Citrix offers a diverse portfolio of desktop virtualization solutions serving organizations of all sizes and kinds. Citrix Virtual Apps and Desktops makes VDI intuitive and affordable and ensures that users have access to the apps they need to remain productive within today’s digital workspaces. Why is it called Citrix VDI? Citrix is a company that provides an array of products and solutions for wireless network security, cloud computing, desktop virtualization, analytics, content collaboration, endpoint management, and more.
After attending Citrix Synergy this week, there is no denying that Citrix is quite serious about their cloud offerings and announced more offers that will be arriving later this year. This includes offerings like their Citrix Analytics Services and Workspace Service, but still it will take some time before these services will be available. Today Citrix Cloud consists of multiple services such as XenApp and XenDesktop Essentials, ShareFile, XenMobile and the “plain” XenDesktop deployments which are labeled Apps & Desktops.
So if you plan to start using Citrix Cloud today, what do you need to think about? It is an important fact to know that Citrix Cloud is not a solution which manages your VDA agents (meaning where you applications and data is stored) it is about controlled management plane with additional services.
Brief overview of the architecture
This shows the architecture on Citrix Cloud with Apps and Desktop Service. You have an active subscription with Citrix Cloud and you setup a integration between your resources and Citrix Cloud using a Cloud Connector whic his the link between your resources and Citrix Cloud. These Cloud Connectors are stateless and
To ensure security compliance, the Connector will self-manage. So do not disable reboots or put other restrictions on the Connector virtual machines. These actions prevent the Connector from updating itself when there is a critical update.
Limitations
In Citrix Cloud, Citrix will manage the XenDesktop infrastructure for you, this includes delivery controllers, backend site database, license server and such. Also you will automatically get updated every two weeks as part of it as well which provides us with access to new functionality directly. So what do we as customers need to maintain?
- * VDA Agents (endpoints such as VDI or Session Hosts)
* NetScaler appliances (Unless using NetScaler Gateway as a Service)
* Storefront (Unless using Citrix Cloud Hosted Storefront)
* RDS Licenses and RDS License Server
* Active Directory (We need to bring our own)
So what else are we missing out on?
* Logging and Auditing (Since we do not have the option to check logs on who has been logged into Citrix Cloud from a management perspective.) In case we need to figure out who has logged in Citrix has extensive internal auditing information. If a customer has a concern, contact Citrix within 30 days. They will review the audit logs to determine which of the customer’s administrators performed an operation, on what date, from which IP address, etc.
* The Citrix Cloud control plane is only hosted in the United States, which might pose as an issue for customers who want their resources to be in EMEA.
* The customer owns and manages the Resource Locations. It can be created in any data center, cloud, location, or geo desired. All critical business data (such as documents, spreadsheets, etc.) are in the Resource Locations and are under customer control.
Access from the end-users and management
In regular Citrix XenDesktop and XenApp enviroments we can give end-users access from multiple types of authentication mechanisms such as Smart Cards, SAML, OAuth, KDC Constrained Delegation and even regular LDAP based as well. This allows us to utilize Azure AD or Google IAM to delegate authentication to them as identity providers. Citrix Cloud only supported regular Active Directory authentication for regular end-users. From a management perspective they support Azure AD which allows us to specify which people are allowed to access the management plane.
Using Azure AD as identity provider allows us to get some more insight into who has authenticated into Citrix Cloud, but it does not give us any insight into who has done “what”.
Using Storefront in Cloud
You also have the option if you want to have Storefront hosted from Citrix Cloud as well. When you set this up the end-users can access it from the .xendesktop.net/Citrix/StoreWeb/'>https://<customername>.xendesktop.net/Citrix/StoreWeb/ address. This address cannot be changed. Using this service has still some limitations when it comes to UI customization options, also the ability to do more advanced features such as Optimal Gateway Routing and other Authentication options such as SAML. But again it is a question if you want to manage your own Storefront servers or consume it as a service.
Using NetScaler Gateway as a Service
If you plan on using Citrix XenApp Essentials, NetScaler Gateway as a Service is the default option since it does not require any type of configuration or deployment of virtual instances since it is actually running as a Windows Service on the Citrix Cloud Connector machine. This service is actually “ICA-proxy” as a service it does not provide anyof the Smart Access features such as SSL VPN, Endpoint Analysis, support for the newer protocols such as Framehawk and EDT as well. Also from an authentication perspective it does not provide any other options that regular pass-trough from Storefront option.
You can also use NetScaler Gateway as a service as an option for regular Citrix Cloud deployments as well. You need to be aware of since this is a cloud service running in Citrix Cloud all traffic will be routed trough from your endpoint to Citrix Cloud to the Cloud Connectors and to the VDA agents. This feature is natively supported in Citrix Reciver and Receiver for Web as well.
NGaaS is a multi region geo load balanced services which is available on different locations around the world, and will always try to route a user to the closest PoP. Note that if you do not have PoP which is close to your location you might suffer with higher latency values than setting up your own NetScaler virtual appliances. Also NGaaS does not provide any AppFlow analytics which means that we do not have the insight we might be used to in Insight Center or MAS, it will give information about ICA RTT and such within Citrix Director.
Here is a chart of where the closest PoPs are located:
Eight PoPs in Azure
Azure South Central US
Azure West Europe
Azure Australia East
Azure East US
Azure West US
Azure North Europe
Azure Japan East
Azure Brazil South
Three PoPs in Amazon
US-East
US-West
EU-Centra
Concurrent Users: No Limit
Data Transfer Limit per user: No Limit
Overall Bandwidth Up to 250 Mbps – Can be scaled up with setting up multiple Citrix Cloud Connectors wherever your resources are located.
Cloud health and SLA
Citrix has an SLA for all their different cloud services on 99.9 every 30 days. They also have their own status page for all cloud offerings here –> http://status.cloud.com/
And they have also implemented an subscribe option which allows us to send notifications to Slack or other Webhooks directly to our Service Management tool –> http://status.cloud.com/subscribers/new
NOTE: The status page does not show if there is any planned Maintance.
Is Citrix Cloud an option for me?
After having a lot of good conversations and discussions with customers and partner at Citrix Synergy I got a lot of good feedback which I want to share directly.
* I don’t wanna manage Citrix I just want to deliver my apps and desktops and make it easy for my end-users
* I like the OpEx model for Citrix but they need to make it easier for adjust licenses for our end-users directly.
* For large enterprises we require complete visibility and full role based access control based upon what kind of responbiility our IT-staff has, Citrix Cloud does not have that option yet.
Now I don’t think that Citrix Cloud is going to replace any large XenApp/XenDesktop Enterprise solutions anytime soon, I belive that Citrix cloud will provide customers with an even broader range of deployment options to choose from depending on what kind of setup they are looking for. If you are considering a Citrix Cloud setup, you can use a finished a deployment guide from Citrix here –> http://tools.cloud.com/
What is Windows Virtual Desktop?
Windows Virtual Desktop (WVD) is a cloud-based solution for application virtualization. Using WVD on Azure enables you to:
- Configure a fully scalable Windows 10 multi-session deployment
- Run and optimize Microsoft 365 enterprise applications in virtual multi-user scenarios
- Get free extended security updates for Windows 7 virtual desktops
- Deploy existing desktop services (RDS), as well as Windows Server desktops on any computer.
- Centralize the management of applications and desktop running with Windows 10, Windows Server.
What is Citrix Virtual Apps & Desktops?
- Citrix Virtual Apps and Desktop is a solution for virtualization, which provides access to desktops from all devices while providing IT control and visibility over virtual machines (VMs), applications, security, and licenses.You can leverage Citrix Virtual Apps and Desktops to:
- Run applications and desktops separately from the operating system and device interface.
- Allow administrators to perform network management and control access from user devices.
- Enable administrators to manage a large number of virtualized desktops from a central data center.
Citrix Virtual Apps and Desktops is based on the Flexcast Management Architecture (FMA). The main features of FMA are integrated provisioning and the ability to run multiple versions of Citrix Virtual Apps or Citrix Virtual Desktops in a single location.
Windows Virtual Desktop vs Citrix
Let’s compare Windows Virtual Desktop vs Citrix Virtual Apps and Desktops across several key dimensions: system requirements, cost efficiency, accessibility for small to medium businesses, and administration experience required.
System Requirements
Windows Virtual Desktop
To run WVD on Azure, you need to use a supported operating system (OS) and use the required license. Supported operating systems for WVD on Azure are either Windows 10 Enterprise multi-session, Windows 10 Enterprise, or Windows 7 Enterprise. These operating systems should be accompanied by an appropriate licence.
An Office 365 licence includes plans for Enterprise 3, Enterprise 5, Academic 3, Academic 5, Firstline Workers 3, or Business Premium. A Windows license comes as either Enterprise 3, Enterprise 5, Academic 3, or Academic 5. If you are using Windows Server 2012 R2, 2016, or 2019, the required licence is RDS Client Access License (CAL).
To support Windows Virtual Desktop, your infrastructure must meet certain requirements. The first must-have is an Azure Active Directory that is synchronized with Windows Server Active Directory. You can set this up using either Azure AD Connect or Azure AD Domain Services.
Additionally, you need to connect your Azure subscription with Windows Server Active Directory. Lastly, any Azure VMs you create for WVDs must run on supported images and use either “standard domain-joined” or “Hybrid AD-joined” options.
Citrix
Citrix has specific requirements for machine images, operating systems, and any other software required on the machine for different components of the desktop virtualization platform.
In general, all core components, including StoreFront, located on one server and used for evaluation, require a minimum of 5 GB RAM hardware. If your core components and StoreFront are needed for testing deployment or are used as a small production environment, you will need to reach a minimum of 12 GB RAM hardware.
In addition to general hardware requirements, certain Citrix components should be run using specific operating systems. Citrix Delivery Controller, for example, requires the minimum 5 GB RAM, but also needs 800 MB hard disk. The controller works with either Windows Server 2019 or 2016 (Standard and Datacenter Editions).
If you’re using Citrix Studio, you need a minimum of 1 GB RAM, as well as 100 MB hard disk, and the supported operating systems are Windows Server 2019 or 2016 (Standard or Datacenter Editions) and Windows 10 (64-bit only).
To run Citrix Director, you need a minimum of 2 GB RAM and 200 MB hard disk, and the supported OSs are Windows Server 2019 or 2016 (Standard or Datacenter Editions).
Citrix StoreFront requires 2 GB RAM of hardware and supports Windows Server 2019 or 2016 (Standard and Datacenter Editions) and Windows Server 2012 R2 (Standard and Datacenter Editions). Citrix License Server also needs a minimum of 2 GB RAM.
Additional software requirements:
- If Microsoft .NET Framework 4.8 (or higher) is not installed, it will be installed automatically.
- Microsoft Management Console 3.0 (included in all supported operating systems).
- Windows PowerShell 3.0 or higher.
There are more software requirements for specific components, as you can see in the official system requirements.
Cost Efficiency
One of the biggest differences between Citrix and Windows Virtual Desktop is cost. WVD was designed as a low-cost solution for smaller businesses.
Windows Virtual Desktop
For 100 multi-session desktops with Office on WVD, Azure estimates a total monthly cost of $11,615.26 (see the official pricing page). This includes Office license costs, compute costs, and expected bandwidth for standard knowledge workers. It does not include consulting or implementation costs, which are minimal because WVD is a fully managed service.
Citrix
The starting price of Citrix Virtual Apps & Desktops is $12 per month per user – only $1,200 for 100 desktops. But this does not include license costs or the on-premises infrastructure required. For a comparative setup you’ll need 100 Office Pro Plus licenses, you must set up several local Windows Server machines, and deploy Citrix components on them. You must consider hardware costs and ongoing maintenance costs. In addition, typically you will need consulting services and ongoing support services from Citrix, which also increase the cost of an enterprise deployment.
Accessibility for Small to Medium Businesses
Compared to Citrix, Windows Virtual Desktop is easier to use for small businesses. While Citrix has many advanced features, the cost of implementation and maintenance is high. However, not all businesses (especially small ones) need or want to pay for these capabilities. WVD offers faster and more affordable setup without requiring advanced IT expertise.
Administration Experience
With Microsoft Windows Virtual Desktop, IT administrators can manage their infrastructure in the cloud, with no need to go to or connect remotely to a server room. WVD lets you manage all Microsoft 365 apps, desktops, business applications, security functions and profiles in one web interface. To gain additional capabilities offered by Citrix, you can add Citrix on top of WVD (see the following section).
Security
Citrix provides extensive enterprise security features, including FIPS compliance, Common Criteria certification, Microsoft Credential Guard compliance, multi-factor authentication, smart card integration, ICA proxy, and more. However, WVD provides adequate security measures based on the strong security features of the Azure cloud.
Windows Virtual Desktop
Citrix Vdi Solution
Includes security features like Reverse Connect, a secure virtualization control plane, security for physical hosts, the physical network, and the physical datacenter. However, Azure emphasizes customers need to take responsibility for identity and access management, user device protection, application security, session host operating system security, correct deployment configuration, and network controls.
Citrix
Citrix provides analytics that helps reveal unusual behavior or malicious access to desktops. You can apply Citrix Policies to enable or disable any functionality, and limit application access based on context with Citrix Cloud. Citrix provides a Secure Browser for locked-down access to specific SaaS applications.
User Desktop Experience
What users see on Citrix and Windows Virtual Desktops is completely different.
Windows Virtual Desktop
WVD provides a standard Windows 10 desktop experience. In terms of usability, this is very useful for users who are already familiar with Windows 10.
Citrix
In Citrix, users are presented with a Windows Server operating system. For users acquainted to Windows 10, this is a different experience which can cause challenges for some users. It is possible to configure Windows 10 desktops on Citrix, but this might incur extra costs.
Combining WVD with Citrix
WVD itself is an ideal choice for many businesses (especially startups and small businesses). For large businesses, Citrix can extend Microsoft’s WVD, offering a management layer that increases flexibility, security and optimizes costs.
The combination of WVD and Citrix offers the following advantages:
- Optimization packs for Microsoft Teams and Skype for Business—provides a good audio-visual experience for Microsoft Teams and Skype for Business.
- Hybrid Cloud Model—WVD can only run Windows 10 workloads in multiple sessions on Azure. Citrix provides the ability to also run existing RDSH workloads, either on-premises, on Azure, on any other cloud, or on HCI solutions like Nutanix.
- Citrix HDX—an improved remoting protocol.
- Citrix Machine Creation Services (MCS)—provides a hypervisor API that enables quick generation of VMs with minimal infrastructure utilization.
- AutoScale—quickly adds or removes workloads as needed, with “vertical load balancing” which balances the number of user sessions on a single machine until optimal performance is reached, improving utilization and reducing the number of servers needed.
- App Layering—this Citrix capability significantly reduces management time for Windows images and applications. It separates the applications from the management infrastructure and the operating system. It lets you install each application and operating system patch only once, then update the appropriate template and reload the image.
- App Protection—this Citrix feature improves security when using public resources on virtual desktops and Citrix applications.
- Session Recording—lets users record screen activity during VDA-hosted user sessions for any connection type, in accordance with company policies.
- Citrix Analytics—security and performance analysis leveraging AI, which can help identify and resolve issues and anomalies.
- Citrix SD-WAN—Citrix SD-WAN is a next-generation WAN solution that provides better security, and an improved application environment for SaaS, cloud, virtual applications and desktops.
- Multi-factor authentication (MFA)—Citrix integrates with third-party MFA providers, including Okta, OAuth, and RADIUS.
Addressing DaaS Challenges with Hysolate Isolated Workspace as a Service
DaaS is a great solution for delivering a desktop experience in the cloud, but is far from perfect. When users work remotely, especially in low bandwidth environments, user experience is lacking, especially when running intensive workloads. Users cannot use desktops offline, and there is still management overhead, although less than in an on-premise VDI deployment.
Another factor to consider is the pricing of these solutions. Hosting desktops and storage in the cloud requires a large infrastructure investment from the DaaS vendor, which is passed on to organizational users, creating a heavy, ongoing OpEx expense.
Hysolate solves these problems with an innovative approach called isolated workspace as a service (IWaaS). Users get a local isolated operating system running on their machine deployed within minutes and managed from the cloud.
Isolated workspaces enable:
- A higher level of freedom on employees corporate devices
- Ability to receive 3rd party generated content in an isolated zone
- Access to IT admins, DevOps, developers, and other privileged users in their everyday environment
- Access to employees from personal, unmanaged devices
The behavior of the workspace is managed in the cloud, while all of the computing resources run locally on user machines.
Citrix And Microsoft Vdi
This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience, with offline availability.