Archive

Posts Tagged ‘Proxy’

#XenMobile on Android and MicroVPN issue unless you really synch Worx releases…

February 26, 2014 Leave a comment

Hi,

If you’ve worked with XenMobile and especially the AppController to deploy WorxMail and WorxWeb you know that these establish  a MicroVPN tunnel to reach internal resources when needed.

One thing that I noted today was that when you upgrade your AppController and NetScalers and people also upgrade their Worx Home app on Android you can run into an issue unless you upgrade and align your Worx Home and WorxWeb apps.

The new Worx Home 8.6.1 on Android requires that you run WorxWeb 1.3.3 from Citrix, otherwise the MicroVPN tunnel won’t be established and you won’t reach your internal resources through it.

So it’s more important than ever to ensure that you try your NetScaler, AppController and Worx apps and align their releases.. once they work then you see this great progress and tunnel being established.

Android_MicroVPN_tunnel_established

It would be nice to get a good table of which versions of each product/component that you should run and which ones that can support all use cases like; XenMobile , ShareFile on prem, ICA/HDX proxy, SSL VPN and SmartAccess for RfW and proxy! I’ve not yet found one combination that delivers everything. 😉

Happy XenMobile’ing!

//Richard

Categories: All, Citrix, Mobility, NetScaler, XenMobile Tags: , , , , , , , , , , ,

Choose your #Citrix #NetScaler … wisely… – via @hlouwers

August 8, 2013 Leave a comment

This is a question I get a lot and I must say that Henny Louwers did answer it well in this blog post!

I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio.

I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered.

The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution belongs to the networking department, not the Citrix XenApp sys admin department. Or maybe limited.

That leads me to the first difficult thing of a Citrix NetScaler project. The adoption of the Citrix NetScaler appliances to the networking guys of an organization. They need to embrace the solution to make this a success. For some reason they too see it as a ‘’Citrix’’ solution. For that reason one of the most important meetings to setup is usually with the networking guys to try to explain the L3-L7 functionality of the Citrix NetScaler solution. When they realize it competes with F5, Juniper, Cisco, etc then we are on the right track.

NetScaler Gateway or NetScaler Standard Edition

Usually the first question of a customer is regarding something simple like replacing the Remote Access solution. Since the NetScaler is going to be the main platform for publishing Citrix publications a NetScaler Gateway can be considered as a valid option. This is when I tell a customer it would be wise to spend a little extra on the NetScaler Standard Edition since this would leverage the solution be having full load balancing capabilities (among others). When you compare prices between the NetScaler Gateway and NetScaler Standard Edition you will see that the Standard Edition will be somewhat more expensive but I for one think that it is worth the difference given the feature set that come with the Standard Edition. Of course the NetScaler Gateway can always be upgraded to a NetScaler Standard Edition (or higher) if you will.

Another feature of Citrix NetScaler Standard Edition is the ability to run Citrix Web Interface on the appliance. Honestly, I do think is not really that important anymore….

Continue reading here

//Richard

Categories: Access Gateway, All, Citrix, CloudBridge, CloudGateway, NetScaler Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,

#Windows 8.1’s #BYOD enhancements ready for business adoption – via @kenhess

June 4, 2013 Leave a comment

This is actually great news and a great article by Ken Hess! Microsoft is finally understanding the new BYOD use cases and scenarios! Interesting reading…

Summary: Microsoft understands, better than any other software company, that BYOD is actually a thing. It’s a thing to be dealt with at the source, which is exactly what they’re doing.

Everyone has weighed in on Microsoft’s Windows 8.1 update due at the end of the month, but few have highlighted the finer points of this significant update. Personally, I see Windows 8.1 as the new business operating system for desktop computing. Microsoft has listened to its critics and has made some super improvements on its much-beleagured new operating system.

Some of the more exciting improvements come in the form of BYOD enhancements. I believe that it is these features that will propel Windows 8.x onto corporate desktop systems and out of critical oblivion.

Excerpt from Stephen L. Rose’s Springboard Blog on Windows.com.

B.Y.O.D (Bring Your Own Device) Enhancements

  • Workplace Join – A Windows 8 PC was either domain joined or not. If it was a member of the domain, the user could access corporate resources (if permissioned) and IT could control the PC through group policy and other mechanisms. This feature allows a middle ground between all or nothing access, allowing a user to work on the device of their choice and still have access to corporate resources. With Workplace Join, IT administrators now have the ability to offer finer-grained control to corporate resources. If a user registers their device, IT can grant some access while still enforcing some governance parameters on the device to ensure the security of corporate assets.
  • Work Folders – Work Folders allows a user to sync data to their device from their user folder located in the corporation’s data center. Files created locally will sync back to the file server in the corporate environment. This syncing is natively integrated into the file system. Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares. Syncing could be done with 3rd party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.
  • Open MDM- While many organizations have investments with System Center and will continue to leverage these investments we also know that many organizations want to manage certain classes of devices, like tablets and BYOD devices, as mobile devices. With Windows 8.1, you can use an OMA-DM API agent to allow management of Windows 8.1 devices with mobile device management products, like Mobile Iron or Air Watch .
  • NFC tap-to-pair printing – Tap your Windows 8.1 device against an NFC-enabled printer and you’re all set to print without hunting on your network for the correct printer. You also don’t need to buy new printers to take advantage of this; you can simply put an NFC tag on your existing printers to enable this functionality.
  • Wi-Fi Direct printing – Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and any Wi-Fi enabled printer.
  • Native Miracast wireless display – Present your work wirelessly with no connection cords or dongles needed; just pair with project to a Miracast-enabled projector through Bluetooth or NFC and Miracast will use Wi-Fi to let you project wire-free.
  •  Mobile Device Management – When a user enrolls their device, they are joining the device to the Windows Intune management service. They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices. This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have more comprehensive policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having to deploy a full management client.
  • Web Application Proxy – The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user’s identity and the device they are using…

Continue reading here!

//Richard

Categories: All, BYOD, Client Services, Cloud, Device Management, Enterprise Architecture, Microsoft, Mobility, Security, Windows 8 Tags: , , , , , , , , , , , , , , , , , , , , ,

#Citrix #AppController 2.6 released as part of #MobileSolutions #Bundle #BYOD

February 25, 2013 Leave a comment

As a part of the Mobile Solutions Bundle that now is available on MyCitrix you can find a new version of AppController.

AppController 2.6 supports the following new features:

  • Certificate support. When you configure AppController for the first time in the web-based management console, you can add or create certificates on the Active Directory settings page.
  • Microsoft Hyper-V support. You can install the AppController 2.6 virtual machine on Windows Server 2012 with Hyper-V enabled or on Microsoft Hyper-V Server 2012.
  • Migration support to AppController 2.6. You can upgrade to AppController 2.6 from AppController 2.0 or from AppController 2.5.
  • Mobile store support. You can upload mobile apps from the Apple App Store or Google Play to AppController. You can use the Citrix App Preparation Tool to wrap iOS and Android apps from the Apple App Store or Google Play. When you wrap the app, you can secure access and enforce policies. When you upload the app to AppController, you can configure the policies. You can also upload an app from the App Store or Google Play to AppController without using the App Preparation Tool.
  • Secure connections to Active Directory. You can configure secure connections to Active Directory when you configure AppController 2.6 for the first time.
  • ShareFile updates. In previous AppController versions, when you configured ShareFile, the domain sharefile.com was automatically appended to the domain name. In this release, the domain sharefile.com does not automatically append to the ShareFile domain name. You must enter the entire ShareFile domain name.
  • Support for mobile links. You can configure mobile links to retrieve the name and description of apps automatically from the Apple App Store. For apps available through the Google Play Store, you enter the name, description and URL of the app. When you configure mobile links, links appear in Receiver with the Play Store or App Store name.
  •  Web proxy user name format. When you configure the web proxy, you can use either the SAMAccount format or the User Principal Name (UPN) as the user name.

Read more about it here!

//Richard

Categories: All, BYOD, Citrix, CloudGateway, MobileSolutions, XenMobile Tags: , , , , , , , , , , , , , , , , , , , ,

NetScaler MPX vs. SDX dilemma

October 3, 2012 9 comments

Hi again!

Ok, I may be totally off and wrong here but I see a bit of a problem with the Citrix product packaging and offering around the whole NetScaler product.

I love the fact that the product is available as virtual appliances (VPX) and physical appliances (MPX) and the lovely “mix-product” which is the SDX platform. The SDX is a lovely addition and I see so many reasons for why you want to go towards that platform, so bear with me.

The NetScaler product itself is a great product and the feature set it rich! It’s definitely rich in terms of what features it offers from the same appliance! Some of the marketing of the product against competitors is that you can do it all (GSLB, LB, SSL offloading, SSL VPN, Application Firewall, ICA/HDX proxy etc.) on one appliance instead of purchasing several. Have a look at the editions of the product and the rich feature offering;

NetScaler Features

But I must challenge this whole idea of putting all features/capabilities on one appliance! What if you decide to build a service on the NetScaler product and decide to provide these capabilities;

  • Access Gateway
    • Network Connect (SSL VPN access)
    • Network Proxy (ICA/HDX proxying)
  • End-to-end Web Security (AAA etc.)
  • Load Balancing (LB, GSLB)

So imagine that if for some reason you need a new version of the NetScaler appliance or if Citrix provides a fix for a bug/issue that is related to one of the capabilities. Then you have to stop your whole service delivery of all of them just to apply a patch/update targeted for one of them. Is that good from an incident, problem, change management point of view? I guess that’s why I like the SDX platform where I then can put the capabilities on different VPX instances on the same SDX HW platform.

This then also leads you to the whole cost of the service if you also like this idea of separation of duties, how much does the SDX cost and what does the VPX instances cost (they are purchased in bundles of 5 where 5 is included with the SDX purchase). And except for the cost of the HW, SW and SA you have the complexity that you have to select which of the SDX platforms to choose (see a more detailed NetScaler Datasheet here). And this is the biggest issue as I see it! I’d like to recommend the SDX platform to more customers than the enterprise segment. But then you have an issue, the SDX platforms starts on the 11 500 appliance.

Why doesn’t Citrix offer the SDX model on the smaller appliances?? I’d like to understand that because I think that most customers out there will not require that much throughput or CCU etc that the 11 500 delivers….

And there are more reasons to why you would like an SDX model other than separation of duties.. but more on that in another post.

Cheers!

//Richard

Categories: NetScaler, Networking Tags: , , , , , , , , , , , , ,
%d bloggers like this: