So you've done a nice job cleaning up your VDA. You've optimized, removed extra user profiles and even ran cleanmgr to cleanup your system's 2 GB+ of old updates. You deploy the image… and get a message that you've been logged on with a Temporary Profile. A look at the Event Logs leads you to Event 1511. Here's what's going on in most cases.
Unfortunately, Citrix has done it again with Citrix Workspace… showing off something pretty cool and adeptly showing off how it works… but not really explaining very well at Synergy how it will be deployed. So I thought I would get some down-to-Earth thoughts together of what's going on up in the clouds from an Architect perspective.
Feeling lazy or just don't like reading? The long and short of it is that you can aggregate Cloud Control and On-Prem Control for your resources by purchasing or upgrading to the Citrix Workspace Service. Still confused? I thought you may be. Maybe it's time to take a few minutes and read this one… But before you do here's an important methodology lesson:
- User/Subscriber Layer – This is the users themselves and any peripherals they attach to. It defines how users use a product.
- Access Layer – This is how access to applications is controlled. In the Citrix world we're largely talking StoreFront, NetScaler Gateway and if you are still living in 2003, VPN.
- Resource Layer – This is important! The Resource layer is the… you guessed it, resources the users need access to. Be it Applications hosted on Server OS, VDI Desktops or even SaaS apps. The Resource Layer defines what they are, where they are located and most importantly- how they are structured and maintained.
- Control Layer – This is what we define in the Citrix world as the components that aggregate and control resources. It includes Active Directory, Databases, Licensing and services such as the Delivery Controller. An important element of the Control layer is policies.
- Cloud (Hardware) Layer – All these services have to live somewhere, and this layer defines it.
- Operations Layer – Someone has to maintain all of this- and the Operations Layer is where we define all of this.
#MethodologyMatters when you can aggregate on-prem and Cloud Control with #Citrix Workspace Service. Click To Tweet
Citrix Workspace a Subscription Service
First off- when we are talking Workspace SERVICE, we are talking about the ‘everything' subscription. This means it is Apps and Desktops, Enterprise Mobility Management (MDM/MAM), File Sync and Sharing (ShareFile), and Networking (Which now includes both MAS and the Web App Security Service)… but also the Secure Browser service which is NOT included with the XenApp and XenDesktop service. You can find the full list of the checkboxes here.
Your mileage may vary of course, but if you are using even two of the ‘core' services, Workspace makes sense.
At an estimated $34.38 per user per month (Beginning prices as of June 11, 2018), Workspace is certainly not cheap… but as far as powering productivity from any location… I have to admit, this is THE premium service to make it happen these days.
So what is it giving you? Essentially, we are Hybridizing elements of the Access, Control and Operations Layer. You are still ultimately responsible for maintaining your Resources, regardless of if their location!! This is an important part that is VERY often missed when talking about Citrix Cloud, so please don't be one of those confused by it! In other words- you still maintain your own Cloud Layer. Citrix doesn't magically start giving you VDI from their cloud. The exception to this is Secure Browser… but that's a different topic.In a Hybrid #CitrixCloud YOU are still ultimately responsible for maintaining your Resources, regardless of if their location. Click To Tweet
What is the Workspace App?
The Citrix Workspace App is the new way of aggregating resources FROM THE WORKSPACE SERVICES. It makes a lot of sense because you can aggregate multiple resources, control mobile enrollment and file management all in one- very nice. But this of course brought up a lot of other questions, which largely are answered here. Note that what was shown at Synergy does require the Workspace Service Premium edition. If you are looking at this and thinking there's something familiar about it… you're right. The concept comes from XenMobile's Secure Hub- but is now brought to other devices as well as mobile. It will be generally available in Q3, with additional features coming in terms of what will happen with the ShareFile Service (that's a whole other topic).
IMPORTANT- Workspace App WILL REPLACE Receiver sometime in Q3!
Workspace App is also important because it has significant areas of impact in the User and Access layers.Workspace App WILL REPLACE #Citrix Receiver sometime in Q3! Click To Tweet
Workspace Service Can Aggregate Cloud and On-Premises Control
Up until recently it was true that if you have an on-premises (or on-prem, but never on-premise, please) Site or sites already set up, that you had to migrate to Cloud control for your resources if you bought that service. This is no longer true because of Site Aggregation. You'll be able to run both on-prem services (including local NetScaler Gateway and StoreFront) alongside the Workspace App from the cloud!
Danny Feller explains in this video blog that the Workspace service aggregates between both on-prem XenDesktop and Cloud XenApp & XenDesktop Service control planes, using the same unified Workspace App. This capability does NOT exist for existing Cloud XenApp & XenDesktop Service customers, however.
Why This Matters
To date this has been an enormous barrier to adoption, especially in places where the skillsets already exist to maintain local resources. One thing that has not been talked about yet is how this impacts Multi-Site deployments: If you can install a connector and the account you're using for logon is valid or federated… you should be able to aggregate multiple resources thru the Workspace App. This is significant for a lot of companies dealing with M&A because it allows at least the User and Access layers to be standardized more while they transition the Resources (typically a pretty huge undertaking).
Workspace Service vs Platinum vs Workspace Suite
What is Workspace?
Workspace is better thought of as a concept- where everything comes together. This is what Citrix demonstrated at Synergy with the Workspace App. The concept was that instead of keeping all of these apps up to date in Receiver, Sync, etc you could have one app that aggregates both Citrix-Hosted and SaaS apps. People LOVED this concept, I think especially a lot of the administrators and engineers in attendance. And you know what- I get it. Less to maintain? Serviced in the Cloud so it can be managed from anywhere without all the outages? It makes sense. But this concept needs to be broken out a bit because it still confuses especially those of us who have been deploying on-prem resources for over two decades that aggregate cloud resources on occasion. Now we're being asked to flip the concept and use the cloud to aggregate on-prem???
Refresher- What is Workspace Service?
Put simply, any Citrix Cloud service is merely taking what was an on-prem Control mechanism and moving it to the Cloud as a service instead of as a VM. So Citrix merely provides you with a console to manage the polices and settings, you don't need to maintain VMs. As for connecting to your cloud locations for resources, this is done via a Cloud Connector- a universal software that sits on a Windows server in your cloud to create an SSL connection to the Citrix Cloud. This has the added benefit of eliminating VPN and Firewall needs. The connector acts as a bridge between specific services within the Citrix framework only. Citrix doesn't need VPN access to your network; it only sees what you allow the Cloud Connector to see (DNS and Active Directory, along with the Citrix Resources).
As far as the Service itself? That's what you pay for – whatever service you are consuming. In the case of Workspace Service- remember that it is the inclusion of all the primary Cloud services. If that is too much or not needed- there are other Services to which you can subscribe. Keep in mind that Citrix uses a monthly per-user figure for pricing, but you typically need to pay for at least a year in advance.
Platinum and Workspace Suite are On-Prem Control
I probably shouldn't even be talking about Workspace Suite because it's essentially dead IMO, but the concept was the same- a bundled license of products which in this case included some cloud-based components; but your Resources and Control for Apps and Desktops remained in your cloud exclusively.
Platinum is still the best fit for most customers who push the edge of what can be used because it includes a boatload of useful stuff which I would get tired trying to go thru in detail. But for those that needed XenMobile as well as Platinum it made sense.
From the Citrix website: “The Citrix Workspace Suite is made up of the XenDesktop Platinum and XenMobile Enterprise products – inclusive of all the additional products included within, such as XenApp, XenMobile MDM, NetScaler SD-WAN (formerly CloudBridge), AppDNA and NetScaler Gateway user licenses.”
In other words- don't get it twisted: same name but very different functionality. The Workspace Service is much more all-inclusive and offers you the ability to run the control plane from the cloud. With Workspace Suite you administer both Control and Resource Layers.
What does all this mean to the average Enterprise customer?
Very little… for now. If I'm being honest – in my travels out in the world, most customers on Enterprise licensing aren't even fully taking advantage of what can be done with what they have. I'm actually doing some private research on this and what I'm finding is that some are even aware of benefits their licensing already has such as AppLayering and Workspace Environment Manager… but they are not utilizing them at all!
When I've dug into ‘why' this is happening, in almost every case I'm finding that there was either simply no awareness of the entitlement or in more cases there simply isn't the time or HR capital to manage said features. This is a shame because they are already paying for it. Now, I've begun addressing the problem as I can by launching a membership site where people can keep up to date and learn more about these kinds of things (and you should totally check it out!).
But I will admit this: Moving the Control and integration of these features to the Citrix Cloud makes a lot of sense. All Administrators will have to learn is how to use the consoles. Engineers will simply need to learn how to make it all fit together without having to do much of the grunt work, freeing them up their 1,713 other tasks. This has impacts on your Operations Layer! But you are essentially exchanging one cost for another… So is it valuable in that regard? Probably. But time will tell if we see any real movement there. Why?
THIS IS TOO EXPENSIVE! Well- I mean, sort of. In truth, it really isn't when you look at what you are getting. But if you are not taking advantage of the features, then it totally is not worth it.
That being said- if your organization doesn't have the ability to fully support a mobile workforce both in the cloud and on-prem… this may be worth taking a look… when you're ready. I'm not a fan of buying things because they are shiny. You really need to understand what you are getting!
That said- be mindful of your spend on this- especially around upgrade season. If you are running 50 users and have no admin staff… does maintaining on-prem really make sense? Are you really getting the value out of it? From what I'm seeing in the field right now I'd have to say no; but there is still resistance to the price point. It's a quandary for sure!
But consider this: I recently helped a customer with their upgrade to 7.15 LTSR. You know what took the longest? Dealing with their database issues! It added a whopping 10 hours of effort onto what should have been a relatively simple upgrade. So I decided to look at more of these upgrade projects. Another with issues with Windows services that disrupted the controller services. 20 hrs of effort. Another that had some massive issues with about every member of the Control layer… 80 hours of effort! Another with an issue of a sudden departing Citrix lead right before a major go-live- 80 hours + a few hundred more I couldn't catalog. The vast majority would have been avoided, which is sad.
The reality is that the skillsets aren't there any more- hiring qualified Citrix help is extremely difficult right now. This means relying on consultants. So if you are paying someone $200+/hr this can really stack up in a hurry! I think people need to start putting this into their calculations of going to the cloud, because it really does significantly reduce how much you need to spend to maintain the control; you simply need to administrate and upkeep the Resources. Not saying that's easy- but it's less work by those needing specific qualifications that are hard to find. That is very significant.
I'm Here to Help
So- is your head still spinning? Mine too in some ways. But hopefully using some fundamentals helped in some way.
But I want your feedback! I'm considering doing a comprehensive, real-world course that would help better explain the Methodology and what is needed to maintain all of this both if you use Cloud and if you remain On-Prem or do the Hybrid approach discussed here. If you are interested- please contact me and let me know! I encourage you to join the membership site or even our free Facebook Group and chat with your peers and myself about it!
This Citrix Synergy Perspective Guest Post comes from Citrix Technology Advocate Benjamin Crill. You can find out more about Benjamin at his website – https://www.icrill.com/ -DJ
Citrix Synergy just wrapped – so of course the weeks that follow are those of complete over-analysis. Let’s be honest, we are technical folks that are into details, it’s kind of into our DNA.
Citrix Synergy 2018 – An Insiders Perspective
This year’s Synergy was special for me. I was given the opportunity to participate like never before. My roles this year included:
- Citrix CTA
- External Speaker – Lunch Table Tech Chat Leader
- CUGC – Local Leader, Midwest XL leadership committee, and participant in the CUCG leadership workshop.
- Citrix Insider
Day 2 at Citrix Synergy
Synergy was a very busy time for me. So much so that my intention to do daily blogs… didn't happen.
So- here's a 2 in one with an added wrap up bonus!
For those that don't know- Citrix is talking about themselves and what they are doing on stage exactly once, the first day's Keynote. The second two days had Super Sessions with leadership personalities outside of even the tech world. Think of it as a value-add for your conference ticket. The sessions were not streamed live, you had to be there to hear them.
Synergy Super Session: Dr. Condoleezza Rice
I love the matter-of-fact way that Dr. Rice speaks. I always have, in fact. “It may feel like the tectonic plates are shifting under our feet… That is because… They are.” That little nod to yesterday's earthquake got everyone listening.
Dr. Rice talked about her remarkable early life. About not being a victim… world politics… leadership qualities and what everyday kindness really look like. But her perspectives on modern security I think took the center stage. And let's be honest, she would know. She talked about how rather than attacking from the front as we expect- modern bad actors come from the side; causing disruption rather than directly assaulting.
Talking about Powers Acting Badly… I have rarely thought about how Disruption is their biggest weapon. Guess what? You need to be aware and ready because the days of physical disruption are gone. #cybersecurity #citrixsynergy
— DJ Eshelman (@TheXenMaster) May 9, 2018
— DJ Eshelman (@TheXenMaster) May 9, 2018
The speech was followed by an onstage chat with Tim Minahan. Dr. Rice said she didn't want to run for President; she understands too much of what goes into it I guess. Still, we were all disappointed to hear she wouldn't try!
Principles to live by per Dr Rice: (1) be twice as good, you will be confident (2) never be a victim, you lose control (3) don’t take on others’ prejudice – they don’t want to sit next to you because you are different, they can move #citrixsynergy https://t.co/tNyDS7Xi0s
— David Le Strat (@dlestrat) May 9, 2018
Lunch Table Tech Chats
After some much needed herbal tea to soothe my very sore throat (I had great broadcast voice in the morning but it was difficult to get the volume needed) I headed to lunch to talk with more people about Application Delivery.
— DJ Eshelman (@TheXenMaster) May 9, 2018
Right after grabbing a Lego Mini-Fig for my wife of course…
The afternoon was great- I attended a few sessions and volunteered at the Citrix User Group Community booth once again. On Day 2 we had ALREADY run out of most shirt sizes and were reduced to handing out “Extra Large and Extra Larger” shirts to folks!
The evening for me was quite good. I went to a Citrix Sales appreciation dinner, where oddly enough I didn't really talk with any sales folks at all- but did have several GREAT conversations about where people are in their Citrix journey- even some heart touching stories from some folks that will be joining us in the CTXPro Membership when it launches! Connecting with people is why I went to Synergy.
Ready for the shocker? I was in bed by 11 pm! Either I'm getting older or wiser… or both.
Synergy Day 3 in pictures…
Synergy Day 3
Day 3 started with spending an hour with Michael Lewis- renowned author of books like Moneyball and The Blind Side. I think his talk fed well into Citrix's announcement regarding how they were moving forward in Analytics.
How when the stock market spent millions to quite literally shorten the distance of fiber optic links because they couldn't click fast enough, the need for seeing ahead into things we didn't know before is important.
— DJ Eshelman (@TheXenMaster) May 10, 2018
— DJ Eshelman (@TheXenMaster) May 10, 2018
But more important is that we are now getting answers to questions we didn't even know we had. From finding the cause of behavior of overworked cops to weather, analytics are a part of our story. Why is this important? “You can't change the decision maker but you can change the decision making environment.”
Oh- and you may be wondering, why so many tweets? If you were following me you know that I used the #citrixsynergy tag a lot. It was because with every one, a dollar was being donated to STEM programs. Over $51,000 was donated! That's a lot of tweets!
The morning was again filled with sessions, and I even took the opportunity to do a very brief Facebook Live for my Facebook Group (which you should totally join!) before a well-attended session on multi-datacenter setups.
After the final day of Tech Chats, the CUGC leaders that were at Synergy gathered for a training session in how to conduct effective meetings. It was extremely useful and I can't wait to put some of what we learned into practice!
— Citrix User Group Community (CUGC) (@myCUGC) May 10, 2018
The rest of the afternoon for me was spent in Synergy Park attending to the CUGC table once again, until the final night party at House of Blues!
A post shared by TheCitrixCoach (@thecitrixcoach) on
If I'm not listening to Metal or Hard Rock- I'm playing Blues. Sometimes, literally. So I was right up front at House of Blues! Great show (though the line to get in was a bit ridiculous, and it took forever to get any food!)
The evening was great; a bunch of CTAs and CTPs found their way to a corner bar and chatted the night away. Great memories with old and new friends. Great to get to know Neil Spellings a bit more; we ended up walking back together as we both had early flights! Fitting, since we're both known for our Synergy prep guides – but neither of us talked about them.
The next morning – insanely early – I boarded a plane home, after a chat with my buddy Carl Webster. By the way- I'm just going to say if you haven't done so already – support his website! There's a donation button. Do it!
Citrix Synergy 2018 Summary
So- the common question: Did you have a great Synergy this year?
And the answer is of course yes. Even if it wasn't as well attended, I always enjoy Anaheim more than Vegas or Orlando – but this was the first year I was there representing not a company or a sponsor… but YOU.
That's right- I was sent to Synergy as a Citrix Technology Advocate, and I did my best to do just that. I met so many more people this year than I have in years past. I gave out over 150 cards, interacted with folks on Twitter and of course the Lunch Table Tech Chats and CUGC events.
So- what am I hearing?
There remains confusion about Citrix products from a NAMING standpoint, not a ‘what it does' standpoint. Though it was heavily downplayed at Synergy, Citrix did announce some changes to the portfolio on their website. This does away with several names – most notably “Xen” and “NetScaler” but also “ShareFile”. A few of these I'm okay with, a few not so much if I'm being honest. I was ready to give up Xen. But honestly NetScaler and Sharefile were fine from a market alignment standpoint. What they were not fine with however is a name that identifies what it does. And that is essentially what Citrix is after. Each new product name will contain “Citrix” and then a brief description of what it does.
Here's a rundown of what to expect:
This will be a category that will encompass several technologies formerly known as either “Workspace Suite” or “XenDesktop” along with some new things.
- Citrix Workspace App – announced at Synergy, this expands the capabilities of Receiver to include apps, files and even some analytics and security capability. I haven't been this excited since Dazzle. Ask me about it later…
- Citrix Content Collaboration = ShareFile
- Citrix Endpoint Management = XenMobile (Secure Mail and Secure Web apps remain unchanged in name)
- Citrix Secure Browser = XenApp secure browser
- Citrix Hypervisor = XenServer
- Citrix App Layering = Unidesk
- Citrix Virtual Apps = XenApp
- Citrix Virtual Desktops = XenDesktop
This will be the most controversial, but when you think about it will be the most challenging to change from a technical product standpoint. Bottom line- a few of these software-based items will be easy. But don't expect Citrix to be sending out new physical NetScalers to replace yours.
- Citrix ADC = NetScaler ADC
- Citrix SD-WAN = NetScaler SD-WAN
- Citrix Web Firewall = NetScaler App Security, App Firewall and Web App Security
- Citrix Gateway = NetScaler Unified Gateway AND NetScaler Access Gateway
- Citrix Application Delivery Management = NetScaler MAS
- Citrix Secure Web Gateway = NetScaler Secure Web Gateway
- Citrix Intelligent Traffic Management = Cedexis Platform
So- many people missed the Cedexis acquisition. I have to admit that I'm having trouble with where it fits into the core sometimes but here's the thing: Think of how many apps your company uses today. Now tell me how many of those are either SaaS (either Web browser or web-delivered like Office 365) or has components that tie in that way? So, while this makes some sense- I can give you a perspective from attendees that came to my Tech Chat table… people don't think of SaaS as “Applications”. Citrix, if you're listening- changing what “App Delivery” means is something people don't seem to be ready for. Everyone who came to my tables wanted to talk about XenApp.
But Xen's dead baby. Xen's dead.
This new cloud-based capability was actually one of the more exciting new features- because of what it can do for security and support. I'll go into this in another post because there is a LOT here. Needless to say, I'm excited to finally see this come about.
- Citrix Analytics for Networking
- Citrix Analytics for Workspaces
Oh- let me answer the most popular question: “Will this be Cloud-Only?” The answer is not exactly. On-Premises installs will have a connection agent – however, when you think about what makes this work; an on-prem solution is not going to be practical. This is using real-time analytics across thousands of instances for behavior-based intelligence. If you're struggling with this I'd simply say that you need to stop thinking in terms of DAT files and think in terms of pre-cognition. Knowing a threat exists by what behavioral triggers exist, instead of by looking for the results.
Finally- the question I got over and over again (I mean, other than “you don't look like your picture”) was – “Since they are killing Xen … What are you going to do about your Twitter Handle?”
Well- here's the thing. I have known about this renaming for some time, yes- we were given some special NDA access to this process to give Citrix feedback about it. (We voiced a lot of your concerns, by the way…)
But the reality is that I have been wanting to change “TheXenMaster” for quite some time now. After being called that by someone (I've forgotten who) I decided to run with it. But I'll be honest- it doesn't fit my personality. So I'd been working to find a new persona; one that uplifts and encourages. Unfortunately I couldn't take over the abandoned Twitter username for this, so I kept a definitive modifier out in front once again.
Going forward- I will be on Social Media as @TheCitrixCoach
I have registered this in several places so far:
more to come! I'd encourage you to follow me on any of these outlets!
Whew! I'm tired. I think I'm going to wrap this up and call it another successful Synergy!
So you want to secure the XML traffic going from StoreFront to your Controllers (Brokers)… I think that's a good decision!
In many enterprise level deployments I encounter the following are true:
- They want to Secure XML – the transaction between StoreFront and the Controllers that contains user information. It's obscured over plaintext but SSL is always better!
- They DO NOT have IIS installed on the Controllers (as in, no Director or StoreFront roles installed) to keep services isolated and lower the attack surface.