Beyond Citrix Experts: Experts in Control

Written by Erin Brennan

December 11, 2019

Continuing on our thread of Citrix expertise – where, in the last post, we discussed hardware, hypervisors, hyperconvergence, and hyperscale – here we’ll be looking more at control.   

Steve Jobs famously said, “I’ve always wanted to own and control the primary technology in everything we do” and, though we like to take the same methodical approach, we can’t possibly do so (we’d likely be writing blogs elsewhere at this point).  However, the key point is that control is an important aspect of infrastructure, and whether that control is provided in-house, on-premises, or extended through relationships with service providers, it’s an important, and often overlooked, layer in Citrix design. 

Control Layer

The Control Layer, in a traditional Citrix environment, would encompass the mechanisms to support the Citrix platform, including licensing, Microsoft SQL databases, controllers, provisioning mechanisms, integration with hypervisors both on-premises and in cloud, as well as Microsoft operating systems and, importantly, Active Directory Services. To ensure success of Citrix, we have to ensure health alignment of these resources as well.  Where Citrix was always under our control and guidance, it was easy to properly design and deploy these resources; however, outside of that, we typically found fault or external impact on our success in Microsoft Active Directory Services, Microsoft SQL, or DNS and DHCP.  Remediating these areas required skill, knowledge, expertise, and deep awareness of any potential impacts of our changes beyond the immediate scope.  We are experts in Control.

Hybrid Authentication

In today’s hybrid world where most businesses have extended their Active Directory Services environment to Cloud, such as through Microsoft Azure Active Directory for Office 365 authentication, we’re required to ensure we align the best integration approaches within existing topologies, or defining the topology to align with the integration approach.  This has included extending Active Directory across boundaries to support hybrid deployments, to deploying and integrating single sign-on through federation with ADFS or third party SAML providers such as Okta, Ping, and Oracle and certificate authority integration, to Azure AD solely joined Windows 10 devices deployed in Azure and coupled with Microsoft Intune for device management. 

Citrix Cloud

Further, today’s control layer has expanded to include Citrix Cloud, which serves as a replacement for the traditional components of Citrix management on-premises and also expands into additional service capabilities, such as Analytics, Endpoint Management (formerly XenMobile), Workspace Environment Manager, and Access Control, to name a few.  These services can complement existing Apps and Desktops deployments, or function well on their own, which raises a good point (and digression) – as businesses move more and more towards software-as-a-service, they question the need to leverage Citrix technologies any longer and, by that nature, Third Octet, as we, after all, are the Citrix-only experts.  Valid point, but again a point that is based in a legacy perception of what we, and Citrix, can actually do. 

Apps and Desktops has largely been a platform to deploy just that – applications and desktops.  As more and more SaaS is deployed across Enterprise, businesses are free to simply allow these applications to be accessed directly – think of Office 365 and Salesforce.  This is fantastic for user experience, but not so great for IT.  We lose visibility into how these applications are being used, and how the data within these applications is being manipulated, shared, or exfiltrated.  In most cases, there are controls provided by the SaaS vendors to mitigate some concern, secure these platforms, and provide visibility into utilization; however, we’re deploying separate controls across two distinct environments – controls for our traditional on-premises environments and separate controls for our SaaS applications.   

Benefits to SaaS

This is where Citrix and Third Octet still provide value by not only amalgamating the delivery of traditional on-premises applications, but also SaaS applications, and wrapping the entire delivery strategy with a common set of controls and great visibility into utilization through analytics, machine learning, and artificial intelligence.  Controls can be further bolstered using Citrix Endpoint Management, permitting easy onboarding of employee-owned devices while minimizing risk, coupled with Citrix Access Control to ensure threat mitigation and insight into web application usage.  And, where gaps remain, leveraging Microsoft Azure AD security capabilities to minimize attack vectors on authentication and authorization through identity protection and conditional access. 

In short, defining the control layer is no longer isolated within a single data center, or single cloud, but extended outwards in many directions.  To guarantee a properly designed and secure control layer, we must understand the impacts on existing on-premises infrastructure, the extensions to cloud providers, fault tolerance and availability, and the risk and mitigation requirements to ensure the success of both Citrix and the business.  We must also understand, plan, and guide technical capabilities to business growth, looking not only at the immediate use cases, but potentials for growth and design to accommodate the need in an agile, yet costeffective manner.  These skills are what make us experts in Control.

Until next time, contact us to learn more about our capabilities of being experts in control.

Read Part IV: Experts in Resources

You May Also Like…