• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Personal Blog
desktop2020 blog
Blogs
Profile
Related Tags
xenapp
Added by desktop2020 blog, last edited by desktop2020 blog on May 11, 2009
Permalink | Twitter Post to Twitter | Comments (3) | Views (4641) |
11 May 2009 04:38 PM EDT
XenDesktop Outsmarts View on Smart Cards
[ Tags: citrix ,   xendesktop ,   vdi ,   virtual desktop ,   smart card ,   competition ,   vmware ,   xendesktop ]
posted by desktop2020 blog

Government, healthcare and financial organizations are heavily evaluating virtual desktops, and due to the nature of these industries, one of the big requirements is for secure authentication via smart cards. Frankly, when XenDesktop first came out, it didn't have the goods in the smart card + VDI department, but no one else did, either. There was no integration to speak of, from either Citrix or VMware, and this meant these industries could only deploy VDI in limited use cases.

Citrix quickly addressed this in product updates, and the newly released Feature Pack 1 for XenDesktop 3 includes even more functionality. VMware has been kinda quiet on the smart card integration front - so I was curious, how are the two products faring in head-to-head evaluations in customer accounts? So I went and polled several of our SEs, some partners and some customers and learned a few interesting tidbits in some key categories:

-          Seamless integration of authentication: With XenDesktop, you get the typical black "carbon fiber" log in screen on boot-up, then you insert the Smart Card and are prompted to enter your PIN. Just like a normal desktop. We've heard reports that for some reason View is requiring PIN entries for the broker, then the desktop - and for every desktop subsequently. Seems complicated for end users.

-          Active Directory object clean up: With XenDesktop, when virtual desktops are opened and closed, the AD objects are created and removed cleanly. We've seen customers struggle with how View creates the objects for each virtual desktop, but then fails to clean them up and leaves them orphaned. So in a typical enterprise, this can result in thousands of AD objects being created every day and clogging up the works.

-          Coffee breaks: If a user leaves for a coffee break and takes their card with them (as proper policy would mandate), the desktop should lock. When the user returns and enters the PIN, it should unlock with the and return the user to their desktop as they left it. XenDesktop handles this, but it seems that customers have reported View "loses" the Smart Card when it is withdrawn during a session. Re-inserting the card does nothing, and the desktop has to be fully shut down and the user has to start from square one to get back into the desktop.

-          Multi-card reader roaming: A lot of organizations don't have identical readers at each endpoint, but the user needs the same desktop. Feature Pack 1 adds the ability to roam between different devices even when different readers are attached.

-          Endpoint device support: With Feature Pack 1, XenDesktop offers both Windows and Linux endpoint support for Smart Card readers. At this time, View's ability to support Smart Cards (with the above integration challenges) is limited to Windows endpoints.

Obviously, with these considerations taken into account, XenDesktop is winning these bake-offs. But I don't think it's just about smart card integration. It's a fundamental understanding of the virtual desktop experience that is burned into the Citrix DNA - the smart card functionality is just a manifestation of that know-how.

Labels

citrix citrix Delete
xendesktop xendesktop Delete
vdi vdi Delete
virtual desktop virtual_desktop Delete
smart card smart_card Delete
competition competition Delete
vmware vmware Delete
xendesktop xendesktop Delete
lang-eng lang-eng Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (3)

 

  1. May 12, 2009

    Okan Evinc says:

    Does the endpoint device (Windows XP/linux PC or thin client) need to have a PKI...

    Does the endpoint device (Windows XP/linux PC or thin client) need to have a PKI middleware agent locally in addition to a smart card reader drivers? Or would it be enough to have the PKI middleware installed on the virtual machine image?

    1. Anonymous replies:

      You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account. You can also Sign Up for a new account.

    1. May 13, 2009

      Anonymous says:

      Hi Okan It depends on the type of card. Using MS .NET Card you dont require any ...

      Hi Okan
      It depends on the type of card.
      Using MS .NET Card you dont require any middleware (or as it is called Cryptographic Service Provider) but what you require is this:

      http://www.microsoft.com/downloads/details.aspx?FamilyID=e8095fd5-c7e5-4bee-9577-2ea6b45b41c6&displaylang=en
      for a win32 system.

      But in any case, you need some kind of software that communicated with OS and Card, hence the middleware. But it is either in the form of a "patch" from Microsoft or a third party CSP, which is usally more visable.

  2. May 12, 2009

    Anonymous says:

    What about Smartcard integration with the Netscaler for external access with A W...

    What about Smartcard integration with the Netscaler for external access with A WI server in the middle?  Methods?

Add Comment