Dyslexia Thinking + Thoughts on the power of Citrix SDWAN captured in a Blended Doodle

SD-WAN is a Complex Subject, I’ll Simply It
I decided to put together this blended doodle together to better explain Citrix SD-WAN, how it works in a visual illustration to have more meaningful conversations and discussions. I picture can tell a thousand micro stories and the big picture here depicts a simple story which tells you the IT + Business value of SD-WAN including the why and it also tells an important industry story often never told which is that implementing ANY SD-WAN is NOT frictionless with an out of the box experience, it takes effort but once that effort is done and done right then Citrix SD-WAN’s Zero Touch strategy will takeover and make it frictionless from IT to the branch to key workers at home. Another top of mind reason to consider as a real world field example is that you simply cannot do a (Citrix) SD-WAN PoC 99.5% of the time to evaluate it. Wait what? Why? It’s always going to be a pilot, and the why is simple you are taking over co-control of an organisations underlay network to create an SD-WAN overlay network, while inserting (Citrix) SD-WAN packets into the organisations network fabric. This is a fact of every SD-WAN vendor in the marketplace.

View this post on Instagram

L-J’s (My) #Dyslexia thinking + thoughts on the power of #Citrix #SDWAN captured in a blended #doodle talking about Citrix Workspace services in/on/over Citrix Networking, DPI engine to identify apps/protocols + align QoS priorities, IT experience scorecard with a new meaningful way to measure SLA’s, the honesty MSP/ISP IT visualiser scorecard, zero touch provisioning for any office workplace, hybrid multi-cloud use cases and of course #workfromhome appliances for key identified workers by role/function and leaders. #citrixCTA Blended Doodle is hand drawn with pencil ✏️ + paper, with final editing using Apple iPages on my #iPhone 7πŸ“± The views expressed here are my own and do not necessarily reflect the views of Citrix.

A post shared by Lyndon-Jon Martin πŸ‘¨πŸ»β€πŸ’»πŸ“² (@lyndon_jon_martin) on

Technically Understanding Citrix SD-WAN
The following links below will help you better understand Citrix SD-WAN’s terminology, strategy and technical acumen and thinking when deploying, managing and monitoring an SD-WAN overlay network bonding two or more underlay networks e.g Business broadband and 4/5G LTE internet circuits together into a single seamless internet pipe, while giving IT back control over its WAN including allow them to better measure meaningfully your MSP/ISP internet circuit providers performance including complete vs. brown outages, while visualising and seamless failover due to packet loss in a single direction with any internet circuits.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Building an IT Employee Experience Scorecard

Consider this an evergreen post as of 22/09/2020

Introduction
I smile consistently these days hearing how organisations are keeping the UK economic moving forward, pivoting day 1 of the UK COVID-19 lockdown to full-time frictionless secure remote flexible working styles with minimal IT effort + friction powered by Citrix technologies.

I hear many unconsidered benefits from my customers, examples include keeping businesses operating helping their customers and supporting them during the height of the lock down to leap frogging competitors gaining significant market share through to winning new business because operationally they where available and ready with a Citrix powered securely centralised hybrid multi-cloud delivery strategy, when backed with a robust and annually tested Business Continuity Plan (BCP) set them up for instance successful shifting from day one of the UK COVID-19 lockdown to full-time work from home without any major hiccups.

For organisations that weren’t fully Citrix and had a hybrid strategy achieved full work from home swiftly swell using one or more of the following strategies:

1. Many existing hybrid Citrix customers scaled up licensing and re-framed physical workstations sat in the office through Citrix Workspace app to employees now sat at home using a browser on a personal device at home. To the employee everything is where it should be within there virtual desktop, for many this has now fundamentally changed perceptions of why they need to sat in an office for 5 working days in a post COVID-19 non-lockdown world.
2. Scaling up CVAD usage by optimising existing workloads or unlocking dark capacity turned off and deallocated ready within the data centre wherever they choose that to be.
3. The most popular one was to extend into one or multiple public clouds (AWS, Azure) to supporting elastic Citrix Virtual Apps & Desktops (CVAD) workloads whilst remaining in control of public cloud cost economics utilising Citrix AutoScale – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/manage-deployment/autoscale.html which is part of the CVAD Service.

Finally organisations shifted to focusing on strengthening security within 1-2 weeks, implementing contextual device security powered by Citrix Smart Control and Smart Access technologies beyond IT non-managed devices, as not every employee could take a device home, they didn’t have a device they could use or they just didn’t have the physical space for it at home as you just don’t know your employees WFH requirements, needs and including @home personal circumstances behind closed doors.

In these many organisations hearing all these great stories I noticed a common theme reoccurring in lock down months 1-2. I have a percentage of employees and its all abeit random across the entire organisation encountering good vs. fair vs. poor experiences. Due to the random nature pin pointing the issue was a huge challenge as by the time IT investigated the problem it was largely self-resolved if by magic? My response have you heard about and or deployed and are running Citrix Application Delivery Management (ADM)? A resounding NO 95% of the time. The below diagram 1 visualises the traffic flow of where I am vs. where my delivered Citrix Virtual Desktop is run out of, it likewise can visualise to IT the overhaul traffic, load demand, security & infrastructure health status ref diagram 2.

Diagram 1

Not visualising the employees “Workspace” traffic flow, is where the value of Citrix and ANY Workspace solution is LOST in IT Service delivery. Citrix Application Delivery Management (ADM) is a key enabler in helping remediate employee experience issues, whilst providing a crucial IT Employee Experience Scorecard.” Lyndon-Jon Martin June 2020

The Business IT Value of Citrix ADM
A modern flexible platform with two unique halves much like our human brains with left vs. right hemispheres connected by a nervous system, however in this case ADM has analytical vs. management hemispheres providing fleet management with different roles vs. function; employee, security & infrastructure insights supported by a hybrid multi-cloud architectural strategy enabling less IT Ops friction and complexity on a daily basis. ADM’s centralised management + sense architecture provide simple and or advanced operational experience scorecards for auditors (PCI/DSS/ISO27001 with RBAC for read-only access), security + network teams, IT and Citrix System Administrators alike from a single framed lens who’s nervous system is connected to a hybrid multi-cloud fabric providing unconsidered insights and visibility into capacity, strengthened security posture through monitoring change control and config drifts incl automated fleet management which can be executed across multiple instances in ANY cloud simultaneously or on your own terms. ADM gives IT back the right level of “Control” enabling the less friction shifting workloads with true licensing flexibility + agility to the most commercially attractive vs. the most innovate cloud platform which suites IT and their business demands.

Diagram 2

Having had the privilege of working with world class engineers in the past helping a single customer to process a Β£1 million pounds per minute through a payment gateway beyond typical web, app traffic of a front door of there website. I learnt that you always require something that you as the MSP or your customer can “Control” in an ANY Cloud + Services architecture for Business Continuity Planning (BCP) and sound IT Operational excellence so you can make better decisions at pace from more accurate data insights visualised. Placing your “Eggs” aka IT Business platform into a single supplier framework even the most trusted IaaS provider and enforcing that your preferred IaaS region is properly fault tolerant and highly-available is equally expensive in cost and complexity much like on-premises, do not be fooled. The IT Complexity Index increases significantly when consuming for example IaaS native site recovery services to enable near to real-time failover in another region when your primary region experience’s an (planned) outage or degraded performance, these services help to keep-a-live those existing “Sticky” connections which will eventually complete a transaction of some kind e.g credit card donation.

I’m all for public cloud in fact two operating styles “Native” vs. “Managed” Public Clouds strategies. I’ve ran my personal lab in AWS EC2 since 2016, easily amortised Β£1000 over these past 4 years with plenty of cashflow free. Really? How? Having a strong background + experience in the MSP world on the edge of the City of London and working with “Managed” Public Clouds platform I began to respect + understand how all IaaS providers operate inclusive of the full lifecycle management of workloads + the data centre platform itself which is to not leave everything on like you do at home or in a traditional managed colocation data centre. In a native vs. managed IaaS world you’ll turn off and deallocate capacity if you don’t require it and scale it up as you equally require it with little to no friction. I’ve digressed enough back to the IT Employees Experience Scorecard.

A number of my customers have overcome that randomness or pockets of employees complaining about a poor experience post deploying Citrix ADM as the issue can now be identified and remediated pretty efficiently. The solution is simple, deploy and run Citrix ADM for up to a week continuing as is, no changes and then run a report similar to the above and in parallel visualise all those support cases from your service desk platform and marry up employee names and you’ll quickly notice a pattern forming between employees with poor experiences vs. support cases + the number of them.

I suggested to organisations survey those employees and ask them a few simple questions the best ones “Who is your home broadband provider?” and the second “How many devices are connected in the house to the internet and number of people?”. The first question revealed what I expected its the employees consumer ISP and the suggested remediation could well be provide them a “stipend” exclusively for mobile data onto personal contracts or ship them a 4G mobile hub/dongle to use instead and the problem vanishes over night almost every time and video conferencing platforms perform better as a net result equating to happier employees with a better experience.

The second question is about understanding what is happening within the home and as a result tweak or deploy a new HDX policy which again almost every time the employee experience was significantly improved. An example is switching out “Thinwire” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/graphics/thinwire.html for “EDT” – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-overview/hdx/adaptive-transport.html or visa versa. You can Optimise the “EDT” HDX protocol bandwidth over high latency connections – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/technical-overview/hdx/bandwidth-connections.html as its roots are entrenched from the “Framehawk” protocol which was originally engineered from the ground up to deliver a better experience with macro rising increases of spectral interference and multipath propagation, you can learn more about that by reading this article – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/graphics/framehawk.html. An important note you should be actively using the “EDT” protocol with or beyond 1912 LTSR if you want something like “Framehawk“.

Getting Started with Citrix Application Delivery Management (ADM)
It can be consumed as a Citrix Cloud Service – https://docs.citrix.com/en-us/citrix-application-delivery-management-service.html or you can deploy a customer owned and operated platform – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13.html.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Azure AD SAML Sign-in with Virtual Smartcard to Citrix Virtual Apps & Desktops

Consider this an evergreen post as of 10/06/2020

Introduction
The purpose of this blog post to aim for a consistent modern authentication experience for employees when consuming Citrix Virtual Apps & Desktops (CVAD) + CVAD Service regardless of where the (CVAD) workloads are running, either in *Azure, *AWS, *GCP or *On-Premises. The primary priority is that the employees identity is owned and managed by a cloud identity platform e.g Azure Active Directory (AAD) and the employees identity within each resource location* for CVAD usage maps to AD shadow accounts. These AD shadow accounts represent the employee as a UPN e.g human.name@domain, with a RANDOM long complex password that the employee doesn’t need to ever know and all IT is required to do beyond creating a AD shadow account is then assign the right vs. relevant security privileges and access to CVAD including Policies meeting local, geo of industry compliance and governance while maintaining a great employee experience.

The second priority is that the employees device can frictionlessly access CVAD resources using either a Forward Proxy, SD-WAN Overlay Network or ICA Proxy. I do recognise that many organisations are still required to make use of a VPN style strategy at the current moment and therefore this solution can also work for those devices as well repurposing the existing Citrix Gateway to also support a Full VPN beyond ICA Proxy or you can use other well established and trusted VPN solution providers.

Leveraging a Bring Your Own “either Enterprise vs. Personal” Identity (ByoI) is a concept I ponded way back in 2017 and now feels like the right time to pick that up concept again during the current Workplace transformation happening all around the world due to world wide COVID-19 pandemic. Using a ByoI strategy as high level vision you can efficiently deploy CVAD to any *Azure, *AWS, *GCP region or *On-Premises with less friction and you don’t need to be worry about “Password Syncing” just replicate the employee’s UPN + AD Security Privileges + CVAD Access & Policies where its required. It has the added benefit if you want do mix and match public cloud workloads to avoid lock-in amongst other topics, you’ll be providing a common and consistent login interface + experience irrespective of where the workload is sat.

It another brilliant benefit is the on-boarding of 3rd Parties (3P’s) using ByoI concept with a business check at the edge, the 3P brings there owned Identity and in the current world we live in I don’t think that is bad thing it could even strength that employees individual security as there identity will be bound to a smartphone which knows more about your individuals habits and you that you know yourself. If we can unlock a co-shared responsibility identity model between the individual + organisation we can truly aim for a passwordless workspace that only uses virtual smartcards or tokens.

Finally the on-boarding of M&A employees can be faster as you can generate them a few days after commercial signing with a new brand identity that resides in Azure AD (or Google, OKTA e.t.c) whilst they continue accessing existing workplace apps + data with current AD credentials, IT + HR + Business can choose when to layer in the “NEW” Workspace Platform for Work from group perspective into the existing Workspace with less friction and complexity. Yes this final topic is complex when we think about merging different Business IT and IT Systems together, a CVAD strategy with FAS bridges the GAP reducing friction and complexity for IT to sun rise a new Workspace stack for that newly acquired organisation while sunsetting the exciting Workspace stack and those new M&A employees get to on-board beyond the Workspace into there new organisations people, its culture, vision and values and avoids the IP drain that often can easily happen.

The Employee Experience

High Level Architecture
The scenario below depicts accessing a StoreFront server on any device type from within the Workplace fabric in any office locally or world wide or from a IT managed device that makes use of a Full VPN, Forward Proxy technology; WFH Citrix SD-WAN appliance where traffic passes over an SD-WAN overlay network; Citrix Endpoint Management enrolled smart device with per-app mVPN configured and finally irrespective of the devices management status you can use ICA Proxy* to access CVAD resources anywhere over the internet inclusive of any home via a Citrix ADC (formerly NetScaler) using the Gateway functionality which is “VPN-Less*”.

Systems Requirements & Pre-requisites
1. A UAT or Test CVAD 1912 LTSR Site that already setup. My personal one runs in AWS EC2 as it retains hosting connections or public clouds to preform MCS provisioning of machines from customer own and managed control plane. You can also use the Citrix Virtual Apps & Desktops (CVAD) Service or sign-up at https://citrix.cloud.com/ and engage your local Citrix representatives to get a trial setup for the CVAD Service.
2. Deploy a new VM which will run the following Citrix 1912 LTRS StoreFront and Federated Authentication Service (FAS) roles to create a new “Store” on StoreFront called “AAD” which will be configured to accept the Azure AD SAML token which will then convert the AAD SAML tokens into a Citrix virtual smartcard to SSO the employee onto CVAD resources.
3. Install StoreFront – https://docs.citrix.com/en-us/storefront/1912-ltsr/install-standard.html after reading the system requirements – https://docs.citrix.com/en-us/storefront/1912-ltsr/system-requirements.html.
4. Setup and Configure FAS Role on your StoreFront Server – https://docs.citrix.com/en-us/federated-authentication-service/1912/install-configure.html after reading the system requirements carefully – https://docs.citrix.com/en-us/federated-authentication-service/1912/system-requirements.html, this part shouldn’t be a problem e.g leaning on on Security teams whom control the Enterprise CA Admins as you’ll hopefully be using a proper UAT or Test CVAD environment with all the Microsoft management servers and roles including an Enterprise CA which FAS requires and access to AD introduce new GPO’s.
5. An Azure AD “personal or business test” tenant.

Deployment Guide

Azure AD Setup & Configuration – Personal Home Lab Edition
If you have a separate Azure AD tenant in Azure you can proceed to the next section, however if you are an IT Pro that wants to test out how to convert Azure AD SAML logins to Citrix virtual smartcards for CVAD the following the below guidance below for setting up a personal ADD tenant with a personal Azure account for your home lab. WARNING I am not an Azure AD nor on-premises AD expert, therefor follow the leading practises found in Microsofts documentation for Azure AD.

1. Navigate toΒ https://portal.azure.comΒ and sign-in with your live vs. personal Microsoft account. Select β€œCreate a resource”.
2. Select β€œIdentity” then select β€œAzure Active Directory”.
3. Enter in an β€œOrganisation Name, Initial domain name and select your Country or region”.
4. The wizard will begin creating your AAD tenantΒ .
5. Once it completes click the hyperlink within β€œClick here to manage your new directory”.
6. At the Overview page of your new AAD tenant select β€œUsers” under β€œManage” section.
7. Select β€œ+ New user” under the β€œAll Users (Preview)” Overview you’ll notice your personal email addr.
8. You’ll notice when creating a new employee account for your AAD tenant that you can only append domain.onmicrosoft.com to the username, I’ll explain how-to convert that to user@domain and remove the UPN requirement of user@doamin.onmicrosoft.com in the next few steps. For now fill the following fields β€œUser name”; β€œName”; β€œFirst name”; β€œLast name”; β€œPassword” (choose or auto-generate) and the select β€œCreate” keeping the defaults as they are.
9. Your new AAD employee is successful created, you can assign roles. NOTE for my personal testing purposes I didn’t configure anything as I’ll delete that test employee AAD account after my testing.
10. At this point I’m not going to deploy nor setup the β€œAzure AD Connect” in my Citrix Cloud Resource Location as I want the employees primary identity to always reside in Azure AD as the single source of truth, and then bring that identity to my Citrix Cloud Resource Location e.g Bring your own Identity (ByoI) and after a successful AAD SAML login map that to a hardened AD Shadow account with long complex password that the employee will never know and all I need to do it assign the AD security privilege and access for CVAD resources. This approachΒ means that employee will NEVER enter in a AD password within a Citrix Cloud Resource Location that is configured for AAD (or Google, OKTA e.t.c) when using CVAD 1912 LTSR StoreFront and the Federated Authentication Service (FAS) in a Resource Location(s). For complex environments yes you’ll likely deploy the β€œAzure AD Connect” software as a role somewhere to replicate the employees but you don’t need to replicate there passwd or you can provision the employee twice once in AAD as in the example above and then again manually in AD in the Resource Location as there corresponding AD shadow account which matches the UPN from AAD when authenticating using SAML to StoreFront, the choice is yours but I found for testing purposes a manual in each is far less frictionless.

On-Premises Active Directory (AD) within your Resource Location
1.Create a new AD “Shadow” account that matches the “User Principal Name (UPN)” in AAD e.g user@domain, generate a random long complex password which they don’t need know and then assign or inherit the right vs. relevant AD security groups, GPOs that you would usually assign to a CVAD consumer.
2. On-board your domain into Azure AD which required verifying it with a MX record to avoid using user@domain.onmicrosoft.com so that you can use user@domain keeping it simple and less complex.

Installation and Configuring the Federated Authentication Service (FAS)
1. On the new VM that you just installed 1912 LTSR StoreFront role onto from the existing mounted ISO run the autorun splash screen and select β€œFederated Authentication Service”.
2.Read the EULA which you’ll need to β€œAccept the Licenses Agreement” to continue.
3. Accept the defaults and select β€œNext” on the “Core Components” page.
4. Accept the defaults and select β€œNext” on the “Firewall” page.
5. Once the installer is finished select β€œFinish” to close.
6. Open a PowerShell window in Admin mode then copy & paste the following code below, which will enable a trust between the CVAD Controller and the StoreFront server, minimise this window you’ll require it later.

Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true

7. Navigate to the following path β€œC:\Program Files\Citrix\Federated Authentication Service\PolicyDefinitions\” on the current StoreFront server that you installed FAS role onto, copy the following two files β€œCitrixFederatedAuthenticationService.admx” and β€œCitrixBase.admx” the entire folder β€œen-US” to a network share which will need to be accessible from your Windows Domain Controller or WDC.
8. Connect to your Windows Domain Controller (WDC) via RDS from the current StoreFront + FAS server and copy the two *.admx FAS files including folder β€œen-US” from your network share to the following path on the β€œC:\Windows\PolicyDefinitions” on your WDC.
9. Open an β€œMMC” console and load the β€œGroup Policy Management Editor” snap-in, at the prompt for a Group Policy Object, select β€œBrowse” and then select ”Default Domain Policy”.
10. In the MMC console navigate to β€œDefault Domain Policy [server name] > Computer Configuration > Policies > Administrative Templates > Citrix Components > Authentication” and you should see the following three policies available β€œFederated Authentication Service”, β€œStoreFront FAS Rule” and β€œIn-session Certificates”.
11. Select and open the β€œFederated Authentication Service” policy, next select to β€œEnable” it followed by selecting the β€œShow” button parallel to β€œDNS Addresses” label and enter in the FQDN e.g. β€œserver.domain” of your StoreFront + FAS server and then select β€œOK” and then select β€œOK” to save the policy configuration and enabling FAS.
12. Next select and open β€œIn-session Certificates” and select β€œEnabled” and in the β€œConsent timeout (seconds):” field type in a value of “30” which is the default.
13. Next close the MMC console and open up the existing PowerShell (Admin mode) and copy and paste the following code to force a Group Policy Update. 

gpupdate /force

14. Minimise the RDS connection from your WDC so that you are back on your StoreFront + FAS server. Search and open up Citrix FAS in Admin mode, if you don’t you will be notified in the UI and then select β€œrun this program as administrator” which will reload the FAS UI in Admin mode.
15. Select to β€œDeploy” for β€œDeploy certificate templates”.
16. Select β€œOk” on the pop-up window that appears.
17. You’ve now successfully deployed the certificate templates, now select β€œPublish” for β€œSet up a certificate authority”.
18. Select the right Enterprise Certificate Authority (CA) from the available list and select β€œOk”.
19. You’ve now deployed the certificate templates successfully to your Enterprise CA, now select β€œAuthorize” for β€œAuthorize this service”.
20. Select the right Enterprise Certificate Authority (CA) from the available list (same as above) and select β€œOk”.
21. The FAS UI will display a spinning icon as the authorisation request is pending on the Enterprise CA server. 
22. Connect to your Enterprise CA via RDS and the β€œMicrosoft Certification Authority” MMC Console and navigate to β€œCA > CA Server > Pending Requests” you’ll see pending certificate right click it select β€œAll Tasks > Issue” and the certificate will be issued. 
23. Verify the issues certificates are issued by selecting β€œIssued Certificates” and verify you can see two issues certificated that begin with β€œCitrix_RegistrationAu…”.
24. Minimise your RDS session to your Enterprise CA and return to the StoreFront + FAS server, you now notice the β€œAuthorize this service” says β€œReauthorize” which is correct as the FAS service is now authorised with the Enterprise CA. Next select β€œCreate” for β€œCreate a rule”, which launch a new window.
25. Accept the default β€œCreate the default rule (recommended)” and select β€œNext”.
26. Accept the default β€œCitrix_SmartcardLogon (recommended)” and select β€œNext”.
27. Select the previously selected and configured Enterprise CA you Authorised and select β€œNext”.
28. Select β€œAllow in-session use” and select β€œNext” if you enabled the following policy β€œIn-session Certificates” earlier.
29. Select β€œManage StoreFront access permissions (access is currently denied)” in red text which will open a new window.
30. Remove β€œDomain Computers” and add the β€œServer” running the StoreFront + FAS roles and under β€œPermissions” to β€œAllow” then select β€œApply” and β€œOk”.
31. The screen will update with β€œManage StoreFront access permissions” to now be in blue text, now select β€œNext”.
32. Select β€œManage user access permissions (all users are currently allowed)” in red text which will open a new window.
33. You can change to default β€œDomain Users” to your own test AD security group, then under β€œPermissions” to β€œAllow” then select β€œApply” and β€œOk”.
34. The screen will update with β€œManage user permissions (all users are currently allowed)” to now be blue text, now select β€œManage VDA permissions (all VDAs are currently allowed)” which is in red text.
35. You can change to default β€œDomain Computers” to your own test AD security group that your Citrix Virtual Delivery Agents (VDA) are found within, then under β€œPermissions” to β€œAllow” then select β€œApply” and β€œOk”.
36. The screen will update with β€œManage VDA permissions (all VDAs are currently allowed)” to now in blue text, now select β€œNext”.
37. Now select β€œCreate” and a “Default” FAS rule.
38. You have now successfully setup and configured Citrix FAS, you still need to enable FAS Claims for your “AAD” store on StoreFront which is covered later in this blog post.

Creating a new Store call “AAD” for Azure AD SAML Authentication in StoreFront
1. Open Studio and select “StoreFront” then select β€œStores” and the on the β€œActions tab” select β€œCreate Store”.
2. On the splash screen select “Next“.
3. Type in β€œAAD” for the β€œStore Name” field and click β€œNext”.
4. Select β€œAdd” list a CVAD controller, a new window will appear where you need provide the following information a β€œDisplay Name” e.g Citrix Cloud Connectors vs. CVAD 1912 LTSR, for the “Type” select β€œCitrix Virtual Apps and Desktops” and under β€œServers” list select β€œAdd” and type in the Citrix Cloud Connector or CVAD 1912 LTSR addresses and choose β€œTransport type” either HTTP 80 or HTTPS 443 (Preferred) and click “OK”.
5. You are now returned to the “Delivery Controller” page with a list of either Citrix Cloud Connectors or CVAD Controllers 1912 LTSR, click “Next“.
6. Now on the “Configure Authentication Methods” page select β€œSAML Authentication” and leave β€œUser name and password” checked as YES, then click β€œNext”.
7. Ignore “Remote Access” configuration and click “Next“. NOTE: I will update this blog post at a later date with the Remote Access via Citrix Gateway formerly NetScaler Gateway.
8. Accept the default’s on the “Configure XenApp Services URL” and click “Create”.
9. StoreFront will begin creating your new “AAD” Store on your StoreFront server, once the wizard completes select “Test Site” to verify you can see a webpage that displays Citrix Receiver or you can navigate to β€œhttps://FQDN/Citrix/AADWeb/” replacing the FQDN with your own to verify the webpage is available.

Generating AAD SAML Configuration for StoreFront
1. In the Azure AD UI in the Azure Portal select β€œEnterprise applications” node.
2. When the UI updates in the centre select “Select β€œNew application”.
3. You are taken to the “Add an Application” wizard and presented with three options select “Non-gallery application“.
4. Next provide a name for your own application e.g AAD-SAML-CVAD1912LTSR and then click “Add” at the bottom.
5. The AAD wizard completes and you are taken to the “Overview” page for “AAD-SAML-CVAD1912LTSR“, now select “Users and groups” from within this view.
6. Add an native AAD user(s). Note do not add any employee that does not have a AD shadow account setup and configured in the Citrix Cloud Resource Location (RL).
7. Now from the same “Overview” page for “AAD-SAML-CVAD1912LTSR” select “Single Sign-on” and on the “Select a single sign-on method” wizard select “SAML” and will start the AAS SAML wizard.
8. Select the pencil icon for “Basic SAML Configuration” to configure the following fields as follows below and select “Add“.

Identifier (Entity ID): https://FQDN/Citrix/AADAuth
Reply URL (Assertion Consumer Service URL):https://FQDN/Citrix/AADAuth/SamlForms/AssertionConsumerService
Sign on URL: https://FQDN/Citrix/AADWeb

9. Check under “User Attributes & Claims” portion that the “Name” field is configured to β€œuser.userprincipalname”.
10. Scroll to “SAML Signing Certificate” and click to download the β€œFederation Metadata XML” e.g. AAD-SAML-CVAD1912LTSR.xml, now save or transfer it to your StoreFront server at C:\Temp.

Create and Configure a Azure AD SAML Trust in StoreFront
1. If you have transferred the *.xml file e.g “AAD-SAML-CVAD1912LTSR.xml“, then on your StoreFront server create a folder called β€œTemp” on β€œC:\” and transfer the downloaded *.xml file.
2.Open PowerShell in admin mode or launch it from Studio 1912 LTSR. Copy & paste the following code below, however if opening the PowerShell with Admin privileges without Studio 1912 LTSR then copy & paste this cmdlet first before proceeding with the configuration & “$Env:PROGRAMFILES\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1“. You will notice the virtual path for the Store is already set here to AAD so you can copy and paste it as is. This code sets up and configures SAML for the ADD Store.

$storeVirtualPath = “/Citrix/AAD” 
$auth = Get-STFAuthenticationService -Store (Get-STFStoreService -VirtualPath $storeVirtualPath) 
$spId = $auth.AuthenticationSettings[“samlForms”].SamlSettings.ServiceProvider.Uri.AbsoluteUri 
$acs = New-Object System.Uri $auth.Routing.HostbaseUrl, ($auth.VirtualPath + “/SamlForms/AssertionConsumerService”) 
$md = New-Object System.Uri $auth.Routing.HostbaseUrl, ($auth.VirtualPath + “/SamlForms/ServiceProvider/Metadata”) 
$samlTest = New-Object System.Uri $auth.Routing.HostbaseUrl, ($auth.VirtualPath + “/SamlTest”) 
Write-Host “SAML Service Provider information: 
Service Provider ID: $spId 
Assertion Consumer Service: $acs 
Metadata: $md 
Test Page: $samlTest “
 

3. Next copy and paste the following code which will ingest SAML configuration from the Azure AD *.xml that you downloaded earlier and copied to C:\Temp on the StoreFront server.

Get-Module “Citrix.StoreFront*” -ListAvailable | Import-Module
# Remember to change this with the virtual path of your Store.
$StoreVirtualPath = “/Citrix/AAD”
$store = Get-STFStoreService -VirtualPath $StoreVirtualPath
$auth = Get-STFAuthenticationService -StoreService $store
Update-STFSamlIdPFromMetadata -AuthenticationService $auth -FilePath “C:\Temp\AAD-SAML-CVAD1912LTSR.xml”


4. Validate there are not error(s) on screen that need resolving.
5. Minimise your PowerShell window you’ll need it again shortly, now open up Studio or StoreFront MMC console and navigate to the “Stores” and select “AAD” and select “Manage Authentication Methods“.
6. Select the cog icon parallel to β€œSAML Authentication” and then select β€œIdentity Provider” you should see that your AAD SAML configuration is setup and configured, leave it as is DO NOT TOUCH it!
7. Close all windows including Studio or StoreFront.

Enabling FAS for Converting Azure AD SAML Tokens to Virtual Smartcards
1.Open up your existing PowerShell window and copy and paste the following code below, which will ENABLE FAS for your ADD Store to convert AAD SAML tokens received into virtual smartcard that will be used to SSO the employee onto his/her Citrix virtual app and or desktop. You’ll notice the code is configured for the “AAD” Store so you can copy and paste as is.

Get-Module “Citrix.StoreFront.*” -ListAvailable | Import-Module
$StoreVirtualPath = “/Citrix/AAD”
$store = Get-STFStoreService -VirtualPath $StoreVirtualPath
$auth = Get-STFAuthenticationService -StoreService $store
Set-STFClaimsFactoryNames -AuthenticationService $auth -ClaimsFactoryName “FASClaimsFactory”
Set-STFStoreLaunchOptions -StoreService $store -VdaLogonDataProvider “FASLogonDataProvider”


2. Validate there are not error(s) on screen that need resolving, if there are none you can nose close the PowerShell window.

Testing your Azure AD SAML to Virtual Smartcard Login
1. Navigate to https://FQDN/Citrix/AADWeb which will redirect you to a AAD login.
2. Enter in your UPN e.g user@domain and then complete the required 2FA vs. MFA requirements setup by your organisation as requirement onscreen.
3. You will be returned to https://FQDN/Citrix/AADWeb and SSOed onto UI, depending on your setting your desktop will either auto launch of you’ll have to manually launch it yourself. The initial login will take slightly longer than usual as its generating you that initial virtual smartcard between StoreFront, FAS, AD and your Enterprise CA.
4. Your Citrix vDesktop or vApp should launch successfully and SSO the on without prompting for any credentials.

Troubleshooting
1.If you receive ANY error once returned to https://FQDN/Citrix/AADWeb post the AAD SAML login open a new browser tab in the same session and copy and paste the following URL https://FQDN/Citrix/StoreAuth/SamlTest to see if you have any oblivious errors e.g user@domain.onmicrosoft.com from Azure AD which doesn’t map to the AD Shadow account that is user@domain so its a UPN mismatch and the sign-on will continue to fail.
2. If the employee can sign on to https://FQDN/Citrix/AADWeb and the Citrix vApp or vDesktop launches but they see a credential prompt with “Other User” check and see that you configured FAS for the correct Store with SAML Authentication setup and configured if not using my example of “AAD” as the Store setup and configured on StoreFront.

ICA Proxy Remote Access with Azure AD SAML
Coming…

ConceptΒ on Bring your own Identity (ByoI) Strengthening Security through Co-SharedΒ Responsibility owned by IT with different operating models
Its a simple concept which I like and yes it adds in complexity but it times today its far better to harden against unwanted 3rd party access whilst making it harder to achieve lateral movements. If the employee’s account is compromised by a 3rd party, they would need to compromise the employees identity in the cloud directory e.g AAD and in Active Directory (AD) on-premises as both passwords are completely different with different types of multi-factor authentication methods bound including access privileges.

The views expressed here are my own and do not necessarily reflect the views of Citrix.


Zoom in Citrix VDI (Part 2) HDX Offloading, Architecture and Zoom.us Security + Privacy

Introduction
In my first blog post http://axendatacentre.com/blog/2020/04/22/zoom-hdx-offloading-for-citrix-virtual-desktops-part-1/ I explored how frictionless it was to setup and deploy Zoom in a Citrix Virtual Desktop, this post builds upon my initial post looking at a wider device spectrum, fallback scenarios and further testing using iGel thin clients.

Overview of Optimised vs. Un-Optimised Zoom Meetings in Citrix VDI (DaaS)
The below image represents both an (un)optimised Zoom meeting running within a Citrix virtual desktop. If an employee access’s his/her Citrix virtual desktop from an endpoint e.g BYO that doesn’t have the β€œZoom Media Plugin” installed like it was on there e.g CORP device then the once “Optimised” HDX offloaded A/V traffic for there Zoom Meeting is effectively now “Un-Optimised” and the A/V processing that was shifted onto the employee’s endpoint will now be processed within the Citrix virtual desktop in the resource location (data centre) causing a degraded experience, macro uplift in computing and networking resources to process the A/V for the Zoom meeting and the A/V traffic sent and received from the employees endpoint which is then sent out via the Zoom client within the Citrix virtual desktop.

UPDATED Zoom Pre-requisites & System Requirements
Follow my original guidance at – http://axendatacentre.com/blog/2020/04/22/zoom-hdx-offloading-for-citrix-virtual-desktops-part-1/. My initial test focused on testing the viability of using Zoom meetings in a Citrix virtual desktop when HDX Offloading was enabled to “Optimise” Zoom meetings and improve the employee experience by shift the A/V processing to the employee’s endpoint, the initial results where hugely promising with minimal effort.

I found some time to continue with further tests but I hit a wall the β€œZoom Client for VDI” was displaying a “Grey blank screen” during the meeting and when checking the video settings within the “Zoom Client for VDI” app in system tray, you get the same result a “Grey blank screen” even though Citrix Workspace app is doing its job of automatically connecting “Microphones and Webcams” as I tested a GoToMeeing without any issues so I knew there where no policies conflicts or issues. I googled the problem briefly and found nothing useful, I then decide to revisit Zoom’s on-line documentation and found this important notification published within the last 6 days of this blog post stating that Zoom now requires both the β€œZoom Media Plugin” + β€œZoom Client for VDI” to match exactly from version 2.1.5 documented at – https://support.zoom.us/hc/en-us/articles/360031768011-New-Updates-for-Virtual-Desktop-Infrastructure-VDI- as, anything prior to the pending date 30/05/2020 you can configure the MinPluginVersion via registry settings – https://support.zoom.us/hc/en-us/articles/360032343371 to be able to use older versions for backwards compatibility – https://support.zoom.us/hc/en-us/articles/360041602711.

Zoom Meeting Test & Citrix Lab Overview
1.CVAD 1912 LTSR running in my personal AWS EC2 in N.Virgina, USA delivering a Citrix virtual desktop to me in London, England. The virtual desktop is running Windows Server 2019 its a “t2.medium” instance type running the 1912 LTSR Virtual Delivery Agent (VDA), also installed was the β€œZoom Client for VDI” product version 4.6.15322 used during my orginal testing – https://twitter.com/lyndonjonmartin/status/1253036938992529408?s=20. To resolve the “Grey blank screen” download and install the latest product version I was running 4.6.15630.
2. Personal iPhone 7S running Zoom app setup with my account to start/stop Zoom meetings.
3. Zoom doesn’t support HDX Offloading on MacBooks therefore I used my wife Windows 10 laptop in these tests, which is running Citrix Workspace app 1912, and I installed the Zoom Plugin for Citrix Receiver product version 4.6.15630. You’ll notice that the product versions between the Citrix virtual desktop running the “Zoom Client for VDI” – https://zoom.us/download/vdi/ZoomInstallerVDI.msi and the Zoom Plugin “Zoom Media Plugin” – https://zoom.us/download/vdi/ZoomCitrixHDXMediaPlugin.msi on the endpoint are an exact match.
4. Zoom have published a VDI Backward Compatibility Matrix which is available at – https://support.zoom.us/hc/en-us/articles/360041602711.

Zoom VDI Optimisation Management
I think its important to recognise, when rolling out the Citrix + Zoom “Optimisation” capability you need to include both the “Zoom Client for VDI” + “Zoom Media Plugin” as part of your internal and external software deployment strategy. It is also worth noting the differences between Zoom meetings within “Citrix” VDI and on other platforms, Zoom has put together a comparison feature matrix at – https://support.zoom.us/hc/en-us/articles/360031441671-VDI-Client-Features-Comparison?zcid=1231#h_fceae51c-f385-4a20-bd54-c7c50f186c15. You should also be mindful of the native features by platform which is available at – https://support.zoom.us/hc/en-us/articles/360027397692.

Internal Strategy
Manage the “Zoom Client for VDI” using a Citrix App Layering “App Layer” – https://docs.citrix.com/en-us/citrix-app-layering/4/layer/create-app-layer.html in conjunction or separately with your existing preferred Citrix provisioning technology e.g Machine Creation Services (MSC) or Provisioning Services (PVS).

External Strategy
Management of the “Zoom Media Plugin” is better controlled for security + avoid breaking the employee experience on supported endpointshttps://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI by enrolling the endpoints into Citrix Endpoint Management (CEM). For Windows endpoints use the *.MSI installer with the “Windows Agent” – https://docs.citrix.com/en-us/citrix-endpoint-management/policies/windows-agent-policy.html to deploy a script to update the “Zoom Media Plugin” and for iOS and Android you could send a push notification to employees to update to the latest Zoom app available in the public app store so that you have app versioning + device spectrum consistently re feature + security parity across the organisation.

LTSR vs. CR vs. Citrix Cloud Strategy for HDX Offloading of Zoom?
Zoom is not embedded into the Citrix stack like Teams is, therefore you can choose to deploy your own Zoom + Citrix HDX Offloading inline with your preferred CVAD release strategy BUT you must align to Zoom’s leading practises for “Citrix” VDI and Citrix’s for release strategy type. The reason this is possible it because you need to manually or automate the installation of the “Zoom Media Plugin” + Zoom Client for VDI” software both client and server/workstation sides outside of the Citrix stack, remembering that the Teams HDX offloading components are part of the VDA (server/workstation) and the CWa (client) – http://axendatacentre.com/blog/2019/08/06/hdx-offloading-for-microsoft-teams-within-a-citrix-virtual-desktop/.

Zoom 90 Day Security Plan Facts & Personal Opinions
Zoom recently published an updated communications on there 90 Day Security & Privacy Plan for June available to read at – https://blog.zoom.us/wordpress/2020/06/03/90-day-security-plan-progress-report-june-3/*. Since the beginning of this journey I will continue to update the security & privacy portion of this blog post below. Zoom is so committed to this its CEO Eric Yaun and “leader” holds LiVE sessions entitled “Ask Eric Anything“. If you wish to register to join these sessions LiVE register at – https://zoom.us/webinar/register/WN_9jdr63uuRuSRBX-yEJ2zVQ?id=3IWjZb4JTJm0II3A4lkBOg&zcid=1231 and if you want to ask a question email answers@zoom.us as per the blog post*. If you have doubts, you heard a “Chinese Whisper” surrounding Zooms security or privacy then you should watch the below, and be sure to submit that question to Zoom’s leader and his leadership team to reply on “Ask Eric Anything“.

I’ve yet to see a leader openly committed to and inclusive of customer, business, community and peer feedback to drive CHANGE and INNOVATION. Upon reflection I’m actually not surprised he’s an “Entrepreneur Leader” and therefore both change and innovation are built into his DNA likewise to learn from failure fast and then act to achieve continued success. These two values for me is missed while driving (Digital) Transformation in any organisation from paper to paperless vs. manual to co-hybrid automation.

Security & Privacy
Zoom is continuing to take security and privacy seriously and they continue to communicate that publicly on the company blog, they have as of releasing this blog post published the following blog articles – https://blog.zoom.us/wordpress/2020/05/04/navigating-a-new-chapter-for-zoom/, https://blog.zoom.us/wordpress/2020/05/05/use-zoom-to-securely-host-virtual-board-meeting/ and https://blog.zoom.us/wordpress/2020/05/05/zoom-disable-pmi-security-updates-for-basic-accounts-may-9/. The collective sum of these post indicates that Zoom is giving IT more security controls for Zoom meetings in an enterprises. The following list is just a high level summary of what can be found in the above blog pots on https://blog.zoom.us/.

-Zoom Encryption whitepaper published April 2020 – https://zoom.us/docs/doc/Zoom%20Encryption%20Whitepaper.pdf discussing the use of TLS 1.2, AES, AES-256 and SRTP or Secure Real-time Transport Protocol for Zoom to Zoom communication. The whitepaper looks at clients, browsers and 3rd party devices/services.
-Zoom client connection progress whitepaper published April 2020 – https://zoom.us/docs/doc/Zoom_Client_Connection%20Process_Whitepaper.pdf
-Leading practices when using a Zoom Personal Meeting IDs (PMI)
-Zoom 5.0 supports AES 256-bit GCM encryption*
-Scheduled security changes to come to FREE Zoom accounts
-Zoom watermarks in two flavours
-Industry certifications e.g SOC2 Type II, Privacy Shield Certified, GDPR e.t.c – https://zoom.us/docs/ent/privacy-and-security.html
-Lock meetings and require authentication –
https://support.zoom.us/hc/en-us/articles/360041848151-In-meeting-security-options?mobile_site=true

Final Thoughts
Zoom continue to step up on security and privacy frontier, and the second round of tests continue to demonstrate a real WOW moment for me in how frictionless the experience has been as a IT Professional and as an consumer of Zoom meetings personally within my lab. I will time permitting continue with my full tests in the future expanding the device spectrum being inclusive of employee experience optimisation strategies.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Zoom A/V Offloading for Citrix Virtual Desktops Part 1

Introduction
Zoom developed a VDI optimisation solution that enables and allows for Audio and Video (A/V) processing similar to that of Microsoft Teams today and Skype for Business originally deploying and leveraging a client and backend service software components. Zoom refers to the backend as a “Zoom Client for VDI” and then the endpoint runs the “Zoom Media Plugin” processes and handles the A/V data traffic.

Zoom Pre-requisites & System Requirements
1.Prepare your UAT provisioned Citrix Virtual Desktop image to install the “Zoom Client for VDI” downloadable at – https://zoom.us/download/vdi/ZoomInstallerVDI.msi which is also referred to as the “Zoom Installer VDI” and or “Host Installer”.
2. Prepare an endpoint running a supported OS to run the “Zoom Media Plugin” Windows, iGel, eLux, HP ThinPro OS and Ubuntu. In this example we’ll focus on installing the “Citrix HDX Media Plugin” for Zoom which you can download at – https://zoom.us/download/vdi/ZoomCitrixHDXMediaPlugin.msi. The full list of available Zoom Media Plugins for Citrix is available at – https://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI#h_44458af3-695a-44f0-9cbc-b753f00b3c00.
3. Initiate a test Zoom video conference call and observe HDX offloading of A/V from the Citrix Virtual Desktop to the endpoint running the “Zoom Media Plugin“, which is passing the A/V data traffic to the Zoom Cloud MMR platform reference the Zoom VDI Optimisation node at – https://support.zoom.us/hc/en-us/articles/360031441671#h_70badc99-f2fd-417e-bd46-59493ab7047b.
4. I didn’t have to configure anything within the Zoom Cloud MMR, neither my personal Zoom account it all worked out of the box.

Citrix Pre-requisites & System Requirements
You’ll need a CVAD UAT environment to deploy fresh VM to install the “”Zoom Client for VDI” and a test Windows endpoint to install the “Zoom Media Plugin” onto. In my initial testing I am running a freshly installed Citrix Virtual Apps & Desktops (CVAD) 1912 Long Term Service Release (LTSR) which is run in my own personal “cloud” home lab in AWS EC2 geographically located in N.Virgina, USA. Zoom is also listed within the Citrix Ready website at – https://citrixready.citrix.com/category-results.html?search=Zoom.

Deployment Overview
The installation and configuration for Zoom Optimisation Meetings for VDI is incredible frictionless that it took me less than 5 minutes to complete the deployment, then test my first ever Zoom video conference call running in a Citrix Virtual Desktop. The following in order of events.

1.Download “ZoomInstallerVDI.msi” and install the “Zoom Client for VDI” within my PoV Citrix Virtual Desktop.
2.Download “ZoomCitrixHDXMediaPlugin.msi” and install the “Zoom Media Plugin” onto my Windows endpoint where I connect to my Citrix Virtual Desktop through Citrix Workspace app for Windows CR.
3. Downloaded the Zoom app from the Apple App store – https://apps.apple.com/gb/app/zoom-cloud-meetings/id546505307, please this link if for the UK Apple app store. I completed the first user experience and register myself a Zoom account.
4. I started Zoom instant meeting and then invited another participants using a meeting ID# and by default each room as a unique password to join, for more on the security of Zoom see towards the end.
5. I successfully logged into my Citrix Virtual Desktop and run “Task Manager” likewise I started “Task Manger” on my local Windows endpoint.
6. I clicked to start “Zoom VDI” app within my Citrix Virtual Desktop which there prompts you to enter in “Meeting ID” (preferred as it’s always a unique #) or “Personal Link Name”, select your preferences for audio and video upon joining. Next by default I expected to join the virtual meeting but was halted as I was required to enter in a passcode/password to actually “join” Zoom video conference call currently in progress.
6. Zoom video conference call started and immediately VDI optimised with the A/V traffic been processed locally on my local Windows endpoint.

Important Note: I only tested VDI Optimisation from within my AWS EC2 personal lab boundary as I don’t have a physical Windows endpoint at home to test it with so that will be included in part 2, my goal was to see how easy it was and if it worked a frictionless as I thought it might just by reading through Zooms online documentation.

Demonstration of Zoom A/V Offloading
In the initial demo below for part 1, I connected to a Citrix virtual desktop running in AWS EC2 (N.Virginia) in a double hop scenario, as Zoom don’t currently support Apple Mac endpoints for any Zoom VDI offloading. The video of me you see in the demo video is from my personal iPhone (London, England) connected to the Citrix virtual desktop (N.Virginia, USA). Note I didn’t test bi-directional video and or audio communication, and a few other topics, which I will follow-up in the future time permitting, but as you can see the Zoom video conference call offloads the Zoom A/V traffic to the connected Windows endpoint effortlessly! Great work Zoom I am well impressed with my initial testing today.

Employee Experience VDI Limitations
Zoom and provided a high level feature “comparison” matrix – https://support.zoom.us/hc/en-us/articles/360031441671-VDI-client-features-comparison#h_fceae51c-f385-4a20-bd54-c7c50f186c15 depicting the differences between the Zoom VDI client vs. the Desktop and Web clients. Its important to be mindful of these differences in order to properly educate your employees when dealing with service desk requests or better prior to rollout by posting an internal article on your companies intra or extranet. The following for me are important limitations to be aware of, when deploying and consuming Zoom through a Citrix Workspace lens.

– Maximum resolution of 1080p and up to 380p for thin client h/w.
– No dual monitor support
– Support for up to 9 visible video participants
– No Apple Mac device support for HDX offloading of Zoom A/V data traffic

Security & Privacy
Zoom has recently been in the press surrounding security and privacy practises “Google it”, with that been said its worth noting that Zoom as an organisation committed to a 90 day security plan centred on its platform + client security, today 22/04/2020 they published the following article on there corporate blog “Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0” – https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/, so be sure to read through it.

Final Thoughts
I have alot more questions and tests to do the above is only the very beginning, next I’ll be evaluating fallback scenarios, more of a focus employee experience use-cases including unconsidered needs, tweaks of course and finally testing a πŸ™‚ endpoints in London, England whilst my Citrix Virtual Desktop in N.Virgina, USA as this is how I have tested these types of Unified Communications (UC) or Video Conference platforms all the way back to Lync with the Citrix HDX Optimisation pack.

I honestly found the setup and deployment of Zoom’s VDI Optimisation ridiculously simple its incredibly frictionless! I guess thats why many folks are still continuing to consume and use Zoom for video conferencing.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Hello World! Project Q Helsinki – Stream 2

I’d to welcome to the world a personal project of mine that originated in 2010 yes a decade ago, its paused and re-started several times over the past decade and for good meaningful measure, as a family member in my household has Chronic Kidney Disease (CKD) which gradually moved from Stage 4 > Stage 5 (less than 20% kidney function), resulting in hemodialysishttps://www.nhs.uk/conditions/dialysis/what-happens/ but before you get to that point you go through the creation of a blood vessel called an arteriovenous fistula (AV fistula) which is created within your arm. I’ve also successful completed intensive NHS training by renal specialists over a few months learning how to maintain the hemodialysis machine + equipment and how-to care for a patient while doing hemodialysis and how-to keep someone alive when things turn sideways, which has happened more than once and it happens as fast as you can take a deep breathe. My journey has been a very lengthly one, all the while actively working for nearly 8+ years at Citrix which enabled for me on day one in 2012 Flexible Working Styles enabled by its people + culture but powered Citrix’s technology.

What is it Project Q Helsinki?
It has three key streams the first I call the “ANY APS framework”, the second streams gravity is centred on the Citrix Workspace eco-system which has had three macro versions with each one building upon the foundation of the previous one, the third and final stream I’ll sum up as Workplace EQ which I continue to research in parallel to my (digital) transformation research over these past 2+ years.

Stream 2 as I said is focused on a Citrix Workspace eco-system, it includes micro and macro self-service platform releases. I define it as follows it’s a Self-Service Citrix Technology Advocate (CTA) Platform accelerating the time to value, while avoiding Technology + Business friction, and therefore achieving meaningful + measurable business outcomes frictionless with greater efficiently.

How Does it Work?
You complete either a guided vs. advanced (Γ€ la carte) web form with questions that generates a purpose built document in HTML format for you by you, the below image demonstrates how it works. It’s built to be modular and the interface + API can be re-framed for different people types e.g business partners, IT Admins + Pros, Architects and Consultants for future releases.

What Does it Look Like?
I published the following demonstration https://twitter.com/WorkspaceCocouk/ on 22 June 2019 at – https://twitter.com/WorkspaceCocouk/status/1142439856246800386, as you can now see from the below embedded video its continued to evolve since 2019.

What’s in the Initial Proto-Type Release ?
The following is a simple bullet point list of the outcomes that can be achieved once the CVAD (Service) proto-type is released to the Citrix community. I will introduce further Citrix services in the future and continue to add more capabilities as time allows me, I do all this work in my own personal time often late into the night.

  • Branding On-Premises StoreFront (Already available separately +)
  • Flexible Working Styles
  • Force Field Analysis
  • Suggested Citrix Technology Advocate (CTA) Virtual Guidance
  • Citrix Workspace app (CWa) vs. CWa for HTML5
  • Deploying on-premises Citrix Gateway formerly NetScaler Gateway
  • PaaS – Virtual Apps & Desktops Service including Citrix Cloud Connectors
  • Virtual Delivery Agent
  • Leading Practises
  • On-Premises – StoreFront and CVAD Controller
  • Windows Mgmt. Infrastructure e.g WDC, AD Bindings e.t.c

Getting Started
I published the first proto-type which was a micro self-service CTA platform release in 2019 designed to aid IT Admins and Consultants completing more advanced branding activities for on-premises StoreFont “stores”. If you want to test drive it visit – http://workspaceco.co.uk/prototype/citrix/index-storefront.php to get started, the below embedded video demonstrates an example outcome.

Do you want to Contribute?
I was intending to release the proto-type for CVAD (Service) today 01/04/2020, however due to COVID-19 my work workload the past 6 weeks has meant very long hours into the evening and night in helping and supporting Citrix customers preparing to implement BCP prior and during the current UK lockdown. I simply don’t have the time to complete everything by myself, including testing and validate it all and so I have complied a suggested community goal list below.

  • PowerShell Automation:
    • Citrix Cloud Connector and VDA Installers for both non-managed/powered and managed/powered machines using MCS as the provisioning method.
    • Create a hosting connections for all supported (cloud) hypervisors for Citrix Cloud and on-premises 1912 LTSR.
    • Create a machine catalog and delivery for both non-managed/powered and managed/powered machines to delivery a Citrix Virtual Desktop and following the Citrix Virtual Apps Google Chrome.
    • Setup and configure a StoreFront “Store” for remote access.
  • Field leading practises it could be anything e.g
    • Leading conf for vGPU enabled desktops using AMD Cards
    • Community leaded architectural framework
  • Language – Simplify and correct my spelling/grammar as I’m dyslexia.
  • Language of Business
    • Cost Modelling (Verify)
    • Suggested community CTA guidance

If you want to get involved please DM me on Twitter @ https://twitter.com/lyndonjonmartin and let me what area(s) you wish to contribute towards, you will receive full credit for your work. Finally for full transparency I will not be sharing any access to the source code initially, that will eventually come at a later date.

The views expressed here are my own and do not necessarily reflect the views of Citrix

Get Smart with Citrix AutoScale & Power Capacity Management during COVID-19

I’ve noticed a number of folks asking what do as my existing Citrix AutoScale + Power and Capacity Management policies aren’t powering on my public cloud workloads any more, especially when they need it most!? What is happening? Firstly “this is not a Citrix issue” it’s a public cloud capacity issue in all the major players by selective “POPULAR” instance types for commonly used workloads like delivering virtual apps & desktops and its affecting by indvidiual regions e.g UK and not the whole public cloud providers capacity world wide to be clear and transparent.

If you make use of Citrix AutoScale and Power Capacity Management for mission critical CVAD workloads for better P&L management vs. capacity peaks then please DISABLE IT for those Delivery Groups (DG) within the CVAD Service temporarily to maintain business operations and internal SLA’s for service delivery of CVAD workloads to employees WFH during CVOD-19. Disabling AutoScale is strategically very important during these current times, it enforces that identified mission critical workloads by Delivery Group are always on-demand 24/7 to meet operational business demands. Its important to highlight this applies to any vendors and even in-house vs. community built power and capacity management tooling platforms should also be DISABLED for all business mission critical workloads so that daily business operations are not impacted.

Why do organisations use Citrix AutoScale and Power Capacity Management?
Its for a couple of scenarios, usecases which I will collectively sum up as follows below:

1. Save money not running VM instances in public clouds 24/7 when they aren’t required, therefore saving you a substantial amount of money when looking to better manage your P&L.
2. Your employees typically work 21 business days within a month (30 days) the rest is made up of time off e.g weekends, so why keep all that capacity powered on and consuming more money unnecessarily including carbon emissions. On that note how many of you leave your data centres fully powered on or even home labs when you they aren’t required? Our world needs us to make smarter and better decisions to lets act and save our world for our future unborn grand children.
3. Support spikes/peaks in virtual app & desktop consumption with a capacity buffer.

You can learn more about Citrix AutoScale at – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/manage-deployment/autoscale.html#three-types-of-autoscale-user-interfaces included the supported CVAD use cases “Autoscale user interface for Multi-User OS e.g CVA Delivery Groups“, “Single-User OS e.g CVD pooled vs. static VDI Delivery Groups“. 31/03/2020 I noticed that Citrix TechZone published a technical document on the same date as this article and I think you’ll find if very useful and insightful as its very technical eDocument – https://docs.citrix.com/en-us/tech-zone/learn/tech-briefs/autoscale.html.

Why your should DISABLE it!
COVID-19 is a world wide pandemic and hopefully a once in life time vs. century event. The number of employees now Working from Home (WFH) world wide is incredible, it’s placed a macro burden on many consumer services where some are in a degraded state or have intentionally degraded themselves to free up more bandwidth capacity over the internet in Europe for example Netflix – https://www.bbc.co.uk/news/technology-51968302. Its equally true for IT business services e.g virtual meetings and of course public cloud providers whom have run out of capacity for popular VM instance types in Europe, and this is why you want to disable AutoScale so that your mission critical workloads are not stopped + deallocated and then returned the public cloud provider pool where they will be consumed by someone else and keep up 24/7, other organisation’s may have paid upfront to reverse a number of instance types for a period of 30/60/90 days and this is achieved by holding back any/all returned capacity and finally likely redistributed to critical government agencies and department for example in the UK the National Health Service (NHS) to keep health workers productive managing COVID-19 and supporting patients.

Act & Think of Others
Please be responsible and make sustainable choices and only keep mission critical workloads on-demand 24/7 that are essential to daily business operations. Finally a personal ask if you are an IT Professional who’s home lab partially runs in a public cloud as its extended from on-premises please be respectful, mindful and aware that if your region is experiencing capacity issues PLEASE turn off and deallocate those VM instances types so that capacity can be returned to the public cloud pool during working days of the week to support businesses whom need it vs. government agencies and or health departments supporting people in-need of help and support medical and or otherwise.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Optimising & Maximising Citrix ADC + Virtual Apps & Desktops during Extended Business Continuity Situations *** Draft

This is a LiVE evergreen post that contains spelling and grammar mistake’s at the moment BUT I wanted to get this out today 28/02/2020 as its important to be prepared.

The post is based upon my experience in but more so outside of Citrix during my time at a Managed Service Provider (MSP) in the City of London so the thinking is in-line with working with a world class engineering team helping my customers then maintain and manage hyper-scale web applications (web app) that processed substantial Β£’s transaction per second in revenue however that is just one part of a multi-tiered web app in this case the transactions of payments through a payment gateway is one part of many complex parts however in order to maintain that payment hyper-scale you need to keep your website (front door) e.g www.company.name running consistently and reliability fast with little to no difference in page loading times and no degraded interactivity with with dynamic + interactive content otherwise people will lose focus and navigate away from your website and this ultimately equates to reduced Β£’s transactions been completed incurring lost revenue as a net result.

The world this and last year is facing a WHO outbreak – https://www.who.int/emergencies/diseases/novel-coronavirus-2019 which appears to have forced numerous organisations to review current business continuity (BP) plans and higher degree more than I expected myself, found marco red readiness flags that need to be addressed immediately to be ready if there BP plans are triggered by executive leaders, which I for one am hopeful does NOT HAPPEN in the UK being a life long Londoner! Truth be told a number of customers appear conflicted on how-to manage Citrix workloads that they simply didn’t prepare for beyond 1-3 snow day(s) and the same applies to customers that use Citrix for remote working outside of the office that don’t have a flexible working style framework in-place yet or due to regulator governance & compliance prohibits this capability by industry and finally a few customers have found hidden micro flaws that where dismissed but now pose a very real threat on the horizon that is fast approaching to operationally keep business’s online and moving forwards that security + networking teams are breaking down silo’s and working closer than ever with IT systems teams to be ready to keep employees safe and productive at home irrespective of a Citrix lens or not. If I was a Citrix customer these topics below for me would be top of mind for me to operationally keeping my business online with a continued or near to level of experience and service delivery when my BP plans are triggered by executives. These are in no particular order just as they came to me in a conversation replying to fellow Citrite aka Citrix Employee and numerous customer conversations the past 2-3 weeks more so this week ending 28/02/2020.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

1.If you are deploying Citrix Virtual Apps & Desktops (CVAD) inclusive of the service from Citrix Cloud and you make use of on-premises Citrix ADC’s using the Gateway function then you should download, setup and configure Citrix Application Delivery Management (ADM)https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/overview.html or service – https://docs.citrix.com/en-us/citrix-application-delivery-management-service.html in Citrix Cloud. The key function that you want to consume is HDX Insighthttps://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/hdx-insight.html#identifying-the-root-cause-of-slow-performance-issues which is feature/function of Citrix ADM which will help you better understand end-to-end visibility for HDX traffic or in simpler terms begin running simple load tests by employee personas. Please be 100% sure to read the licensing feature matrix to understand what you get with Citrix ADC Advanced vs. Premium licensing – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/licensing.html and finally you can download it today at – with a valid Citrix.com MyAccount and get started by reading the system requirements at – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/system-requirements.html and the getting started guide at – https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/get-started.html. If you want to learn more about ADM beyond HDX Insight watch the embedded YouTube video below by the Citrix Network Masterclass Team.

2. Consider what have you configured within the HDX policy and what can you change? Are any of them even relevant for todays 2020 current site deployment? I have seen “screenshots” of customers master HDX policy configurations that well need to be overhauled by a Citrix SysAdmin, Citrix Partner of our own Citrix Consulting Services (CCS). Evaluating them at least twice a year if you are on a CR -2 stream or CVAD Service is a good leading practise in my view and if your on a LTSR at least annually as making a micro change can make a macro effect and ultimately will determine bandwidth through-put and processing load on Citrix ADC (Universal Gateway function) resulting is continued performance during macro peaks of sustained periods of macro Citrix usage beyond the average daily vs. weekly usage.

3. Do you have more than one HDX policy for different personas? I would at the very least have an internal (office based) vs. external (field people) HDX policy in-place, but experience tells me you need an HDX policy by persona exception and requirement classed as HD experiences been low, medium and high. For example a call centre worker doesn’t need more than 8-16Bit colour depth for looking up and inserting text into a Line of Business (LOB) app when answering and dealing with customer support calls nor do they need H.264 or EDT for watching HD videos right? A office worker living in Word documents and the companies CRM also doesn’t need H.264 or EDT they could configured with HDX Adaptive Display v2 with a colour depth of 24Bit and a lower Frames Per Second (FPS) target of 23 from the default of 30. You getting the picture yet? Having at least 3 HDX policies for low, medium and high expectations of HD experiences means that you can modify one or more to maintain the bulk of employees in medium or allow continued HD experiences at the highest level for these employees whose work results in completion of projects that affects revenue.

4. Always have a general purpose low-bandwidth and emergency HDX policies configured and in place for BP that has been tested and validated by multiple parts of the business through active role-play simulation. An example of low-bandwidth HDX policy could be constructed as follows which I wrote about in 2017 at – https://www.mycugc.org/blogs/cugc-blogs/2017/09/15/hdx-leading-best-practices-for-your-modern-secure entitled “HDX Adaptive Display v2 (Balanced)” the core principles remain largely unchanged for me, it consists of the following HDX policy configuration settings:

1.”Use video codec for compression” then select  “For actively changing regions
2. “Preferred color depth for simple graphics” then select “16 bits per pixel” and also try 24.
3. Select “Frames Per Second” and select the target FPS to circa 25 from the default which is 30.

An example of an emergency HDX policy configuration entitled “Thinwire Compatible Mode (Balanced)” could consist of the following HDX policy configuration settings:

1.”Use video codec for compression” then select the option to be “Do not use video codec
2. “Preferred color depth for simple graphics” then select “8 bits per pixel” and also try 16 or 24.
3. Select “Frames Per Second” and select the target FPS to circa 25 from the default which is 30.

The idea I am aiming to instil here create at the very least a HDX policy configuration for business continuity purposes, its critical now more than ever as numerous LOB apps consume services on-premises and in public clouds consume a rather larger volume of bandwidth and when BP is triggered if you take a Citrix lens out of the equation can you actually support all those modern apps and (hybrid) cloud based services where apps + content reside? Finally HDX Policy readiness means that you could get that extra 1x employee per multi-user OS x how many VMs in your estate?

5. When evaluating HDX policies be mindful of what your offloading to an endpoint and the offload path from the VDA to the endpoint through the Citrix ADC as that will mean more bandwidth + load on the Citrix ADC with the exception of HDX Offloading of UC platforms like Zoom provides VDI optimisation check out – https://support.zoom.us/hc/en-us/articles/360031441671 for more information and obviously Skype for Business, Teams when utilising the HDX Optimisation Pack – https://docs.citrix.com/en-us/hdx-optimization and provided that the solution doesn’t reverted to fallback mode due to a mismatch between the CWa client, HDX optimisation pack, VDA and Skype for Business or Teams package. Finally another consideration is Browser Content Redirection (BCR) be minded of what is configured and the traffic path and fallback – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/multimedia/browser-content-redirection.html.

6. Something to consider BUT I have not tested this theory but expect an abnormal potential spike on the Citrix ADC and StoreFront (if on-premises) if a high volume of employees access LOB apps using the HTML5 Receiver as it affective downloads the app into the employees HTML5 enabled browser to then launch CVAD resources. I look at this purely from concept of a web server (StoreFront) is holding a file I need to download while its lite weight its extra overhead vs. a device with Citrix Receiver or CWa already installed that is also plumbed through the Citrix ADC.

7. Review your on-premises StoreFront landing and logged in pages and consider if BP where triggered and you received a high volume of login requests could your StoreFront cluster support the load? What if you implemented low bandwidth imagery reducing the colour depth and pixels by a factor of 50% for your logos, background image? How does that affect your loading time? Consider also placing the images on an alternative web server so that all StoreFront is processing is core app and style sheets it doesn’t seem obvious but at hyper scale this makes a huge difference for example on a Twitter handle in a browser and view the source you’ll notice that the core web app itself comes primarily from *.twitter.com but all the content (images, videos) will come from different image or content farms this ensures that the web app in this case on *.twiiter.com can rapidly process and outcome Tweets in your timeline and images render later especially in bandwidth constrained locations or where there is macro spectrum interference resulting in poor interactivity and loading times. Finally even if you reduce the imagery size and the load is still high its often better past experiences to scale up existing StoreFront servers in a cluster than scaling out by adding a net new StoreFront server into the cluster.

8. I reached out to a pool of Citrix Technology Advocates or CTA’s* to provide input into this blog and Bas Stapelbroek follow him at – https://twitter.com/hapster84/ initially suggested at a glance converting existing physical PC’s into remote enabled Citrix Virtual Desktops thus allowing employees to work from home quickly as all you need to do is deploy the Desktop VDA and configure the machine for RemotePC access. To learn more about this feature and to setup and configure it for on-premises CVAD fabric checkout – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/remote-pc-access.html and CVAD Service customers – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/install-configure.html#install-vdas, however be sure that you are correctly licensed for this feature by referring to the CVAD feature matrix at – https://www.citrix.com/products/citrix-virtual-apps-and-desktops/feature-matrix.html.

9. If you have spare capacity on your Citrix ADC (NetScaler) appliances and you need to connect external devices to your network fabric safe and securely beyond CVAD you can also deploy a VPN on the same appliance with pre-authentication scanning policies to checks a devices eligibility requirements from supported endpoints running Windows and Mac using the Citrix ADC’s EndPoint Analysis (EPA) scanning feature. The EPA agent is installed onto the devices endpoint (prompted at the login URL or you can push it from however your manage your Windows and Mac fleet) and runs a scan of the endpoint based upon the policies you assign to check the devices eligibility readiness prior to allowing them access to your network fabric. I wrote blog post at http://axendatacentre.com/blog/2016/11/14/setup-pre-authentication-endpoint-analysis-epa-policy-with-an-azure-netscaler-unified-gateway-11-x-n/  on how-to set this up and enable a few basic checks for EndPoint Analysis (EPA) scanning. For official documentation onto to configure EPA scans check out – https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/endpoint-policies/ng-endpoint-preauthentication-config-tsk.html and on the 13.x.n firmware you can setup EPA a scans for Ubuntu but the scans are limited see – https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/epa-scans-for-ubuntu.html for more information.

10. CVAD supports multi-type licensing within a single CVAD Site. These allows you to consume different licensing models e.g per user/device vs. concurrent within the same CVAD Site provided the assigned licensing edition is of the same product or on-premsies subscription type e.g Advanced edition which is configured for the whole CVAD Site. You cannot mix and match different product or on-premsies subscription editions e.g Advanced concurrent vs. Premium concurrent. The following Citrix eDocs articles – https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/manage-deployment/licensing/multi-type-licensing.html provides a visual diagram demonstrating what is vs. isn’t possible.

In closing this post is about helping you achieve Business Continuity (BP) GREEN readiness flags by been smarter through optimising your current Citrix fabric to support abnormal peaks/spikes on the horizon coming ahead to sustain more load than expected for longer periods of time. You need to recognise that optimisation can only go so far when supporting extended BP plans.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

* CTA’s – https://www.citrix.com/en-gb/community/cta/awardees.html

Frictionless Working Styles Video Demo Series of How vs. Where I Worked for a Week in Dec 2019

The following is a brief video series depicting how I consume and a Citrix Workspace as a Citrite with my daily activities in the field visiting and supporting Citrix customers.

Day 1

Day 2

Day 3

Day 4

Day 5

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Journey to The Nirvana Phone within the Workplace Part 1

Does it even actually exist? Truthfully it depends on how we as humans (employees) choose to consume the apps, data and network services on them for the purposes of personal and workplace usage.

In preparing to write this article I googled “The Nirvana Phone” the top search result is a Wikipedia entry – https://en.wikipedia.org/wiki/Nirvana_Phone (huge smile) along with 3 YouTube videos and very very very familiar face followed by yet another huge smile + found memory flashback because its Citrix CTO of Emerging Technologies Chris Fleck demonstrating using an iPhone 4 running a Windows 7 VDI (DaaS) delivered by Citrix Receiver on iOS connected to a monitor with a Apple VGA adaptor and portable paired Bluetooth keyboard. This is actually a key subconscious moment for me that has had a profound affect on me, and how I approach and look at the world around me today. So when I first saw that video I immediately hunted among work colleagues and friends for that Apple VGA cable adaptor to test it out for myself with my iPhone 4 and oh boy I was NOT disappointed yes it still had a way to go but as a real world working prototype concept enabling anyone in the world who uses Citrix and is the owner of an Apple iPhone 4 to use it in such a way is mind blowing even now while also demonstrating the WOW effect that this gaming changing technology will have on the workplace, even today nearly a decade on I am using one of many Nirvana Phones out there in the market running Citrix Workspace app available from all major app stores to actively take full advantage of my iPhone XR “Nirvana Phone” as it was intended in Chris Flecks original video below to be flexible and adaptable between sandbox vs. native mobile apps, browser based SaaS web apps and of course Citrix virtual apps* & desktops** formerly known as XenApp* and XenDesktop**.

I mentioned earlier it was a “key subconscious moment” for me personally as it validated and meant to me that I can use a devices as such as the Apple iPad or iPhone as a work device this is super cool and practically appealing to me, even today at Citrix they are evolving this a reality of the “Nirvana Phone” with the Intelligent Experience – https://www.citrix.com/lp/intelligent-workspace.html by distilling the friction + complexity of apps into simple to consume actions and insights from Citrix Workspace app vs. web portal.

Lets go back in time to late 2012, I’ve joined Citrix and at Christmas I’m gifted with an Apple iPad Mini which I used a lot running and working from @WorkMail, @WorkWeb (inclusive of my iPhone) and occasionally I consume my Windows 7 VDI on my iPad Mini because I can’t find a Bluetooth enabled mouse that works with it but it does work great for tasks such as lengthily emails using the soft/digital keyboard while travelling to and from events around the world like Citrix Summit and ServTech likewise locally on trains tethered to my iPhone as train Wi-Fi does not really exist in the 2012.

Fast world to 2015 and Citrix releases a prototype Bluetooth enabled mouse called the “Citrix X1 Mouse” and who is back demoing this capability? Yes Chris Fleck is back again continuing to edge closer to the “The Nirvana Phone” workplace operating model. What most folks are not aware of I could not make Citrix Summit that year due to a family member whom was medical very unwell, yet one of the best humans I have ever had the privilege of working with in my professional working career is Caz and she brought me back an original X1 Mouse prototype because she knew its importance and value to me with my digital first nature with modern touch enabled devices like iPhone’s and iPad’s beyond today’s modern day typewriters which to be honest looking back I was held back by the technology interfaces of my time VGA to HDMI and finally entering into the main stream market late 2018 and into 2019 casting capabilities matching what we use at home Google Casting for example now coming into the Workplace like Click Share but for me they are still both a v1 they need to mature over time.

Fast forward later in May of 2015 and the final piece for me falls into place with the Citrix Workspace Hub prototype demonstrated again by Chris Fleck with the at current CEO Mark B Templeton.

Fast forward again now its 2018 and the Citrix Workspace Hub officially launches and is available through select thin client vendors that choose to be in the program. I get a Citrix WorkspaceHub device for my own personal usage from Citrix ServTech and the first thing I do when I get home is plug it in and start using it, you can see me demoing it the first time I used it at home in 2018 from my annual series of “How I worked in 20XN” obviously 2018 edition which is embedded below, fast forward to 2 minutes, 30 seconds to watch it.

Today its 2019 the current year of this post and well lets say I have totally shifted to using “The Nirvana Phone within the Workplace” because I choose to but more important the technology of my current time allows me to, and I’ve ditched the modern day typewriters up to 12-17% of my total workplace through-out 2019. You still need a larger screen and laptop for creator personna’s but for the consumer personna’s personally I don’t believe you do at a high level. You can read my journey over 2019 transferring to the “The Nirvana Phone” operating model in the workplace, starting with the original post in the series of “The Future of Work is Today NOT Tomorrow” – https://www.mycugc.org/blogs/lyndon-jon-martin/2019/03/17/the-future-of-work-is-today-not-tomorrow-part-1, followed by part 2 –https://www.mycugc.org/blogs/lyndon-jon-martin/2019/03/28/future-of-work-is-today-not-tomorrow-part-2 and part 3 – <coming>.

In closing part 2 series will focus on how to get started and work they way I do every working day at Citrix where ever I am.

The views expressed here are my own and do not necessarily reflect the views of Citrix.