Archive
Receiver for Windows 3.4 released
About Receiver for Windows 3.4
Citrix Receiver for Windows provides users with self-service access to resources published on XenApp or XenDesktop servers. Receiver combines ease of deployment and use, and offers quick, secure access to hosted applications, desktops, and data. Receiver also provides on-demand access to Windows, Web, and Software as a Service (SaaS) applications. You can use it for Web access or configure it for use with Citrix CloudGateway.
What’s new
Citrix Receiver for Windows 3.4 (CitrixReceiver.exe) provides the following new features and enhancements.
- Single authentication to the Access Gateway:
- Use of a single session for both VPN and clientless access so that a Receiver user logs on once for both types of access and consumes only one license. This feature requires StoreFront.
- Automatic routing of ICA traffic through the Access Gateway ICA proxy for optimal user experience.
- Automatic start-up of a VPN tunnel when a user logs on. This feature requires that you disable the Single Sign-On with Windows setting on the Access Gateway.
- Support for Access Gateway SmartAccess controls.
- Improved logon and logoff operations:
- Users are prompted to log on to Receiver only when a logon is required. Actions that require a log on include starting an app from Receiver or the Start menu, using the Refresh Apps command, viewing or searching for apps, or adding an account. A user is logged on only to the account associated with the requested resource.
- Users remain logged on until choosing to log off or exit Receiver, roam from the internal network to an external network, or delete passwords.
- A VPN tunnel is established when a remote user performs an action that results in a logon. Internal users are logged on to StoreFront.
- Support for Windows 8. You can use Receiver for Windows 3.4 on Intel-based Windows 8 devices. (Receiver for Windows 8/RT is available on the Windows App Store for ARM-based Windows 8 devices.)
- Support for Windows Server 2012 R2, 64-bit edition.
- Support for Project Thor Technical Preview (XenApp Connector). Receiver for Windows 3.4 can be used with Project Thor Technical Preview to deliver apps with Microsoft System Center 2012 Configuration Manager.
- Usability improvements, including:
- App and desktop Start menu shortcuts are no longer copied to other devices, enabling users to control the location of shortcuts on each of their devices.
- The Request button is removed. Users can now simply click to add an app and, if a request for permission to add the app is required, a dialog box appears.
- Arrow keys can be used to navigate search results.
- Users will experience fewer dialog boxes when adding and removing apps.
- Error messages and certificate warnings are clearer.
- Users can reset Receiver to factory defaults. For information of preventing user resets, see http://support.citrix.com/article/CTX135941 in the Citrix Knowledge Center.
- Support for session pre-launch. The session pre-launch feature reduces launch times for applications delivered through Web Interface sites.
- Support for ShareFile StorageZones. Receiver for Windows supports both ShareFile-managed cloud storage and on-premises StorageZones.
- Upgraded FIPS support. Receiver for Windows 3.4 supports certificates with a minimum public key of 2,048-bit RSA and a SHA256 signature hash algorithm.
Receiver for Windows Enterprise
The Receiver for Windows Enterprise 3.4 package (CitrixReceiverEnterprise.exe) provides the following enhancements:
- Support for smart card single sign-on for Windows 7 devices. When used with Web Interface, Receiver for Windows Enterprise 3.4 enables smart card pass-through authentication from Windows 7 devices.
- Support for Fast Connect. Fast Connect provides the necessary technology for partners to rapidly authenticate users to Citrix sessions or desktops.
For information about Receiver for Windows Enterprise, including compatible systems, refer to the Receiver for Windows 3.2 documentation in Citrix eDocs.
#Citrix #SmartAccess = A complete story or not? – #NetScaler #AGEE #EPA
This little blog post is about Citrix SmartAccess. I’ve been a fan of SmartAccess for a long time, and it’s also something that Citrix has been talking a lot about in their story. The way that Citrix technology can provide applications, desktops and information to end-users on any device in a secure and controlled way.
But the purpose of this blog post is to give you my view of this story, and how true the SmartAccess story is. Remember that this is my personal view and that I’ve actually not tested all my theories below so parts of it is purely theoretical at this stage.
So a bit of background first to build my case…
Citrix has been going on about SmartAccess, and it’s been true that the Access Gateway capabilities once added to Web Interface and XenApp/XenDesktop where great in terms of adding another layer of functionality that the IT supplier could use to determine how the XenApp and XenDesktop environments where accessed, and from what type of device. The device detection/classification is done through host checks (Endpoint Analysis Scans, EPA) that the Access Gateway feature provided as a pre- or post-authentication scan. This scan then resulted that either the device met the policies or didn’t, and then this policy could be leveraged by the other internal components (XenApp/XenDesktop) to control/manage which apps, desktops and functionality (virtual channels like printing, drive mapping etc.) that the end-user should get for that specific session.
And this was/is working well for certain scenarios from a technical point of view. But is it really working for the whole story that Citrix and the whole IT-industry is driving now with BYOD etc.? Think about the message that is being pushed out there today, use any device, we can control and deliver according to security policies, we can provide access from anywhere, etc…
And this is where it becomes interesting. All of a sudden then you as an architect are to take this vision that your CIO or IT-board has and realise it into manageable IT services that combined deliver a fully fledged IT delivery of Windows, Internal Web, SaaS, Mobile and Data for this great set of use cases and scenarios. Wow… you’ve got yourself a challenge mate!
This text is from the Citrix homepage about SmartAccess;
SmartAccess allows you to control access to published applications and desktops on a server through the use of Access Gateway session policies. This permits the use of preauthentication and post-authentication checks as a condition for access to published resources, along with other factors. These include anything you can control with a XenApp or XenDesktop policy, such as printer bandwidth limits, client drive mapping, client clipboard, client audio, and client printer mapping. Any XenApp or XenDesktop policy can be applied based on whether or not users pass an Access Gateway check.
So let’s start of then with going back to the SmartAccess which is the topic of this blog!
Issue 23 – The XenDesktop Experience A Technical Publication for XenDesktop Customers
Ok, Citrix has again released the XenDesktop technical publication, have a look at it!
Example topics include;
- High Availability for Citrix XenDesktop and Citrix XenApp – Planning Guide
- How to Tighten the Security of Windows Desktops
- Tackling Windows Migration
Continue reading here!
//Richard
What’s new in SCCM 2012 SP1 – update
In my last post around SCCM 2012 SP1 (yes I know that I’m not supposed to use that abbreviation but I’m still gonna do it!) I forgot to look at and mention another important feature I must say…
OS X support!!!
This is really interesting, I bet that there are so many companies and architects out there sitting with X amount of different MDM and MAM solutions just to fit their needs around device and application management. But there are few out there that are covering all the OS’s and device types in a good manner.
Is SCCM going to try and tackle this at least for the MS, Linux, UNIX and OS X devices? And will they succeed all the way, don’t think so short term but long term perhaps. So now we architects have something to look forward to when planning our wanted position in this area and start evaluating the options for the roadmap towards it!
What’s new in SCCM 2012 SP1 (find more here)
Client Deployment
The following items are new or have changed for client deployment in Configuration Manager SP1:
- Apple Macintosh ClientThe Mac client can be installed on computers that run Mac OS X and provides capabilities to deploy software, collect hardware inventory, and to manage compliance settings.For more information, see How to Install Clients on Mac Computers in Configuration Manager.
- Client for Linux and UnixThe client for Linux and UNIX can be installed on servers that run a supported version of Linux or UNIX, and provides capabilities to deploy software and collect hardware inventory.For more information, see How to Install Clients on Linux and UNIX Computers in Configuration Manager.
- Windows Embedded Client Deployment: You can deploy clients to embedded devices in the same way that you deploy clients to other Windows-based computers.For more information, see the Deploying the Configuration Manager Client to Embedded Devices section in the Introduction to Client Deployment in Configuration Manager topic.
And you guys that want a nice summary of the whole System Center SP1 suite have a look at this great summary from Thomas Maurer!
//Richard
Vulnerability in Citrix Receiver with Online Plug-in for Windows could result in arbitrary code execution
Severity: Medium
Description of Problem
A vulnerability has been identified in the Citrix Receiver with Online Plug-in for Windows that could potentially allow an attacker to execute arbitrary code on the client device in the context of the currently logged in user.
This vulnerability is present in all versions of the Citrix Receiver for Windows up to and including version 3.2 and all versions of the Citrix Online Plug-in for Windows up to and including version 12.1.
For more information click here!
//Richard
The IT Melting Pot! 