Archive
Synergy 2015 – A condensed recap of everything you need to know – via @gkuruvilla, #Citrix, #CitrixSynergy
This is a great summary recap that George Kuruvill has done of Citrix Synergy 2015! Great work and enjoy this blog post!
For those of you who were not able to attend Citrix Synergy this year & dont have the time to sit through the key note recordings, I decided to put together a condensed version of some of the key announcements. So here goes!
Citrix Workspace Cloud
- Citrix hosted control plane that enables customers to deliver a comprehensive mobile workspace to end users.
- Gives customers the flexibility to host workloads on premises, in public or private clouds.
- Control plane also provides end to end monitoring of user connections.
- Evergreen infrastructure since Citrix maintains all core infrastructure components.
- Workspace Cloud Connector installed on premises on a Win 2k12 server that establishes SSL communication between control plane and customer environment. Used to talk to infrastructure components like Active Directory and hypervisors hosting workload
I wrote a blog on CWC and the value proposition a month back that you can find here.
SYN 217 – Workspace Cloud – Technical Overview [Video]
Citrix Lifecycle Management
- Comprehensive cloud based service that can be used to design, deploy and manage both Citrix and other enterprise applications.
- Based on the ScaleXtreme technology.
- Lifecycle Management enables customers/partners to deploy infrastructure not only on premises but also public/private clouds (resource locations)
- Customers/Partners have the ability to create blueprints to automate infrastructure deployments end to end. Examples of blueprints include a XD deployment for instance where you could not only install all the XD infrastructure but also automate the installation of all supporting infrastructure like Active Directory, SQL etc.
- Vendors have the ability to create blueprints as well that can then be consumed by customers and partners alike.
- Customers/Partners also have the ability to incorporate scripts (new/existing) into the deployment.
- Once a blueprint is developed, its added to a library. Any resource within the library can then be deployed to a resource location (on premises, public/private cloud)
- Another key benefit of the Lifecycle Management technology is the ability to automate application upgrades.
XenApp/XenDesktop
- Xenapp 6.5 maintenance extended till end of 2017, EOL extended till 06/2018. Details here
- New Feature Pack for XA 6.5 (enhance storage performance, Lync support enhancements, UPM enhancements, Director “Help Desk” troubleshooting”, Storefront 3.0, Receiver.next)
- XenApp/XenDesktop 7.6 FP2 (End of Q2)
- New Receiver X1
- Lync 2013 on Mac
- Touch ID Support
- HDX with Framehawk
- Native Receiver for Linux
- Linux Apps and Desktops (Redhat and SUSE support)
- Desktop Player for Mac 2.0 (June)
- Desktop Player for Windows (Tech Preview)
SYN 233 – Whats new in XenApp and XenDesktop [Video]
SYN 319 – Tech Update for XenApp and XenDesktop [Video]
#XenMobile and the #Citrix Mobile Workspaces Architecture – #BYOD
This is a great blog post by Christopher Campbell and good picture to show the overall capabilities and architecture of the Citrix offering!
You’ve heard us talk about Mobile Workspaces and if you’re a techie you’re probably wondering if Citrix really has the architectural components (a complete, comprehensive and fully integrated architecture) that can deliver any app and data to any user on any device over any network?
Well let’s first identify a few of the market leading technologies that make up the Citrix Mobile Workspaces solution:
- XenApp mobilizes and secures Windows apps on any device
- XenDesktop securely delivers virtual Windows desktops and apps on any device
- XenMobile manages and secures mobile, web and SaaS apps on mobile devices
- GoToMeeting empowers people to meet and collaborate with anyone, anywhere
- ShareFile shares and syncs corporate data securely from any location
- NetScaler optimizes and secures app delivery and on any network
- CloudPlatform orchestrates and provisions apps, desktops and IT services from any cloud
OK, OK. We know you have the products but do they really integrate?
Yes. Don’t believe me? Well as they say a picture is worth a thousand words. This is what the Mobile Workspace Architecture looks like.
OK. I get it. You have the architecture but that doesn’t necessarily translate to a seamless user experience.
Still don’t believe huh? Well this is what the user experience looks like.
XenMobile is a key ingredient in delivering a mobile workspace. Along with XenApp and XenDesktop it allows organizations to deliver on giving users access to any app from any device. In fact, if you’re an existing XenApp or XenDesktop customer, XenMobile seamlessly plugs into your existing architecture.
If you’re a XenDesktop or XenApp customer this is what your environment probably looks like.
Now this is what you need to enable EMM for BYO and COPE (Corporate Owned, Personally Enabled) devices and add that MDM, MAM, Secure Email, Secure Data…
Continue reading here!
//Richard
Manage #Linux based clients in #SCCM 2012 R2 – via @ncbrady
Another great post from Niall C. Brady, keep up the great job!
Wouldn’t it be great to have a complete solution from Microsoft that handles all the configuration capabilities of most enterprise OS’s like Windows, Linux distributions as well as Mac OS X? Microsoft are at least doing a great job working towards a more complete offering!
Introduction
System Center 2012 R2 Configuration Manager supports a wide variety of operating systems including alternative operating systems such as the following:-
Mac Client:
- Mac OS X 10.6 (Snow Leopard)
- Mac OS X 10.7 (Lion)
- Mac OS X 10.8 (Mountain Lion)
UNIX/Linux Client:
- AIX Version 7.1, 6.1, 5.3
- Solaris Version 11, 10, 9
- HP-UX Version 11iv2 , 11iv3
- RHEL Version 6 , 5, 4
- SLES Version 11, 10, 9
- CentOS Version 6, 5
- Debian Version 6, 5
- Ubuntu Version 12.4 LTS, 10.4 LTS
- Oracle Linux 6, 5
In this post I will show you how to install the Linux client on a popular Linux operating system (Centos 6.4) and do some basic actions like hardware and software inventory in System Center 2012 R2 Configuration Manager. This guide assumes you have already installed your Linux server and are ready for the next step. If you have not installed it yet just download the Live CD from here and boot from it, choose the option to Install to hard drive once the os has booted to the desktop.
Step 1. Download the Alternative Client files
When you started the System Center 2012 R2 Configuration Manager installation you probably didn’t notice that there was a link to download alternative clients on the splash screen highlighted in the screenshot below
If you did click on the link it would bring you here so go ahead and download those client files.
Step 2. Extract the Linux client files on a Windows computer
On the computer you downloaded the alternative client files, locate the Linux client exe file and extract the contents somewhere local by double clicking on the ConfigMgr Clients for Linux.exe file.
extract the files to…
Continue reading here!
//Richard
#BYOD + #Messaging + #Collaboration + #Data securely = How??
Yes, how do you solve this?
I’m running into this topic lately with a lot of people and customers….
It’s around the whole BYOD and unmanaged devices and how useful they are in an enterprise world and all the capabilities and way of working that you’re used to in a secure and still cost effective way (and let’s not forget in a USER FRIENDLY way)!
One question that I’ve not yet found an answer to is:
How do we have all offline capabilities needed for an “Office” worker on a BYOD in our enterprise landscape? How do we ensure that you can use our Messaging, Collaboration and Data/Info services on this totally unmanaged device in a SECURE way?
This is a tough challenge! I guess that most of your users are used to using the Office suite locally on their managed device where they can use Outlook offline, work with data/files in Excel and Word etc offline. But what happens if you tell them to use an unmanaged device or their own personal device of their choice?
All of a sudden there is no real good way of providing them with offline messaging and collaboration (Outlook Anywhere and Lync for instance) capabilities in a secure manner. This BYOD/unmanaged device is not a part of your AD, you have no control and cannot enforce anything! So Outlook that is installed on it may use your Outlook Anywhere service but then its data sits on that unmanaged device unencrypted and unsecured!
Think of the picture above (yes I know it’s a mess but I just want to illustrate the issue), you have BYOD devices that are running Windows 7, XP, 8 etc and also Mac OS X. What if you open up your Outlook anywhere service to those devices, then all your emails etc. will be unsecured on them!
Citrix and others are focusing on providing this email capability in a secure manner on all mobile OS’s like iOS and Android etc through it’s Citrix Worx apps for mail and also the newly announced Hosted MobileMail. But these are more or less just targeted against mobile devices (smartphones and tablets), but what about the standard laptop users!?!?! They need something as well!
And Windows RMS and other solutions just wont fit very well here… Citrix XenVault was something that could have worked to enable offline support for corporate Messaging services but it’s not there… I’d like to run corporate apps locally on the device offline in a secure and controllable container!!
The same issue you have with Data!!!
ShareFile doesn’t support encryption on Windows or OS X!!!
But it does on mobile devices.. I guess you have to trust your users and BYOD devices that they are encrypted using BitLocker or FileVault etc…. but can you?
So please enlighten me here what the missing puzzle piece is!! Because I have a hard time taking away a managed device form a user and tell them that they on their BYOD device HAVE TO BE ONLINE TO WORK! It’s a step back from a usability and productiveness point of view… but it may be a cost saver though… but is a BYOD/unmanaged device and a VDI or Hosted Shared Desktop always a good option to provide business apps to that laptop? NO! I guess everyone have understood that making business apps and functions web-based or mobile app based is good and a lot of focus is there, but we cannot forget the traditional productive device that the laptop is!
If you know the magic solution to these challenges please let me know! 🙂
Cheers!
//Richard
Latest Security Intelligence Report Shows 24 Percent of PCs are Unprotected
Interesting and scary facts from Microsoft… why not just add a simple cloud based solution like Webroot to your PC’s and Mac’s? Read more about Webroot that I think is a great product here from one of my earlier posts: 1st Test of Webroot SecureAnywhere – #Webroot, #SecureAnywhere, #BYOD
Today, Microsoft released new research as part of its Security Intelligence Report, volume 14, which takes a close look at the importance of running up-to-date antivirus software on your computer. The research showed that, on average, computers without antivirus software are 5.5 times more likely to be infected.
Antivirus software from Microsoft, McAfee, Symantec and others helps to guard against viruses, remove infections and protect your privacy. It can help protect your computer from malware trying to steal your credit card information, e-mail address book or even the files you’ve saved to your computer. It is one of the most crucial defenses computer users have to help protect against cybercriminals.
If you have been using computers as long as I have, long before almost every device was constantly connected to the Internet, you’ll recall the days when viruses were typically spread via sneaker-net, through infected floppy disks. Read more…
Heads Up – issues with Access Gateway Plug-in for Mac OS X Version 2.1.4 – #Citrix, #NetScaler
Well, I guess that you’ve already read all the good things about the new capabilities of the newer Access Gateway plug-in, Receiver and Access Gateway Enterprise that together with StoreFront will add additional features and functions that haven’t existed before. It’s now built to work together with the Receiver on the Windows and Mac OS X platforms and promises a lot by various blog posts from Citrix and others (incl. myself).
Here is an example of what it can (should) do: What’s new with Access Gateway MAC Plug-in release 2.1.4
But is the Access Gateway Plug-in that great? Well, before you plan to implement version 2.1.4 on OS X and especially if you want to leverage the SSL VPN functionality and host checks (EPA) then read the Important notes and Known issues for this release:
Important Notes About This Release:
- The Access Gateway Plug-in for Mac OS X Version 2.1.4 supports Citrix Receiver Version 11.7
- Import the secure certificate for Access Gateway into the Keychain on the Mac OS X computer.
- The Access Gateway Plug-in for Mac OS X Version 2.1.2 and earlier versions are not supported on Mac OS X Version 10.8.
- Endpoint analysis scans for antivirus, personal firewalls, antispam, Internet security, and EPAFactory scans are not supported for Mac OS X.
- Client certificate authentication is not supported for Mac OS X.
First of all I’d say that these notes are not that great if you ask me! Why do I have to add the cert into the Mac Keychain? Why doesn’t the plug-in support the more “advanced” host checks like personal firewalls, certificates etc.?
Wait, it get even worse!! And before you go to the whole list I’d highlight these top ones that I’m kind of surprised about:
- It doesn’t support LAN access
- Upgrading doesn’t work
- Doesn’t apply proxy settings configured in session profile
- It doesn’t support SAN certificates
- Users cannot start the Access Gateway plug-in if the Receiver is already started, you first have to shut down the Receiver
Here you see the full Known Issues list for this release:
- When users disable wireless on a Mac OS X computer and connect by using a 3G card, the Access Gateway Plug-in does not upgrade automatically through Citrix Receiver. If users select Check for Updates to upgrade the plug-in, the upgrade fails and users receive the error message “Updates are currently not available.” [#45881]
- If you run stress traffic for HTTP, HTTPS, and DNS simultaneously, the Access Gateway Plug-in fails. [#46348]
- When users disable wireless on a Mac OS X computer and connect by using a Vodafone Mobile Broadband Model K3570-Z HSDPA USB 3G stick, the Access Gateway plug-in does not tunnel traffic. [#256441]
- If you configure an endpoint analysis policy and also enable the client choices page and proxy servers in a session profile, occasionally a blank choices page appears after users log on. When you disable the choices page in the session profile, the choices page appears correctly. [#316331]
- If users connect to Access Gateway with the Access Gateway Plug-in for Mac OS X and then run ping with a payload of 1450 bytes, the plug-in fails to receive the ICMP reply. [#321486] Read more…
Mac Receiver Launches Application and Closes Abruptly – #Citrix, #Receiver
Ok, had a bit of a “challenge” today with my little Receiver 11.7 on my Macbook Air…. the darn thing just “vanished” after the XenApp/XenDesktop session was shown for about half a second…
And the solution was the following:
Symptoms
User is unable to login from a MacBook using the Citrix Receiver for Mac. The session launches and eventually disappears without any error message.
Cause
Since the Mac devices do not have a registry like Windows devices, a license needs to be issued to the client devices name. If the device does not have a name then it cannot be issued a license. It attempts to assign a license to a null value, which it cannot do and hence the session drops.
Resolution
- Find the System Preferences Icon on the toolbar.
- Open the Sharing folder in the System Preferences options.
Lifecycle Milestones for Citrix Receiver – #Citrix, #Receiver
For each major version (e.g., v3.0) of a Citrix Receiver for Windows, Mac, Linux, Java, or WinCE, customers will receive a minimum lifecycle of four years. The lifecycle consists of a Mainstream Maintenance Phase for at least the first three years followed by an Extended Maintenance Phase for the remainder of the lifecycle. The specific dates for each major release of these components will be posted in the tables below.
During the Mainstream Maintenance phase, customers that remain current in a Citrix Technical Support program receive 24x7x365 worldwide support. Support includes assistance from experts and connects you to the latest troubleshooting tools, techniques and resources you need to protect your Citrix investment. Citrix will provide code-level maintenance in the form of minor version releases, and in some cases, Cumulative Updates (maintenance releases containing multiple fixes) when Citrix determines they are required to resolve issues with Receiver. The release of a minor version or Cumulative Update may define a new maintenance baseline. Citrix customers may be required to upgrade to a specific minor version or Cumulative Update to receive continued maintenance. When a new maintenance baseline is defined, Citrix will continue to provide support for each minor version (e.g., v3.3) for a minimum of 12 months after the release of the next minor version (e.g., v3.4). Minor versions may include functional enhancements as well as code-level maintenance.
During the Extended Maintenance Phase, technical support continues as before but code-level maintenance will be limited to security-related issues deemed critical by Citrix.
For Citrix Receiver for Android, Chromebook, iOS, or Windows 8/RT, customers that remain current in a Citrix Technical Support program receive 24x7x365 worldwide support for the version of Receivers that are currently available from the respective vendor app store. Code-level maintenance is provided with the next version made available in the respective vendor app store.
Lifecycle dates for Citrix Receiver for Windows, Mac, Linux, Java, and WinCE
The tables below list the major versions…
What’s new with Access Gateway MAC Plug-in release 2.1.4 – #Citrix, #AG, #Receiver
Another great blog post from Prashant! You rock! 😉
The new Citrix Access Gateway Appliance release 10.0.71.6014.e brings along with it the new MAC plug-in release 2.1.4. MAC OS, along with Microsoft Windows, are the two main desktop platforms supported by Citrix Access Gateway for full SSL Tunnel. The AG plug-in is most commonly used in tandem with Citrix Receiver, to provide access to your virtual applications and desktops, provided by XenApp & XenDesktop respectively. The Receiver and AG plug-in also work together to provide end users access to intranet web and SaaS resources via Citrix CloudGateway.
The new 2.1.4 plug-in brings the following new enhancements for Citrix Receiver users:
- Seamless Desktop Receiver experience: With this release of Access Gateway plug-in, end users will no longer have to sign into the plug-ins as a manual step, to access apps / sites that require a full SSL tunnel. Receivers automatically launch a SSL VPN session via Access Gateway as needed. Result is – end user just deals with Citrix Receiver and Receiver internally (and automatically) deals with Access Gateway on user’s behalf.
- EPA with ICAProxy / CVPN: Receivers can now seamlessly launch AG plug-ins to connect to an Access Gateway vServer configured with End Point Analysis policies, in ICAProxy and CVPN modes as well. Earlier, this was supported only for Full Tunnel access.
- ….
Continue reading here!
//Richard
#Citrix #Receiver 3.4 and 11.7 = is the #SmartAccess story more real now? – #CloudGateway, #AGEE, #NetScaler, #StoreFront
Citrix has now released version 3.4 of the Receiver for Mac and Windows, but what is the main added value with this release?
First of I’d like to ask you to review my previous post where I questioned the Citrix SmartAccess story that I believe is not there end-to-end and that really is a lacking feature for scenarios where you’d for instance want to support more BYOD models etc. You need to determine the person accessing the service and also what what type of device it is, trusted or not etc. And I in the previous post I argued that Citrix doesn’t deliver according to their SmartAccess story;
#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA
And for you that haven’t read about the new Receiver 11.7 or OS X and 3.4 for Windows check these posts:
Receiver for Windows 3.4 released
Receiver for Mac 11.7 Released
The table below is from the previous SmartAccess post and my theoretical review right now is that the SmartAccess story for Windows and Mac OS X clients have improved. As you can see in the two rows for Receiver 3.3 and 11.6 where you would access through a Receiver through an AGEE you would NOT be able to perform host checks using the EPA scans.
This was just not possible though the native Receiver didn’t have that capability to trigger the EPA scans. And the EPA plugin itself was not available in the native Receiver on the OS X, it was bundled into the Access Gateway plugin.
| Client | Access method | EPA/Host-check possible on AGEE | Comment |
| Windows with Citrix Receiver for Windows 3.3 | Receiver 3.3 | NO | You’ll never be able to do host-checks on this device if Receiver access is used due to that the Receiver does not have EPA scan capabilities. |
| Windows with Citrix Receiver for Windows 3.4 | Receiver 3.4 | YES | Now when the Receiver is communicating with the Access Gateway plugin and shares login credentials then you can leverage the AGEE plugin to perform EPA scans and then allow different session policies and profiles depending on the EPA scan result, and at the same time of course also pass that through to StoreFront/WI and into XenApp/XenDesktop.It does however then require that you get the AGEE plugin installed on the devices, which may be another dilemma… |
| OS X with Citrix Receiver for Mac 11.6 | Receiver 11.6 | NO | You’ll never be able to do host-checks on this device if Receiver access is used due to that the Receiver does not have EPA scan capabilities. |
| OS X with Citrix Receiver for Mac 11.7 | Receiver 11.7 | YES | Now when the Receiver is communicating with the Access Gateway plugin and shares login credentials then you can leverage the AGEE plugin to perform EPA scans and then allow different session policies and profiles depending on the EPA scan result, and at the same time of course also pass that through to StoreFront/WI and into XenApp/XenDesktop.It does however then require that you get the AGEE plugin installed on the devices, which may be another dilemma… |
The IT Melting Pot! 