Understanding IaaS + Citrix Secure Digital Perimeter & Workspaces deployed in a Public, Hybrid or Private Cloud world powered by Citrix Cloud https://citrix.cloud.com/ + Serverless for Web Apps from LAMP by https://twitter.com/lyndonjonmartin
The views expressed here are my own and do not necessarily reflect the views of Citrix.
I thought i first start off with a tour of Secure Notes followed on by my personal views and thoughts of using Citrix’s Secure Notes thereafter.
Tour of Secure Notes
1. You can login from a web browser at http://securenotes.citrix.com and if you want to sign-in via your organisations IdP select “Log in with my company credentials”
2.Enter in your organisations ShareFile subdomain e.g MyOrgName
3. It will redirect you to you’re organisations IdP login where you will be prompted for a username + password and potentially another form of authentication like a receiving a telephone call, virtual token or asked to verify yourself using your biometric authentication.
4. Once you are signed in your can begin creating a note (secure website version of Secure Notes) by providing it a heading and then in the body text your notes or drag and drop pictures, tag your notes and assign it to a notebook (collection of notes perhaps by project vs. organisation vs. team meetings e.t.c), delete unwanted or irrelevant notes, set a reminder against a note, favourite the note or search of other notes that you’ve created.
5. Now you can see in this image that I have been using for sometime now its still less than 30 days but I’m using notebooks to assign my notes by partner, customer vs. major events and i’ve tagged selective notes that require a follow-up and then I remove tags once its completed.
6. I have switched to the Notebooks view from theAll Notes which organises your notes based upon your created notebooks in my case by customer, partner & events and then I assign my notes to these notebooks so i can easily navigate notes for example by a partner or just use the search filter (whats right vs. relevant to you).
7. All your notes are stored securely within your ShareFile personal folder, and if your using Drive Mapper with your Citrix virtual apps & desktops the path to see your notes is at – “S:\Personal Folders\WorxNotes.root” and it does not matter whether your creating your notes using the website version of Secure Notes at – http://securenotes.citrix.com or even if you create your notes using the secure XenMobile enabled app called “Secure Notes” which is available from the public app store for iOS – https://itunes.apple.com/us/app/citrix-secure-notes/id1157570015?mt=8 and Android – https://play.google.com/store/apps/details?id=com.citrix.note.droid&hl=en_GB and controlled by XenMobile MDX technology to stop cut, copy and paste. You can learn more about MDX by reading the XenMobile security white paper available at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security-understanding-the-technology-used-by-xenmobile.pdf.
8. If I now switch to a mobile world and I mean using a smart phone or tablet and for convenience sake I’ll be using the Secure Notes app I can see that I have the similar same capabilities and functionality vs. the secure website versions.
9. I can insert a picture, tag it, favourite it, set a reminder e.t.c but now I can record audio.
10. I can create my notes offline and when your back online it will sync your note(s) back up to ShareFile and you’ll notice the red cloud icon disappear.
11. Send your notes as an embedded message within Secure Mail body vs. PDF file attachment by selecting your preferred choice.
1. Currently only iOS 9-10, Android 5-8 phones BUT its not supported on Tablets!*
2. Selecting a storage location for your notes upon setting up the app your asked if your prefer to store your notes in Microsoft Exchange Server or for your Secure Notes + within a ShareFile StorageZone. You can provide users with a choice of both upon on-boarding within the Secure Notes app.
3. Once users have been setup the XenMobile Secure Hub agent can handle SSO or push the app to users whom have enrolled into XenMobile’s MDM.
4. Supported file formats include – *.M4A, *.JPEG, *.PNG, *.BMP, *.GIF, *.WebP for rich editing experience.
The following content is a brief and unofficial prerequisites guide to better understand Citrix Cloud, Connector technology and the overall architecture required to setup, configure and test delivering virtual apps and desktops powered by XenApp & XenDesktop Service prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessarily conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.
HIGH-AVAILABILITY – h/a
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
CITRIX CLOUD – cc
INFRASTRUCTURE AS A SERVICE – iaas
CITRIX CLOUD CONNECTOR – connector
The Three Primary Cloud Types (Draft Section)
Firstly i’d like to provide my definition of public, private vs. hybrid cloud and in my personal view things like SaaS, PaaS have naturally been spin out or off from IaaS e.g Public Cloud.
Public Cloud is whereby a ISP provides you with SPLA licensing (OS, Application, Service), compute, storage and network capabilities which in turn enables you to create your very own VM instances running in a virtual datacentre on the ISP’s h/w and example providers may include AWS, Azure, Google Cloud Platform e.t.c
Private Cloud is where you the organisation owns there own OS, Application or Service licenses as well as the physical hardware that allows you to create your own VM instances within your virtual datacentre. In this scenario the h/w is could (a) be purely Colocatied (Colocation) at ISP with or without managed services over and above the Colocation and example providers could include Rackspace, Qubems, Peer1 or (b) your h/w is hosted within your own custom and purpose built data centres facility or comms room dependant upon the organisations size and IT/Technology requirements.
Hybrid Cloud is when public and private clouds are connected securely over a IPSec R/A, L2L or SSL VPN connection.
What is and how Citrix Cloud works
Citrix Cloud is an evergreen, managed control plane from Citrix that provides the traditional Citrix management technologies to delivery e.g Virtual Apps & Desktops as Services thereby reducing overhaul management updates & upgrades. This means that Citrix is responsible for the availability of your Citrix management infrastructure in there Control Plane including ensuring that it is on the latest up to day and production version of e.g XAD to deliver DaaS and or virtual apps. Citrix customers and partners are responsible for what is known as a resource location which is where your apps, network and data resides and can exist in a public, private or hybrid cloud deployment scenario and each resource location is securely connected to the control plane using the Citrix Cloud Connector which initiates an outbound HTTPS connection so your completely in control of your apps, network & data within your resource location(s) at all times.
If I have not technically explained what is and how Citrix Cloud works successfully then please feel free to watch the below embedded YouTUBE video.
Please note that Citrix Workspace Cloud is now know as Citrix Cloud
XenApp and XenDesktop Service – HDX virtual app & desktop delivery from any supported resource location running server/workstation VDA(s) while all the XenApp/XenDesktop mgmt infrastructure (Studio/Director) resides in your tenant/account at https://citrix.cloud.com.
XenMobile Service – Deploy Secure Apps (MAM), MDM to control your organisation devices with no need to deploy the XenMobile v/a even at your resource location all you need is either an IPSeC VPN tunnel or the Connector to enumerate users in AD to be assigned to delivery groups.
ShareFile Service – Follow-me data now controlled within one WebUI.
NetScaler Gateway Service – Provides a simple and easy deployment method to gain external remote access to virtual apps & desktops from your resource location(s) via the Citrix Cloud Connector.
Smart Tools Service previously Lifecycle Management – Design, build, automate, auto check & update your resource locations with Citrix validated blue prints.
Secure Browser Service – Provides a secure remote virtual browser(s) to access web (internal vs. external), SaaS apps from the Citrix Cloud with zero configuration, with only a link to access your published web apps via the HTML5 Receiver.
Citrix Cloud Labs – My personal favourite as this area of Citrix Cloud allows you get to test out some of the latest Citrix Innovations from our Labs team as services e.g AppDNA Express; Citrix Provisioning for Microsoft Office 365; IoT Automation; Citrix Launch for Microsoft Access; XenMobile MDX Service and Session Manager
Connector Architecture & Security
The following diagram depicts the H/A deployment of Citrix Cloud Connector for use with the XenApp and XenDesktop Service from Citrix Cloud. Please note that this is a simple architectural diagram that does not include a NetScaler in resource location so the assumption is that you users will connect to their virtual apps and desktops either from within the actual Resource Location or via the NetScaler Gateway service hosted and managed by Citrix Cloud. My personal preference is to leverage a NetScaler physical or virtual appliance within your resource location as the benefits of a NetScaler far exceed and go above and beyond that of a simple ICA Proxy gateway for XenApp/XenDesktop. Perhaps a follow-up blog article why I presume NetScaler in the resource location from my personal view point only or I may decide to update this blog article.
Citrix Cloud Connector
The following is deep dive overview of Citrix Cloud connector technology for all the services with the exception of the Smart Tools service which leverages its own connector which is used to check your Citrix workloads, scale up/down and or even build or tear down workloads in resource location(s) via blueprints.
Installation & Troubleshooting
You must download and only install the Citrix Cloud Connector for your resource location from “Identity and Access Management” that matched your domain forest, don’t mix and match these! The installation is fairly straight forward and simple as descriobed and outlined at http://docs.citrix.com/en-us/citrix-cloud/citrix-cloud-connector/installation.html, once the installation completes wait for the connectvity test to pop-up and complete successfully prior to navigating back to Citrix Cloud to validate that the Connector has scuessfully registered with Citrix Cloud+.
You can also perform automated installation leveraging the following command line arguments when installing the Connector “CWCConnector.exe” /q /Customer:Customer /ClientId:ClientId /ClientSecret:ClientSecret /ResourceLocationId:ResourceLocationId /AcceptTermsOfService:true.
You can install hypervisor tools, anti-virus software (Tested as of 26/10/2016++ McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8) on your VM instances that have the Citrix Cloud Connector technology installed however it is not recommended to install any other software or unnecessary system services nor should you allow any domain users access unless they are a Domain or System administrator of the Citrix environment. In summary treat these Connectors as you would your XAD Controller(Broker).
The installation logs are available at “%LOCALAPPDATA%\Temp\CitrixLogs\CloudServicesSetup” and post the installation its consolidated to the following location “%ProgramData%\Citrix\WorkspaceCloud\InstallLogs“.
Monitoring your Citrix Cloud Services
1. http://status.cloud.com/ is your friend and will provide you with vital up to date information about the Citrix Cloud platform (control plane or SaaS tier) and each of its Services e.g XenApp and XenDesktop Service or Smart Tools.
2. Monitor the following Connector services described below ++
3. The leading best practises is for the Citrix Cloud Connectors to not be offline longer than two weeks as the connectors are regularly updated from Citrix Cloud with the latest updates (Evergreen) which is why each resource location requires at a bare min 2x or a pair of Connectors.
Connectivity & High-Availability
The Citrix Cloud Connector firstly should always be implemented in pairs at a minimum within any resource location and installed onto either Windows Server 2012 R2 or 2016 AD joined VM instances. The connectors are stateless and brokering requests are load-balanced via Citrix Cloud to the connectors within your resource location(s) and if a connector does not respond the queued tasks are redistributed to the remaining connector(s). As the connectors are stateless this also means that they do store any mgmt configuration for Citrix Workloads at the resource location as this is held within the Citrix Cloud by the Service that you are utilising e.g XenApp and XenDesktop Service.
+If you setup a PoC with a single Connector it will probably display as amber for a period of time prior to turning green as you have only configured 1x Connector for your resource location. You can check your Connector status for your resource locations by navigating from https://citrix.cloud.com/ to https://citrix.cloud.com/identity and under “Domains” select your domain forest(s) and expand it and you can review your Connectors name e.g servername.dommain e.g connector1.x1co.eu and its status (red, amber or green).
Logs & Services++ of the Connector
The Connector logs are stored at “C:\ProgramData\Citrix\WorkspaceCloud\Logs or use %ProgramData%\Citrix\WorkspaceCloud\Logs” for verifying ongoing communication and helping with troubleshooting. Once the log(s) size exceeds a certain threshold its deleted BUT Administrators are able to control the log retention size by adjusting the following entry in the Windows registry “HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CloudServices\AgentAdministration\MaximumLogSpaceMegabytes” to meet your organisations logging/auditing requirements.