Home > All, Citrix, CloudGateway, Mobility, Receiver > #Citrix #Receiver 3.4 and 11.7 = is the #SmartAccess story more real now? – #CloudGateway, #AGEE, #NetScaler, #StoreFront

#Citrix #Receiver 3.4 and 11.7 = is the #SmartAccess story more real now? – #CloudGateway, #AGEE, #NetScaler, #StoreFront

Citrix has now released version 3.4 of the Receiver for Mac and Windows, but what is the main added value with this release?

First of I’d like to ask you to review my previous post where I questioned the Citrix SmartAccess story that I believe is not there end-to-end and that really is a lacking feature for scenarios where you’d for instance want to support more BYOD models etc. You need to determine the person accessing the service and also what what type of device it is, trusted or not etc. And I in the previous post I argued that Citrix doesn’t deliver according to their SmartAccess story;

#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA

And for you that haven’t read about the new Receiver 11.7 or OS X and 3.4 for Windows check these posts:

Receiver for Windows 3.4 released

Receiver for Mac 11.7 Released

The table below is from the previous SmartAccess post and my theoretical review right now is that the SmartAccess story for Windows and Mac OS X clients have improved. As you can see in the two rows for Receiver 3.3 and 11.6 where you would access through a Receiver through an AGEE you would NOT be able to perform host checks using the EPA scans.

This was just not possible though the native Receiver didn’t have that capability to trigger the EPA scans. And the EPA plugin itself was not available in the native Receiver on the OS X, it was bundled into the Access Gateway plugin.

Client Access method EPA/Host-check possible on AGEE Comment
Windows with Citrix Receiver for Windows 3.3 Receiver 3.3 NO You’ll never be able to do host-checks on this device if Receiver access is used due to that the Receiver does not have EPA scan capabilities.
Windows with Citrix Receiver for Windows 3.4 Receiver 3.4 YES Now when the Receiver is communicating with the Access Gateway plugin and shares login credentials then you can leverage the AGEE plugin to perform EPA scans and then allow different session policies and profiles depending on the EPA scan result, and at the same time of course also pass that through to StoreFront/WI and into XenApp/XenDesktop.It does however then require that you get the AGEE plugin installed on the devices, which may be another dilemma…
OS X with Citrix Receiver for Mac 11.6 Receiver 11.6 NO You’ll never be able to do host-checks on this device if Receiver access is used due to that the Receiver does not have EPA scan capabilities.
OS X with Citrix Receiver for Mac 11.7 Receiver 11.7 YES Now when the Receiver is communicating with the Access Gateway plugin and shares login credentials then you can leverage the AGEE plugin to perform EPA scans and then allow different session policies and profiles depending on the EPA scan result, and at the same time of course also pass that through to StoreFront/WI and into XenApp/XenDesktop.It does however then require that you get the AGEE plugin installed on the devices, which may be another dilemma…

So if you ask me if this was an important release or not I’d have to say YES! But is the puzzle solved and is SmartAccess and the HDX/ICA traffic flow now “controllable” by us IT suppliers and admins? NO! You still need both the AGEE plugin and the Receiver installed on all devices (managed and unmanaged) to get a somewhat simple AGEE  and StoreFront design… and can you install the AGEE plugin on all devices in a simple way (does users have permissions etc..)?

And still we have an issue with the ICA traffic flow and control on how that can be ensured to either go in proxy mode through an AGEE or direct between the client and internal host if the client is on the internal network. How does the Receiver determine whether to go in proxy mode or direct mode? It’s based on where the authentication is done! If the Receiver starts up on a client on the internal network and can reach the StoreFront server then it will authenticate against it, then StoreFront will ensure that all ICA/HDX connections initiated will go in direct more (NO AGEE PROXY). If the authentication is done by an AGEE to StoreFront then the ICA/HDX traffic will always go in proxy mode through the AGEE.

So you can’t really control this in a simple and nice way, previously you could do a lot with session policies and profiles with EPA scans and then different Web Interface sites but it’s not feasible without major workarounds with StoreFront and DNS views etc.

If you ALWAYS want to do a host check (internally and externally) to control for instance ICA/HDX virtual channels depending if the device is trusted or untrusted you’re pretty much not gonna make that happen if you’re using the Receiver to access your stores. You could do it on Windows and force users to use Receiver for Web login only on internal and external AGEE vServers but you wouldn’t trigger EPA scans on the Mac then for instance…..

Ok, to summarise! Yes, the 3.4 and 11.7 release does add EPA scan possibilities for Mac and Windows Receiver access scenarios which is good. And it works together with the AGEE plugin so that only one login is required! Getting there Citrix, keep up the work and please solve the other scenarios as well in terms of controlling ICA/HDX traffic flow (proxy or direct mode) and also ensure that the Receiver can trigger the EPA scans, please! Then we have a SmartAccess story that works in real life!

//Richard

  1. chuan lim
    April 27, 2013 at 17:23

    I tested that EPA feature in Windows Receiver and I would love to get more feedback from you 🙂

  1. January 7, 2013 at 20:12
  2. January 30, 2013 at 12:28

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: