Archive

Posts Tagged ‘os x’

#XenMobile and the #Citrix Mobile Workspaces Architecture – #BYOD

This is a great blog post by Christopher Campbell and good picture to show the overall capabilities and architecture of the Citrix offering!

You’ve heard us talk about Mobile Workspaces and if you’re a techie you’re probably wondering if Citrix really has the architectural components (a complete, comprehensive and fully integrated architecture) that can deliver any app and data to any user on any device over any network?

Well let’s first identify a few of the market leading technologies that make up the Citrix Mobile Workspaces solution:

  • XenApp mobilizes and secures Windows apps on any device
  • XenDesktop securely delivers virtual Windows desktops and apps on any device
  • XenMobile manages and secures mobile, web and SaaS apps on mobile devices
  • GoToMeeting empowers people to meet and collaborate with anyone, anywhere
  • ShareFile shares and syncs corporate data securely from any location
  • NetScaler optimizes and secures app delivery and on any network
  • CloudPlatform orchestrates and provisions apps, desktops and IT services from any cloud

OK, OK. We know you have the products but do they really integrate?

Yes. Don’t believe me? Well as they say a picture is worth a thousand words. This is what the Mobile Workspace Architecture looks like.

OK. I get it.  You have the architecture but that doesn’t necessarily translate to a seamless user experience.

Still don’t believe huh? Well this is what the user experience looks like.

XenMobile is a key ingredient in delivering a mobile workspace.  Along with XenApp and XenDesktop it allows organizations to deliver on giving users access to any app from any device. In fact, if you’re an existing XenApp or XenDesktop customer, XenMobile seamlessly plugs into your existing architecture.

If you’re a XenDesktop or XenApp customer this is what your environment probably looks like.

Now this is what you need to enable EMM for BYO and COPE (Corporate Owned, Personally Enabled) devices and add that MDM, MAM, Secure Email, Secure Data…

Continue reading here!

//Richard

 

Manage #Linux based clients in #SCCM 2012 R2 – via @ncbrady

October 28, 2013 Leave a comment

Another great post from Niall C. Brady, keep up the great job!

Wouldn’t it be great to have a complete solution from Microsoft that handles all the configuration capabilities of most enterprise OS’s like Windows, Linux distributions as well as Mac OS X? Microsoft are at least doing a great job working towards a more complete offering!

Introduction

System Center 2012 R2 Configuration Manager supports a wide variety of operating systems including alternative operating systems such as the following:- 

Mac Client:

  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

UNIX/Linux Client:

  • AIX Version 7.1, 6.1, 5.3
  • Solaris Version 11, 10, 9
  • HP-UX Version 11iv2 , 11iv3
  • RHEL Version 6 , 5, 4
  • SLES Version 11, 10, 9
  • CentOS Version 6, 5
  • Debian Version 6, 5
  • Ubuntu Version 12.4 LTS, 10.4 LTS
  • Oracle Linux 6, 5

In this post I will show you how to install the Linux client on a popular Linux operating system (Centos 6.4) and do some basic actions like hardware and software inventory in System Center 2012 R2 Configuration Manager. This guide assumes you have already installed your Linux server and are ready for the next step. If you have not installed it yet just download the Live CD from here and boot from it, choose the option to Install to hard drive once the os has booted to the desktop.

Step 1. Download the Alternative Client files

When you started the System Center 2012 R2 Configuration Manager installation you probably didn’t notice that there was a link to download alternative clients on the splash screen highlighted in the screenshot below

Download clients for additional operating systems.png

 

If you did click on the link it would bring you here so go ahead and download those client files.

Step 2. Extract the Linux client files on a Windows computer

On the computer you downloaded the alternative client files, locate the Linux client exe file and extract the contents somewhere local by double clicking on the ConfigMgr Clients for Linux.exe file. 

downloaded client files.png

 extract the files to…

Continue reading here!

//Richard

#Citrix #XenMobile 8.5 MAM upgrade! Part 1 – #StoreFront, #AppController, #NetScaler

September 1, 2013 7 comments

In this little blog series series you’ll follow a little upgrade process to XenMobile 8.5 for Mobile Application Management (previously known as CloudGateway).

Ok, I don’t exactly know where to begin. I must first say that Citrix is THE master when it comes to renaming products, updating/changing the architecture, changing consoles (claiming to reducing the number of them like every year but at the same time introduce new ones).

How hard can it be to make crystal clear documentation and upgrade processes that works and are easy? I feel already that my tone in this blog post is “a bit” negative… but I think that Citrix actually deserves it this time.

I must now take a step back and calm down and point out that Citrix is delivering some MAJOR changes and good news/features in the new XenMobile 8.5 release though! It’s great (when you’ve got it up and running) and I must say that I don’t see anyone that is near them in delivering all these capabilities in a nice end-to-end  delivery!! 🙂

Have a look at everything that is new, deployment scenarios etc. here before you even start thinking to upgrade or change your current NetScaler, StoreFront and AppController environment!

Once you’ve started to read the different design scenarios you’ll see that App Controller can be placed in front of StoreFront, in the back of StoreFront or totally without StoreFront… all the options just make your head spin! Because Citrix doesn’t really make it clear on how all of this should work with a Receiver and Worx Home depending if the device is on the internal network, external through NetScaler or what the capabilities that you need are supported in the different scenarios in a simple way, just text that explains it. And I find the pictures and text a bit misleading:

You can include StoreFront in your deployment, which allows users access to published applications from XenApp and virtual desktops from XenDesktop, along with apps configured in App Controller. When users log on with Citrix Receiver, all of their apps appear in the store. The following figure shows how you can deploy NetScaler Gateway, App Controller, and StoreFront in your network.

Deploying App Controller with StoreFront and NetScaler Gateway

As you see above the App Controller is added as a “Farm” just as in 2.6, but is that the truth now in version 2.8 of App Controller?

If you have a look at the text from this page it’s getting even more confusing: Read more…

#BYOD + #Messaging + #Collaboration + #Data securely = How??

Yes, how do you solve this?

I’m running into this topic lately with a lot of people and customers….

It’s around the whole BYOD and unmanaged devices and how useful they are in an enterprise world and all the capabilities and way of working that you’re used to in a secure and still cost effective way (and let’s not forget in a USER FRIENDLY way)!

One question that I’ve not yet found an answer to is:

How do we have all offline capabilities needed for an “Office” worker on a BYOD in our enterprise landscape? How do we ensure that you can use our Messaging, Collaboration and Data/Info services on this totally unmanaged device in a SECURE way?

This is a tough challenge! I guess that most of your users are used to using the Office suite locally on their managed device where they can use Outlook offline, work with data/files in Excel and Word etc offline. But what happens if you tell them to use an unmanaged device or their own personal device of their choice?

All of a sudden there is no real good way of providing them with offline messaging and collaboration (Outlook Anywhere and Lync for instance) capabilities in a secure manner. This BYOD/unmanaged device is not a part of your AD, you have no control and cannot enforce anything! So Outlook that is installed on it may use your Outlook Anywhere service but then its data sits on that unmanaged device unencrypted and unsecured!

Overview_BYOD_Messaging_Outlook_Anywhere

Think of the picture above (yes I know it’s a mess but I just want to illustrate the issue), you have BYOD devices that are running Windows 7, XP, 8 etc and also Mac OS X. What if you open up your Outlook anywhere service to those devices, then all your emails etc. will be unsecured on them!

Citrix and others are focusing on providing this email capability in a secure manner on all mobile OS’s like iOS and Android etc through it’s Citrix Worx apps for mail and also the newly announced Hosted MobileMail. But these are more or less just targeted against mobile devices (smartphones and tablets), but what about the standard laptop users!?!?! They need something as well!

And Windows RMS and other solutions just wont fit very well here… Citrix XenVault was something that could have worked to enable offline support for corporate Messaging services but it’s not there… I’d like to run corporate apps locally on the device offline in a secure and controllable container!!

The same issue you have with Data!!!

ShareFile doesn’t support encryption on Windows or OS X!!!

But it does on mobile devices.. I guess you have to trust your users and BYOD devices that they are encrypted using BitLocker or FileVault etc…. but can you?

So please enlighten me here what the missing puzzle piece is!! Because I have a hard time taking away a managed device form a user and tell them that they on their BYOD device HAVE TO BE ONLINE TO WORK! It’s a step back from a usability and productiveness point of view… but it may be a cost saver though… but is a BYOD/unmanaged device and a VDI or Hosted Shared Desktop always a good option to provide business apps to that laptop? NO! I guess everyone have understood that making business apps and functions web-based or mobile app based is good and a lot of focus is there, but we cannot forget the traditional productive device that the laptop is!

If you know the magic solution to these challenges please let me know! 🙂

Cheers!

//Richard

Heads Up – issues with Access Gateway Plug-in for Mac OS X Version 2.1.4 – #Citrix, #NetScaler

Well, I guess that you’ve already read all the good things about the new capabilities of the newer Access Gateway plug-in, Receiver and Access Gateway Enterprise that together with StoreFront will add additional features and functions that haven’t existed before. It’s now built to work together with the Receiver on the Windows and Mac OS X platforms and promises a lot by various blog posts from Citrix and others (incl. myself).

Here is an example of what it can (should) do: What’s new with Access Gateway MAC Plug-in release 2.1.4

But is the Access Gateway Plug-in that great? Well, before you plan to implement version 2.1.4 on OS X and especially if you want to leverage the SSL VPN functionality and host checks (EPA) then read the Important notes and Known issues for this release:

Important Notes About This Release:

  1. The Access Gateway Plug-in for Mac OS X Version 2.1.4 supports Citrix Receiver Version 11.7
  2. Import the secure certificate for Access Gateway into the Keychain on the Mac OS X computer.
  3. The Access Gateway Plug-in for Mac OS X Version 2.1.2 and earlier versions are not supported on Mac OS X Version 10.8.
  4. Endpoint analysis scans for antivirus, personal firewalls, antispam, Internet security, and EPAFactory scans are not supported for Mac OS X.
  5. Client certificate authentication is not supported for Mac OS X.

First of all I’d say that these notes are not that great if you ask me! Why do I have to add the cert into the Mac Keychain? Why doesn’t the plug-in support the more “advanced” host checks like personal firewalls, certificates etc.?

Wait, it get even worse!! And before you go to the whole list I’d highlight these top ones that I’m kind of surprised about:

  • It doesn’t support LAN access
  • Upgrading doesn’t work
  • Doesn’t apply proxy settings configured in session profile
  • It doesn’t support SAN certificates
  • Users cannot start the Access Gateway plug-in if the Receiver is already started, you first have to shut down the Receiver

Here you see the full Known Issues list for this release:

  1. When users disable wireless on a Mac OS X computer and connect by using a 3G card, the Access Gateway Plug-in does not upgrade automatically through Citrix Receiver. If users select Check for Updates to upgrade the plug-in, the upgrade fails and users receive the error message “Updates are currently not available.” [#45881]
  2. If you run stress traffic for HTTP, HTTPS, and DNS simultaneously, the Access Gateway Plug-in fails. [#46348]
  3. When users disable wireless on a Mac OS X computer and connect by using a Vodafone Mobile Broadband Model K3570-Z HSDPA USB 3G stick, the Access Gateway plug-in does not tunnel traffic. [#256441]
  4. If you configure an endpoint analysis policy and also enable the client choices page and proxy servers in a session profile, occasionally a blank choices page appears after users log on. When you disable the choices page in the session profile, the choices page appears correctly. [#316331]
  5. If users connect to Access Gateway with the Access Gateway Plug-in for Mac OS X and then run ping with a payload of 1450 bytes, the plug-in fails to receive the ICMP reply. [#321486] Read more…

Mac Receiver Launches Application and Closes Abruptly – #Citrix, #Receiver

February 4, 2013 2 comments

Ok, had a bit of a “challenge” today with my little Receiver 11.7 on my Macbook Air…. the darn thing just “vanished” after the XenApp/XenDesktop session was shown for about half a second…

And the solution was the following:

Symptoms

User is unable to login from a MacBook using the Citrix Receiver for Mac. The session launches and eventually disappears without any error message.

Cause

Since the Mac devices do not have a registry like Windows devices, a license needs to be issued to the client devices name. If the device does not have a name then it cannot be issued a license. It attempts to assign a license to a null value, which it cannot do and hence the session drops.

Resolution

  • Find the System Preferences Icon on the toolbar.

  • Open the Sharing folder in the System Preferences options.

  • Check the Computer Name field. If it…

Continue reading here!

//Richard

Magic Quadrant for Endpoint Protection Platforms – #Gartner, #EPP via @rspruijt

January 14, 2013 1 comment

Magic Quadrant for Endpoint Protection Platforms

 
2 January 2013 ID:G00239869
Analyst(s): Peter Firstbrook, John Girard, Neil MacDonald

VIEW SUMMARY

The endpoint protection platform provides a collection of security utilities to protect PCs and tablets. Vendors in this market compete on the quality of their protection capabilities, the depth and breadth of features, and the ease of administration.

Market Definition/Description

The enterprise endpoint protection platform (EPP) market is a composite market primarily made up of collections of products. These include:

  • Anti-malware
  • Anti-spyware
  • Personal firewalls
  • Host-based intrusion prevention
  • Port and device control
  • Full-disk and file encryption, also known as mobile data protection
  • Endpoint data loss prevention (DLP)
  • Vulnerability assessment
  • Application control (see Note 1)
  • Mobile device management (MDM)

These products and features are typically centrally managed and ideally integrated by shared policies.

DLP, MDM and vulnerability assessment are also evaluated in their own Magic Quadrant or MarketScope analyses. Longer term, portions of these markets will get subsumed by the EPP market, as the personal firewall, host intrusion prevention, device control and anti-spyware markets have in the past. EPP suites are a logical place for convergence of these functions. Indeed, 53% of organizations in a recent Gartner survey1 already use a single vendor for several of these functions, or are actively consolidating products. In particular, mobile data protection is the leading complement to EPP and purchasing decisions regarding the two products are increasingly made together. For most organizations, selecting a mobile data protection system from their incumbent EPP vendors will meet their requirements.

In 2012, the large enterprise EPP market is still dominated by Symantec, McAfee and Trend Micro, which together represent approximately 68% of the total revenue of Magic Quadrant participants. Sophos and Kaspersky Lab are the two other global leaders that are competitive across multiple functions and geographies, and push the combined Leaders quadrant market share to 85%. Despite the introduction of new players, the displacement of incumbents is still a significant challenge in the large enterprise market. The biggest impact of the Magic Quadrant Challengers and Visionaries is to push the dominant market players to invest in new features and functionality (sometimes via acquisitions) to stay ahead, and to keep pricing rational. In the less demanding small and midsize market, competition is more intense. A number of Niche Player solutions are dominant in specific regions.

The total EPP revenue of the Magic Quadrant participants at year-end 2011 was roughly $2.8 billion, up 4% from 2010. We attribute this growth primarily to increased buying of more-expensive suites, offset by lower prices for low-end malware-only solutions. Consequently, EPP revenue growth is more a result of an inflow of revenue from other markets. We anticipate that growth will continue to be in the low single digits in 2013.

Microsoft is the best vendor in a position to challenge the incumbent Leaders, primarily due to attractive pricing in its enterprise agreements. Approximately one-third of enterprise buyers1 indicate they are actively considering Microsoft or plan to do so during their next renewal periods. However, Microsoft’s slow development, the lack of a single unified security management interface and mediocre test results will temper its adoption. Longer term, we believe that increased displacement of Windows endpoints with application-controlled OSs (such as Microsoft WinRT and Apple’s iOS and OS X Mountain Lion) is the biggest market threat. These solutions shift the value proposition of EPP solutions from traditional anti-malware to MDM and data protection capabilities.

Magic Quadrant

Figure 1. Magic Quadrant for Endpoint Protection Platforms
Figure 1.Magic Quadrant for Endpoint Protection Platforms

 
 

Source: Gartner (January 2013)

Vendor Strengths and Cautions

Arkoon Network Security

Arkoon Network Security’s StormShield EPP solution (formerly offered by SkyRecon Systems) is designed as a seamless integrated EPP with a focus on behavioral protection. Arkoon’s Ability to Execute score is hampered by its relatively small market share and limited geographic presence, as well as its still-maturing management capabilities….

Continue reading here!

//Richard

%d bloggers like this: