlugin.msi on the endpoint are an exact match.
4. Zoom have published a VDI Backward Compatibility Matrix which is available at – https://support.zoom.us/hc/en-us/articles/360041602711.

Zoom VDI Optimisation Management
I think its important to recognise, when rolling out the Citrix + Zoom “Optimisation” capability you need to include both the “Zoom Client for VDI” + “Zoom Media Plugin” as part of your internal and external software deployment strategy. It is also worth noting the differences between Zoom meetings within “Citrix” VDI and on other platforms, Zoom has put together a comparison feature matrix at – https://support.zoom.us/hc/en-us/articles/360031441671-VDI-Client-Features-Comparison?zcid=1231#h_fceae51c-f385-4a20-bd54-c7c50f186c15. You should also be mindful of the native features by platform which is available at – https://support.zoom.us/hc/en-us/articles/360027397692.

Internal Strategy
Manage the “Zoom Client for VDI” using a Citrix App Layering “App Layer” – https://docs.citrix.com/en-us/citrix-app-layering/4/layer/create-app-layer.html in conjunction or separately with your existing preferred Citrix provisioning technology e.g Machine Creation Services (MSC) or Provisioning Services (PVS).

External Strategy
Management of the “Zoom Media Plugin” is better controlled for security + avoid breaking the employee experience on supported endpointshttps://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI by enrolling the endpoints into Citrix Endpoint Management (CEM). For Windows endpoints use the *.MSI installer with the “Windows Agent” – https://docs.citrix.com/en-us/citrix-endpoint-management/policies/windows-agent-policy.html to deploy a script to update the “Zoom Media Plugin” and for iOS and Android you could send a push notification to employees to update to the latest Zoom app available in the public app store so that you have app versioning + device spectrum consistently re feature + security parity across the organisation.

LTSR vs. CR vs. Citrix Cloud Strategy for HDX Offloading of Zoom?
Zoom is not embedded into the Citrix stack like Teams is, therefore you can choose to deploy your own Zoom + Citrix HDX Offloading inline with your preferred CVAD release strategy BUT you must align to Zoom’s leading practises for “Citrix” VDI and Citrix’s for release strategy type. The reason this is possible it because you need to manually or automate the installation of the “Zoom Media Plugin” + Zoom Client for VDI” software both client and server/workstation sides outside of the Citrix stack, remembering that the Teams HDX offloading components are part of the VDA (server/workstation) and the CWa (client) – http://axendatacentre.com/blog/2019/08/06/hdx-offloading-for-microsoft-teams-within-a-citrix-virtual-desktop/.

Zoom 90 Day Security Plan Facts & Personal Opinions
Zoom recently published an updated communications on there 90 Day Security & Privacy Plan for June available to read at – https://blog.zoom.us/wordpress/2020/06/03/90-day-security-plan-progress-report-june-3/*. Since the beginning of this journey I will continue to update the security & privacy portion of this blog post below. Zoom is so committed to this its CEO Eric Yaun and “leader” holds LiVE sessions entitled “Ask Eric Anything“. If you wish to register to join these sessions LiVE register at – https://zoom.us/webinar/register/WN_9jdr63uuRuSRBX-yEJ2zVQ?id=3IWjZb4JTJm0II3A4lkBOg&zcid=1231 and if you want to ask a question email answers@zoom.us as per the blog post*. If you have doubts, you heard a “Chinese Whisper” surrounding Zooms security or privacy then you should watch the below, and be sure to submit that question to Zoom’s leader and his leadership team to reply on “Ask Eric Anything“.

I’ve yet to see a leader openly committed to and inclusive of customer, business, community and peer feedback to drive CHANGE and INNOVATION. Upon reflection I’m actually not surprised he’s an “Entrepreneur Leader” and therefore both change and innovation are built into his DNA likewise to learn from failure fast and then act to achieve continued success. These two values for me is missed while driving (Digital) Transformation in any organisation from paper to paperless vs. manual to co-hybrid automation.

Security & Privacy
Zoom is continuing to take security and privacy seriously and they continue to communicate that publicly on the company blog, they have as of releasing this blog post published the following blog articles – https://blog.zoom.us/wordpress/2020/05/04/navigating-a-new-chapter-for-zoom/, https://blog.zoom.us/wordpress/2020/05/05/use-zoom-to-securely-host-virtual-board-meeting/ and https://blog.zoom.us/wordpress/2020/05/05/zoom-disable-pmi-security-updates-for-basic-accounts-may-9/. The collective sum of these post indicates that Zoom is giving IT more security controls for Zoom meetings in an enterprises. The following list is just a high level summary of what can be found in the above blog pots on https://blog.zoom.us/.

-Zoom Encryption whitepaper published April 2020 – https://zoom.us/docs/doc/Zoom%20Encryption%20Whitepaper.pdf discussing the use of TLS 1.2, AES, AES-256 and SRTP or Secure Real-time Transport Protocol for Zoom to Zoom communication. The whitepaper looks at clients, browsers and 3rd party devices/services.
-Zoom client connection progress whitepaper published April 2020 – https://zoom.us/docs/doc/Zoom_Client_Connection%20Process_Whitepaper.pdf
-Leading practices when using a Zoom Personal Meeting IDs (PMI)
-Zoom 5.0 supports AES 256-bit GCM encryption*
-Scheduled security changes to come to FREE Zoom accounts
-Zoom watermarks in two flavours
-Industry certifications e.g SOC2 Type II, Privacy Shield Certified, GDPR e.t.c – https://zoom.us/docs/ent/privacy-and-security.html
-Lock meetings and require authentication –
https://support.zoom.us/hc/en-us/articles/360041848151-In-meeting-security-options?mobile_site=true

Final Thoughts
Zoom continue to step up on security and privacy frontier, and the second round of tests continue to demonstrate a real WOW moment for me in how frictionless the experience has been as a IT Professional and as an consumer of Zoom meetings personally within my lab. I will time permitting continue with my full tests in the future expanding the device spectrum being inclusive of employee experience optimisation strategies.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Zoom A/V Offloading for Citrix Virtual Desktops Part 1

Introduction
Zoom developed a VDI optimisation solution that enables and allows for Audio and Video (A/V) processing similar to that of Microsoft Teams today and Skype for Business originally deploying and leveraging a client and backend service software components. Zoom refers to the backend as a “Zoom Client for VDI” and then the endpoint runs the “Zoom Media Plugin” processes and handles the A/V data traffic.

Zoom Pre-requisites & System Requirements
1.Prepare your UAT provisioned Citrix Virtual Desktop image to install the “Zoom Client for VDI” downloadable at – https://zoom.us/download/vdi/ZoomInstallerVDI.msi which is also referred to as the “Zoom Installer VDI” and or “Host Installer”.
2. Prepare an endpoint running a supported OS to run the “Zoom Media Plugin” Windows, iGel, eLux, HP ThinPro OS and Ubuntu. In this example we’ll focus on installing the “Citrix HDX Media Plugin” for Zoom which you can download at – https://zoom.us/download/vdi/ZoomCitrixHDXMediaPlugin.msi. The full list of available Zoom Media Plugins for Citrix is available at – https://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI#h_44458af3-695a-44f0-9cbc-b753f00b3c00.
3. Initiate a test Zoom video conference call and observe HDX offloading of A/V from the Citrix Virtual Desktop to the endpoint running the “Zoom Media Plugin“, which is passing the A/V data traffic to the Zoom Cloud MMR platform reference the Zoom VDI Optimisation node at – https://support.zoom.us/hc/en-us/articles/360031441671#h_70badc99-f2fd-417e-bd46-59493ab7047b.
4. I didn’t have to configure anything within the Zoom Cloud MMR, neither my personal Zoom account it all worked out of the box.

Citrix Pre-requisites & System Requirements
You’ll need a CVAD UAT environment to deploy fresh VM to install the “”Zoom Client for VDI” and a test Windows endpoint to install the “Zoom Media Plugin” onto. In my initial testing I am running a freshly installed Citrix Virtual Apps & Desktops (CVAD) 1912 Long Term Service Release (LTSR) which is run in my own personal “cloud” home lab in AWS EC2 geographically located in N.Virgina, USA. Zoom is also listed within the Citrix Ready website at – https://citrixready.citrix.com/category-results.html?search=Zoom.

Deployment Overview
The installation and configuration for Zoom Optimisation Meetings for VDI is incredible frictionless that it took me less than 5 minutes to complete the deployment, then test my first ever Zoom video conference call running in a Citrix Virtual Desktop. The following in order of events.

1.Download “ZoomInstallerVDI.msi” and install the “Zoom Client for VDI” within my PoV Citrix Virtual Desktop.
2.Download “ZoomCitrixHDXMediaPlugin.msi” and install the “Zoom Media Plugin” onto my Windows endpoint where I connect to my Citrix Virtual Desktop through Citrix Workspace app for Windows CR.
3. Downloaded the Zoom app from the Apple App store – https://apps.apple.com/gb/app/zoom-cloud-meetings/id546505307, please this link if for the UK Apple app store. I completed the first user experience and register myself a Zoom account.
4. I started Zoom instant meeting and then invited another participants using a meeting ID# and by default each room as a unique password to join, for more on the security of Zoom see towards the end.
5. I successfully logged into my Citrix Virtual Desktop and run “Task Manager” likewise I started “Task Manger” on my local Windows endpoint.
6. I clicked to start “Zoom VDI” app within my Citrix Virtual Desktop which there prompts you to enter in “Meeting ID” (preferred as it’s always a unique #) or “Personal Link Name”, select your preferences for audio and video upon joining. Next by default I expected to join the virtual meeting but was halted as I was required to enter in a passcode/password to actually “join” Zoom video conference call currently in progress.
6. Zoom video conference call started and immediately VDI optimised with the A/V traffic been processed locally on my local Windows endpoint.

Important Note: I only tested VDI Optimisation from within my AWS EC2 personal lab boundary as I don’t have a physical Windows endpoint at home to test it with so that will be included in part 2, my goal was to see how easy it was and if it worked a frictionless as I thought it might just by reading through Zooms online documentation.

Demonstration of Zoom A/V Offloading
In the initial demo below for part 1, I connected to a Citrix virtual desktop running in AWS EC2 (N.Virginia) in a double hop scenario, as Zoom don’t currently support Apple Mac endpoints for any Zoom VDI offloading. The video of me you see in the demo video is from my personal iPhone (London, England) connected to the Citrix virtual desktop (N.Virginia, USA). Note I didn’t test bi-directional video and or audio communication, and a few other topics, which I will follow-up in the future time permitting, but as you can see the Zoom video conference call offloads the Zoom A/V traffic to the connected Windows endpoint effortlessly! Great work Zoom I am well impressed with my initial testing today.

Employee Experience VDI Limitations
Zoom and provided a high level feature “comparison” matrix – https://support.zoom.us/hc/en-us/articles/360031441671-VDI-client-features-comparison#h_fceae51c-f385-4a20-bd54-c7c50f186c15 depicting the differences between the Zoom VDI client vs. the Desktop and Web clients. Its important to be mindful of these differences in order to properly educate your employees when dealing with service desk requests or better prior to rollout by posting an internal article on your companies intra or extranet. The following for me are important limitations to be aware of, when deploying and consuming Zoom through a Citrix Workspace lens.

– Maximum resolution of 1080p and up to 380p for thin client h/w.
– No dual monitor support
– Support for up to 9 visible video participants
– No Apple Mac device support for HDX offloading of Zoom A/V data traffic

Security & Privacy
Zoom has recently been in the press surrounding security and privacy practises “Google it”, with that been said its worth noting that Zoom as an organisation committed to a 90 day security plan centred on its platform + client security, today 22/04/2020 they published the following article on there corporate blog “Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0” – https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/, so be sure to read through it.

Final Thoughts
I have alot more questions and tests to do the above is only the very beginning, next I’ll be evaluating fallback scenarios, more of a focus employee experience use-cases including unconsidered needs, tweaks of course and finally testing a 🙂 endpoints in London, England whilst my Citrix Virtual Desktop in N.Virgina, USA as this is how I have tested these types of Unified Communications (UC) or Video Conference platforms all the way back to Lync with the Citrix HDX Optimisation pack.

I honestly found the setup and deployment of Zoom’s VDI Optimisation ridiculously simple its incredibly frictionless! I guess thats why many folks are still continuing to consume and use Zoom for video conferencing.

The views expressed here are my own and do not necessarily reflect the views of Citrix.