Design decisions for a secure framework: Citrix TIPs

I wanted to start this post by revisiting my five-part Security Design Decisions blog series, which you can find here and is linked throughout this blog. Its purpose was to explore the need for a robust security framework, which still holds true today.

Designing a strong and effective security framework requires making a host of decisions around each of the layers listed below.

User Layer

Humans are considered the most significant threat to information security. Identifying user groups is the primary step before moving into design or deployment of any Citrix solution. Enterprises must perform an in-depth assessment of user workflows to define which resources each user group requires access to.

These identified user groups should be fed into the Citrix delivery method, which drives key decisions including between server OS (multi-user) and desktop OS (single user) workloads and between persistent and non-persistent. Generally, multi-user workloads are more cost-effective but inherently riskier than single user workloads, as both high-value and high-risk personnel can co-exist on the same system.

By applying the principle of least privilege, we can categorize users before assigning them to a group so that different security measures can be applied to different user groups. It is important to avoid providing “super” administrator roles to any users and adhere to separation of duty guidelines.

Access Layer

The access layer is like a great wall that stands between users and the resources they need. This layer is the first line of defense and it cannot be weak — your security is only as strong as your weakest link.

The first step here is to identify the employees, partners, clients, or vendors who require access and further categorize them as described in the User Layer section. The next step is to identify the resources we intend to safeguard from potential risks associated with access.

We live in a hypermobility environment where users can access resources from anywhere, at any time, and using any device. Mobility has expanded the threat landscape, and the enterprise now must assume that internal and external access are equally risky considering the spread of personal device usage within the enterprise environment. The Citrix ADC MPX or SDX series have all the right ingredients to mitigate security threats and risks for both internal and external access. For example, Citrix Web App Firewall can be leveraged to protect the environment against internal or external threats such as denial of service (DOS), cross-site scripting (XSS), and other security-related attacks.

Finally, how are users authenticated? Traditional passwords are no longer an effective means to protect the enterprise environment, as users are considered their own worst enemies when it comes to password management. One solution is to use multi-factor authentication (MFA).

Resource Layer

The resource layer is used to provide virtual application and desktop services. Virtualizing applications and desktops is a secure means to deliver resources to users. But without proper controls in place, the user session can be “jailbroken” to gain a foothold in the environment. By applying a segregation model, we can categorize and separate types of users and applications based on their sensitivity level. Sensitivity level is determined by three elements:

1. The types of data (high value or low value) being accessed;
2. Each user’s value and risk to the organization; and
3. Each application’s value and risk.

The next step is to identify the type of policy needed to control the resource delivery and develop it by addressing the following questions:

• What is the policy controlling?
• Where and when will the policy be applied?
• How will the policy impact the end-user experience?

Finally, secure the server and desktop VDAs by removing unused services, uninstalling unused applications, applying Citrix and Microsoft updates, and installing an anti-virus agent, host intrusion prevention system (HIPS), host intrusion detection system (HIDS) and data leak prevention tools. In short, establish and enforce a minimum VDA hardening baseline policy.

Control Layer

As the command center, the Control Layer is the most critical component that requires protection — a lot can go wrong if a malicious user takes control. Four strategies can be applied to secure this layer. First, apply multilateral security by dividing the Control Layer into access controllers, delivery controllers, infrastructure controllers, shared storage, and network connectivity. The purpose of applying multilateral security is to reduce the failure domain and containerize any malicious activity within a silo, preventing it from overflowing into the next one.

The second strategy is to manage the vulnerabilities of critical infrastructure servers. All the components that directly or indirectly relate to this layer need to be proactively monitored for potential vulnerability. All an attacker requires is an exploitable vulnerability to gain access to the environment and perform a malicious act.

The next strategy is managing the overall Citrix infrastructure configurations. Improper configuration or an inability to configure the correct options can expose the environment to various types of threats from inside and outside the enterprise realm. A thorough configuration management process should be in place to ensure protective actions are taken, such as changing or disabling default account passwords, which can be easily obtain by performing a quick search on the internet.

The final piece in the Control Layer strategic plan is access management. The administrator’s role should be specific to job scope and avoid privilege creep. It is also important to restrict service account permissions as they can enable a malicious user to launch an attack using a privileged account.

Physical Layer

The hardware layer is the foundation of the overall security framework. Failure of security control in the Physical Layer can ripple through the layers built on top. We need to start by securing physical access to the environment with measures such as employee access cards, barricades, locks, biometrics, turnstiles, log books, and more. Next is environmental monitoring, which includes a CCTV command center staffed by security personnel. Third, it is critical to continuously monitor temperature and humidity of the data center and ensure that fire, smoke, and CO2 alarms are functional and tested.

A key part of this layer is physical control over human resources by implementing separation of duty, carefully selecting and authorizing administrators to access the physical environment, performing thorough background verifications, having employees sign a nondisclosure agreement, and, finally, scheduling periodic security awareness and policy training.

Aside from these physical access and personnel controls, we need to implement security controls on the virtualization stack, such as the hypervisor. While virtualization offers many benefits, it also introduces specific threats such as VM sprawl, hypervisor attacks, inter-VM attacks, data co-mingling, and instant-on gaps. These can combine with existing guest operating system concerns, such as hyper-jumping, inter-VM attack, hypervisor attack, VM sprawl, data co-mingling, and instant-on gaps.

Linux VDA 1906 is a rich post-Synergy release

At Citrix Synergy 2019, we made several exciting bulletins round the Citrix Workspace, especially some good updates for the Linux install base. We announced support for Linux VDA on the internet Cloud, giving customers more choice, we featured hands-on demos of a few of the latest and finest for Linux VDA, so we delivered a session that featured a vital customer’s real-world story and finest practices on delivering Linux Workspace for their finish-users. We would have liked to provide thank you very much to Synopsys, a number one EDA software company, for discussing their story.

Developing the heels of Synergy, our June release delivers multiple key features, highlighting our constant innovation for Linux users and our dedication to enhancing Linux VDA with every current release. So let’s have a look!

Support for Google Cloud Platform

Exactly what does it imply that we’re launching Citrix Workspace for Google Cloud?

Now you must an option to deploy Linux VDA workloads on the internet Cloud Platform (GCP). Quite simply, Citrix delivers Linux virtual desktops and applications safely inside your workspace, on the new cloud platform, to higher support your hybrid or multi-cloud strategy.

Support for Google Cloud Platform likewise helps to increase Citrix Workspace and it was a vital demand, especially from your develop community.

By the 1906 release, Linux VDA adds support for GCP.

Enhanced Configuration for Smart Card Authentication

Using smart card is normal in industries with regulatory needs like the public sector, healthcare, and financial services.

With Linux VDA 1906, Citrix is further enhancing configuration for smart card authentication. Now, advertising media are the ctxsmartlogon.sh script for configuring the smart card atmosphere, you are able to specify the road to a good card driver apart from Coolkey, like Gemalto.

Support for PBIS

Active Directory is needed for authentication and authorization within the Citrix Virtual Apps and Desktops infrastructure. The Kerberos infrastructure in Active Directory can be used to be sure the authenticity and confidentiality of communications using the Delivery Controllers. In the past releases, Linux VDA supported Winbind, SSSD, Centrify, and Quest as domain-joining methods on Linux.

With Linux VDA 1906, you should use PowerBroker Identity Services (PBIS) as a substitute for join Linux VMs towards the Home windows domain.

Selection of Printer Motorists

Printer choice is a key demand with Linux environments. With 1906, we’re getting much more feature parity with Home windows VDA with regards to printing. Moving forward, now you can decide to configure the printer driver mapping and compatibility policy in Citrix Studio instead of configuring on every Linux VDA.

Greater Resilience

Resilience is really a system’s ability to go back to its original condition or move to a different desirable condition after being disturbed.

Linux VDA 1906 introduces a resilience-related capacity - a monitor service daemon - to make sure Linux VDA deployment is much more resilient and powerful.

The computer monitor service daemon monitors key services through periodic checking. When discovering exceptions, the daemon restarts or stops service processes and cleans up process residuals for releasing sources. The detected exceptions are recorded within the /var/log/xdl/ms.log file.

Use on-prem Citrix Gateway as an identity provider for Citrix Workspace

Citrix is dedicated to supplying the very best consumer experience with best-in-class security within Citrix Workspace. That is why we’re excited to announce an open tech preview inside the Citrix Workspace UI that allows integration by having an on-premises Citrix Gateway to grow third-party identity-provider integration.

Exactly What Does This Suggest for you personally?

You’ve made a good investment within an on-premises Citrix Gateway to build up a name solution that most closely fits your organization. Today, Citrix Gateway supports a multitude of identity integration, which is now able to leveraged for authentication to Citrix Workspace. With this particular tech preview with an on-premises Citrix Gateway, admins can enable authentication via:

• RADIUS authentication
• Smart-Card Authentication
• Integrated Home windows Authentication (Pass-through Auth)
• Conditional access policies

Expanding the World

Admins are now able to architect an expanded group of identity solutions with Citrix Workspace because all Citrix Gateway AAA functionality has become readily available for used in the tech preview. Citrix Workspace will instantly federate towards the customer’s on-premises Gateway AAA during logon (Workspace->Gateway AAA login).

An important use-situation available these days in Citrix Workspace with the Citrix Gateway is the opportunity to leverage on-premises RADIUS along with other third-party MFA providers for example Symantec, RSA, DUO. Additionally to multi-factor authentication, you may also extend the nFactor policy framework that the on-premises Citrix Gateway provides to apply a zero-trust model for enforcing your contextual access control policies. For instance, you can now authenticate your on-premises users having a username/password and challenge your remote users having a second-factor authentication.

Who Should Have fun playing the Tech Preview?

If you are a current customer using StoreFront on-premises by having an on-premises Citrix Gateway and therefore are searching to maneuver to Citrix Workspace within the cloud, you need to take part in this tech preview.

If you are a existing Citrix Workspace or Citrix Virtual Apps and Desktops service customer and also have an on-premises Citrix Gateway or Citrix ADC, you need to take part in this tech preview.

Why certificates are more important today than ever

Every single day we all do increasingly more on the web. We send messages, buy online, handle financial and sensitive data, plus much more. We may not be considering what goes on between our computer and also the website, or, if we’re utilizing an application, how our data are now being used in the destination. You would like this visitors to be as secure as you possibly can.

First of all, use good sense when you are on the web. Only distribute your sensitive data on sites you can rely on and make certain the website or connection is applying TLS (or frequently known as SSL) certificates/file encryption. If you wish to find out more about certificates and just how they work, read this explanation. Citrix has additionally several sources you need to read, including this Citrix networking/TLS guidelines article which blog publish.

Increasingly more sites are now being encrypted every single day. Based on Mozilla the net went from 67 percent encrypted page loads to 77 percent in 2018 which keeps rising. At the begining of 2018, Google Chrome began marking non-SSL sites (HTTP) as unsafe. Also sites without any kind of file encryption are assigned a lesser rank in internet search engine results. We’re moving from HTTP to HTTPS as default.

Certificates Everywhere

There are lots of kinds of TLS certificates. Some certificates cost lots of money and a few have the freedom. Is really a free certificate every bit as good as you you have to pay for? This will depend on the organization or website and what sort of data you’re securing. For instance, if I’m hosting an internet site for any bank or an insurer, I have to make certain that everything examines, is insured, which people trust my website. This method of verification, trust, and insurance charges money. However, basically simply have an easy website or perhaps a blog like my very own and that i want something to be encrypted, an inexpensive reely certificate will suffice.

Let’s Secure provides the way to instantly create and apply a totally free TLS certificate. There are other than 150 million websites which use certificates from Let’s Secure.

The approach from Let’s Secure is diverse from you may be accustomed to. As with other standard certificates, you have to produce a certificate request and transfer it towards the certificate issuer. Following a verification you will get certificates that you simply then have to implement. The validity of those certificates is usually around 1 to 3 years. More often than not, this can be a manual action that needs your attention.

A Let’s Secure certificate are only able to be requested through the ACME protocol - an automatic process. This automated process handles the request, evidence of possession, and certificate transfer. The lifespan of 1 Let’s Secure certificate is restricted to 3 months. Then you definitely must continue doing this process. Due to this degree of automation, it is simple to run everything again (typically after two months) to exchangeOrrestore your certificate.

How Can Let’s Secure Certificates Work?

As with all TLS certificates, at some stage in the procedure you have to prove possession from the domain you're requesting certificates for. Let’s Secure gives you several automated choices to prove possession. Within this blog I’ll explain two:

• DNS: Prove possession by provisioning a DNS (TXT) record beneath your domain
• HTTP: Prove possession by provisioning a HTTP resource within well-known URI somewhere in your webserver

Essentially, both HTTP and DNS validation make use of the same steps:

1. Request of the certificate, for instance “domain.com”. Inside the request, you should also provide some data, much like your current email address.
2. In exchange, you’ll get a unique order ID and knowledge regarding how to prove possession. At this time, you have to choose if you wish to make use of the DNS or HTTP method.
3. Once you make a decision regarding how to proceed using the challenge validation, you need to make certain it’s configured properly. For DNS, produce a TXT record, for instance “_acme-challenge.domain.com”=”ABCDEF.12345”. For HTTP, produce a resource which contains the information “ABCDEF.12345” and it is offered at the next URI: “http://domain.com/.well-known/acme-challenge/ABCDEF”.
4. When things are in position, inform Let’s Secure to allow them to carry out the challenge validation.
5. Let’s Secure will look into the TXT record or even the HTTP resource and verify whether it will return the right data.
6. If all goes well, this course of action can lead to certificates for the validated domain “domain.com”. Otherwise, you're going to get a mistake message.
7. The final step is cleanup in your finish. The TXT record or HTTP resource can be taken off since this is no more needed. Next time you repeat these steps, new details is going to be specified.

Performance monitoring to improve your digital workspace experience

Citrix and eG Innovations interact to centrally manage digital workspaces and supply advanced performance-monitoring abilities, while simplifying your IT infrastructure.

As increasing numbers of applications and devices go into the enterprise domain, we face an enormous, complex mixture of IT infrastructure. Due to this, IT departments are continually challenged using the complexity of adding and securing technology to aid small business and deliver new methods for working. At Citrix, we're on the pursuit to simplify digital workspaces for employees also it.

That is why digital workspaces from Citrix are adaptable, offering employees freedom and security. Our solution makes it simple to centrally manage and secure every technology that It must adopt, including devices, all apps, systems, and hybrid and multi-cloud infrastructure. This simplicity allows you to offer the priorities of users and companies using the technologies they require once they need them, when you remain in control and efficiently manage sources. Whether work happens on-site, on the highway, or perhaps in the cloud, Citrix provides you with confidence without compromise.

But may things fail! Whenever a user complains of sluggish performance, it might be challenging for any Citrix administrator to recognize the origin from the problem: Could it be the network, the server, storage, the virtualization platform, or cloud?

We’ve partnered with this buddies at eG Innovations to assist our customers boost their IT infrastructure monitoring abilities.

Furthermore, you can preserve your IT monitoring using the evolution of Citrix Virtual Apps and Desktops 7. This can be especially helpful for purchasers moving towards the latest version.

The numerous enhancements and functionalities in Citrix Virtual Apps and Desktops 7.x have helped Citrix customers acquire a better digital workspace experience. eG Innovations has concurrently developed features to aid specific abilities and may help augment your speed and agility-monitoring prowess. Citrix Technology Professional (CTP) and finish-user computing specialist George Spiers helped pen a white-colored paper detailing the brand new features and functionalities, in addition to tips and methods to watch your general Citrix infrastructure.

Canary deployments for legacy stateful applications

Stateful applications are applications that maintain client information in your area and employ the data for future transactions in the same client. These applications expect the customer to reconnect towards the same application instance, even if proxies or load balancers are introduced in the centre. Citrix ADC achieves this with the persistence feature supplied by the burden balancing (LB) virtual server. A vintage illustration of a persistence use situation? Application proprietors using HTTP cookies to provide a customized experience to individual finish users.

Within our last blog publish we checked out using Citrix ADC for canary deployments. Are you aware that you can use a canary deployment technique for stateful applications, too? You need to be careful, though. Adopting a canary deployment strategy here can result in disruptions since it can break the persistence, that is a key requirement of the fundamental functioning of stateful applications. Keep studying to learn to use Citrix ADC to apply canary deployment for stateful applications.

Filling the “Stickiness Gap”

Citrix ADC provides stickiness for stateful applications with the persistence feature in the LB vserver, although not in the content switching (CS) vserver. Because canary deployments focus on the CS vserver, there's been not a way to affiliate formerly connected client towards the same back-finish deployment (the LB vserver).

Using the discharge of Citrix ADC 13., this persistence feature is supported in the CS vserver entity, helping fill the “stickiness gap” between your client along with a particular deployment for stateful applications. Whenever a latest version of the application is released and brought to production, the persistence feature helps to ensure that the present client transactions aren't forwarded to the brand new canary version. Only part of the new client transactions is forwarded to canary version.

Similarly, following a new client is routed to particular version, when the same client reconnects back, it ought to keep to the same version and cannot assess the content switching policies again. Persistence overrides the information switching decision. To configure persistence on CS vserver, make use of the following command:

set cs vserver &ltname&gt -PersistenceType &lttype&gt [-timeout &ltinteger&gt]

When the application monitoring returns a “failure” for that canary version, configurations akin to the newer version need to be taken off Citrix ADC. For stateful applications, these changes can’t be achieved abruptly simply because they can lead to disruptions which are visible towards the user.

Citrix recommends that you employ a website-based service group to represent the rear-finish group of cases of a specific version. In so doing, once the user (or container orchestrator) decommissions the rear-finish instances, the related entities on Citrix ADC are removed graciously. The entities aren't taken off Citrix ADC before the client transaction is finished. This permits seamless adoption of the canary deployment without disruptions towards the consumer experience. Citrix recommends enabling DNS-based autoscale around the service group while using following command:

add serviceGroup &ltserviceGroupName&gt -autoScale (YES  NO)

Personalization and productivity in the future of work

Within our Innovation Hub at Citrix Synergy, we shown numerous ideas and prototypes that demonstrated areas of our vision for the way Citrix will shape the way forward for work, empowering users of all types with unified, secure, and reliable use of all the apps and content they should be productive.

Our demos, the Contextual Workspace, highlighted numerous facets of our vision, including:

• Personalized encounters
• Automation and assistance
• 4th-generation human-computer interfaces

We demonstrated a glimpse to return using a mix of existing Citrix and third-party technologies, completely new prototypes, and novel integrations. If you wish to cut towards the chase, you will find a video from the demo in the finish of the blog publish.

Personalized Encounters

For the demo we find the setting of the modern workplace, placed in an adaptable manner without assigned desks, cubes, and offices, but instead, with some spaces you can use by worker. This really is being a common model, which is ideal for the employers, who take advantage of more effective utilization of space and for that reason lower costs. But it is also great for employees, who aren’t limited one type of space. They are able to move about throughout the day and employ spaces that fit the job they're performing at that time.

However, the possible lack of an individual, assigned space comes with other effects. Permanent personalization of this space is, obviously, no more possible, and each time a user moves to a different space, they have to spend time setting it on their own. For instance modifying the chair and desk, the sunlight, your window blinds, and also the thermostat for their preferences. Additionally they lose such things as somewhere to place a photograph from the family, dog, or perhaps a favorite vacation. This may appear minor, but it’s a part of developing a work atmosphere in which the user could be comfortable and happy - along with a happy and comfy worker is really a productive worker.

Obviously Citrix Workspace can already virtualize apps and knowledge so that a person can safely access them everywhere. We attempted to show the way we could extend this idea from software assets towards the physical world. Are we able to virtualize physical space, too?

Our demo develops the growing abilities from the smart, or connected, office. Many recently built or refurbished structures are using connected furniture, that has the capacity to regulate itself to some user’s configured preference. Lighting and temperature control are progressing in the comparatively closed realm of the older CAN bus systems to individuals connected via IP and getting APIs - in the same way to how smart lighting and temperature control systems have grown to be commonplace in your home.

As Citrix Workspace can already take care of the personalization of the virtual desktop, why don't you your physical desk, too?

To do this, we built a prototype that stores user preferences within the cloud, using a mix of statically configured preferences and individuals learned from the way a user by hand creates their space. Whenever a user enters an area (which can be a desk within an open office, a gathering room, a huddle space, etc.), they affiliate themselves with this space. For that Synergy demo, we did this by getting the consumer scan a QR code displayed on screen using the Citrix Workspace application running on their own mobile phone, however it could as well be achieved using location technologies for example beacons or NFC.

This takes hold motion the personalization: the Workspace hub functions being an IoT hub, contacting the different devices within the space, such as the LOGICDATA LOGIClink height controller for that sit-stand desk, the sunlight APIs, as well as digital photo frame. Furthermore, the user’s Citrix Workspace session roams towards the workspace hub and it is screen, inside a conceptually similar manner to the existing Citrix Casting, however in this situation for the whole Workspace as opposed to a single virtual application or desktop.

All this implies that within a few moments of entering the area, the consumer includes a working atmosphere that’s familiar for them, and they’re prepared to begin work immediately. Besides this enhance the working atmosphere, it time saving establishing the area by hand, enabling the consumer to take more time on productive activities. Most of the Synergy attendees that saw this demo recognized using their own organizations the difficulties produced by non-assigned working spaces and may observe how an answer in line with the concepts within the demo may help address them.

Automation and Assistance

Wouldn’t it's great if everyone had a helper that will enable them to rapidly find what they desire where they should be and would take proper care of repetitive and mundane tasks? At Citrix we’re focusing on the Citrix Va, which is area of the Citrix Workspace and can just do that. For all of us, an online assistant (Veterans administration) is not only a voice or chatbot interface to existing interfaces, it’s a smart service than may use understanding developed by observing users to know their demands and proactively enable them to become more productive.

First, we demonstrated an easy, transactional illustration of locating a document utilizing a voice search. The demo demonstrated an easy look for recent files of the given type. Nevertheless the natural-language nature of the Veterans administration causes it to be appropriate for additional complex queries in which a traditional interface will need the consumer to input or choose values in a number of UI fields, which increases the time come to carry out the search. Imagine having the ability to type or say, “Find the presentation I edited on Monday mid-day a week ago after i was around the train,” and getting the Veterans administration turn that right into a appropriate query, refined by location data, to understand the particular period of time I had been around the train.

Second, we would have liked as one example of the way a Veterans administration will go beyond transactional query/response cases, and perform delegated tasks. The demo scenario would be a situation where one user wanted to obtain a second user (we pretended it had been our Chief executive officer, David Henshall, within the demo) to supply some input to some spreadsheet. This activity is, obviously, possible today with Citrix Workspace. The very first user can produce a shared folder, adding the 2nd user into it by finding them within the address book. Then they copy or slowly move the spreadsheet into that folder and also have the system send a note towards the second user notifying them the file continues to be shared. After supplying the needed input the 2nd user would message to repeat the task have been completed.

Within our demo we demonstrated the Veterans administration automating this whole process. The very first user simply states, “Ask David to edit this document.” The Veterans administration uses context to infer exactly what the user meant. What is the “David” within the user’s workgroup? What is the “David” the user frequently interacts with? What is the “David” logged in a nearby workspace hub? Within this situation it's the latter, according to us knowing where each desk is into the spotlight. The Veterans administration, getting requested for confirmation, automates the entire process of allowing the shared folder and discussing the document with David. After that it transmits a notification to David, by means of a microapp, which helps David to determine this among his other prioritized tasks and open the document in one click. After he makes his changes, the Veterans administration gets control and communicates the alterations to the originating user.

This short demo demonstrated the way a Veterans administration can help to save a couple of precious minutes that will otherwise happen to be allocated to by hand navigating UIs. Imagine the way a couple of minutes saved on such things as this, which occur many occasions every single day, could accumulate. Additionally, it permitted David to accomplish his task without getting to change to email, click a URL within an email, and so forth - he could do his work immediately in Citrix Workspace.

4th Generation Human-Computer Interfaces

The way in which we’re getting together with computers is altering. Steve Wilson, Citrix VP for Cloud, describes this progression in the blog publish IoT and also the Beginning from the fourth Gen Interface. Essentially, I love to consider it as being the progression from “computer-shaped” interfaces to “human-shaped” interfaces, allowing people to talk with computing systems in new methods like voice and gesture recognition. Obviously, similar to many “new” technologies, voice control has existed for any lengthy time. However, advances in speech recognition, natural-language processing and understanding, and also the accessibility to sufficient computing power make voice interfaces much more helpful and reliable than in the past.

Several Synergy attendees noted how using voice interfaces, such as the use cases i was demonstrating, is essential within their organizations to assist users with assorted special needs access their workspace sources.

Citrix and HPE heat up at Citrix Synergy and HPE Discover

Citrix and HPE Pointnext Innovations at Synergy

Customers more and more want work environments which are simple, economical, and secure, and Citrix Synergy 2019 delivered. There, we showcased the HPE Greenlake Lighthouse program with Citrix and also got overwhelmingly positive feedback about this innovative hybrid-cloud consumption-based method of delivering Citrix Workspace that addresses everyday discomfort points our clients are searching to resolve.

To be asking, what made the answer so attractive? Not just shall we be offering turnkey, one-of-a-kind, consumption-based Citrix Workspace solution, we’re delivering:

• Cost Optimization: Wherever you're in your cloud journey, the answer offers the financial aspects of public cloud within an on-premises instance. Because it’s delivered inside a consumption model, you pay for which you utilize - per user, monthly - and you may burst capacity up and lower, all out of your on-premises data center.
• Simplicity: HPE Pointnext removes the headaches that frequently surround lifecycle management because it manages the whole stack of hardware, software, and services, freeing you against the price and complexity of mundane tasks like deployment, capacity planning, and patching updates. This permits your employees to concentrate more about customer experience and innovation.
• Security: Be assured, security is really a main concern for HPE and Citrix. You can preserve applications that need the greatest amounts of compliance and control on-premises but still get the advantage of having to pay just for that which you use. You keep full charge of the important Citrix desktop and application atmosphere while HPE helps to ensure that the woking platform can be obtained, performant, and secure inside your data center.

Find out more about the HPE VDI Greenlake offering with Citrix Cloud in Synergy blogs by Sridhar Mullapudi, SVP, Product Management at Citrix and Saadat Malik, VP, IOT and Intelligent Edge Services at HPE.

HPE SimpliVity Automation, Hybrid-Cloud Workspace Solutions and much more!

Additionally towards the HPE Greenlake VDI solution, we showcased other innovative Citrix/HPE joint solutions at Synergy, including our HPE SimpliVity automation for Citrix Cloud workspace appliance. This hyperconverged solution, built on HPE SimpliVity, integrates all you need to rapidly and affordably virtualize your desktop environments and centralize management into an HCI appliance by having an automated link with Citrix Cloud. You are able to deploy scalable, secure, fully integrated hybrid cloud virtualized desktop environments in hrs, not days.

Synergy attendees were also looking forward to our next-gen group of hybrid-cloud workspace solutions for that edge such as the HPE Edgeline EL4000 Engineering Workstation with Citrix Cloud. This innovative workstation, according to HPE Moonshot, delivers high bandwidth, low latency, and performance (3D graphics, etc.) inside a slim form step to enhance secure collaboration between engineering teams and also to enable IoT and Industry 4. application and product.

And we'd be remiss when we didn’t mention the exciting personal appearance within the booth through the IT monster from HPE’s “Tame the IT Monster” campaign.

Citrix HDX optimization for Microsoft Teams

Citrix Synergy always proves to be one of the most exciting points of the year because it provides opportunities for me to connect with customers and hear their stories.

However, it’s also an opportunity to see the latest and greatest innovations that help our customers on their digital transformation journey. As you saw during our Citrix Synergy keynote today, we highlighted a number of ways we’re partnering with Microsoft on delivering cool new technologies. One of those is HDX optimization for Microsoft Teams for Citrix Virtual Apps and Desktops.

This exciting announcement builds upon the momentum from our Citrix HDX Realtime Optimization Pack for Skype for Business. That delivered a native-like experience for Skype for Business in virtual environments.

Through many of my customer conversations since the release of Skype RTOP, they emphasized just how important it was for them to deliver Skype for Business for their users, without impacting end-user experience or server load. Our successful collaboration with Microsoft for Skype RTOP helped optimize the delivery of Skype for Business for more than 700,000+ daily active users, with 25 percent of them Skype for Business Online users.

With more organizations implementing Office 365, which includes Microsoft Teams, organizations were asking when Citrix would optimize Microsoft Teams for virtual environments. Microsoft Teams comes with additional collaboration tools, app integration, and file storage capabilities. Any organization looking at improving employee productivity and collaboration as part of a workplace transformation initiative knew the role Citrix and Microsoft would play in today’s workplace.

Citrix HDX Optimization for Microsoft Teams

With the upcoming release of HDX optimization for Microsoft Teams, customers will get a fully native, fully featured Microsoft Teams experience within Citrix Virtual Apps and Desktops. With a single point of authentication, this essentially also improves reliability and ease of use. The Citrix Workspace app has a built-in multi-platform HDX Media Engine that ensures optimized device and media handling, with audio, video, and screen sharing offloaded to the users device.

What This Means for You

With many customers on Office 365 or migrating to Office 365, one of the benefits of this feature release is the ability to take advantage of an intelligent communication solution, as Microsoft Teams is bundled into Office 365. With built-in tools within Microsoft Teams, people can work more efficiently and stay connected wherever they are, on any device, through centralized delivery optimized by Citrix. Not only are you giving your employees a solution that helps them be more productive, IT teams also get the added benefits of centralized management. Because information such as data and chat logs stays in a cloud environment and are not stored on native devices, you’re ensuring better control over sensitive information. 

How Do I Get It?

The release of HDX-optimized Microsoft Teams will be available in the coming weeks. Our engineering teams are putting the final touches on the optimization, but you should expect it with our next Citrix Virtual Apps and Desktops release. Customers will need to move onto that VDA once released, as well as a future release of the Microsoft Teams client.

We also currently have a private technical preview of HDX-optimized Microsoft Teams, which you can engage with your Microsoft account manager to access.

It’s time to enable Firebase Cloud Messaging

Last April, Google announced that it had deprecated Google Cloud Messaging (GCM). Last week they provided an update, announcing that they will remove APIs as early as May 29.

GCM provides users with push notifications for MDM policy updates. Currently, when an IT administrator makes an Android policy update in Citrix Endpoint Management (CEM) service, GCM sends the data from the CEM service to the user’s Android device. This is a key piece of endpoint management because it enables communication with Android devices.

For example, if an administrator adds a new policy for Android devices, they would create or update the policy within the CEM service. In turn, the service would notify GCM to prompt the user device to reconnect to CEM service, deploying the new policy to managed Android devices. What if an administrator needed to request a remote wipe? They could go through the CEM service, signaling to GCM, which would then trigger the device to reconnect and enable the remote wipe.

With the removal of GCM APIs, Citrix encourages customers to enable Firebase Cloud Messaging service (FCM) before May 29 for uninterrupted MDM policy check-ins on Android devices. FCM is Google’s recommended replacement solution to communicate with Android devices and allow for near real-time communications.

When CEM is configured for FCM, administrators can define policies through the Citrix Endpoint Management service, and FCM initiates connections to Android devices. These policies will trigger push notifications to prompt the user to reconnect to CEM service.

Customers should enable FCM before May 29 for uninterrupted MDM policy updates to Android devices