News, tips, and tricks from the XenApp product team
Since there was not many new exciting iPhone demo's at the MacWorld Keynote, we decided to release some of our own. Check out Cut & Paste from a real PowerPoint doc to Word. It works with Citrix ! Let us know what you think of the file navigation application as well.
Nothing to announce regarding release date ... but we are making good progress...
In the mean time chat with the developers over in the iPhone project site at
Http://community.citrix.com/iphone
Welcome to the new year and my first blog of 2009. Let's kick off '09 with a focus on simplification.
Let's focus on a topic that often brings chills to a XenApp administrators spine... upgrades. Back in the day when I was a MetaFrame administrator, I remember the time, patience, and sometimes stress involved with trying to upgrade 100 servers to the latest version of MetaFrame. Well, a lot has changed in the world of application delivery. MetaFrame went through numerous identity changes to become XenApp. With those new identities we have witnessed a maturing of the product to include more functions, features and abilities to deliver troublesome applications. But one thing has remained fairly constant, XenApp upgrades are not as easy as flipping a switch.
Take, for example, the following knowledge base article from one of my coworkers, Jo Harder. Jo created a great article explaining the technical concepts for upgrading and migrating XenApp 4.5 to XenApp 5. It covers the process, what to do and which approach to take. This document has only been out for 4 months and has been the most read article for each of the past 4 months. By my estimation, the topic of XenApp migrations is very important to people.
Back in September 2008 I blogged about a potential way to simplify the migration process by integrating XenServer with XenApp. In this blog I identified 5 areas where I thought this tight integration could show benefit and I called this the HOMER Criteria. Well, after more investigation, analysis, testing and validation, I'm here to let you know that we can indeed simplify XenApp migrations if we integrate XenServer and Provisioning Server into our architecture.
How is that possible? Most people have a standard practice for incorporating new XenApp versions into their environment. This process typically takes on the following sections:# Server validation: We have to make sure that our applications work with the new version
- Server builds: We have to spend time updating all of our server build images/scripts
- Implementation: Need to update all servers while not impacting the user environment and not incurring huge hardware expenses
- Maintenance: Need to keep our new servers consistent and updated with the latest hot fixes and service packs and updates
- Rollback: In the potential event that the upgrade causes major issues, we need to make sure we have a fast way of recovering our old environment.
These are each critical to a successful migration to the latest version of XenApp. Each one of these areas can be improved through virtualization and workload provisioning and you can expect the following benefits: # Time Savings: The time spent building servers is removed due to Provisioning Server's integration with XenApp. Brand new servers can be brought online in less than 30 seconds.
- Repeatability: The integrated process used to upgrade to XenApp 5 can also be used for future versions of XenApp, except that future upgrades will be faster as the infrastructure is already virtualized and the process is familiar.
- Simplification: The process is able to ignore the complexity of different configurations and drivers, helping to reduce the time spent developing server builds and installation configurations.
- Maintainability: The solution guarantees consistency within the XenApp farm. When an application update or an operating system patch is validated, the entire XenApp farm will utilize the new configuration.
Some of you might be intrigued and want to know how to do it. Learn how by reading the following materials:
- Reference Architecture*:* Understand the architecture, the areas of concern and the potential benefits
- Getting Started Guide*:* Get a high-level overview of the integration process. This guide gives an overview of each phase, whereas more detailed steps can be found in the implementation guide.
- Implementation Guide*:* This guide takes you through, step-by-step, on how to upgrade your XenApp environments to XenApp 5 on Windows 2008 through the use of XenServer and Provisioning Server. As you follow these steps you will see how the three products integrated into a solid solution for application delivery.
- Design Considerations*:* Follow these considerations to make your virtual XenApp environment easier to setup, maintain and manage.
So remember, if you are not thrilled about doing a XenApp migration, then try a new approach... Virtual and Provision.
Daniel
Daniel Feller just pointed me out to these new Consulting Whitepapers for XenApp 5.0 for Windows Server 2008. If you are working on XenApp 5.0 for Windows 2008 these are great bookmark links. They are all available for download via Citrix Support site.
Simplifying the Migration to XenApp 5 with XenServer - Getting Started Guide
Simplifying the Migration to XenApp 5 with XenServer - Reference Architecture
Simplifying the Migration to XenApp 5 with XenServer - Implementation Guide
You can get a list of all XenApp 5.0 whitepapers here
Consulting Whitepapers for XenApp 5.0 for Windows Server2003
Consulting Whitepapers for XenApp 5.0 for Windows Server 2008
Prediction #1: The iPhone goes Enterprise
- The iPhone will gain rapid adoption in the Enterprise driven by user demands including executives, road warriors, and knowledge workers asking for access to the apps they need ( including windows apps ) from anywhere. IT will increasingly support the effort based on new improved security capabilities and productivity gains ( including for themselves 
).
| .. | Choose |
|---|---|
| I am in IT and we will support the iPhone in 2009 ! ( I need the Citrix Receiver now... ) |  |
| Blackberry reigns in the Enterprise, no change for '09 ... | |
Prediction #2: Corporate issued laptop model will be challenged
- Companies looking to provide access to day extenders without the full expense and maintenance of a company laptop will increasingly adopt application delivery infrastructure like XenApp that can provide safe IT hosted application access from un-trusted personal PC's. In addition, companies will begin to pilot the BYOC ( Bring Your Own Computer ) model for knowledge workers seeking personal choice while reducing IT expense and support costs.
| .. | Choose |
|---|---|
| We already are saving significant $$ by enabling safe access from home PC's | |
| We are planning to allow controlled access ( via Citrix ) from home PC's in 2009 | |
| Status quo, corporate laptop access or none at all. | |
Prediction #3: Virtual Desktops grow beyond a niche
- Improvements in user experience capabilities of VDI solutions combined with the reduced support cost model will drive increased adoption of VDI beyond the initial niche deployments.
| .. | Choose |
|---|---|
| We are moving from VDI pilots and special use cases to broader deployment | |
| VDI is not ready for the masses, we will wait and see | |
Prediction #4: IaaS Cloud Providers are no longer just for web startups
- The recent Windows offering by Amazon will validate the IaaS ( Infrastructure as a Service ) model as a viable platform for companies small and large looking to add test and targeted production capacity without capital and facility costs.
| .. | Choose |
|---|---|
| We have started to use Cloud VM's or Storage for test and plan broader use in '09 | |
| What is IaaS ? No way are we putting anything in the cloud... | |
| Not sure, need to try it first | |
Prediction #5: Netbooks drive Servers, Clouds and Linux clients
- The rapid adoption of Netbooks based on low cost and light weight convenience will increase the desire to run server hosted apps ( Web and Windows ). A significant number of the new mini laptops will be used for occasional use vs a primary PC which makes maintaining local apps and synchronizing data problematic. This in turn will help break the traditional model of running Windows apps installed on PCs and laptops.
| .. | Choose |
|---|---|
| We are getting more and more requests for access from Netbooks, all they need is Citrix and a browser. | |
| Netbooks are just toys for kids ... ( small & big ) | |
Agree / disagree ? what are your predictions ?
Also seen at Sys-Con Cloud Computing Computing Journal
I interviewed Kurt Roemer for this topic. Kurt is Chief Security Strategist for Citrix Systems and a member of the CTO Office. He's a seasoned information security veteran with more than 20 years experience in networking, applications, and the evolving Web services infrastructure markets. He has designed, implemented, and assessed solutions and policies for Fortune 1000, mid-size, and government organizations worldwide. Roemer is a CISSP and has spoken at a wide variety of leading industry shows and conferences across the globe including BITS, CSI, RSA, Networld+Interop, Japan's inaugural Web Application Security Forum, Society for Information Management, ITEC, SecureAsia and numerous regional ISSA and InfraGard conferences. He has also appeared as a security expert on CNN, Fox Business News, and the Fox News Channel and is well known for his popular "Web Hacking Live" sessions. Prior to joining Citrix, Kurt held roles as CTO/CSO at NetContinuum and headed up information technology practices at Micron Electronics, NetFRAME and Hewitt.
Q: Kurt, isn't Cloud Computing competitive with Citrix?
A: In some ways, yes, but in many ways interest in Cloud Computing actually creates opportunities for Citrix. Our NetScaler and XenServer products are good examples of this. Both NetScaler and XenServer are powering major cloud providers today. We also have partners, such as 3Tera, who are hosting applications, using XenApp and XenDesktop, on the Cloud.
Q: It seems to me that Cloud Computing requires that you really trust the provider - after all you are turning over your valuable data to them - is this a consideration?
A: Yes. The old security mantra was that physical security trumps all. With the Cloud you lose control over physical security. The actual servers could be anywhere the provider decides to put them, factoring in availability and least cost. This is significantly different than a SaaS model, especially as you factor in access to data, backups, encryption keys and other security concerns.
When you sign an agreement with a provider you agree to pay for a certain amount of storage and resources like applications and are committed service levels. You lose control over the assets in some respects and therefore the security model must be refactored.
Q: The security concerns with this must make security professionals uncomfortable. Tell me more about what Citrix has to offer to improve this situation.
A: The fundamentals are encryption of data and access control to data. Citrix has recently introduced the Citrix Cloud Center, which is composed of several Citrix offerings. Access Gateway and NetScaler address encryption, and Access Gateway provides authentication services. In addition to the security features, the Citrix Cloud Center provides geo-location with NetScaler (where the user can be connected to different hardware in different regions in the world, but yet have all the same applications and capabilities), local data caching with WANScaler and orchestration with Workflow Studio. Citrix is also working with key ecosystem partners to enable end-to-end security in the cloud model.
Q: What is the future of security in Cloud Computing?
A: The ultimate solution is data level security. After all, sensitive data is the domain of the enterprise, not the Cloud Computing provider. Security will need to move to the data level so that enterprises can be sure their data is protected, wherever it goes. For example, with data level security, the enterprise can specify that this data is not allowed to go outside of the US. It can also force encryption of certain types of data, and permit only specified users to access the data. It can provide compliance with PCI. We are working with several partners in the data security area.
As the New Year quickly approaches, we're all thinking of our New Year's resolutions, and I'm sure that on the top of each of your lists is "Improve the Capabilities of my Corporate Citrix Farm".
OK, maybe it's not at the TOP of your list...
But improving the reliability, scalability, and ease of use of your Citrix installations is an issue that most administrators face constantly. And, as the New Year is upon us, it might be a good time to reflect on that "one thing" that you can do to make your farm more productive, more secure, more reliable, and more manageable.
Along those same lines, I think it's a good time for Citrix to ask... What new products or enhancements would you like to see from us? What can WE do to make your job easier? What can we do to make your farm more secure? What can we do to provide you with the tools you need to make your Citrix installation perform in ways you have not been able to achieve?
Feel free to reply with your #1 ITEM (just one, make it your biggest) that you would like Citrix to focus on in the upcoming year. If it's a direction that we're already working towards, and you'd like us to continue, let us know! If there's an area that you think we should look at, we'd like to know that as well! Although I can't personally promise that your suggestion will work it's way to the top of our list, I think that your feedback, as always, is an integral part of our corporate direction, and helps us to plan for the future as well.
So, let the 2009 wishes begin!...
You Can Still Creating a Secure Portal to Your Applications Using Citrix Secure Gateway!
In a perfect world, all the applications published on a XenApp farm would only need to be accessed internally, behind the firewall, using company equipment. But, unfortunately in today's world, that perfect environment rarely exists. In most instances, applications on the internal network need to be accessed by users outside the firewall. And, these users can range from trusted resources such as remote employees, to non-employee resources such as third-party vendors and outside contractors.
For many, the solution to this problem has been to allow secure access to the internal network via dedicated B-to-B lines or software VPN connections. Although these are solid solutions for allowing internal access, these are also drawbacks. Dedicated B-to-B VPN lines can be expensive, and unless the number of remote users is substantial, in many cases the costs are hard to justify. And for those have had to use software VPN clients, we all know that they are not always the most dependable or user-friendly pieces of software out there! And, unless properly configured, software VPN connections require users to deal with multiple logins.
In many cases, the Citrix Access Gateway (CAG) is the most viable solution to supplying SSL VPN connectivity to remote users. It provides the highest level of security by allowing complete customization, allows for high numbers of concurrent users (up to 10,000 users on a Series 10000 CAG), and provides increased flexibility for a broad range of end-user devices.
However, depending on the needed scalability level of your XenApp farm, the number of users, and other determining factors, you may not NEED all of the benefits that a CAG can offer. But, that does not mean that you need to fall back onto the "same old ways" of providing SSL VPN access to your remote users. With Citrix Secure Gateway (CSG) you can provide secure access to your internal applications for farms not requiring all the features available within CAG.
The Citrix Secure Gateway is an application that runs as a service on a server that is deployed in the DMZ. The server running the Secure Gateway represents a single point of access to the secure, enterprise network. The Secure Gateway acts as an intermediary for every connection request originating from the Internet to the enterprise network.
A CSG is installed in a network's demilitarized zone (DMZ) to form a secure perimeter around the Citrix components in your enterprise network. The CSG authenticates users connecting over the Internet and establishes a secure channel for data exchange between the client device and the Citrix Presentation Server.
The CSG eases firewall traversal and provides a secure Internet gateway between Citrix Presentation Server and client devices. All data traversing the Internet between a remote workstation and the Secure Gateway is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. The CSG transparently encrypts and authenticates all user connections to protect against eavesdropping and data tampering.
The Secure Gateway has features for enhanced security, certificate management, deployment, scalability, logging and instrumentation, and support for networking protocols.
For more information on Citrix Secure Gateway, configuration options, and proposed farm implementations, you can refer to the following Citrix documents:
Citrix Secure Gateway Administrator's Guide
Detailed Description of the Secure Gateway Connection Process (CTX117728)
As we have announced here on the Citrix Blog ( still no Press Release though ... ) we are actively developing a Citrix Receiver for the iPhone that will bring the world of millions of Windows apps and developers to the iPhone. As part of our testing and demonstrations we are looking for examples of compelling applications that will not run natively on the iPhone, however if the app was hosted on XenApp and delivered to the iPhone it would provide a great visual example of the power of Citrix and the iPhone.
Some things that come to mind are;
- Web sites that require flash
- Medical Apps
- Web apps that need IE
- Cut & Paste ( within Citrix sessions )
- ?
We have received great feedback and use case descriptions on the original post ( keep that coming ) now we are looking for specific apps or new ideas that would really open eyes to the possibilities.
Thanks !
As pointed out by Adam on his previous post, this site is the gateway for the community to get to know Project Braeburn's team as well as interact with us.
The site is now live and you can access it by clicking on the following link:
http://community.citrix.com/iphone
Happy Holidays.
best,
Gus
I got an interesting question the other day regarding Provisioning Server and XenApp. As you might be aware, I've published many articles on the benefits of integrating XenServer, Provisioning Server and XenApp. This question sparked an interesting discussion.
Scenario:
Let's say you have 50 XenApp servers total. Most of the time you have carved out 20 of those servers to deliver Office 2007-type applications and the other 30 servers host another application like SAP. Then comes month-end when we need more capacity, roughly 10 server, for the SAP. What is the best approach to dynamically changing your XenApp environment to support these cyclical surges for certain applications? Two words... Provisioning Server
Within Provisioning Server, we create three device collections:
- XenApp 5 - Office Applications Servers: contains 10 servers dedicated to delivering Office-Based applications
- XenApp 5 - SAP Servers: contains 30 servers dedicated to delivery SAP
- XenApp 5 - Swing Servers: contains 10 servers whose applications can change based on the needs of the business
Within our Provisioning Server vDisk Pool, we have two different vDisks defined (remember a vDisk is just a complete image with Windows 2008, XenApp 5 and the corresponding applications):
- XenApp 5 - Office Applications
- XenApp 5 - SAP Application
Whenever we reach the month-end timeframe and require more SAP servers, we simply drag-drop the XenApp 5 - SAP Application vDisk onto the XenApp 5 - Swing Servers collection and those swing servers will boot up SAP during the next reboot,
So, this solves the issue of adding/changing XenApp workloads quickly, but that isn't the end of the story. Think about what is going to happen. A swing server, which we will call Smithers1, is set with the Office vDisk. The XenApp administrator will publish the Office applications for the server Smiters1. Later, we will assign the SAP vDisk to Smithers1 in Provisioning Server. When that server starts up, the XenApp Data Store still believes that Smithers1 is delivering Office, but Smithers1 doesn't have Office installed, it has SAP. We must un-publish office and publish SAP. As you keep changing the swing server's vDisk, we have to continue this process or else users might experience issues (like being load balanced to Smithers1, trying to start SAP, but the path is invalid). But there is a solution...
Within the SAP vDisk, we create a script that does the following:
- List all applications published on this server
- Un-publish all applications from this server
- Publish the SAP application for this server
When a server starts with the SAP vDisk, it will be automatically publish the SAP application. Then on the Office vDisk, we create a script that looks like the following:
- List all applications published on this server
- Un-publish all applications from this server
- Publish the Office applications for this server
If we build these scripts into our vDisk, we don't have to worry about publishing, un-publishing, re-publishing applications manually, it will be automatic giving us the truly dynamic XenApp swing server.
Daniel (Sr. Architect)
I interviewed Glenn MacDonald for this topic. Glenn is a Senior Software Engineer at Citrix. He has been with Citrix since 2003 and has worked on every release of Password Manger. He has a Masters degree in Computing Science from Simon Fraser University and over fifteen years of software development experience. The interview did not actually take place on the yacht, below. 
Q: When did CPM begin to provide provisioning?
A: The CPM Provisioning feature was introduced during the Nassau release in 2005. The intent of this feature was to empower CPM administrators with the ability to provide users' secondary credentials directly to CPM, rather than forcing users to do so. Being unable to do this had been an administrator pain point during CPM roll outs and when new applications were added to deployments.
In a sense, provisioning in CPM provides additional security, in removing the responsibility from users for providing secondary credentials, as users tend to do things like write down their passwords before entering them.
Provisioning in CPM increases the security by avoiding the initial distribution of credentials details directly to the user. Typically this is done by a less secure method such as a memo, voice mail or email.Another focus of the feature was to provide a means to integrate with existing identity management and provisioning systems (e.g. Courion Account Courier).
Q: Does CPM provisioning set up user accounts in applications?
A: No, it just informs CPM of the users' the credentials.
Q: How does it work?
A: The new web service (the Provisioning service) responsible for receiving the provisioning commands was added to the CPM Service. These commands are added to a per-user queue located in the user specific container of the central store. Eventually the Plugin executes the queued commands to complete the provisioning action.
Q: Is it really that simple?
A: Of course not! There are lots of details to do this securely, but that's the basic flow.
Q: Can you elaborate on those security details?
A: Recall that the CPM Plugin protects a user's credentials using user specific keys. (i.e. Only the Plugin running in a user session can obtain the keys). This implies that it is impossible for the Provisioning service to directly execute the commands and alter the user's central store data. (i.e. the service can't add a credential because it doesn't have the key to protect the secrets). This is why the commands are queued until a Plugin running as the user requests them. The service is completely responsible for the life cycle and encryption of the queued commands.
The Plugin does not directly access the queued commands - it obtains them from the Provisioning service over an SSL connection. Once the Plugin has successfully executed the commands, it informs the service that the queue can be deleted.
Q: Is the provisioning feature standards-based, since there are many provisioning products out there to integrate with?
A: As a matter of fact, it is. To ease third party integrations, we opted to use the SPML V2.0 open standard. The Service Provisioning Markup Language (SPML) is an XML-based framework, developed by OASIS, for exchanging user, resource and service provisioning information. Additionally, many identity management systems already support SPML 2.0. A connector is required for identity management integration.
Q: Why do I need a custom connector if my identity management system already supports SPML 2.0?
A: To understand why a custom connector is needed, you need to consider the conceptual differences between provisioning for CPM and provisioning in general.
Consider a typical provisioning scenario from the perspective of an administrator of an identity management system. A new employee has joined the company and needs to be provisioned with a domain account and specific accounts for SAP, Outlook, etc. The administrator will request that an SAP account get created. To do this, the identity management system will send a message to the Provisioning Service Provider (PSP) for SAP.
"Hey SAP PSP, create a new account with user name=baracko and password=prez"
The Provisioning Service Provider will create the account and return a reference ID for the account.
Next, the administrator would want to provision CPM with the newly created SAP credential. The message that the CPM Provisioning Service needs to receive must say:
"Hey CPM Provisioning Service, for the domain user bobama, add a credential for SAP having the user name=baracko and password=prez"
First, notice that provisioning from the CPM perspective is simply providing the user with his CPM secondary credentials. There is NO creation of the accounts accessed with those credentials. Those accounts must be created by an outside means completely separate from CPM. Essentially, CPM provisioning is the act of populating the user's credential store - i.e., the administrator is populating a small data store and not actually provisioning accounts or resources.
Q: I sort of see what you mean. The CPM provisioning command added the SAP credential for the specified domain user, it didn't actually create the SAP account. How does CPM know what "SAP" refers to in the command?
A: Good, you've noticed the second subtlety. Ultimately, the goal is to have CPM submit this credential when it detects to the SAP logon page. To achieve this, the credential needs to be associated with a specific application definition.
A unique GUID is assigned to every application definition when it is created in the CPM Administrative Console. This GUID is included in the command to provide the link between the credential and the application that the credential is for. So, the message actually needs to be:
"Hey CPM Provisioning Service, for the domain user bobama, add a credential for GUID-of-SAP-application-definition having the user name=baracko and password=prez"
The connector needs to provide the mapping between the application definition GUIDs and the credentials.
Q: How does the custom connector learn the application definition GUIDs?
A: To determine the list of applications definitions available to a user, the connector needs to send a lookupApplicationRequest. The response to this will contain a list of the applications defined in the User Configuration associated with that user. The description of each application definition will contain the GUID and the fields in the a credential (e.g. user id, password and database name). Note that the lookupApplicationRequest command is a CPM specific, custom extension to SPML v2.0.
Q: Are you saying a custom connector is needed because it has to provide the binding between the CPM application definitions and the specific credentials?
A: Exactly!
The connector needs to know:
- the mapping between the application definition GUIDs and the credentials.
- how to use the lookupApplicationRequest custom command to obtain the application definition GUIDs
- how to construct the CPM specific SPML extensions to use in the data elements of the commands.
We are always looking for idea's to improve our Citrix events. Some of the past feedback we have received is to step-up the technical content and include more unscripted and unfiltered opinions and dialog. At Synergy 2008 we introduced GeekSpeak which was very well received as indicated by the feedback and standing room only crowds. At Synergy 2009 you can expect even more technical content plus more GeekSpeak sessions. In addition as many iForum/Summit/Synergy attendees know. Citrix usually includes a concluding session that could be a brand name comedian ( Dana Carvey - Synergy 2008) or an Athlete with a story ( Lance Armstrong - Summit 2008 ) or other memorable entertainer.
In keeping with listening to the community and even better engaging with some of the innovators of social media we thought it might be interesting to have Kevin Rose and Alex Albright host an episode of Diggnation at Synergy 2009. As you may know Kevin is the founder of Digg and an expert at developing a community. If you're not familiar with the show check it out at Diggnation.com ( it's about as unscripted and unfiltered you can get ... ). If you are a fan of Digg this might be your chance to watch an episode first hand and maybe hang out with Kevin and Alex afterwards with some beers at our closing party. If you're not a fan of Diggnation and would rather we look for other entertainment we would like to hear that as well. As always, suggestions and comments welcome.
| Do you Digg the idea of Diggnation at Synergy ? | Choose |
|---|---|
| 2 Thumbs up, I want to see Kevin and Alex at Synergy in Vegas ! | |
| Keep looking ... | |
I often talk with Citrix customers who are interested in virtualizing XenApp ( Presentation Server ) based on the potential to consolidate servers, increase flexibility or enable new HA/DR capabilities. However, a frequent comment I hear is that we tried this before with ESX but the overhead penatly was to high so we are still running XenApp fully installed. This may have been the case before but things have changed, now it is possble to get the benefits of Virtualization by runing XenApp on XenServer 5 without the downside you may be concerned about.
If you would like learn more and engage with the experts without traveling to an event, make sure you register for the Citrix Delivery Center Live event on Devember 4th. You can register here and check out the other topics that may be of interest as well.
First the thanks!
As we roll into the Thanksgiving week in the US, I thought I would give a quick shout out of thanks to all of you that have participated in the Citrix Ready Community Verified site. Verifications are coming in faster than we can keep up with them (which was, after all, the whole idea in the first place). As of this morning, we have well over 1,000 applications and products verified by customers and partners as "Citrix Ready", backed by more than 7,000 verifications... more than 500 were added this week alone, and it's only Wednesday!
I'm assuming that you have all seen the Citrix Ready Community Verified site and you know it rocks... not because of anything we've done, but because it's created, owned and maintained by YOU; if not don't just take my word on it, check out Chris' blog, or Rene Vester's two blogs, here and here, or even Brian Madden's review, ...or of course, the site itself!
By many standards, the site has proven to be an overwhelming success. We launched it at Citrix Summit on October 25 this year with 600 Applications and 500 Community Verifications. In the month since launch, these numbers have gone through the roof with no end in sight. In fact, I am already hearing of cases where the Citrix Ready Community Verified site has encouraged customers to virtualize more apps, helped channel partners answer customer & prospect questions more quickly and technology partners who have submitted apps (theirs as well as from other vendors).
Citrix IT has even taken up the challenge by starting to validate all the products and applications we use internally in our IT environment. I challenge all of you reading this to verify via the "voting" function all apps and other products you are using via XenApp, XenDesktop, XenServer and NetScaler!
May I have another? Or more appropriately, may we give you another?
The Citrix Ready Community Verified site is a great example of how a community can share small bits of information that doesn't impose a tax on the submitter (the apps are already deployed, submitters are just telling us they have already completed the work)... taking full advantage of the network effect to drive overall benefit.
So the question that I have for all of you, is what can we do next? The Citrix Ready Community Verified site is addressing a common question around product verification with Citrix products that has been around literally since the first release of WinFrame. Are there other longstanding questions, issues, etc that seem difficult to solve as an individual customer, SE, channel partner, technology partner or Citrix employee, that we as a community can attack?
My team and I are very interested in your feedback and would welcome the opportunity to help.
Please feel free to comment on this blog, or send an email to me at john.fanelli@citrix.com
I've been using the Sprint HTC Touch Pro for a few months now, and I feel that it is a very compelling mobile device for use with Citrix XenApp and XenDesktop, maybe even for few of the folks I've been hearing from that are looking to move away from the iPhone. So what I've done in this blog is to video what I feel are some of the compelling use cases for mobile devices with Citrix and let the Sprint HTC Touch Pro take top billing in this post. I'm sure you can find a few posts about Citrix and the iPhone if you try, and we'll have it out "Sooner than later"!
HTC Touch Pro w/Web Interface
HTC Touch Flo interface does a good job of bringing most of the tasks I want on my mobile device right to my finger tips. One of the areas that HTC's Touch Flo interface comes into play with Citrix is when connected to Web Interface via the Opera browser. The Opera browser allows the user to quickly zoom in and out on the Web interface, and move the viewable portion of the page using your finger to quickly find the application you want to launch (no stylus required). The built in accelerometer will also automatically change the view from portrait to landscape when you tilt the Touch Pro. If the keyboard is pulled out, the orientation will also switch to landscape mode. The below video shows the new Web Interface, which has a mobile device mode built in, easily navigated with HTC's Touch Flo integration into Opera.
Mobile Access to Corporate Documents
Being able to quickly and securely access documents on corporate file shares from your mobile device can be a real advantage. Imaging a lawyer or sales person not having to boot up their laptop to get quick access to a document when they simply want to look up some data in a document or quickly review a file. Using their mobile device instead they can just launch File Explorer via XenApp from their mobile phone to gain secure access to that any file they have access to in the data center, regardless of its size or type. They can find the data they were looking for and be done quicker than it takes to boot most laptops. The HTC Touch Pro's full VGA resolution really shines here, you are able to view a lot more data on its VGA screen than most devices with lesser resolution. The screen is small (2.7"), but its clarity helps to overcome its size.
NOTE: in order to make the following videos more viewable, the Touch Pro was controlled from my PC using Soti's Pocket Controller Pro so my fingers weren't in the way! Like the keyboard is when typing on an iPhone
Mobile Access to ERP, CRM and Other Database Applications
Being able to access to ERP, CRM and other corporate database data while mobile is another key use case. While I wouldn't recommend that users do a ton of data entry into these systems from any mobile device, there are a lot of cases where a user in the field needs quick access to customer information, sales and program data, payment or purchase approvals, and inventory information for example. The general use case when using mobile devices is about quick consumption of data, and they can securely gain access to such data from their mobile device using XenApp.
The below video shows the HTC Touch Pro accessing the Citrix corporate SAP system to quickly approve an event, and look up some travel expense report data.
Mobile Access to Technical Documents
Citrix has optimized its ICA protocol for over a decade to deliver some of the most demanding types of data to remote users. Imagine the technical field worker that needs to look up the proper connectivity of electrical wiring on an expensive piece of equipment. They could try and carry every possible paper manual in their truck, OR all of the technical drawings could be kept online in the data center for the worker to access via their mobile device, and again, having a device with a full VGA resolution like the HTC Touch Pro makes a big difference.
The below video shows the HTC Touch Pro accessing a 3D AutoDesk drawing, allowing the worker to rotate the drawing on the Touch Pro and zoom in and get whatever level of detail they require to get the job done.
So you wanna full desktop to?
Are you standardizing your desktop deployments on XenDesktop? Not a problem for mobile users. The HTC Touch Pro's full VGA screen is one of the few devices I've seen that can easily fit a full desktop on the screen without requiring panning and scaling.
The below video shows use of the Touch Pro with XenDesktop. It also shows the ability of the solution to detect a change from landscape to portrait mode and have the application or desktop being run on XenApp/XenDesktop automatically adapt to this change.
So is a 2.7" screen a bit small to run a full desktop on, probably. But I find the Touch Pro very usable for quick access to applications and data, even with XenDesktop. I can only hope for HTC to come out with an HTC HD Pro version with an external keyboard which would really make this solution pop. Give it full SVGA output via a VGA connector (Sprint HTC Touch Pro has VGA output today) and you may just have the first real Nirvana Device along with my Celio Redfly to complete the package.
I know there are a lot of other differences between the Touch Pro and the iPhone, iPhone pinch .vs. Touch Flo swirl, Opera browser .vs. Safari, iPhone has a cool Star Wars light saber application and Touch Pro does not Overall, the Touch Pro has been an excellent device, very stable, phone works great, Touch Flo interface makes it very easy to get to the most common features I use on a phone, and it works with XenApp today! So what's the "right" business device for you and your employees, that's for you to decide. But hopefully this post helps you look at some of the use cases that can add value to your mobile workforce, and another great device for you to consider.
Sprint HTC Touch Pro Keyboard TIP!!!!!
I did initially have an issue with the external keyboard with XenApp applications and have seen a number of posts on the web about this. I quickly found a few settings in the ICA Client that quickly resolved this issue. To make these changes, open the "ICA Client" from the Programs folder and navigate to the "Edit Preferences" page:
"Edit Global Settings" -> "Edit Preferences" then make the changes highlighted below:
You may also be interested in Full Screen Mode for Your Nirvana Device
I've been working on the ICA on iPhone project recently and I had to move a new build from my development machine to my test server frequently. At first I tried RDP. But it is painfully slow to copy my binary to the test server for me. Then I tried ICA and it worked much better. The experience made me appreciate the efficiency of ICA more.
Seeing is believing, I've captured my experience in a video. If you use client drive mapping, you might be interested in checking out this video.
Watch the same video in higher resolution and with caption at the Citrix video site at
http://citrix.utipu.com/app/tip/id/5204/
Here is the embedded version
Ray Yang
Wan Optimization Survey:
Take this quick survey to tell us more about the solutions your organization uses to optimize your WAN.
| 1. Do you currently have a WAN optimization solution in your IT environment? | Choose |
|---|---|
| Yes (go to Q2) | |
| No (go to Q3) | |
| 2. Which, if any, of the following WAN optimization solutions does your organization currently use? | Choose |
|---|---|
| Citrix WAN opt product(s) (WANScaler, Branch Repeater, Branch Repeater w\Windows Server) | |
| Riverbed | |
| Blue Coat | |
| Expand | |
| Other (please specify in a comment) | |
| I don't know | |
| 3. Approximately what average percentage of your organization's overall network traffic is via XenApp (ICA)? | Choose |
|---|---|
| 0% | |
| 1-25% | |
| 26-50% | |
| 51-75% | |
| 76-99% |