Tag Archives: Citrix Cloud

Accelerate migrations to the CVAD Service

A question I’m often asked in the field is how do I get to the Citrix Virtual Apps and Desktops (CVAD) Service at pace or more importantly on my own terms?

The answer can be simple and complex at the same time the previously consultant in me says now says “well it depends”. The challenge with the tag line of “well it depends” often can lead to assumptions like migrating from an on-premises CVAD environment to the CVAD Service is a long and lengthy process that’s cumbersome, however today it couldn’t be further from the truth.

I have worked with many a customer that rotated to the CVAD Service in less than a month to keep either business operations continuing at a time when a crisis hit or a number of impending mergers where occurring and they needed an agile and flexible IT delivery strategy which Citrix Cloud platform is well placed to facilitate and orchestrate bringing together many different workload types in any cloud type – private, public, hybrid and most importantly hybrid multi-cloud environments.

How did these customers achieve this feat? Before I get there remember there is a lot more that needs to be consider with a traditional CVAD deployment (install, upgrade etc), requiring multiple teams to be engaged simultaneously as one (a huge feat in itself which rarely works well as a well oiled machine) from IT to InfoSec, Network and Security teams e.t.c, when you pivot to the Citrix Cloud platform you’re moving to a combination of SaaS (Gateway Service) and PaaS (CVAD Service) and equally removing a fair amount of unnecessary technical and culture debit + resistance. The lost time and productivity due to culture resistance to changing operating models and moving to the CVAD Service cannot be measured but is by far the biggest barrier in my personal field perspective. 

So how can you narrow the economic’s of time of getting to the CVAD Service? Citrix built and released an incredibly powerful tool called the “Automated Configuration Tool” or ACT for short, which allows for the exfiltration of your CVAD operational business logic which can be exported then evaluated and imported into your CVAD Service tenant in the Citrix Cloud by your chosen region e.g https://eu.cloud.com/. Light Bulb moment!

I previously wrote this article in http://axendatacentre.com/blog/2020/11/07/citrix-virtual-apps-desktops-or-cvad-service-migration-strategies/ – “Citrix Virtual Apps & Desktops or CVAD Service Migration Strategies” and the above and below expands upon this brief article from 2020, due to personal circumstances I stepped away largely from many communities and activities.

There are three migration strategy’s to moving to the CVAD Service from an on-premises CVAD environment:

Start A-Fresh
A complete re-evaluation of policies – employee experience vs. security, provisioning strategy. This strategy is wise if you’re well unfamiliar with new enhancements in a multi-dimensional way and been honest with that yourself your CVAD on-premises environment has not been well looked after e.g feed and watered. 

Evaluate & Pivot
Migrate only key business operational IT logic requirements e.g. policies – employee experience vs. security and rebuild Machine Catalogs based upon you’re net new provisioning strategy e.g. MCS from PVS to support hybrid multi-cloud portable workloads. This strategy implies that you keep your on-premises CVAD environment feed and watered often and updated at minimum once every 12 months.

Automate & Migrate
Ingest the entire business operational IT logic from Machine Catalogs, Delivery Groups, Policies and Zones into the CVAD Service from your on-premises e.g. CVAD 1912 Long Term Service Release (LTSR) environment or preferred Current Release (CR) provided that this environment has been well looked after proactively. You will still require a brief evaluate phase during the migration as part of good leading practise and hygiene. 

To get started with how-to use and get the ACT tool checkout this useful Citrix TechZone PoC guide/article – https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/citrix-automated-configuration.html.

Finally the simplest and most powerful strategy is to not move any business operational IT logic at all to the CVAD Service initially but you leverage the power of “Affordance” or the appearance of providing the employee with the Citrix Workspace experience vs. StoreFront but technically nothing has changed, all that you are doing is changing the access the lens/portal to be Citrix Workspace. This strategy is fundamentally critical in enabling IT to pivot to the CVAD Service on there own terms as once the employee culture or shock has worn off with this new looking interface IT can in the background begin to use things like the ACT to migrate to the CVAD Service on there own terms and then equally shift there existing ICA proxy configurations to a turn-key SaaS operating model by unlocking the Gateway Service in the Citrix Cloud for the CVAD Service and many others Citrix Cloud Services e.g Secure Workspace Access, the Gateway Service in the Citrix Cloud platform is the default how-to access CVAD workloads, but if you still prefer an on-premises Citrix (ADC) Gateway V/A it’s a case of toggling off the Gateway Service. Customers choose to keep there Citrix ADC V/A for many different reasons and still highly relevant use cases and business or security and governance requirements.

To learn more about the “Site Aggregation” check out – https://docs.citrix.com/en-us/citrix-workspace/add-on-premises-site.html to get stated and to begin your pivot to CVAD Service on your own terms.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

The power of Affordance + Citriẋ for the Future of Work

What is “Affordance”? It’s Design Thinking terminology summarised as follows – you can look at a product or service and visualise in your mind how it works a great example is of this is the play ▶️ and stop 🛑 buttons you can use these to interact with a product or service to start or stop the action, interactivity or stream.

Another example is volume controls on car radio its usually round nob and to turn the volume up you turn the round nob clock wise and the reverse to lower the volume.

Now that you have a simple understanding of what I mean by affordance let’s get started.

We live in an age of a complex technology spectrum, that is suppose to remove friction and barriers for employees but its actually in many instances making it worse, to achieve more while in some cases through people cultures at companies its driving productivity trends in the wrong direction inclusive of negative affect’s on employee (human) well-being. A recent “The Economist” article puts the remote workforce working up to a 30% more during the pandemic yet there are productivity inefficiencies, the link to the article is available at – https://www.economist.com/business/2021/06/10/remote-workers-work-longer-not-more-efficiently.

How does Citrix aim solve some of that complexity in the technology spectrum? It embraces the power of Affordance enabling employees (humans) to work on there own terms to achieve more in meaningful ways through flexible work-styles. Today many talk about a hybrid workforce, its staple founding principle upon which Citrix was  built upon and its in its DNA with over 30 years of tenure enabling the hybrid operating model between the physical workplaces, at home or somewhere in between with different marketing lines my favourite – Work is not a place.

I know invite you to watch the following 3 minute demonstration where I’ll take a vanilla windows endpoint and I’ll enable Signal Sign-On (SSO) to a Software-as-a-Service (SaaS) web apps in my example i’ll SSO to Salesforce in several ways to demonstrate the Affordance of Citrix enabling employees (humans) to work on there own terms on any endpoint.

Demonstration of the Employee Affordance powered by Citrix

In the video you see a Windows endpoint that doesn’t having access to Salesforce that’s because it’s a SaaS web app and you typically access those types of apps using your web browser not via the Start Menu on a Windows endpoint or the Dock on Mac OS X.

Once the employee completes a sign-in to Citrix Workspace much like the Netflix app on your smart TV it provides you with recommendations; access to stream either  movies, TV series of documentaries and in Citrix Workspace app it allows access to stream different web, SaaS and micro apps with SSO enabled so its seamless.

The difference between the Netflix and Citrix Workspace apps is that the Citrix Workspace app (CWa) supports different affordance in how a employee (human) may want to work vs. how IT and security teams determine the “How” employee (human) consume these apps – local, sandboxed, traffic reflection or a combination inclusive of security depth in by enforcing session watermarking, restrictions on cut, copy, paste and printing e.t.c 

I know invite you to study the below hand drawn diagram, to make the experience hopefully more personal. The diagram depicts the entire demonstration above and how the flow of traffic and data is controlled and how contextual security access can be applied to different web, SaaS and micro apps using cloud native turn-key Citrix Cloud Platform services.

Time line of the Demo

Time 0 min 0 seconds
The Citrix apps has already been installed onto the employee (human) endpoint, this could be achieved by using Citrix’s own Endpoint management service vs. another or alternatively by some other legacy/traditional means e.g Domain joined endpoint using a full device VPN.

Time 0 min 13 seconds
On-board employee (human) + endpoint with Citrix Workspace for modern secure data, web & SaaS app delivery with SSO.

Time 0 min 29 seconds
Once Citrix Workspace app (CWa) is signed and is beginning to retreive and layer in the right and relevant SaaS, Web, (Virtual Apps & Virtual Desktops – optional) with Windows Start Menu or Mac OS X Dock integration by entitlement by job role vs. Business function. You will notice that while CWa is initializing there is NO Salesforce in the Windows start menu.

Time 0 min 55 seconds

Citrix Workspace app (CWa) enables a effortless Single Sign-On (SSO) experience using a magic token to SSO the Citrix Files app to gain access to the employees (humans) Cloud “My Docs” managed by Citrix or allows access to OneDrive for Business, Google Drive, Box, Dropbox e.t.c – Note the employee will need to sign-in only once to any of these Enterprise File Sync and Share (EFSS) platforms to then allow CWa to SSO the employee (human) to any of these EFSS platform which IT can control and allow access to.

Time 1 min 26 seconds

CWa has layered in all the employees (humans) web and SaaS apps into the Windows Start Menu, which the human can now search for and launch with just in time security and SSO after the click on the icon.

There are two version in this demo Salesforce and Salesforce Secure this is to show the different types of contextual security that can be enforced or ON vs. OFF at app vs. network latitudes.

Citrix Workspace affordance enabling frictionless access including SSO to SaaS e.g. Salesforce via Windows Start Menu integration launching the preferred native local endpoint with the browser traffic protected by Citrix Secure Internet Access (SIA) Service and the SSO to Salesforce is handed by the Citrix Gateway Service configured by IT for SSO e.g SAML.

When accessing Salesforce even though IT has turn OFF all app security enforcement policies at the OS and presentation layer e.g what the human sees and interacts with e.g Start Menu and Chrome Browser so its a native experience, the Citrix SIA Service is capturing and redirecting all the network traffic prior to traversing the endpoints network interfaces and forcing the traffic to a centralised Citrix SIA service tenant in the Citrix Cloud Platform that allows for IT and Security teams to enforce just in time cloud network security policy adds/moves/changes in near to real-time all without impacting and employee affordance by avoiding pushing down any type of update/patch/upgrade software package.

Time 1 min 48 seconds

Citrix Workspace app inclusive of the web browser portal version allows employees to use the Citrix Universal Search to search for web, SaaS apps and content from within the portal if this is how they choose to work and then access the same Salesforce SaaS app with the same SSO and network security enforced when using the CWa.

Time 1 min 57 seconds

In this example searching and starting the Salesforce Secure SaaS app and in this example IT has turned ON all the app security enforcement policies at the OS and presentation layers to add further depth and breathe avoiding any IP, Pii exfiltration and more.

When app security polices for web, SaaS apps are configured, then depending upon how the employee (human) intends to access his/her web, SaaS apps e.g Salesforce Secure it will make a decision based upon the individual employees (humans) preffered Affordance access method how to securely deliver Salesforce Secure e.g at 2 min 29 seconds you’ll see that its open, SSOed, running in a local sandboxed browser that is session watermarked with cut/copy/paste and printing denied or disabled between the sandbox and endpoint.

Time 2 min 44 seconds

What if the employee (human) decides actually I am going to bypass all of Citrix’s security policies and governance? We’ll guess what that just in time at a network level protected by Citrix SIA Service will intercept and enforce app security policies, in the example I open a new tab navigate to Salesforce type in my tenant and attempt to sign-in outside of Citrix Workspace app and bypass all that security, the Citrix SIA Service intercepts the request between endpoint (source) and destination (https://<tenant>.my.salesforce.com  and recognises that method requires a remote browser isolation session to avoid and de-risk IP, Pii exfiltration and lateral movements. IT can choose to enforce or allow cut/copy/paste and printing from these remote browser isolation services that are intercepted by the Citrix SIA Service.

DT Architecture Diagram

What services where used to achieve this experience? 
Secure Internet Access – https://www.citrix.com/products/citrix-secure-internet-access/
Secure Private Access (formerly Access Control and Secure Workspace Access) –https://www.citrix.com/products/citrix-secure-private-access/
Secure Browsing Service – https://www.citrix.com/products/citrix-secure-browser/
Citrix Analytics for Security – https://www.citrix.com/products/citrix-analytics-security/

All of these services are turn-key S/PaaS in nature powered by the Citrix Cloud Platform – https://citrix.cloud.com/ and have good IT Affordance meaning they aren’t difficult to setup, configure and manage, you’re talking  about handful or minutes or a few hours to get a Minimal Viable Product or Prototype (MVP) into your employees (humans) hands to test and provide you with insights and feedback to refine your MVP.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Citrix Virtual Apps & Desktops or CVAD Service Migration Strategies

The path to operating from the Citrix Cloud Platform for Citrix Virtual Apps and Desktops often can appear like your need to climb to the summit of K2, this is purely because for IT its foreseen as another key yet, rapid IT Transformation project to solve a multitude of business and business IT challenges (its different organisation by organisation). I’ve therefore put together a simple blended digital doodle on this very topic highlighting some key learnings, leading practises from the field and my own thoughts and thinking on this very topic.

If you want to go deep or even get started on your own migration project today, then i strongly recommend that you read and review the “Proof of Concept: Automated Configuration Tool” available at – https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/citrix-automated-configuration.html, which covers off a step by step guide from installation to migration of on-premises CVAD configurations to the CVAD Service operating and run in the Citrix Cloud Platform – https://citrix.cloud.com. The following series of TechZone articles list at – https://docs.citrix.com/en-us/tech-zone.html#citrix-virtual-apps-and-desktops will also add value in your pivot to the CVAD Service.

If you have the right subscription access at https://training.citrix.com, then you can also complete the following on-demand eLearning course “eCWS-2014 | Automated Configuration Tool for Virtual Apps and Desktops” – https://training.citrix.com/elearning/coursequests/1/quest/184, which took me around 45 minutes to complete.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Dyslexia Thinking + Thoughts on the power of Citrix Workspace + Citrix Modern Networking captured in a Blended Doodle

A Workspace technology that enabled Flexible Working styles 30+ years with a continuous Vision focused on the Current vs. Future of Work Acumen
I decided to put together my second blended doodle together to better explain Citrix Workspace + Citrix Modern Networking, how it works in a visual illustration format to have more meaningful conversations and discussions. I picture can tell a thousand micro stories and the big picture here depicts a simple story which tells you the IT + Business value unlocking your organisations potential using Citrix on Citrix, including the why and why now. A Citrix Workspace supports legacy, traditional and very forward thinking ways of working that prior to the COVID-19 world wide pandemic would take a while to get going however today organisations can leap at pace within there Transformation journeys by unlocking ready to consume Citrix as a Service operating models inclusive BUT also well beyond virtualisation to a world where you can swipe left or right vs. enter in up to 3-5 fields and tap submit/approve to achieve an business and human outcomes within seconds.

The stark truth is that a Citrix Workspace for Citrites is “AWESOME” and the productivity time I get back routinely using our own technologies inspires me more with each day, it allows me to accelerate ‘economics of time I get back’ or take a well deserved break when I need it on my own terms.

View this post on Instagram

L-J’s (My) #Dyslexia thinking + thoughts on the power of #CitrixWorkspace + #Citrix Modern Networking “Best Together” captured in this blended #doodle talking about modernising IT services, multi-dimensional sustainable IT thinking, zero trust architecture, flexible working styles, diversity and inclusion, the modern vs. traditional device spectrum, agile working powered by a smart phone, SIA + SASE + SD-WAN and so much more. #citrixCTA #employeeexperience Blended Doodle is hand drawn with pencil ✏️ + paper, with final editing using Apple iPages on my #iPhone 7📱 The views expressed here are my own and do not necessarily reflect the views of Citrix.

A post shared by Lyndon-Jon Martin 👨🏻‍💻📲 (@lyndon_jon_martin) on

Understanding Citrix Workspace + Citrix Modern Networking “Best Together”
The following links below will help you better understand the different Citrix service offering capabilities, terminology, strategy and business + technical acumen (>).

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Dyslexia Thinking + Thoughts on the power of Citrix SDWAN captured in a Blended Doodle

SD-WAN is a Complex Subject, I’ll Simply It
I decided to put together this blended doodle together to better explain Citrix SD-WAN, how it works in a visual illustration to have more meaningful conversations and discussions. I picture can tell a thousand micro stories and the big picture here depicts a simple story which tells you the IT + Business value of SD-WAN including the why and it also tells an important industry story often never told which is that implementing ANY SD-WAN is NOT frictionless with an out of the box experience, it takes effort but once that effort is done and done right then Citrix SD-WAN’s Zero Touch strategy will takeover and make it frictionless from IT to the branch to key workers at home. Another top of mind reason to consider as a real world field example is that you simply cannot do a (Citrix) SD-WAN PoC 99.5% of the time to evaluate it. Wait what? Why? It’s always going to be a pilot, and the why is simple you are taking over co-control of an organisations underlay network to create an SD-WAN overlay network, while inserting (Citrix) SD-WAN packets into the organisations network fabric. This is a fact of every SD-WAN vendor in the marketplace.

View this post on Instagram

L-J’s (My) #Dyslexia thinking + thoughts on the power of #Citrix #SDWAN captured in a blended #doodle talking about Citrix Workspace services in/on/over Citrix Networking, DPI engine to identify apps/protocols + align QoS priorities, IT experience scorecard with a new meaningful way to measure SLA’s, the honesty MSP/ISP IT visualiser scorecard, zero touch provisioning for any office workplace, hybrid multi-cloud use cases and of course #workfromhome appliances for key identified workers by role/function and leaders. #citrixCTA Blended Doodle is hand drawn with pencil ✏️ + paper, with final editing using Apple iPages on my #iPhone 7📱 The views expressed here are my own and do not necessarily reflect the views of Citrix.

A post shared by Lyndon-Jon Martin 👨🏻‍💻📲 (@lyndon_jon_martin) on

Technically Understanding Citrix SD-WAN
The following links below will help you better understand Citrix SD-WAN’s terminology, strategy and technical acumen and thinking when deploying, managing and monitoring an SD-WAN overlay network bonding two or more underlay networks e.g Business broadband and 4/5G LTE internet circuits together into a single seamless internet pipe, while giving IT back control over its WAN including allow them to better measure meaningfully your MSP/ISP internet circuit providers performance including complete vs. brown outages, while visualising and seamless failover due to packet loss in a single direction with any internet circuits.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Frictionless Working Styles Video Demo Series of How vs. Where I Worked for a Week in Dec 2019

The following is a brief video series depicting how I consume and a Citrix Workspace as a Citrite with my daily activities in the field visiting and supporting Citrix customers.

Day 1

Day 2

Day 3

Day 4

Day 5

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Understanding the Citrix + ServiceNow Integration

The following content is a brief and unofficial prerequisites guide to setup, configure and deploying the ServiceNow ITSM Adapter (Connector) version 1.0.8 for Citrix XenApp & XenDesktop Service prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
IT SERVICE MANAGEMENT – itsm
XENAPP/XENDESKTOP – xad
SERVICENOW – sn
CITRIX CLOUD – cc

Technology Introduction?
The Citrix ITSM Adapter (Connector) is now available in the SN App Store – https://store.servicenow.com/sn_appstore_store.do#!/store/application/bb5ca9a2db9bd700677d3437b996190f/. So what does this actually mean for you and your organisation? If you are a Citrix + ServiceNow customer the integration or rather release of the ITSM Connector allows for the automated provisioning of Citrix virtual apps & Citrix virtual desktops, including monitoring and management via the Citrix Cloud Connector. The offering includes defined roles and permissions for End-users (request new virtual apps, desktops or even reset there own sessions) vs. Administrators defined for Citrix (Consumer of ITSM, adds XAD and or Site Aggregation Service e.t.c ) vs. ServiceNow (Performs the integration).

Suggested read the following announcements “Introducing Citrix Integration with ServiceNow” – https://www.citrix.com/blogs/2018/08/20/introducing-citrix-integration-with-servicenow/, “Citrix and ServiceNow Improve Workspace Automation and Employee Experience” – https://www.businesswire.com/news/home/20180820005155/en/Citrix-ServiceNow-Improve-Workspace-Automation-Employee-Experience. Finally relive/recap from Citrix Synergy 2018 surrounding the initial ServiceNow Integration announcement below.

Architecture Overview

The diagram (page3*) above is from the Citrix + ServiceNow documentation which deceits the follow of communication and traffic.

Brief Deployment Overview of the ServiceNow ITSM Adapter for Citrix Virtual Apps & Desktops
1. I would strongly advise that you download, read the documentation below carefully in the following suggested order as well.

– CC ITSM Guide* – https://store.servicenow.com/appStoreAttachments.do?sys_id=3781a14ddbfb9b002b9ed040cf96197e
– Installation (Guide) of Citrix ITSM Connector** – https://store.servicenow.com/appStoreAttachments.do?sys_id=7381a14ddbfb9b002b9ed040cf96197f

2.1. If you have not already sign-up to CC following the on boarding process carefully for new vs. existing customers – https://docs.citrix.com/en-us/citrix-cloud/overview/signing-up-for-citrix-cloud/signing-up-for-citrix-cloud.html.
2.2. Refer to the ServiceNow documentation for on-boarding of new vs. existing customers – https://docs.servicenow.com/category/london.
3. You’ll need to obtain a “Client ID” and “Secret” from Citrix Cloud e.g https://docs.citrix.com/en-us/xenapp-and-xendesktop/service/install-configure/cloud-connectors-install.html along with your AD user domain (You’ll know what that is).
4. Complete the setup & configuration of the Citrix ITSM connector with your organisations ServiceNow SysAdmin by installing the connector from the ServiceNow app store – https://store.servicenow.com/sn_appstore_store.do#!/store/application/bb5ca9a2db9bd700677d3437b996190f/.
5. Navigate to the newly provisioned connector in ServiceNow for Citrix select “Home” and complete the simple on-baording process which will take you to Citrix Cloud and you’ll see “IT Service Management Adapter” service available subscribe to it. Next return to ServiceNow.
6. Authenticate to Citrix Cloud from ServiceNow entering the pre-created “Client ID” and “Secret” and once authed its IMPORTANT select the CORRECT “Customer ID” and commit.
7. You can now utilise the available ServiceNow Sysadmin tools to configure your chosen XAD environment. See listed documentation links for details for configuring for XAD Service however for now I am going to focus on on-premises XAD environment integration which requires the use of the Site Aggregation feature available from Citrix Cloud – https://citrix.cloud.com/. To setup Site Aggregation following this eDocs article – “Add an on-premises Site to Citrix Workspace” – https://docs.citrix.com/en-us/citrix-cloud/workspaces/add-on-premises-site.html, note you will need to install + deploy the Citrix Cloud Connector within your resource location to communicate with the XAD environment on-premsies e.g 7.x FMA Site (NOTE: Full XAD SysAdmin credentials are required!) which needs to be added under the IT Service Management Adapter Service in CC. You can now return to the ServiceNow Sysadmin tools for the Citrix ITSM and begin configuring for Citrix virtual apps & desktops as page 5 of the installation guide**

I’ll publish a more detailed blog post in a follow-up blog article or I may update this blog post so stay tuned folks.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Citrix Workspace app is released Hello World

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Introduction
What is Citrix Workspace app? It brings together all your LOB tools which in todays modern world consists of (virtual/micro/installed/mobile) apps, SaaS, desktops & content. I’ve embedded a sample of what this actually looks like below.

Overview
The new Citrix Workspace app way more than purely an upgrade of Citrix Receiver e.g grey to blue icon and a skin change, this NEW Citrix client app release is simply extraordinary, working for Citrix I can be considered bias however once you actually begin to consume the Citrix Workspace app you’ll understand exactly what I mean. Citrix Workspace app is for me all about an experience, and that experience is extraordinarily AWESOME! As I begin consuming my LOB (Line of Business) tools wherever I am + want and in a setting/context that suites me (home, Paddington vs. partner offices, trains, taxi e.t.c) the chosen LOB tool delivered context can change dependant upon criteria (I won’t be covering this today) or how IT (say YES!) has chosen to deliver the LOB tool through Citrix Access Control Service – https://docs.citrix.com/en-us/citrix-cloud/access-control/get-started.html.

I now have all my content available all in the same AWESOME app thank you Citrix Content & Collaboration aka ShareFile. I can upload, download and even favourite particular content e.g “L-J’s H1/2 Citrix Partner Tech Super Deck” which is then available directly from the home view/tab. In the below example I am uploading the LeasePlan Citrix SD-WAN case study – https://www.citrix.co.uk/customers/leaseplan-en.html and the actual video is available at – https://www.youtube.com/watch?v=4Hq-yryxfS0 take a look and remember to listen to the outcomes Citrix SD-WAN provides LeasePlan.

How do I get started today?
Firstly I will do a more detail blog post on getting it all up and running with use cases time dependant of course.

1.Start by navigating to https://docs.citrix.com/en-us/citrix-workspace-app.html and then goto Citrix.com and login with your access details, next navigate to https://www.citrix.com/downloads/workspace-app/ and download Citrix Workspace app for your chosen end-point. If you are running a TP of Citrix Workspace app code base please UNINSTALL it prior to installing the GA production code base as a few community individuals I know had issues upgrading from TP code base. I would like to state for the record I upgraded from PRODUCTION Citrix Receiver to the Citrix Workspace app for Mac 1808 on my Mac without ANY issues see below tweet.

2. Please carefully read the System Requirements for your chosen platform here is the link for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/system-requirements.html and Windows https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/system-requirements.html.

3. Review the installation guidance for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/install-configure.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html.

4. Please carefully read the configuration of Workspace app for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/configure.html
and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/install.html e.t.c. for other platform and if you are looking for multi-monitor support or Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/improve-user-experience.html#using-multiple-monitors for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/improve.html#multi-monitor-support, and securing communications between Workspace app and your StoreFront for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/secure-communications.html and Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication.html (Pay attention to deprecated cipher suites node) and finally if your are you a Smart Card user pay attention to the recitations at the bottom of both docs for Mac – https://docs.citrix.com/en-us/citrix-workspace-app-for-mac/requirements-for-smartcard-authentication.html and for Windows – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/authentication/config-smart-card.html and for WIF 5.4 (yes I know really however some of you still may need it while your upgrading to XAD 7.x platform) https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/secure-communication/config-smart-card–for-web-interface.html.

5. Sign-up vs. Login to Citrix Cloud today and trial vs. acquire a Citrix Cloud service e.g ShareFile Service or the XAD Service and if you want to aggregate on-premises LOB apps into the new Citrix Workspace experience then setup “Site Aggregation” today. To learn how please read this CTXS blog post and watch the embedded YouTUBE video which provides a how-to overview at – https://www.citrix.com/blogs/2018/08/03/site-aggregation-for-citrix-workspace-is-now-ga/.

Thats all folks for now on the technical overview its brief I know so I will follow-up in future with more detailed overview + how-to e.t.c either here or on the https://www.mycugc.org website in the experts area.

Upgrading to Citrix Workspace from Citrix Receiver for smart devices

In Closing
I work for Citrix, I have been a Citrix + IaaS advocate for well over a decade (now SD-WAN swell) so I am mostly likely bias you’ll think however Citrix Workspace app is truly AWESOME and way more than what you see at a glance, I encourage you all to begin consuming it today to see for yourself just what I am talking about and why I personally say its “AWESOME“.

Citrix Innovation Award Finalists for #CitrixSynergy 2018

Its that time of the year where you Citrix customers, partners can vote for your favourite Citrix Innovation Award Finalist.

This year see’s a great mixture of customers in different markets all leveraging Citrix technologies as the enabler for transformation within there organisations to embrace a new way of working or #ThisIsHowTheFutureWorks powered by Citrix Networking, Workspace and Security & Platform Analytics from https://www.cloud.com/.

I would encourage you to watch all three videos describing there journey before casting your vote as there is some really great innovation happening within these Citrix customers and if you want to get started visit https://www.citrix.com or https://www.cloud.com/ today.

Beazley from the UK – Insurance

Quote “A new mindset to work wherever I am, because I have the tools that Citrix provides and Beazley…” – @dalesteggles

Health Choice Network, US – Healthcare

WAGO, Germany – Engineering

All the very best to this years Finalists.

The views expressed here are my own and do not necessarily reflect the views of Citrix.

Session Watermarking for App & Desktop Security by Citrix XenApp & XenDesktop 7.17 or #CitrixCloud

The following content is a brief and unofficial prerequisites guide to setup, configure and deploy Session Watermark policy feature with the XenApp & XenDesktop Service (April 2018) or XenApp & XenDesktop 7.17 on-premises prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or leading best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
SECURITY – sec
NETSCALER – ns
NETSCALER GATEWAY SERVICE – nsg service
WINDOWS – win
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad

Introduction to “Session Watermark”
The latest release of the XenApp & XenDesktop Service powered by Citrix Cloud or if you are performing a private cloud (on-premises) upgrade or net new installation of XenApp & XenDesktop 7.17 has some NEW features (another post brewing) and one that I have been waiting on for quiet sometime now has not finally arrived (WAHOO!) and its VERY VERY simple to configure and aids in improving your security posture (I believe) for delivery of apps & desktops powered by Citrix against e.g IP theft. In the below tweet can you see it?

The above is from my initial tests using a Windows Server 2016 VM hosted in Azure Northern Europe region running the 7.17 VDA configured to my Citrite #CitrixCloud XenApp & XenDesktop Service so I did not need to upgrade anything to get this new SHINY cool feature yes I said it SHINY. All I was required to do was deploy a new Windows Server 2016 VM from the Azure marketplace, domain join it, install the VDA and connect it to my Cloud Connector and I was ready in less than 25 minutes from initially deploying the VM from the marketplace.

Finally on a personal note for me Citrix SysAdmins enabling the “Session Watermark” feature obviously initally tested in a safe environment e.g UAT with a few users from a couple of departments and then rolling it out into production (as when/how your ready) will be making IT the modern “App & Desktop Security Heroes“. IT can apply and configure these new policies to be the most right vs. relevant for your organisations security needs while not hindering the end-users Rich HD eXperience.

Session Watermark Policies
You have 8 watermarking policies to apply with the 9th one enabling this security capability or feature set with the following list of quirks, suggested policy configuration and more available at – https://docs.citrix.com/en-us/xenapp-and-xendesktop/current-release/policies/reference/ica-policy-settings/session-watermark-policy-setting.html.

Before we get started it is worth mentioning that this feature does add an overhead to the compute on the backend (VDA side) and therefore it is suggested to enable up to two water marking features or items. In my overview of this feature I will wont cover off the cost of implementing this security policy as there are multiple variables to consider e.g HDX Graphics Mode and associated policies to provide the right vs. relevant end-user experience vs. how many watermark items do I apply? I have begun testing so bare with me and I’ll publish my findings either on my personal blog here or on https://www.mycugc.org under the “Expert Insights” area.

Enable session watermark
By default this feature is DISABLED as the default behaviour which I believe is the right approach considering its Citrix’s initial release of this #security feature (in my personal view) and secondly online documentation at eDocs suggested recommendations it to enable NOT more than two watermark text items. Finally * indicates that this policy is DISABLED by default when Session Watermark is enabled.

Include client IP address
* This is the IP addr of the device connecting to the virtual app & desktop.

Include connection time
* Utilises the following format yyyy/mm/dd hh:mm to display the users initial connection time to there virtual app or desktop.

Include logon user name
ENABLED by default when you enable Session Watermark as a policy and uses the following format USERNAME@DOMAINNAME is most optimise for 20 characters or less otherwise truncation might occur of the users logon username.

Include VDA host name
ENABLED by default when you enable Session Watermark as a policy and provides the VDA hostname e.g ne1vad01

Include VDA IP address
* Provides the internal IP addr that corresponding the VDA’s hostname e.g ne1vad01 = 10.1.0.7

Session watermark style
ENABLED by default using “Multiple e.g displays five watermark labels” when you enable Session Watermark as a policy or you can configure “Single e.g displays a single watermark label in the centre of the session“. TIP switching to SINGLE and sticking to two watermark text items for me in my initial tests is a good starting policy however time will tell as I continue to test out this new feature and its capabilities with different HDX Graphics Modes and associated tweaks.

Watermark custom text
* A unicode maximum of 25 characters is supported if you exceed this limit it will be truncated.

Watermark transparency
ENABLED by default set to “17 out of 100” when you enable Session Watermark as a policy, personally I think setting it to just 1 is fine in my initial tests as you want it to be not so in your face to the end-users to be bluntly honest.