Archive
Choose your #Citrix #NetScaler … wisely… – via @hlouwers
This is a question I get a lot and I must say that Henny Louwers did answer it well in this blog post!
I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio.
I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered.
The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution belongs to the networking department, not the Citrix XenApp sys admin department. Or maybe limited.
That leads me to the first difficult thing of a Citrix NetScaler project. The adoption of the Citrix NetScaler appliances to the networking guys of an organization. They need to embrace the solution to make this a success. For some reason they too see it as a ‘’Citrix’’ solution. For that reason one of the most important meetings to setup is usually with the networking guys to try to explain the L3-L7 functionality of the Citrix NetScaler solution. When they realize it competes with F5, Juniper, Cisco, etc then we are on the right track.
NetScaler Gateway or NetScaler Standard Edition
Usually the first question of a customer is regarding something simple like replacing the Remote Access solution. Since the NetScaler is going to be the main platform for publishing Citrix publications a NetScaler Gateway can be considered as a valid option. This is when I tell a customer it would be wise to spend a little extra on the NetScaler Standard Edition since this would leverage the solution be having full load balancing capabilities (among others). When you compare prices between the NetScaler Gateway and NetScaler Standard Edition you will see that the Standard Edition will be somewhat more expensive but I for one think that it is worth the difference given the feature set that come with the Standard Edition. Of course the NetScaler Gateway can always be upgraded to a NetScaler Standard Edition (or higher) if you will.
Another feature of Citrix NetScaler Standard Edition is the ability to run Citrix Web Interface on the appliance. Honestly, I do think is not really that important anymore….
Continue reading here!
//Richard
Top 10 #CitrixSynergy sessions…watch them today!
Have a look at the 10 most popular Citrix synergy sessions! They are now uploaded and ready for you to see:
- SYN501: Geek Speak Tonight! (Desktop Virtualization panel) & SYN501 (Mobility panel)
- SYN415: Advanced best practices for migrating from Web Interface to StoreFront
- SYN321: Next-generation desktop and app delivery with XenDesktop 7, Microsoft System Center 2012
- SYN334: What’s new in XenDesktop and XenApp Platinum
- SYN320: XenDesktop 7: what you should know about FlexCast management architecture and XenApp migration
- SYN299: One Step Beyond – An audience with the Citrix CTO’s
- SYN322: XenDesktop 7: reinventing HDX for mobile, 3D graphics and beyond
- SYN222: Architecting a global XenApp farm with regional users using NetScaler and StoreFront
- SYN404: Introducing the Citrix Diagnostic Toolkit
- SYN206: What’s new in ShareFile Enterprise
Continue reading here!
//Richard
Demystifying Citrix Excalibur Architecture – via @kbaggerman
A great blog post by Kees Baggerman! 🙂
For all XenApp admins and consultants out there Project Avalon will bring a big change as we are used to having XenApp servers running on the (what seemed to be) everlasting Citrix Independent Management Architecture and we’re heading to Citrix FlexCast Management Architecture (already included in XenDesktop at this moment) and will be included in the Citrix Excalibur Architecture.
IMA
When looking up IMA in the eDocs you’ll find:
Independent Management Architecture (IMA) is the underlying architecture used in XenApp for configuring, monitoring, and operating all XenApp functions. The IMA data store stores all XenApp configurations.
Basically IMA exists to manage the XenApp or Presentation Server farms by enabling the communications between servers. As stated it transfers information about all XenApp functions like licenses, policies, sessions and server loads. All management tooling within these versions of Citrix’s PS/XA rely on this service for information.
According to Communication ports used by Citrix Technologies IMA uses the following ports:
| Ports | Source | Prot. | Comment |
| 2512 | Common Citrix Communication Ports | TCP | Independent Management Architecture (IMA) |
| 2513 | Access Gateway 5.0 Controller administration | TCP | IMA-based Communication |
As we can see IMA uses 2512 (by default) to communicate with other servers and the Access Gateway Controller uses 2513 (by default) for IMA-based communication. The port IMA uses can be changed or queried via the commandline tool IMAPORT.
Brian Madden did a blogpost way back in 2007 but it’s definition of IMA is still current:
Independent Management Architecture is:
- A data store, which is a database for storing MetaFrame XP server configuration information, such as published applications, total licenses, load balancing configuration, MetaFrame XP security rights, and printer configuration.
- A protocol for transferring the ever-changing background information between MetaFrame XP servers, including server load, current users and connections, and licenses in use
FMA
With the introduction of XenDesktop we got a new architecture called Flexcast Management Architecture. This new architecture has got an agent-based setup where we can install the operating system including the basic applications that need to be installed and after that we can install an agent. This agent registers itself to a controller and is offered through StoreFront to the end user.
This will be delivered by two different types of agents, one to support Windows Server OS’s and one for Windows Desktop OS’s.
Andrew Wood did an article on Excalibur and used this diagram to explain the architecture:
Citrix FlexCast Management Architecture
- Receiver provides users with self-service access to published resources.
- StoreFront authenticates users to site(s) hosting resources and manages stores of desktops and applications that users access – Web Interface as a platform is essentially resting, but it will cease to be.
- Studio is a single management console that enables you to configure and manage your deployment, a dramatic reduction over the 23 consoles you could well have today. Studio provides various wizards to guide you through the process of setting up an environment, creating workloads to host applications and desktops, and assigning applications and desktops to users.
- Delivery Controller distributes applications and desktops, manages user access, and optimizes…
Continue reading here!
//Richard
Explaining #Citrix Pass-through Authentication
Check out this great blog post from Joel Bejar:
Introduction
Pass-through authentication is a simple concept. User credentials are passed to a Web Interface site and then to the XenApp/XenDesktop servers, preventing users from having to explicitly authenticate at any point during the Citrix application launch process. While this authentication method seems straightforward, there are some moving pieces, and this article aims to break these down to provide a more detailed understanding of how this process truly works within Citrix.
Pass-Through Authentication – Web Interface Site
The first step to the pass-through process occurs at the Web Interface site. Users are able to navigate to the web interface site, and their credentials are passed through and they are presented with their Citrix delivered resources. Web Interface is built on Internet Information Services (IIS). For pass-through authentication to work, IIS Integrated Windows Authentication must be leveraged. Formerly called NTLM, this authentication method hashes the user credentials before they are sent over the network. When this type of authentication is enabled, the client browser proves its is authenticated through a cryptographic exchange with the Web Interface server, involving hashing. Because of this, the web browser is responsible for authenticating with the Web Interface Server (IIS). It is important to note, though, that credentials are actually never exchanged. Instead, the signed hash is provided to IIS, proving that said user had already been authenticated at the Windows desktop. The web interface user uses the user’s AD context (sometimes referred to as a token) to retrieve the user’s AD group membership and pass this list of groups directly to the XML service for authentication. At this point, the user has successfully passed through to the Web Interface site, and can now view his/her Citrix resources.
- The WI server must be in the same domain as the user, or in a domain that has a trust relationship with domain of the user.
- If the WI server and user are in different domains, and resources are published using Domain Local AD groups in the user domain, then the WI will not be able to enumerate these, even with a proper AD trust relationship (due to the very nature of Domain Local groups).
- The WI site should be added as a Trusted Site or Intranet Zone site in Internet Explorer. In addition, the security settings should be modified so that User Authentication\Logon is set to ‘Automatic Logon with Username and Password’.
- Pass-through authentication is not supported on Web Interface for NetScalerPlease Note: Pass-through authentication and Kerberos authentication are not interchangeable and they have different requirements.
Pass-Through Authentication – XenApp/XenDesktop Session
One of the biggest misconceptions with Pass-Through authentication in Citrix is that it only occurs when a user navigates to the Web Interface site and he/she is automatically passed through. As mentioned above, this IIS authentication method that is being used does not actually exchange the user password. In other words, Web Interface is never in control of the user credentials. This brings up the question: How are users passed through to the actual XenApp/XenDesktop ICA session?
While the web browser has a role in authenticating the user to the web site, the Citrix client (Citrix Receiver) plays an integral role in making sure the user is fully passed through to the application or desktop. Citrix Receiver installs a process called SSONSVR.exe, which is the single sign-on component of the client (no, not password manager SSO, but rather desktop credential pass-through authentication SSO.) This process is fully responsible for passing the user credentials to XenApp or XenDesktop. Without this piece, pass-authentication will not function.
Continue reading here!
//Richard
#Citrix #StoreFront Planning Guide
Ok, this product has caused some headache since it was released. And I must say that this guide is something that Citrix should have release a long time ago… there are so many companies out there struggling with how to deal with Web Interface being faced out and how/what to do with StoreFront!
So enjoy!
Download StoreFront Planning Guide!
//Richard
Great UI Theme improvement setting – #AccessGateway, #NetScaler, #Citrix
I must say finally! It’s not a 100% yet for everyone out there but it’s a step in the right direction. The NetScaler, Access Gateway, Web Interface, StoreFront and Receiver has not really been in synch when it comes to UI and end-user experience…. But now Citrix has improved it!
Access Gateway is a secure remote access product and hence tends to be the entry point for corporate users, wanting to access their enterprise applications and desktops. Given this, it makes sense for corporates, to try and customize the logon experience on Access Gateway, to match their corporate look and feel.
Access Gateway has always allowed for this customization, though, it’s been somewhat of a tedious process. With the new 10.0.71.6014.e release, we are making an attempt to simplify this experience.
UI Customization on Access Gateway is a multi-step process:
- Access the built in theme web pages and customize them, to match the corporate requirements
- Apply the modified theme (collection of web pages) at the right location
- Modify certain scripts to make this change persistent
- Every time the firmware has to be upgraded, take a backup of the customized pages and scripts and re-apply the same after the upgrade.
A quick Google search will give you a number of helpful and very accurate blogs/articles, on how to tweak the web pages to customize and create your corporate look and feel. Some of my favorites are:
- http://blogs.citrix.com/2012/04/19/green-bubble-theme-for-citrix-netscaler/
- http://jariangibson.com/2012/04/16/apply-citrix-receiver-theme-to-netscaleraccess-gateway-10/
With this new release, we have automated all the other steps (i.e. 2-4) for you. Instead of having to worry about how to apply this theme, or having to take backups every time you upgrade, the new release will automatically handle this for you.
To see the new offering in this r…
Continue reading here!
//Richard
#Citrix #Receiver 3.4 and 11.7 = is the #SmartAccess story more real now? – #CloudGateway, #AGEE, #NetScaler, #StoreFront
Citrix has now released version 3.4 of the Receiver for Mac and Windows, but what is the main added value with this release?
First of I’d like to ask you to review my previous post where I questioned the Citrix SmartAccess story that I believe is not there end-to-end and that really is a lacking feature for scenarios where you’d for instance want to support more BYOD models etc. You need to determine the person accessing the service and also what what type of device it is, trusted or not etc. And I in the previous post I argued that Citrix doesn’t deliver according to their SmartAccess story;
#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA
And for you that haven’t read about the new Receiver 11.7 or OS X and 3.4 for Windows check these posts:
Receiver for Windows 3.4 released
Receiver for Mac 11.7 Released
The table below is from the previous SmartAccess post and my theoretical review right now is that the SmartAccess story for Windows and Mac OS X clients have improved. As you can see in the two rows for Receiver 3.3 and 11.6 where you would access through a Receiver through an AGEE you would NOT be able to perform host checks using the EPA scans.
This was just not possible though the native Receiver didn’t have that capability to trigger the EPA scans. And the EPA plugin itself was not available in the native Receiver on the OS X, it was bundled into the Access Gateway plugin.
| Client | Access method | EPA/Host-check possible on AGEE | Comment |
| Windows with Citrix Receiver for Windows 3.3 | Receiver 3.3 | NO | You’ll never be able to do host-checks on this device if Receiver access is used due to that the Receiver does not have EPA scan capabilities. |
| Windows with Citrix Receiver for Windows 3.4 | Receiver 3.4 | YES | Now when the Receiver is communicating with the Access Gateway plugin and shares login credentials then you can leverage the AGEE plugin to perform EPA scans and then allow different session policies and profiles depending on the EPA scan result, and at the same time of course also pass that through to StoreFront/WI and into XenApp/XenDesktop.It does however then require that you get the AGEE plugin installed on the devices, which may be another dilemma… |
| OS X with Citrix Receiver for Mac 11.6 | Receiver 11.6 | NO | You’ll never be able to do host-checks on this device if Receiver access is used due to that the Receiver does not have EPA scan capabilities. |
| OS X with Citrix Receiver for Mac 11.7 | Receiver 11.7 | YES | Now when the Receiver is communicating with the Access Gateway plugin and shares login credentials then you can leverage the AGEE plugin to perform EPA scans and then allow different session policies and profiles depending on the EPA scan result, and at the same time of course also pass that through to StoreFront/WI and into XenApp/XenDesktop.It does however then require that you get the AGEE plugin installed on the devices, which may be another dilemma… |
My Post-Synergy View – Update 1 #CitrixSynergy #Citrix #CitrixSummit #ShareFile #CloudGateway
Ok, the week has past and Citrix Summit & Synergy is over. And with this little post I’d like to give you all my view on what the key takeaways are and also how they are related to the enhancement list that I’ve been consolidating.
As always: this is my personal view and I hope you like it, if not browse off to somewhere else! And due to that I missed my wife and kids I took the weekend off completely so this is Update 1, and I’ll summarise my whole Synergy experience in Update 2 later this week! 🙂
I changed the post layout from being a table as we say it in the previous blog into a more “readable” format below. Each heading represents the enhancement request topic and/or the takeaway item, and then the subheading of Description and Status is showing you my personal view on the topic and its status.
Enjoy!
Licensing
Description:
One of the main issues with licensing is that all products don’t supports the license server (NetScaler etc.)
Status:
Not fulfilled.
All products do still not use the license server! This needs to be changed and I’d really like to get some real reporting capabilities in place that can present how licenses are used over time, by whom and by which component (product) in the service stack.
Monitoring & Reporting
Description:
- Ensure that you can get historical concurrent user reports that spans across ALL products (NetScaler/AG, XenApp, XenDesktop etc.).
- Ensure that Citrix provides an end-2-end monitoring and reporting service for the whole Citrix stack. This to ensure that delivery organizations can deliver reports like “Service Availability in %” over time that includes all service components (NetScaler AGEE VIP, StoreFront/WI, PVS/MSC, XenServer, XenApp/VDA, Profile Server, etc. If Citrix isn’t going to do this; then please point on a product that does the job.
Status:
Read more…
Please contribute – What do we expect from Citrix? – Citrix community enhancement list
Ok, there are a lot of things that I think we all expect Citrix to deliver now in Barcelona when Synergy soon kicks off! But so far I’ve not seen someone that has been combining a community list yet…
And the most important part I feel is that I get more and more information from companies out there that have enhancement requests and issues that they have a hard time expressing and getting into Citrix. The larger enterprises can of course through their channels get more information and also make their voice heard, but the SMB’s have a hard time to do so!
So this is my attempt to start a dialogue with all of U out there on what we expect to see from Citrix in the future! I think it would be interesting to see if the items I’m waiting for a change on is aligned with the rest of the community!
So why don’t we all contribute to a list that we all can share and prioritise over time? I can for a start moderate this list if you comment or send me items that you think should be on the list and then I’ll try to make sure that people within Citrix get the items and I’ll try to follow up! Of course we need help from the CTP’s (just to be clear; I’m not a CTP so don’t get me wrong here) and others as well to put pressure and assist in the governance of this activity.
So this is my first list of items that I think that we can build upon… It’s a first draft and far from the total number of items are there so bear with me! 😉
Please comment below to have your item(s) added to the list and let’s make a change!
| ID | Product/Area | Enhancement request/Issue | Status |
| 1 | Licensing | Ensure that all products supports the license server (NetScaler etc.) | Not fullfilled |
| 2 | Monitoring & Reporting | Ensure that you can get historical concurrent user reports that spans across ALL products (NetScaler/AG, XenApp, XenDesktop etc.) | Not fullfilled |
| 3 | Monitoring & Reporting | Ensure that Citrix provides an end-2-end monitoring and reporting service for the whole Citrix stack. This to ensure that delivery organizations can deliver reports like “Service Availability in %” over time that includes all service components (NetScaler AGEE VIP, StoreFront/WI, PVS/MSC, XenServer, XenApp/VDA, Profile Server, etc. If Citrix isn’t going to do this; then please point on a product that does the job. | Not fullfilled |
| 4 | Monitoring & Reporting | Provide a monitoring solution to ensure health and best practise configurations of all products involved in a traditional “XenDesktop” stacked service. | Not fullfilled |
| 5 | Cross-product | Improve your testing!! There have been to many issues with updates to products in the “Citrix stack” that has caused issues in others, like update to XenServer that caused PVS issues, or updates to a specific NetScaler feature that caused others to fail. | Not fullfilled |
| 6 | Cross-product | Create an central update service for all products that can inform the admin about updates not applied or if components aren’t in synch in terms of SW versions etc. | Not fullfilled |
| 7 | Cross-product | Ensure that the end-user look & feel are the same across the products used in the stack (NetScaler AGEE login page, Web Interface/StoreFront, Receiver etc..). This should not require admins to do and should be a design principle. | Not fullfilled |
| 8 | Cross-product | Come on, simplify the administration of the products in the stack = reduce the number of consoles! | Not fullfilled |
| 9 | AppController | Multi-domain support | Not fullfilled |
| 10 | AppController | Support for multiple setups that can synch the DB. This to ensure that you can have an HA pair setup for instance in Europé and one in the North Americas and have the end-user be logged in against both and have their subscriptions etc follow them (as well as of course reporting, monitoring etc. etc.) | Not fullfilled |
| 11 | AppController | Support for really large AD domains with LARGE # of AD users and AD groups | Not fullfilled |
| 12 | AppController | Support for AD domain structure where the BASE DN is different to where AD users and the AD security groups you want to use for roles | Not fullfilled |
| 13 | EdgeSight | Ensure that EdgeSight or equivalent end-user monitoring and reporting is integrated and that works on both XenApp and XenDesktop VDA’s and that doesn’t increase the IOPS with rediciolous numbers… | Not fullfilled |
| 14 | NetScaler | Create SDX platform to run on all MPX appliances, for more info why see; NetScaler MPX vs. SDX dilemma; https://richardegenas.com/2012/10/03/netscaler-mpx-vs-sdx-dilemma/ | Not fullfilled |
| 15 | NetScaler | Provide out of the box integration with the Single Sign-On product (former CPM) so that Account Self-Service can be made directly from AGEE VIP login page. | Not fullfilled |
| 16 | NetScaler | Add support for AG session policies so that ICA proxy can be turned on for specific published apps and desktops and not per session. This for situations where you might have one app or desktop that sits behind an AGEE and others don’t. | Not fullfilled |
| 17 | NetScaler | The NetScaler/Access Gateway HTML/GUI pages used shall be able to be customized per AGEE/AAA Virtual Server. Today they are global pages so that specific modifications/customizations cannot be made and you have to buy an additional NetScaler unless major customizations are done and then life-cycle management becomes an issue. | Not fullfilled |
| 18 | NetScaler | Change so that you can specify different Authentication policies and requirements mapped to Session policies instead of to a Virtual Server, AAA group etc. This could then provide a way so that you could offer ICA proxy mode with single auth and two-factor if you launch/select to open an SSL VPN tunnel | Not fullfilled |
| 19 | NetScaler | It would be good if you on the Receiver could select what authentication you want to perform upon login and not just at setup of the Account. That would mean that you could pass that info the the NS VS and then in AGEE handle that to the authentcaiton policies and session policies. Then a user that has forgotten a hardtoken could still get access but only in ICA proxy mode and have all virtual channels disabled without having to have multiple accounts in the Receiver and admin doesn’t need multiple NS AGEE VS. | Not fullfilled |
| 20 | Merchandising Server | Ensure that it supports larger AD environments and multi-domain support | Not fullfilled |
| 21 | Merchandising Server | Create a central DB for config etc or ensure that MS is migrated into SF asap. | Not fullfilled |
| 22 | Provisioning Services | Improved/simplified support/update functionality for when you use KMS licensing | Not fullfilled |
| 23 | Provisioning Services | Create REAL update msp or msi files for updates, you can’t require admins to go in and replace DLL-files etc in 2012 | Not fullfilled |
| 24 | Provisioning Services | Implement replication of vDisk files (diff-files) etc so that it’s automated within the PVS solution so that you don’t have to rely on DFS-R etc. | Not fullfilled |
| 25 | ShareFile | Ensure that encryption on local devices are available for all device types and OS’s (iOS, Android, Windows Phone, Win XP/7/8, Linux, OS X) | Not fullfilled |
| 26 | ShareFile | Design the product so that you could leverage public storage providers for your storage but encrypt it using your own PKI service and proxy traffic to it through the Storage Center server(s) without having to invest in in-house storage solutions and reduce CAPEX. | Not fullfilled |
| 27 | ShareFile | Design the solution so that you can configure the plygin/Receiver functionality when it comes to StoreFront on groups/roles instead of just for the whole account. | Not fullfilled |
| 28 | Storefront | Support for multiple setups that can synch the DB. This to ensure that you can have an HA pair setup for instance in Europé and one in the North Americas and have the end-user be logged in against both and have their subscriptions etc follow them (as well as of course reporting, monitoring etc. etc.) | Not fullfilled |
| 29 | Storefront | Simplify configuration and branding of the StoreFront for Web sites like most other providers have and they had in Web Interface | Not fullfilled |
| 30 | Storefront | Add all features that where available in Web Interface | Not fullfilled |
| 31 | StoreFront | Design the product to allow the user to select whether he/she can group apps and desktops into folders or tabs in StoreFront for Web | Not fullfilled |
| 32 | Receiver | Ensure that email-enrollment to StoreFront stores can somehow support multidomain support (like if you have multiple users having the same email-address; name@company.com can be linked to different AD domains | Not fullfilled |
| 33 | Receiver | Corporate branding for the Receiver, logo, text etc. | Not fullfilled |
| 34 | Receiver | Ensure that all Receivers have the same look & feel and functionality. Like the secondary and primary password field names should be the same on a Mac and a Windows client, as well as other features. | Not fullfilled |
| 35 | Receiver | Add so that Receiver passes DOMAINNAME to NetScaler/AG VS so that it can be used to determine which AD domain to authenticate with. In todays version you have to either make one VS per domain or cascade through multiple domains on the same VS. And cascading is available as a workaround but triggers failed logins against AD and is not that nice and security/AD teams are not that happy… | Not fullfilled |
| 36 | XenDesktop | Support for Linux VDA’s (Ubuntu for example) | Not fullfilled |
| 37 | XenApp | Support for Linux Terminal Servers (Ubuntu for example) | Not fullfilled |
I’ll post an excel-spreadsheet as well for download soon, and then let’s see if there is an interest or not! 😉
Cheers!
//Richard
Web Interface 5.4 vs. StoreFront 1.2 – What has changed since last comparison?
Hi all,
Ok, let’s start this post by thanking Thomas Koetzing for his newly updated post! Thx a lot man and keep up the great work!
Thomas has summarized most of the features that Web Interface 5.4 offers and how StoreFront matches that, it’s a really good table and one that all of you architects out there shall review and plan accordingly. What are you using today and what are the needs going forward, then once you have your business needs and requirements you have your wanted position and it’s just to make a roadmap of how your service gets there, or not if features are missing, then call Citrix!! 😉
I think that Thomas’s summary is good, one thing to consider though that I really urge you to think of is if you’re planning to use multiple access points around the world for an enterprise. How would this work? What if you have one in Europe, APAC and Americas? You would probably have a couple of NetScalers with AGEE and use GSLB to nicelly provide a simple URL for everyone and network proximity or so to direct the users to the closest entry point. But that regional NetScaler would most likely have its own set of StoreFront servers including a pair of AppControllers to ensure that you don’t have a single point of failure in terms of your internal WAN to get to another regional StoreFront/AppController setup from the local NetScaler AGEE? And if you then think like me; how are you going to do this?
The StoreFront server is relying on the DB for the subscriptions that the end-users have done in terms of selection apps etc for his “workspace”, and the same is with the AppController! There is no “supported” way today that I’ve found where you can synchronize two or multiple sets of HA-pairs of StoreFront or AppControllers so that no matter where the end-user is logging on he/she doesn’t get the same set of subscriptions (apps, desktops, SaaS, etc.) and neither his/her SSO credentials if AppController is used. And just imagine how it would be if you integrate and use the federation of SaaS applications on all locations and an end-user is logging in and subscribing from multiple AppControllers agains for instance Salesforce, and how would you do the overall enterprise reporting? This is the enterprise feature I’m missing and I’m hoping that we could see some solution to this fairly soon!
And it’s now you should start evaluating StoreFront, this is key to understand what it offers now so you know where you are compared to your As-Is architecture with Web Interface and map that to your wanted position going forward!
But a part from that I must say that Thomas did a great job in his comparison and read more about it in detail here!
//Richard
The IT Melting Pot! 