Citrix Synergy 2018 had a number of announcements across the product line and it was very exciting to be there and hear about all of them in person. Many attendees are asked to recap what they learned once they get back to the office and it’s almost a blur, tons of content you don’t know where to begin. Backpacks and pins are tangible but the knowledge you gained and share with your peers back in your office is invaluable to your company and the main reason why they send you out to this conference. I wanted to take some time and highlight what I found interesting that you can share within your own organization.
The opening keynote by Citrix CEO David Henshall sets the strategy and vision for the company. This keynote encompasses everything Citrix is doing with the product line and sets expectations for the next year and beyond. If you have time to watch just 1 video, whether you are a decision maker or technical engineer, this is the one I would recommend you watch:
Citrix’s vision – aka The Big Picture
On the left is how we used to do things, on the right is how enterprise mobility looks now. This is what #Citrix can help you get to. No point solutions, an all encompassing solution is the strategy for #Citrix. #CitrixSynergy pic.twitter.com/mdO0IKrquc
— Jason Samuel (@_JasonSamuel) May 8, 2018
Citrix understands that a user’s workspace is more than just virtual apps. A workspace is a holistic approach to bring everything to the user no matter where they are working from. We’ve heard this concept of anywhere on any device but mainly around virtualization over the years. Now it’s changing to ANYTHING, anywhere, on any device. This in my experience has been driven by the business and it’s nice to see Citrix embracing this. Every business unit wants to work a little differently and you have to be ready to cater to what they need so they remain productive. We are seeing this thought process come to every product component in the Citrix portfolio as well an increased integration between them making things feel more like a single product than separate vertical components. This is that holy grail we’ve been wanting for a while now (from both decision makers and engineers) to help simplify a Citrix deployment and now it’s actually happening. During the Keynote I tweeted 2 pictures that illustrates a change in where companies are and where they are wanting to go (or in the process of going to). This is the cloud/mobile era:
We depend on bringing in point solutions to help with some areas of a delivering a proper workspace to users, this usually means someone’s full time job is going to be managing one of those solutions. Or more likely, the Citrix engineer has to wear an additional hat and manage it himself/herself. Citrix is aiming to eliminate some of that complexity by building a more all encompassing solution. I work with many independent software vendor (ISVs) that partner with Citrix as part of the Citrix Ready program to help delivery enhanced capabilities in some of these areas in the slide and I was initially afraid that Citrix was going after some of these ISVs bread and butter. After going to many in-depth technical sessions on this later during the Synergy event, I know this is not the case so no one has to fear anything. Citrix is polishing some aspects of its own product components where it makes sense but it is not trying to displace any Citrix Ready partner solutions. Those point solutions are always going to have enhanced features and therefore be more robust in their focus areas which some customers will need in addition to what Citrix provides.
Citrix’s strategy to execute the vision
#Citrix company strategy for 2018, 3 key areas to help deliver that all encompassing workspace solution to customers. A true Workspace goes beyond just virtualization. #CitrixSynergy pic.twitter.com/TCmC54IpXV
— Jason Samuel (@_JasonSamuel) May 8, 2018
3 key areas Citrix will focus on in 2018:
- Unify portfolio – simplification is in high demand per the VDI LIKE A PRO State of End User Computing 2018 survey annual report. Reducing the overall complexity of the technology stack is actually the #1 challenge people said they wanted to solve.
I was talking to Mark Plettenberg last night who is one of the brains behind the annual survey and he mentioned the full report will be released mid to end of this week. Look out for it to be posted on https://vdilikeapro.com/.
- Accelerate to the cloud – again looking at the initial results from the EUC 2018 survey, migrating to the cloud comes in at #2. In my own experiences there are those customers who continue to want to do everything on prem, mainly because their CIOs haven’t set any proper vision for the company yet. Sometimes there are valid excuses like regulatory needs in your industry/region, governance, etc. but the reality is a lot of that can be worked through as I know several federal agencies embracing this change. It is inevitable that every company out there will have some services being delivered from the cloud. Some from cloud, some from on prem, aka a hybrid cloud. The good CIOs I work with understand that hybrid cloud approach is a necessity in this era and those forward thinking companies is what Citrix has a big focus on. The stragglers will catch up eventually, so I applaud Citrix for continuing the cloud first approach. Change is slow and you’re not going to drop everything in your datacenter into someone else’s datacenter/cloud overnight. You have to have enablers to get you through this change and that’s what Citrix is able to do, aggregate everything seamlessly when the end user tries to access any service you offer. With that said, if you are a 100% on prem customer because you boss’s boss hasn’t said anything otherwise yet, don’t worry because much of what we saw at Synergy this year translates to on prem as well which I’ll cover more in depth later. Also you may not have the same CIO in a few years if they have a 100% on prem approach anyhow, so better learn the new stuff and keep yourself ahead of the curve. 🙂
- Expand to new areas – this is the icing on the cake. Citrix’s self-realization that it’s traditional niche virtualized/apps and desktops many of us engineers have deployed in our career is not a holistic or sustainable view for true enterprise mobility. Yes Citrix has many other awesome products beyond XenApp/XenDesktop like ShareFile and NetScaler but in my experience, it’s been a tough sell getting these fully deployed in environments as per best practice because some of my customers want to just use certain pieces of functionality and therefore limit themselves. They never truly understand the full value of the solution and how it integrates overall into the user experience until I spend a few hours going through it all with them. How many times have I walked into a customer’s environment and they use their NetScalers for just NetScaler Gateway functionality? Or I see ShareFile being used for the Outlook plugin and only for a particular business unit that needed to email large files? There’s so much more than that these products can do but the engineers may not have the knowledge or cycles to go deeper much less educate and get buy in from the business to deploy them fully. Citrix is wanting to get into some of these new areas but make it easier for engineers to deploy these new solutions and features as the business demands them. I got a feeling of Citrix wanting to become more seamless between the products in the portfolio to help accomplish this so really, you are forced to deploy the product stack in a correct and more holistic fashion rather than as point solutions whenever possible.
The concept of a secure digital perimeter (SDP) continues. End user computing without physical borders. You can see from the image that this goes far beyond virtualization.
It’s being called the Citrix Workspace which is a “universal” workspace that can fit any organization. What I really love seeing is the 2 yellow boxes for Single Sign-On and Federated Identity. I have been educating my customers for years now that identity and access management is the key to true enterprise mobility. The infrastructure control plane, cloud or on prem datacenter you drop your workloads in, etc. are all secondary. Getting people in through the front door securely and without forcing them to jump through a bunch of hoops that harms the user experience is the key to making users want to use your Workspace. Citrix gets that. The other item I am happy to see is the rather long pink box for Analytics. Citrix understands that in order to deliver a secure Citrix Workspace there needs to be a way to monitor performance as well as act on security events.
How Citrix intends to deliver this vision
WORK IS NOT A PLACE! #CitrixWorkspace App is the core of that change for companies. Productivity means having everything in front of your users at all times from anywhere. Preach on .@DavidJHenshall #CitrixSynergy pic.twitter.com/RkPhyUdSHG
— Jason Samuel (@_JasonSamuel) May 8, 2018
The keystone to delivering this secure digital perimeter that contains the Citrix Workspace with all the apps, desktops, on-prem or cloud content the user expects in a secure fashion will be the Citrix Workspace app. Think all the functionality of existing Citrix clients like Citrix Receiver, Citrix ShareFile, Unified Gateway type SSO, contextual access, and a containerized browser all mashed into one. It just makes sense when you see it. I’m not only a Citrix engineer/architect but I’m also an end user. I don’t want to open Citrix Receiver to launch my virtual desktop and then then ShareFile to access my files. It makes sense to bring everything together seamlessly. What was exciting about this is the ability to:
- Launch virtual apps and desktops like Receiver.
- Open and sync ShareFile content that follows you no matter which XA or XD session you were in before. Files can also launch virtualized apps as readers, example a .psd can open in Photoshop delivered from XenApp!
- Pre-built SSO to all the popular SaaS based web apps (with more being added).
- Collections of apps to on-board a new user to the company with 1 click.
- Built-in Chromium based web browser than can block phishing attacks, disable copy/paste, add a session watermark, and other policy enforcement. Caroline Long gave a great demo of this in action pretending to be on an airport WiFi and accessing Salesforce.com which added a watermark overlay and a Gmail account to block a spearfishing attack that looked like it was an email from her bank. Every web app you browse is connected directly from your app to the SaaS app, just like a normal browser. But it’s also talking to Citrix’s cloud based service to grab the policy you have set and laying it down as an enforcement overlay. All processing is done locally, no virtualization involved at all for any of this. That means no more having to publish web browsers in XenApp which is a nightmare to harden properly! Just do it natively in Workspace and eliminate the whole virtualization aspect or opening up risks on your server subnets. 🙂 All the Workspace usage shows up in the new Citrix Analytics service (which I’ll cover more in depth later) under App Security so malicious domain access are all logged. If there is a phishing attack happening on your users or compromised credentials ex-filtrating data, you’ll know about it here. You’ll see all the websites being blocked as well the the amount of data being moved out of your organization.
- Universal search that will search against all things the app aggregates.
- Fully brandable logos and colors, even the app icon on mobile devices can be made to look like your company logo and have its own name. After all it’s YOUR company workspace, not Citrix’s. The word Citrix doesn’t have to be on anything end user facing. You’re not selling Citrix to your end users, you’re selling them an experience so they say “WOW, my company lets me work better than any company I’ve been at before!” and not carry any baggage of poor experiences they may have had at other companies where things weren’t as smooth.
None of these sounds groundbreaking by itself but the combination of these within Citrix Workspace App really helps polish a unified Citrix experience for the end user. Something that I have personally had to deal with at many companies as I trained end users on what we deployed. No more 10 page end user training docs, it’s all just natural from what we’ve been shown at Synergy. Pictures just don’t do it enough justice so hit play below to see it in action shown off by Carisa Stringer and Calvin Hsu at the 35:37 mark:
Other cool things shown across the portfolio:
- Going from an email thread to a Slack conversation with just a click.
- Citrix Casting ability to fling what’s on your mobile device to any screen with an N-Computing or Viewsonic HDX Ready Raspberry Pi thin client.
- Self-service integration with ITSM provider ServiceNow. This is big in my opinion. No more waiting to get permissions from someone to be productive. Users can self provision anything in Workspace. Many years ago when I was a customer and my team built one of the most cutting edge Citrix environments in town, I remember my boss asking how to get this integrated into the company ITSM solution so users can know about it and self provision access to what we were delivering in our service. Unfortunately you’re at the mercy of whatever workflow some other team puts together so it may not be the best “front door” to truly showcase the solution. No more, now Citrix has built this into ServiceNow and I saw a demo of it on the expo floor later. What I saw is exactly what my boss back then had asked for and what my customers ask me for today. Really excited about this one! Watch the SYN141 session on it here.
- Desktop and laptop management of Windows, Apple, and Linux. As in co-existing with SCCM, not a replacement. This joins the existing mobile device management of iOS, Android, etc. You also will have the ability to manage IoT devices with the first ones being Raspberry Pi and Linux based so think the new N-Computing based Workspace Hub thin clients. Further they went into support for Chrome OS, Apple tvOS, and Amazon Alexa for Business which believe it or not is making their way into companies, I have seen this first hand at some customers with consumer devices hooked up to the corporate WiFi. There are many implications when people start bringing in these devices and hooking them up to the corporate network. Even if it’s a guest network these devices will ex-filtrate metadata unknowingly that you may not want out there and need some controls around. This is all encompassing device management is called Citrix Endpoint Management.
- Citrix Cloud support for Azure Government. This is something federal customers have been asking for.
- Announcing broad availability of Citrix Analytics. This is a BIG security play by Citrix and is a key differentiator in my opinion. We have used traditional dashboard oriented monitoring solutions like Director and NetScaler MAS from Citrix in the past. Now Citrix is going to add a security focused component called Citrix Analytics that is not monitoring/alerting, but an automated system that takes actions on security events it sees and learns in your environment through machine learning (ML) algorithms and artificial intelligence (AI). It shuts down malicious user behavior you didn’t even know was happening. PJ Hough explained this is a closed loop system built in Microsoft Azure, as in it talks to the proprietary Citrix components directly as well as the partner ecosystem, and takes action on them based on user behavior analytics. It is not a replacement for traditional security information and event management solutions (SIEMs). In fact it will actually feed data to SIEMs that those solutions could not previously see. It models the behavior of each and every one of your users and creates a unique “fingerprint” of their day to day activity. If it detects something has changed it then evaluates and takes action on this anomalous behavior. Example, a user suddenly accesses the Citrix environment from a country they’ve never been to and on a never before seen BYOD device. Then they attempt to download several gigabytes of intellectual property from ShareFile which they don’t normally do. Citrix Analytics will realize the combination of these factors is a risk and tell ShareFile to disable the user’s account temporarily for example (or whatever action you choose). In several later sessions at Synergy the product managers and data scientists behind this covered the machine learning algorithms in play here and it all made my brain hurt quite frankly, there is so much thought put into this. I’m glad it’s all automated. Think of Citrix Analytics as an extra member of your Citrix team, a threat hunter that can specifically look and take action on things it sees within the Citrix ecosystem as well as send flags up to traditional SIEMs you may have deployed already in your security operations center (SOC). I don’t want to spend a whole lot of time deploying Citrix Analytics nor do I want to have yet another dashboard to stare at. Citrix Analytics is on by default with cloud based Citrix services with just 1 click to enable data flow. For on prem it’s just a few steps to suck in data using agents. It pulls analytics data from all the core Citrix products you currently have deployed on prem. Then you specify the rules/actions you want to take when bad user behavior is detected and you’re done, it’s autonomous after that. This is really exciting stuff to me! We are often asked to deploy applications but the security team takes the full responsibility of mitigating risks associated with those apps. Now you as the Citrix engineer can help your security team out that will have them jumping up and down for joy once they hear what you can do within your Citrix environment. If you want dive deeper, checkout the recording for SY124 covering Citrix Analytics by Blake Connell and Mathew Varghese.
Autonomous close looped security platform in #CitrixAnalytics to examine and act on user behavior. This is not another dashboard or monitoring solution that your staff has to man 24/7. This is true #MachineLearning at work here being an extra member of your team. #CitrixSynergy pic.twitter.com/VIqUV5oxgG
— Jason Samuel (@_JasonSamuel) May 8, 2018
- Announcement of Citrix Cloud App Control, SD-WAN Service, and Intelligent Traffic Management. Citrix Networking products being extended into clouds even more so than before. I’m not talking about deploying NetScaler VPX appliance in Azure. Citrix has taken components of IAM, ADC, and SD-WAN and stuck them wherever your workloads are as individual services. Cloud App Control feels like in my opinion Citrix’s entrance into the cloud access security broker (CASB) market which is something I’ve been wondering about since I first heard Gartner use the term. There is also an SD-WAN Service for managed services providers (MSPs). This is big news because I work with a lot of customers in this space and the internet service provider (ISP) sometimes wants to push their own solution so it’s a single vendor you have to pay for the circuit as well as the optimizations. Now I’m thinking they can sell Citrix SD-WAN to you as an option. The last item is Intelligent Traffic Management which came from the Cedexis acquisition. This is intelligent traffic steering based on crowd sourced metrics to help deliver the Citrix Workspace to users wherever they may be working from as fast as possible. So let’s say you have an office in a country with poor Internet links and a user wants to do a video call. Now with intelligent traffic management that video call can be delivered down the best route possible based on real-time crowd sourced data on the best path to take. It’s already used by LinkedIn, Microsoft, Tumblr, Bloomberg, AirFrance, Nissan, and others so I’m really excited to test this out myself and see how it works.
- Embracing passwordless single sign-on (SSO). As a Solutions Architect and Security Practice Lead, this comes up all the time from my customers. Credential theft, usually as a result of spearfishing attacks, is the number one reason for intrusions and many of my customers want the benefits of passwordless authentication solutions such as personal identity verification (PIV), common access card (CAC), or Smart cards but without the legacy baggage that comes along with them. They want modern authentication that works on all devices but with passwordless options, where the user does not know their password and the system has to authenticate them using other means besides the traditional public key infrastructure (PKI) certificate approach. Citrix CTO Christian Riley showed off a live demo of Microsoft Windows Hello using facial recognition from a Microsoft Surface Pro camera to login not only into the Windows OS which many of us are doing using the camera or fingerprint readers on devices these days, but also into the Citrix Workspace itself. Biometric logins to access Citrix from any device without having to implement 3rd party solutions is what many have been waiting for so I was very excited to see this work so well! Note, this is not being released soon and was a demo showing the forward thinking projects Citrix is working on, think of it as a sneak peak on what’s coming.
#Citrix embraces a passwordless future with #Microsoft #WindowsHello #CitrixSynergy. Facial recognition to login was so fast I could barely capture it happening. #SSO ALL THE THINGS!!! Nice job .@reillyusa pic.twitter.com/VYEb1NsPyP
— Jason Samuel (@_JasonSamuel) May 8, 2018
How Citrix differentiates from others
— Jason Samuel (@_JasonSamuel) May 8, 2018
There are many great solutions out there and Citrix recognizes this. The way they are differentiating Citrix Workspace from others is having the most amount of choice. In this case a choice of 4 cloud providers currently for your hybrid or multi-cloud strategy: Microsoft Azure, Google Cloud, Amazon AWS, and Oracle Cloud. And a choice of 4 on prem hypervisors: Citrix XenServer, Microsoft Hyper-V, Nutanix AHV, and VMware ESXi. Additionally we saw HCI (hyper converged infrastructure) choice in the form of platforms from: Nutanix, HPE, Cisco, Flexxible IT, StorMagic, Lenovo, and Dell EMC. HPE and Cisco are new HCI partners and those platforms will be certified and available within 90 days.
Citrix’s Promise – everything we saw available in 90 days!
At the 3:57 minute mark of the YouTube video David states that everything shown during the keynote is real and will be available shortly. This is very different from what we’ve seen before. Usually at an industry conference we get hyped up on the vision with mockups or early UIs as visuals. The full product takes time to materialize and may not even work exactly as shown. At the 1:36:08 mark, PJ Hough surprises the audience saying everything shown during the keynote is already available or will be available within the next 90 days! Legal departments at software companies hate it when a company sets a hard release date, setting a commitment to the end user and not meeting it is not good for business. Citrix is throwing the gauntlet down and saying everything shown will be GA (generally available) in 90 days, no vaporware! That means they are confident that the development cycle is so far along for all these as yet unreleased pieces that they are making this promise. This is not a small feat so I’m really excited to see this and definitely want to give a shout out to all the engineering teams making this possible.
— Citrix (@citrix) May 8, 2018
Microsoft Server 2019 and RDmi
Special #CitrixSynergy guest from #Microsoft, #RDS program manager .@RDS4U! He’s covering #RDmi & #Server2019 with #Citrix #XenApp and all the collaboration between the teams. Good info! pic.twitter.com/sGwioMVPVy
— Jason Samuel (@_JasonSamuel) May 10, 2018
During the keynote there was a big section dedicated to integration between Google and Citrix. It was a great segment and I have personally deployed some of the items showcased in the partnership like Chromebooks as well as the ShareFile integration points. The Autoscale for Google Cloud was the big announcement. But one partner that was missing it’s usual heavy presence in the keynote was Microsoft who we have gotten used to seeing on stage year after year. There was a brief slide by Steve Wilson talking about day 1 support for Server 2019, embracing RDmi by doing a first project of allowing RDmi apps to be able to be accessed from within Citrix Workspace (which I took as even more coming later 😀 ), and using Citrix SD-WAN with Azure.
To get more info on this partnership and collaboration between Citrix and Microsoft, I felt it was more represented in a technical session I attended during the event and I want to draw a spotlight to it because we saw the future of Citrix on Server 2019 and RDmi (Remote Desktop modern infrastructure) in much more depth. I’m under NDA from both Citrix and Microsoft so it’s been killing me to not be able to talk about some of this. That all changed with SYN127 where Fernando Klurfan and Chris Edwards went over some of the advancements and then introduced a special guest from Redmond, Scott Manchester from Microsoft who is the Group Program Manager for RDS (Remote Desktop Services) to further speak on the joint Microsoft and Citrix collaboration. 🙂
— Jason Samuel (@_JasonSamuel) May 10, 2018
You can watch the full session recording here. There’s even a demo of XenApp 7.18 running on Server 2019 Fernando runs through (yes, with the RDSH role fully intact). Going forward you can grab beta builds of XenApp/XenDesktop including the latest 7.18 beta through the Citrix Insiders program. 🙂 Sign up here.
— Citrix (@citrix) May 11, 2018
Citrix did something I’ve never seen them do before this year. In the past sessions took some time before they were available online for viewing. This year, every technical session that was being recorded was uploaded by pretty much the end of the day. I applaud whichever team managed to pull this off. You can watch every Synergy session here on demand for free and without having to login, use the filter menu on the right to filter sessions down if you need to:
Additionally many (but not all) of those videos were also uploaded to YouTube! Makes it easy to watch in the gym, on a plane, during a lunch break, etc. and catch up on things you may have missed very easily from any device. And you can create a playlist. A lot of good sessions were happening concurrently so I’m taking advantage of this and catching up on sessions I missed. Almost every session I attended had some tidbits of knowledge not shown publicly before so it’s worth watching them:
I tried to post tidbits I learned to Twitter so follow me on Twitter and run through my most recent Tweets to see some of the extra bits I learned during sessions. Hope all this info helps you share the knowledge you learned at Citrix Synergy 2018 with the rest of your organization! See you at Citrix Synergy 2019, May 21–23 in Atlanta, Georgia next year! 😀