Archive
#HP Improves Enterprise #Mobility with Cloud-based Management Solution
Interesting…
PALO ALTO, Calif. — HP Enterprise Services today announced a cloud-based management solution that delivers secure anytime, anywhere access to applications and data from any mobile device.
HP Enterprise Cloud Services – Mobility meets the demands of balancing the responsibilities and requirements of IT with the challenges and expectations of users. This new cloud solution is part of the HP Converged Cloud portfolio, which provides enterprises with the essential foundation of technologies and services to confidently build, operate and consume IT services.
The new solution provides fast and flexible deployment of tools and services for secure application access, file storage and sharing via multiple mobile platforms and all types of devices, including tablets and mobile phones. IT organizations are provided the tools to set appropriate security policies and the access controls to protect valuable corporate assets, applications and data.
The solution also allows users to download approved enterprise applications from a secure storefront, upload files to support collaboration and synchronize files between the HP cloud infrastructure and any mobile device. Mobile data is encrypted in transit and at rest, covering the device as well as the cloud infrastructure.
HP Enterprise Cloud Services – Mobility also provides the ability to configure cloud file storage that can scale up and down, and offers local storage options that address data sovereignty and compliance requirements.
“Mobility in the workplace continues to be a key focus and concern for IT executives,” said Pete Karolczak, senior vice president, HP Enterprise Services. “HP Enterprise Cloud Services – Mobility leverages HP’s strong cloud portfolio by providing clients with a mobility service that provides the highest level of user experience and productivity while minimizing risk for IT.”
HP Enterprise Cloud Services – Mobility integrates leading industry technologies, including solutions from Citrix and SAP, which are fully managed and maintained by HP to simplify deployment and ongoing operations.
Pricing and availability
HP Enterprise Cloud Services – Mobility is available globally with a set of service features and options priced and packaged to deliver…
Continue reading here!
//Richard
#Citrix #XenMobile #MDM Integration With #Cisco ISE for #BYOD
Interesting and a good blog post by Sameer Mehta.
World of BYOD
Bring your own device (BYOD) initiatives are enabling employees to bring their own personal devices to work and allowing them corporate access to services such as Email. We did a recent audit using our ability to integrate with security incident and event management (SIEM) systems for a customer. The audit provided visibility into their ActiveSync traffic and found devices that belonged to executives that were not under IT management. Here’s a snapshot of their BYO devices.
There are several reasons to enable such access – for example, to boost employee productivity or convenience of accessing email from any device. Having said that, as Uncle Ben puts it, “with great power comes great responsibility”, and this responsibility is on the IT administrator from a security point of view. It’s IT’s responsibility to make sure that corporate data is not compromised or leaked in the following scenarios:
- What happens when this personal device is lost or stolen?
- What happens if this device is jailbroken or rooted?
- What happens if this device ends up outside an approved geofence. For example, outside of the US?
- What happens if the user inadvertently installs an application that has the ability and access to the entire device memory, thereby having unauthorized access to corporate data?
End User’s perspective on Enterprise Mobility
End users want access to corporate services such as email, intranet, ability to share and collaborate over documents, and also use 3rd party applications such as Evernote, Quick Office or GoodReader. With mobile solutions such as XenMobile MDM, CloudGateway, ShareFile and GoToAssist, Citrix provides ubiquity i.e. ‘access any app. from any device’, and a unified view for applications with an enterprise app store, documents via ShareFile. Having said that, since the user is accessing multiple applications; end user experience is a key component of mobility solutions. For example, bootstrap authentication and provide single sign on (SSO) to other applications.
Enterprise IT perspective on BYOD
As IT is providing access to corporate services, the main concern is around data loss prevention (DLP) and protecting corporate content on the mobile device. This means, encrypting data at rest for application data, and documents that are hosted either on Sharepoint, Network File share or Cloud storage. From a DLP perspective, for security conscious organizations, the mobile solutions bundle, which includes XenMobile MDM and CloudGateway…
Continue reading here!
//Richard
Configuring Email-Based Account Discovery for #Citrix #Receiver
Check out this great blog post from Avinash Golusula:
Configuring Email-Based Account Discovery
1 Add DNS Service Location (SRV) record to enable email based discovery
During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.
To enable Citrix Receiver to locate available stores on the basis of users’ email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named “discoverReceiver” to identify a StoreFront/AppController server.
You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.
To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.
- Log in to your DNS server
- In DNS > Right-click your Forward Lookup Zone
- Click on Other New Records
- Scroll down to Service Location (SRV)
- Configuring Email-Based Account Discovery
- Choose Create Record
Explaining #Citrix Pass-through Authentication
Check out this great blog post from Joel Bejar:
Introduction
Pass-through authentication is a simple concept. User credentials are passed to a Web Interface site and then to the XenApp/XenDesktop servers, preventing users from having to explicitly authenticate at any point during the Citrix application launch process. While this authentication method seems straightforward, there are some moving pieces, and this article aims to break these down to provide a more detailed understanding of how this process truly works within Citrix.
Pass-Through Authentication – Web Interface Site
The first step to the pass-through process occurs at the Web Interface site. Users are able to navigate to the web interface site, and their credentials are passed through and they are presented with their Citrix delivered resources. Web Interface is built on Internet Information Services (IIS). For pass-through authentication to work, IIS Integrated Windows Authentication must be leveraged. Formerly called NTLM, this authentication method hashes the user credentials before they are sent over the network. When this type of authentication is enabled, the client browser proves its is authenticated through a cryptographic exchange with the Web Interface server, involving hashing. Because of this, the web browser is responsible for authenticating with the Web Interface Server (IIS). It is important to note, though, that credentials are actually never exchanged. Instead, the signed hash is provided to IIS, proving that said user had already been authenticated at the Windows desktop. The web interface user uses the user’s AD context (sometimes referred to as a token) to retrieve the user’s AD group membership and pass this list of groups directly to the XML service for authentication. At this point, the user has successfully passed through to the Web Interface site, and can now view his/her Citrix resources.
- The WI server must be in the same domain as the user, or in a domain that has a trust relationship with domain of the user.
- If the WI server and user are in different domains, and resources are published using Domain Local AD groups in the user domain, then the WI will not be able to enumerate these, even with a proper AD trust relationship (due to the very nature of Domain Local groups).
- The WI site should be added as a Trusted Site or Intranet Zone site in Internet Explorer. In addition, the security settings should be modified so that User Authentication\Logon is set to ‘Automatic Logon with Username and Password’.
- Pass-through authentication is not supported on Web Interface for NetScalerPlease Note: Pass-through authentication and Kerberos authentication are not interchangeable and they have different requirements.
Pass-Through Authentication – XenApp/XenDesktop Session
One of the biggest misconceptions with Pass-Through authentication in Citrix is that it only occurs when a user navigates to the Web Interface site and he/she is automatically passed through. As mentioned above, this IIS authentication method that is being used does not actually exchange the user password. In other words, Web Interface is never in control of the user credentials. This brings up the question: How are users passed through to the actual XenApp/XenDesktop ICA session?
While the web browser has a role in authenticating the user to the web site, the Citrix client (Citrix Receiver) plays an integral role in making sure the user is fully passed through to the application or desktop. Citrix Receiver installs a process called SSONSVR.exe, which is the single sign-on component of the client (no, not password manager SSO, but rather desktop credential pass-through authentication SSO.) This process is fully responsible for passing the user credentials to XenApp or XenDesktop. Without this piece, pass-authentication will not function.
Continue reading here!
//Richard
Delivering #Citrix #XenApp on #Hyper-V with PVS and #McAfee – via @TonySanchez_CTX
Good Citrix blog post from Tony Sanchez!
Architectures—whether physical or virtual—should be flexible enough to adapt to different workloads, allowing them to support changing business needs. Although implementing a new IT architecture takes time and careful planning, the process to test and validate an architecture should be easy. In the case of a virtual desktop architecture, test engineers should be able to follow a repeatable pattern, step by step, simply changing out the workload to validate the architecture under different anticipated user densities, application workloads, and configuration assumptions. The procedure should be as easy as learning a new series of dance steps (think PSY’s Gangnam Style, the most watched dance video on YouTube). The point causes me as a test engineer to ask the question: in the case of VDI, why can’t a hypervisor simply learn a new workload just like I might learn a new sequence of dance steps?
Luckily for test engineers, Citrix FlexCast® provides the ability to learn and deliver any workload type by leveraging the power of the Citrix Provisioning Services® (PVS). Recently I worked with engineers from Citrix and Dell, collaborating to build a FlexCast reference architecture for deploying XenApp® and XenDesktop® on Hyper-V on a Dell infrastructure. Testing of this reference architecture looked at how XenApp and XenDesktop performed under various workloads, altering hypervisor configuration settings and examining the overall user experience and user densities. At the drop of dime, FlexCast and PVS enabled a simple switch of the architecture to a new workload.
Based on that reference architecture effort, we recently began a Single Server Scalability (SSS) test using the latest hardware and software releases available. This blog focuses on that effort — what I call the “XenApp dance step for FlexCast style” and how XenApp workloads perform on Hyper-V. (A follow-on blog article will focus on an alternate “dance” sequence for XenDesktop.) The focus of this blog is how the configuration of the McAfee virus scanning software can impact performance and scaling.
In previous blogs, I describe the testing process and methodology that leverages the Login VSI test harness, along with key tips for success. Since those same methods and recommendations apply here, let’s review the configurations we used for this scalability testing as well as the workloads and actual test results.
For background reading, I highly recommend that you review Frank Anderson’s post on XenApp physical versus virtual testing results with Hyper-V. Frank is my colleague and a great resource for insights about testing, including implementation tips and general best practices. In addition, the related Dell and Citrix white paper describing the FlexCast reference architecture for deploying XenApp and XenDesktop on Hyper-V is available here.
Continue reading here!
//Richard
Enterprise Mobility Report – Lessons from the Mobile Cloud – #Citrix, #BYOD
Here is a good report done by Citrix, not that much that I didn’t expect but great to get some input!
We just released our quarterly enterprise mobility cloud report. Every quarter, we look out across our enterprise mobility customers deployed in the cloud and try to understand common practices by reviewing aggregate data on deployed apps, app blacklisting and whitelisting practices, policy deployments, and OS deployments by region and vertical industry. So here’s a small taste of what we saw in Q412.
Things we expected:
- iOS led in the enterprise. Definitely something we already knew.
- Industries like retail and restaurants – whose use cases involve direct one-on-one customer engagement, were iOS- (and iPad-) heavy. Makes sense.
- Industries with mobile field service organizations went for Android. Given the platform’s lower replacement cost, control-ability, and ubiquity, that makes sense.
- Facebook and Dropbox made the blacklist. Productivity and data security are major concerns, especially for corporate-issued devices.
Things we didn’t expect:
- Android gained in EMEA. Android gained eleven percentage points in Europe, the Middle East, and Africa in a quarter. Anecdotally, we know several organizations there that deployed big Android-based mobile line-of-business initiatives last quarter, but is there a bigger trend? Tell us what you think!
- Healthcare went for Android. 85% of deployed devices in our cloud in healthcare were Android. But healthcare organizations we talk to are standardizing on iOS, so it doesn’t add up! But remember: this is the cloud report. Most of our large healthcare customers have deployed our solution on-premise and those seem to be mostly iOS today. The cloud healthcare companies are really mobile themselves – usually home healthcare organizations like traveling nurses and therapists and hospice care workers who deliver end of life care to patients in their homes. It makes sense that these organizations would be big users of the cloud given the highly distributed nature of the business and the fact that there are some common HIPAA-compliant mobile apps that have developed for the Android platform.
- Dropbox was on the blacklist, but was also one of the most heavily-recommended apps from enterprise IT (in the enterprise app catalog). This juxtaposition speaks to Dropbox’s simultaneous usefulness and risk! Organizations can’t decide! Many of our customers talk to us about the “Dropbox dilemma” and most agree that if they could provide data sharing in a secure, enterprise-grade way, users would go for it.
Download the complete report here!
//Richard
Are you, or wanna become a Mobility or Networking guru? – #EnvokeIT, #Citrix, #XenMobile, #BYOD
Then you might be the one that we’re looking for!!
EnvokeIT is expanding and are looking for people with the following areas of expertise:
Mobility
Are you currently working within the mobility area or with any of the major Mobile Device Management products out there (MDM, MAM, MIM etc.)? Then we’d love to talk to you! We strongly believe in this area and are focusing on it and would like to have you onboard on this journey! And of course we’re focusing on the Citrix product portfolio but are mainly looking for people with experience within the area and not exclusively on the Citrix XenMobile/Zenprise products. And Enterprise Mobility Management is here to stay, it’s the future work-/play-ground!
Networking
Wow, this is an area that is exploding! And I must agree that I’m not the expert within this area, but there are so many new capabilities being developed right now and we and our customers see the business value here. We’re talking about everything from traditional old school SSL VPN to supporting the latest mobility, application and cloud delivery solutions out there! So if you have experience on the Citrix NetScaler product or are a current Cisco, F5 or Riverbed person; contact us to hear more on what we have to offer!
Contact us – EnvokeIT (form page),or if you rather contact me or Mathias directly:
Richard Egenas – CTO
Email: richard-at-envokeit-.-com
Phone: +46 (0) 768 81 01 62
Mathias Törnblom – CEO
Email: mathias-at-envokeit-.-com
Phone: +46 (0) 8 587 633 10
Thanks for taking your time reading this and I hope that you will join us on this journey!! 🙂
//Richard
#Citrix Virtual Desktop Handbook 5.x – #XenDesktop, #XenApp
Ok, this is a pretty good handbook I must admit. Have a look at it here!
And if you need help then of course you can always contact EnvokeIT! 😉
And here is a good blog post about this as well by Thomas Berger:
One of the foundational project management principals is that project success occurs when it is delivered on time, within budget and with a level of quality that is satisfactory to the client. Of course these three dimensions are valid for any desktop virtualization project as well.
While a lot of information about budget planning and TCO/ROI for virtual desktop / application delivery projects can be found on the internet (e.g. http://flexcast.citrix.com/analyzeandcompare.html), the amount of information about time planning and success criteria is very low.
Since this lack of publicly available information causes every customer to “reinvent the wheel” and therefore add some delays to their projects, we thought it’s time to provide some guidance around these topics.
The result of our efforts has become part of the newly released Citrix Virtual Desktop Handbook (http://support.citrix.com/article/CTX136546). Version 1 of this white paper focuses on the Assess phase that identifies the information required prior to starting the design phase and outlines the project management tasks I mentioned earlier.
But instead of just discussing the topics from a theoretical point of view, we provide detailed guidance and tools which can be used for your projects right away. For example you will get a sample project plan (Microsoft Project), which outlines and provides duration estimates for every step of a desktop virtualization project (sample below).
Furthermore the white paper discusses a general project methodology, describes how business priorities can be identified and provides detailed information about the roles required during a enterprise grade project (sample below).
This and even more can be found within the new Citrix Virtual Desktop Handbook..
//Richard
#Citrix Introducing #CloudBridge 2000 and 3000
Ok, this is interesting!
Citrix is pleased to announce the new WAN-optimization appliances: CloudBridge 2000 and CloudBridge 3000. These appliances come loaded with our WAN-optimization and XenDesktop acceleration technologies including rich protocol optimization, advanced TCP flow-control, adaptive compression and smart acceleration.
This blog highlights some of key features of these appliances.
Un-matched Scalability: A pay-grow offering that is unique in the WAN-optimization industry
Using the pay-grow offering, CloudBridge 2000 can be scaled from a throughput of 10 Mbps to 20 Mbps and further to 50 Mbps with just a license upgrade. Similarly CloudBridge 3000 can be scaled from 50 Mbps to 100 Mbps and further to 155 Mbps. This avoids the cost, time and logistics overhead associated with a forklift replacement. So if you have small office and expect to grow in future then these appliances are ideal for you.
* Session count is limited by link bandwidth, no session count is enforced. Published numbers are for guidance only. |
Built-in reliability
CB 2000 and CB 3000 models come prepackaged with Network bypass cards for the traffic interfaces. This ensures that the traffic to your network is never interrupted, even in case of power failure to the appliance.
Also with these models do not contain any rotating disks. Instead they use SSDs as storage resulting in enhanced disk-access speed and…
Continue reading here on the blog post and also look at this Service Delivery Network video where you can look at Citrix’s story on how enterprise and cloud networks are unified into a service delivery fabric that optimizes and secures applications and data.
//Richard
How does #Citrix #NetScaler SDX isolate its instances?
Ok, I received this question the other day and this article is really spot on! Get a cup of coffee and enjoy! 😉
And remember this: YOU CAN ONLY HAVE 7 INSTANCES/1Gbps NIC!!!! So if you intend to host more than 7 VPX’s on your SDX then ensure that you plan your network design if you use 1Gbps otherwise go for the 10Gbps ports and SPFS.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
This article contains information about the Single Root I/O Virtualization (SR-IOV) and Intel Virtualization Technology for Directed I/O (Intel-VTd) technology and how NetScaler appliance uses this technology to achieve fully isolated high performance NetScaler instances.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
Server Virtualization presents both a tremendous opportunity and a major challenge for Enterprise Data Centers and Cloud Computing infrastructure. Current Hypervisors already facilitate the consolidation of many servers that are not utilized efficiently to a smaller number of physical servers delivering better space utilization, lower power consumption, and reduced overhead costs.
Virtualization architectures are built on a virtualization layer called a Virtual Machine Monitor or Domain 0 that becomes the primary interface between a virtual machine and the physical hardware. Even though virtualization allows multiple virtual machines to share the same hardware, it also creates additional overhead and can lower server performance as it becomes the bottleneck between a virtual machine and input/output (I/O) hardware as the number of virtual machines increase.
The NetScaler SDX appliance breaks through these performance bottlenecks by leveraging next generation of I/O virtualization technology called SR-IOV as defined by the PCI-Special Interest Group (SIG). SR-IOV enabled Intel chips along with Intel VT-d enable the NetScaler SDX appliance to significantly reduce virtualized network processing overheads, and provide more secure and predictable mechanisms for sharing I/O device among multiple virtual machines.
Intel Implementation of Single Root I/O Virtualization
Intel has worked with the PCI-SIG to define the SR-IOV specification. As shown in the following image, SR-IOV provides dedicated I/O to virtual machines bypassing the software virtual switch in the Virtual Machine Manager (VMM) completely, and Intel Ethernet Controllers improve data isolation among virtual machines. Another feature of SR-IOV is a feature called Virtual Functions. These are Lightweight PCIe functions that allow a single physical port to look like multiple ports. Therefore, multiple virtual machines can now have direct assignment on the same port. This increases the scalability of the number of virtual machines on the machine through more efficient I/O device sharing.
Intel VT-d Technology
Intel VT-d is a hardware enhancement for I/O virtualization that is implemented as part of core logic chipset. Intel VT-d defines an architecture for DMA remapping that improves system reliability, enhances security and…
Continue reading here!
//Richard
The IT Melting Pot! 