If you’ve been following along our Citrix expertise journey, we’ve built out a fantastic platform on a variety of hardware options or, ideally, Microsoft Azure, and put all the control and connectivity pieces together in a heavily optimized, and likely distributed model that’s agile to scale (and even shrink) with technical and business demand. Now, we shift focus into a business’ resources.
The Resource Layer focuses on traditional items including desktops and applications but is now also extended to data. Desktops would typically be straightforward, and they generally are, however often overlooked is the optimization of Windows 10 to suit the technical requirements of the infrastructure and minimize the “as a service” nature of Windows 10. Deploying the proper branch of Windows 10 is just as important as the optimizations deployed within to ensure optimal user experience. Further, selecting the appropriate profile and workspace management solution ensures these optimizations persist as Windows 10 evolves. This includes Citrix Profile Management, Workspace Environment Manager, data redirections and replication, and even third-party considerations such as FSLogix, Microsoft’s recently acquired profile management solution. In a multi-user environment, Microsoft Windows Server 2016 carries the same caveats, and must be carefully constructed to ensure a repeatable and positive user experience.
As desktops and/or servers are deployed, applying, maintaining and enforcing licensing must also be done through mechanisms that scale, including Microsoft KMS, Azure, and Office 365. This type of licensing not only applies to the operating system, but also to applications that reside within the standard operating environments and is needed for compliance reasons including VDA and RDS client access licenses. For anyone that has perused the world of licensing in a Citrix environment, you’ll likely come out with more questions than you went in with.
On the applications side is where we see the most variability. Generally, all organizations use one flavour of Microsoft Office, and some remain quite legacy in their choice (for supportability purposes). Applications can make or break a Citrix design by introducing unnecessary overhead and complexity if deployed improperly. Fortunately, there are many tools available today to streamline and simplify the delivery of applications through application streaming and application virtualization, notably, Microsoft App-V and Citrix Application Streaming, which both provide virtualization capabilities with and without a Citrix Apps and Desktop footprint. Successfully packaging applications using these tools requires skill, expertise and previous experience, as well as alignment to best practice to ensure longevity and supportability.
However, not all applications can be virtualized or streamed, nor are all applications ideally suited in a multi-user or VDI environment. Our deep understanding of applications spreads over several decades of combined experience which allows us to effectively identify the ideal deployment option for an application just by hearing its name. For example, Revit is ideally suited in VDI with GPU support, or as RemotePC with existing GPU-enabled physical desktops; Cerner is ideally suited in server-based deployment; Office 365 is suited for both pooled VDI and server-based with shared licensing mode. Other applications, though suited for a multitude of deployment options, may need some tender care to ensure they function properly without overly taxing the deployment model. In certain situations, legacy 16-bit (and even 8-bit) applications must remain as they support a critical business function, and how those applications can be “modernized” to co-exist with present day applications is a challenge we’re always up for.
What about web applications? Good question. Web applications, such as those you’ve deployed internally within your own data center, require due care as well. If you’re exposing these web applications externally, either for internal, public, or partner consumption, you’re also exposing yourself to risk, and minimizing that risk of compromise, integrity and availability is on your shoulders. Citrix ADC (formerly NetScaler) also rests in the resource layer and provides immense benefit to web applications through optimization, load-balancing (locally or globally), context switching and even application firewall. Deploying Citrix ADC in the absence of Apps and Desktops is extremely common – so much so that, at one point, you could quote that “75% of all internet traffic goes through a NetScaler”. This statistic is likely even higher these days.
Citrix ADC is a complex beast.
If you can imagine it, Citrix ADC can likely do it. Historically, we’ve deployed Citrix ADC as remote access to Citrix Apps and Desktops (up to 24,000 users!); as a SAML IDP and SP; as an ADFS front-end solution; as a front-end for ticket sales websites; as a cluster supporting banking sites; as a front-end solution for Skype for Business; as content switching for 50 websites; a reverse-proxy for GIS applications; a micro-VPN and SSL-VPN solution; and a MITM solution for decrypting and inspecting traffic flows (to name a few). We’ve also used Citrix ADC to revamp a fleet of Cisco ACE appliances with automated conversions – in weeks, not months.
Today we’re also faced with unique considerations around how and where data is accessed, as the demands for data accessibility while mobile and remote have put constraints around traditional data repositories (i.e. the “file server”). As a result, users have opted to leverage their own data sources such as Google Drive and Dropbox to get around limitations in accessibility, increasing the risk of data leakage. However, it’s not always the user who brings the data repository, services do as well. For example, a subscription to Office 365 can provide two distinct data repositories – OneDrive and SharePoint (and Microsoft Teams). How do modern businesses now factor the need for data portability within their strategy, with or without Citrix?
Firstly, it’s important to understand how data can be accessed based on what you have available today (Office 365 would warrant use of OneDrive and Microsoft Teams for both personal and corporate data repositories) and how to get data from on-premises to these repositories (it’s easier than you think). For organizations that have invested in both Citrix and Microsoft technologies, it may be worthwhile to explore the advantages of amalgamating access to data as well as applications and desktops through Citrix Workspace and the use of Citrix Content Collaboration, which can cloud-enable your existing traditional data repositories while integrating with leading cloud-based data providers, even OneDrive. Further, the nature of Citrix Content Collaboration can be deployed in the absence of Apps and Desktops to simply mobilize your data repositories and provide more agility in how data is used and manipulated, internally and externally.
Office 365 also presents some unique impacts to not only Citrix, but to the infrastructure itself. Clients who have historically leveraged Microsoft Exchange (or some other mail platform) who move to Office 365 (either in replicated, “lift and shift”, or hybrid strategy) encounter the occasional hiccup. We’ve been there and done that. One common pitfall, and we can thank early Microsoft advice, occurs when your internal domain name does not match your e-mail domain name (i.e. thirdoctet.local and thirdoctet.com). Moving to Office 365 with this topology would have quite the impact on user experience due to the difference in what the user must enter for their authenticating username (or UPN) for Outlook, Skype for Business, Teams, and related services. The best approach is to step back, determine the changes that are necessary to provide alignment of UPN to e-mail address and then move forward with Office 365 integration. Alternatively, if UPN to e-mail alignment is not possible, or not desired (maintaining separation for security reasons), then it is necessary to thoroughly understand the user impact and provide clear training to staff to ensure user experience is not impacted.
Office 365 can also expose faults in network connectivity. Where organizations traditionally depend on local instances of Microsoft Exchange, a move to Office 365 would put significant pressure on internet connectivity and could negatively impact performance if these internet conduits were not capable of meeting demand. This becomes increasingly important if a primary driver for Office 365 migration was for the use of Skype for Business or Microsoft Teams. In the presence of Citrix, Office 365 also requires careful thought and design around the impacts of cache (OST files), real-time conferencing, single sign-on, licensing and overall performance. Neglect of these components can destroy confidence in Citrix (the tip of the iceberg) quickly.
Lastly, Office 365 still carries significant responsibility on you. For one, with backups – beyond thirty days, the data in Office 365 is your responsibility to back up, not Microsoft’s. Secondly, with security – Office 365 is not hardened out of the gate and requires significant configuration to ensure the platform is hardened to mitigate risk and ensure alignment with operational requirements. These two critical pieces are overlooked with most deployments. If you’re already in Office 365, have a look at your Microsoft Secure Score and compare that to industry benchmark. Then give us a call to help increase your score.
To summarize, desktops, whether client- or server-based, need special consideration in design and deployment to ensure optimal user experience. This is relative to strategies in the absence of Citrix as well; applications require due diligence to determine the ideal deployment methodology, co-existence strategies, and the technologies that can simplify deployment through layering or virtualization, or even application modernization. Data is everywhere, and identifying the best strategy to mobilize and accommodate data demands is increasingly important today, especially as we distribute data and applications across distinct delivery strategies and consumption models.
Next up – opening our efforts thus far to incredibly diverse access methodologies. Read on.