Preview only show first 10 pages with watermark. For full document please download

Cdw Citrix 10 Things Event

Rating
Date

August 2018
Size

8.4MB
Views

8,919
Categories

Computers & electronics Networking VPN security equipment

Transcript

10 Things You Should Be Doing With Your Citrix Infrastructure 20th October 2016 AGENDA Arrival and Registration 09.30 Welcome and Introductions 09:40 Citrix and Microsoft 10.00 Network Optimisation 10.15 Unified Communications 10.30 Citrix FrameHawk 10.45 Netscaler for XA & XD 11.00 Coffee Break 11.15 XenMobile 11.30 Windows Server 2016 11.45 Lakeside 12.05 Hyper-Converged, Atlantis 12.25 AppSense 12.40 Q&A and Close 13.00 Lunch and Networking CDW Confidential, 2016 KEY SPEAKERS Andy Osborne CDW - Solutions Architect Accreds: Citrix Expert, Citrix PTEC, Atlantis ACE Kyle Davies CDW - Solutions Architect Twitter: @kdavies1988 Accreds: vExpert 2016, Citrix Expert, Atlantis ACE, etc. Lyndon-Jon Martin Citrix Senior Systems Engineer CDW Confidential, 2016 20/10/2016 Citrix & Microsoft Better Together Lyndon-Jon Martin Senior Systems Engineer - Channel UKI Mobile - +44(0)79 7277 5902 E-mail - [email protected] Twitter - @lyndonjonmartin LinkedIn - http://uk.linkedin.com/in/lyndonjonmartin/en 4 © 2016 Citrix | Confidential – Content in this presentation is under NDA. Slides by [email protected] Private Cloud Aligning Microsoft EMS (NetScaler VPN) & XenMobile (EMS enabled) Hybrid Cloud XenDesktop Win 10 delivery on Azure XenApp Express Service 5 © 2016 Citrix | Confidential – Content in this presentation is under NDA. Slides by [email protected] Public Cloud Co-dev & roadmap Best UX as a virtual app delivered by XAD Scheduled Day 1 support with Citrix XenApp Win 10 on Azure by Express Service Citrix Cloud Connector 6 Windows App Windows Apps Active Directory © 2016 Citrix | Confidential – Content in this presentation is under NDA. Slides by [email protected] Better Together www.citrixandmicrosoft.com 7 © 2016 Citrix | Confidential – Content in this presentation is under NDA. Slides by [email protected] NETWORK OPTIMISATION Andy Osborne – CDW Workspace Solutions Architect NetScaler Provides a Complete App Delivery Solution Other SaaS Apps Citrix ShareFile Citrix NetScaler SD-WAN Citrix NetScaler Gateway & ADC Citrix XenApp Branch user Citrix XenDesktop Citrix XM Client Citrix XenMobile Other Apps For Apps anywhere, Users everywhere CDW Confidential, 2016 Challenges with the Enterprise WAN Typical Which Portion of Your Network Access Is Most Expensive? Type 7% Network Security The WAN is the Most WAN Expensive Part of the Data Center Enterprise Network Consumer-grade DSL Downtime Availability Per Month Per Circuit 98% 15 Hours And often lacks the 65% Businessreliability DSL 99.0% that7 Hours 21% Metroenterprises Ethernet 99.5%need 4 Hours 6% Campus/User Edge MPLS Leased Line 0% 10% 20% 30% Gartner Data Center Conference Dec 2015: Top 10 Ways to reduce Network/Telecom Budget presentation CDW Confidential, 2016 40% 99.9% 50% 1 Hour 60% 70% Gartner: VDI needs SD-WAN Gartner: VDI and DaaS Demand the Enterprise Architects Rethink Their Network Architectures CDW Confidential, 2016 NetScaler SD-WAN Secure, cost-effective, and reliable app and media delivery to the branch Reduce Cost by up to 5X Always on Branch Better User Experience CDW Confidential, 2016 Simplify Branch Network Centralize Control and Management Standard Edition WANOP Edition Enterprise Edition Scale bandwidth, ensure availability, and reduce costs Optimize bandwidth while accelerating application delivery Fully integrated solution for efficiency, reliability, and usability CDW Confidential, 2016 NetScaler SD-WAN: Standard Edition SD-WAN Internet (DIA/DSL/Cable) IP Sec NetScaler SDWAN MPLS 4G LTE / Satellite IP Sec NetScaler SDWAN • Logically bonds multiple, distinct WAN connections into one virtual path • Encrypt data between devices to provide end-to-end security • Direct packets based upon application needs, link performance, and business policies CDW Confidential, 2016 NetScaler SD-WAN: WAN Optimization WAN Optimization MPLS WAN Optimization NetScaler SDWAN NetScaler SDWAN Used in conjunction with a single WAN link or independent WAN links Improves the user experience by accelerating application protocols Reduces bandwidth utilization by compressing and de-duplicating application data Provides details into application performance delivery through AppFlow CDW Confidential, 2016 NetScaler SD-WAN Center for Scale and Management NetScaler SD-WAN Center • Single pane of glass for branch, DC, Cloud • Config, manage, report • No branch or device config required Cloud/SaaS Branch Branch MPLS INTERNET 4G/LTE SATELLITE Datacenter CDW Confidential, 2016 Zero-Touch Service Benefits • • Effortless deployment • Secure association and geo-location • Zero configuration on device at deployment site • Mobile App Installer/Outsource friendly • Facilities for installer tracking, ”run-book” for physical install, cabling at remote site Zero Touch Service 2 1 3 Central Management & Reporting Platform REMOTE / BRANCH Controller CDW Confidential, 2016 Intelligent Path Selection End-to-End QoS Secure Edge Routing CDW Confidential, 2016 Application Optimization Management & Visibility Intelligent Path Selection End-to-End QoS Secure Edge Routing CDW Confidential, 2016 Application Optimization Management & Visibility Real-Time Path Measurement and Selection Logical tunnel created by encapsulating in UDP Intelligently measures paths in each direction Internet (DIA/DSL/Cable) Real Time Algorithm NetScaler SD-WAN Real Time Algorithm MPLS NetScaler SD-WAN Selects link based upon one-way measurements Optional ability to bias towards a particular path CDW Confidential, 2016 Path Bonding for Improved Throughput Not just path selection as with other solutions Spreads application traffic across multiple links (if needed) Uses real time measurement to understand available bandwidth Internet (DIA/DSL/Cable) NetScaler SD-WAN MPLS Assigns highest priority applications to best path for that application CDW Confidential, 2016 NetScaler SD-WAN Packet Duplication for Lossless Connectivity Packet is duplicated across the two best links MPL S Packet that arrives first is forwarded on Example without duplication 4G NetScaler SD-WAN NetScaler SD-WAN Works even for a single uncongested link Packet arriving last is discarded Ensure success of Skype for Business or other VoIP solutions CDW Confidential, 2016 Example with duplication Lossless Failover Then traffic is shifted to remaining links within a couple packets Lost packets can be retransmitted and reordered so application sees a clean connection Internet (DIA/DSL/Cable) Real Time Algorithm NetScaler SD-WAN Real Time Algorithm MPLS If one link fails or degrades significantly CDW Confidential, 2016 NetScaler SD-WAN CDW Confidential, 2016 Intelligent Path Selection End-to-End QoS Secure Edge Routing CDW Confidential, 2016 Application Optimization Management & Visibility NetScaler SD-WAN is HDX aware 3.HDX aware pattern matching: • Nano- / memory- / disk-based compression 4.Prioritizes HDX channels / facilitates IP layer QoS • Supports both single-stream or multi-stream CDW Confidential, 2016 Drive Mapping Printing Audio Video ICA TCP 2.Identifies and parses HDX traffic: • Thin-wire data (e.g. mouse movements, keyboard) • Multimedia (e.g. video and audio content) • Bulk operations (e.g. print / file downloads) • Client management (e.g. auto-updates) Lower Priorit y Screen Updates Local Text Echo Session Control 1.Offload of compression from XD/XA server • Reduces load on XD server/client • Plus benefits of cross-session compression Higher Priority Multi-Stream HDX with Enterprise Edition NetScaler SD-WAN Thinwire Data Center NetScaler SD-WAN Graphics MPLS Sm artcard Audio Clipboard Clipboard Media Client Host HDX Branch Office File Transfer M obile sensors INTERNET Printing HDX Insight Print Multi-Stream ICA with virtual channel steering CDW Confidential, 2016 Intelligent Path Selection End-to-End QoS Secure Edge Routing CDW Confidential, 2016 Application Optimization Management & Visibility NetScaler SD-WAN Center: Management capabilities • • • • Centralized, aggregate dashboard view Configuration of the network, application priorities and optimization needs Proactive SLA monitoring for WAN links Fault management and alerting capabilities CDW Confidential, 2016 NetScaler SD-WAN: application visibility via AppFlow ICA HTTP CIFS NetScaler SD-WAN • • • • Protocol Specific Information Wan Optimization Compression Statistics TCP/IP Network Layer Information Enhanced network diagnostics and reporting Real time and historical views Create customized reports and analytics Visualize with Citrix Insight Center or a 3rd party app CDW Confidential, 2016 Troubleshoot to the Branch with NetScaler SD-WAN Branch users NetScaler SD-WAN WAN NetScaler SD-WAN AppFlow Insight Center App HDX CDW Confidential, 2016 WAN Understand App Performance and User Experience Branch users NetScaler SD-WAN NetScaler SD-WAN WAN AppFlow Insight Center Application Performance Application Usage CDW Confidential, 2016 User Experience NetScaler SD-WAN: WANOP Line Up Model Capacity (Mbps) HDX 5000 1,500 – 2,000 3,500 – 5,000 4000 310 – 1,000 750 – 2,500 3000 50 – 155 300 – 500 2000/2000WS 10 – 50 100 – 300 1000/1000WS 6 - 20 60 - 200 800 2 – 10 20 – 100 400 2–6 10 – 30 VPX 2 – 200 15 – 250 CDW Confidential, 2016 Form Factor Software NetScaler SD-WAN: Standard Edition Lineup Appliance Virtual WAN Capacity (Mbps full duplex) Virtual Path Capacity (Fixed/Dynamic) 5100 1000/2000/3000/400 0 256/32 4000 300/500/1000/2000 256/32 2000 100/200 32/16 1000 20/50/100 16/8 410 20/50/100/150 16/8 VPX 10/20/50/100 16/8 CDW Confidential, 2016 Form Factor Software NetScaler SD-WAN: Enterprise Edition Lineup Appliance 2000 1000 Virtual WAN Capacity (Mbps full duplex) WAN Op Capacity* (Mbps) Virtual Path Capacity (Fixed/Dynami c) Concurrent HDX Sessions 250 50 32/16 300 200 20 32/16 200 100 10 32/16 100 100 20 16/8 200 50 10 16/8 100 20 6 16/8 60 10 4 16/8 40 CDW Confidential, 2016 Form Factor UNNIFIED COMMUNICATIONS Kyle Davies – CDW Workspace Solution Architect HIGH DEFINITION EXPERIENCE HDX Broadcast ICA and RDP protocol support for access from any device, anywhere HDX Plug-n-Play Access to local resources and peripherals, including USB devices and printers HDX MediaStream Video and audio playback HDX RichGraphics 2D/3D graphics incl. Adaptive Display, HDX 3D Pro and Microsoft RemoteFX HDX RealTime Voice and video for real-time collaboration HDX WAN Optimization Performance and bandwidth optimizations for branch offices with NetScaler SD-WAN HDX Mobile Touch navigation for Windows apps; local device features HDX Adaptive Orchestration Best user experience based on server, network connection and user device CDW Confidential, 2016 WHY SKYPE FOR BUSINESS IS A PRIORITY FOR CITRIX • Over 75% of surveyed customers have budget for Unified Communications • 3 out of 4 Citrix customers adopting UC have chosen Skype for Business • Over 100 million people were using Lync (now Skype for Business) to communicate for work as of March 2015 • 90+ of the Fortune 100 have adopted Skype for Business CDW Confidential, 2016 CDW Confidential, 2016 CHALLENGES DELIVERING SKYPE FOR BUSINESS (VIRTUALISED) • Video processing is CPU intensive • Could significantly reduce server scalability and inflate average cost-per-user • Media quality can be reduced by transcoding or re-packetization • Users may be far from the data center where the UC client is running • Users are free to reconnect from a different device type as they roam CDW Confidential, 2016 NO OPTIMIZATION! CDW Confidential, 2016 OPTIMIZED CDW Confidential, 2016 THE ANSWER User 2 CDW Confidential, 2016 THE FALLBACK User 2 CDW Confidential, 2016 LEARNING FROM EXPERIENCE – HOW HAVE WE GOT HERE Microsoft v1 VDI Plug-in Citrix HDX RealTime Optimization Pack 1.8 • Microsoft-developed solution supported by Citrix, delivering native UI experience • XenDesktop VDI only (Microsoft support) • Windows devices only • Full virtual desktops only • No support for Office 365 • Large footprint on user device • “Limited support” for Call Delegation etc. • No smart card support • Citrix-developed solution using Microsoft APIs, with some UI differences and feature gaps • XenApp & XenDesktop (Enterprise/Platinum) • Redirection to Windows, Linux, Mac • Full desktops or published Skype for Business • Customer premises and Office 365 • Small footprint • Smart card support • No statement of support from Microsoft CDW Confidential, 2016 MICROSOFT & CITRIX TOGETHER Close collaboration between Microsoft and Citrix, direct developer interaction, weekly meetings, documentation sharing, joint testing New improved v2 architecture that addresses the challenges of both previous optimized solutions Multi OS (Linux, Windows, Mac…) Formal relationship and joint support story Leverages Citrix HDX RealTime Media Engine (Receiver plug-in) Launched January 2016 • Skype for Business 2015 client PU from Microsoft • HDX RealTime Optimization Pack 2.0 release from Citrix CDW Confidential, 2016 JOINT SUPPORT MODEL • No more he said she said between vendors • Open a ticket with the vendor whose code you suspect to be causing the issue • The vendor receiving the trouble ticket will triage the issue and escalate as appropriate • Each vendor can open trouble tickets with the other vendor as needed, eliminating the need to pong the issue back to the customer for redirection CDW Confidential, 2016 MICROSOFT AT CITRIX SYNERGY CDW Confidential, 2016 MICROSOFT AT CITRIX SYNERGY Microsoft Corporate VP Brad Anderson “The Skype for Business team actually has engineered Skype for Business to be optimized in Citrix environments” “We’ve integrated with HDX, and it’s the only protocol we’ve integrated with” “This is the only VDI solution that Skype for Business has been optimized for” CDW Confidential, 2016 WHAT WAS NEW COMPARED TO 1.8? • • Native Skype for Business UI Additional features, including: • Call Delegation & Response Groups • Voice Mail integration • Automatic Join Meeting audio • Emoticons • Web Proxy support • Support for Click-to-Run • Status icons (Connecting, Connected, etc.) • Active speaker identification CDW Confidential, 2016 JUNE 2016: HDX REALTIME OPTIMIZATION PACK 2.1* “Skype for Business 2016 ready” • Endpoint identification for Location Services (e.g. E911) • Performance optimizations • Improved video quality, especially on conference calls (H.264 SVC with FEC) • Improved audio quality (FEC, Silk codec) QoE reporting Federation with consumer Skype Control of systray notification balloons Interop with server-based audio recording 64-bit Linux RealTime Media Engine * In conjunction with mandatory Microsoft Skype for Business 2015 client update (June PU) CDW Confidential, 2016 OPTIMISATION V2 OVERVIEW Authentication stays in the DC Data Center Authentication Skype for Business client Citrix Server XenApp or XenDesktop SIP signaling & IM (min. Dec’15 PU) Data collaboration or Lync Server 2013 HDX Connector IM/Signalling stays in the DC Skype for Business Server 2015 Native Skype for Business Experience User Device (e.g. thin client) ICA Virtual Channel HDX Connector co-developed by Microsoft-Citrix Citrix Receiver Media offload to the endpoint HDX RealTime Media Engine (Receiver plug-in) AV media Calls are direct Other Skype for Business user endpoint or server Cross Platform, Rich Device Support Unique to Microsoft and Citrix 15 © 2016 Citrix CDW Confidential, 2016 WHAT DO I INSTALL? • Single download, single install • Ideal for BYOD and at-home workers on unmanaged devices • Latest bundle packages Windows Receiver 4.4.1000 and HDX RTME 2.1 https://www.citrix.com/downloads/citrix-receiver/additional-client-software/hdx-realtime-media-engine-201.html CDW Confidential, 2016 ENDPOINT SUPPORT User Device Operating System Support Windows Support Windows 10 Windows 8 & 8.1 Windows 7x Windows Server 2012 R2 Windows IoT Enterprise WES7 WES 2009 Windows Thin PC Linux Support Red Hat Enterprise Linux Ubuntu SUSE Enterprise Desktop SP1/SP2 CentOS HP ThinPro (partner provided) Unicon eLux (partner provided) ThinLinX TLXOS (partner provided) Mac OS X Dell Wyse ThinOS CDW Confidential, 2016 Citrix Optimization Pack J J J J J J J J J J J J J J J J J J J SKYPE/LYNC SUPPORT Citrix HDX Optimization Pack Skype/Lync Support Skype for Business Server 2015/2016 J Office 365 (Skype for Business Online) J Lync Server 2013 Lync Server 2010 (now at End of Mainstream Support) J J Requires HDX RTOP 1.8 Skype for Business 2015 client J Skype for Business 2016 client J CDW Confidential, 2016 CDW Confidential, 2016 CDW Confidential, 2016 CDW Confidential, 2016 BUT WHAT ABOUT OTHER UC SOLUTIONS??? CISCO VIRTUALIZATION EXPERIENCE MEDIA ENGINE - VXME • It still exists, originally designated VXME thin clients • Cisco Virtualization Experience Media Edition extends the Cisco Jabber for Windows collaboration experience to virtualized environments by facilitating realtime voice and video traffic processing on the local devices. • With Cisco VXME, organizations can deliver the same uncompromised user experience of Cisco Jabber to virtual desktops on thin clients and Windows PCs. CDW Confidential, 2016 VXME ON XENDESTOP • Resembles that of the HDX RealTime Optimization Pack (RTOP) for Skype for Business. • There is a VXME Agent that you install alongside the hosted Jabber client, and a VXME Client (media engine) that runs as a plug-in to the Citrix Receiver on the user device. CDW Confidential, 2016 VXME ON XENAPP • Authentication is handled by the Jabber client. Media processing is all done on the user device. • Audio-video quality is preserved by avoiding “hairpinning” of the media traffic through the XenApp or XenDesktop server(s). CDW Confidential, 2016 BUT WHAT ABOUT OTHER UC SOLUTIONS AND OTHER PLATFORMS??? VXME ON XENAPP CDW Confidential, 2016 CITRIX FRAMEHAWK Lyndon-Jon Martin – Citrix Senior Sales Engineer What is HDX & Framehawk? What is HDX Framehawk DCR ICA Connection Thinwire HDX technologies offer a set of capabilities that deliver a “highdefinition” experience to users of centralized applications and desktops, on any device and over any network. HDX technologies are built on top of the ICA remoting protocol, proven in large enterprise environments and accessed by millions of users globally. http://www.citrix.com/content/dam/citrix/en_us/documents/productssolutions/citrix-hdx-technologies.pdf KB & Mouse Flash Generic USB Smartcard Multimedia Clipboard Framehawk within HDX It is one of a few graphics modes that forms part of HDX Broadcast i.e. our remote graphics technologies for virtual app & desktop delivery. Audio CDM Skype4B Printing Mobility SDK Mobile sensors CDW Confidential, 2016 Introduction to Framehawk? Where did it come from? Citrix Acquisition Citrix acquired Framehawk in 2014 and its initial Citrix release was June 2015 https://www.citrix.com/blogs/2015/06/30/our-first-release-of-framehawktechnologies/. The Basic’s Satellite External Firewall Cellular NetScaler UG Internal Firewall ü Framehawk is a display remoting technology for mobile workers on broadband wireless connections (Wi-Fi and 4G/LTE cellular networks). Virtual Apps & Desktops ü Framehawk overcomes the challenges of spectral interference and multipath propagation, delivering a fluid and interactive user experience to users of virtual apps and desktops. ü Framehawk may also be a suitable choice for users on long-haul (high latency) broadband network connections where even a small amount of packet loss can otherwise degrade the user experience. SuGgEsTeD Use Cases by Internet Connection Type ü Remote users connecting back using 4G/LTE cellular networks Wi-Fi ü Cruise liners or remote research centres that utilise a satellite connections for comms ü Wi-Fi connections (spectrum interference) inside organisations & roaming ü Long-haul (high latency) broadband network connections CDW Confidential, 2016 Understanding Framehawk http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-11/hdx/framehawk.html What is it? Framehawk was built as an intent engine to focus on what is what is right vs. relevant to the user. Think of Framehawk as a software implementation of the human eye, looking at what's in the frame buffer and discerning the different types of content on the screen ü Never retransmit always focus on the users experience ü A human heuristic driven graphics display ü It doesn't replace the set of Thinwire+ technologies ü Framehawk technologies speed up interactivity over a broad range of mobility scenarios ü It solves UX on networks with jitter, high packet loss & congestion Satellite Cellular Wi-Fi ü Framehawk is defined as a “lightweight framebuffer protocol (LFP)” and is UDP based protocol ü Available for iOS and Windows end-points only and for remote access requires a customer NetScaler firmware build CDW Confidential, 2016 NETSCALER FOR XA & XD Andy Osborne – CDW Workspace Solution Architect Architecture CDW Confidential, 2016 Citrix NetScaler The World’s Most Advanced Cloud Networking Platform Availability and Performance Cloud Scale CDW Confidential, 2016 Security and Visibility Infinite Flexibility Optimize with NetScaler Gateway and SD-WAN End-To-End Visibility (Director with HDX Insight) WWW “Citrix Datacenter” Network Powered by NetScaler XD 7.0 StoreFront Remote Desktop/Mobile User (For Traffic Management) DMZ Receiver Micro VPN NetScaler DDC/XMLB (SQL) CloudBridge (Traffic Management and Gateway) - SD-WAN - - - - WAN Optimization for XenDesktop and XenApp Acceleration for legacy enterprise applications Video delivery optimization Seamless cloud connectivity for Enterprises Branch Office - SSL VPN Gateway Web Application Firewall Global Server Load Balancer Server Load Balancer Secure Ticketing Authority for secure XenDesktop and XenApp delivery Smart Access ICA Proxy DataStream (SQL Load Balancing) XenMobile Connector StoreFront LoadBalancing NetScaler CDW Confidential, 2016 NetScaler (For ICA Proxy) XenMobile/XDM AppC Load Balancing of XA/XD/XM Data centre DMZ FW User Layer DC FW Access Layer App & Data Layer XA-XD XM client XNC Control layer CDW Confidential, 2016 MA M Built-in Monitoring Data centre DMZ FW User Layer DC FW Access Layer XA-XD App & Data Layer Monitor the actual application service & DB XM client XNC Control layer CDW Confidential, 2016 MA M GSLB Disaster Recovery DMZF W Data centre DC FW Access Layer XA-XD App & Data Layer XM client Active – Active Active - Passive User Layer Control layer DMZF W Data centre DC FW Access Layer XA-XD XM Control layer CDW Confidential, 2016 App & Data Layer GSLB Zone Preference San Francisco Singapore User is connected to closest site Add NetScaler for Zone Preferences CDW Confidential, 2016 Configuration Wizards for XA/XD/XM Built-in XM monitors CDW Confidential, 2016 Custom monitors for SF ICA Proxy Data centre DMZ FW User Layer DC FW Access Layer XA-XD App & Data Layer XM client XNC Control layer CDW Confidential, 2016 MA M RfWeb UI on Gateway provides consistent user experience Easy to manage changes in UI • Same portal across direct Storefront access and remote Gateway access • Single code base • Portal customization re-use • Export / import option • Enhancements re-use CDW Confidential, 2016 Authentication Offload Data centre DMZ FW DC FW Access Layer User Layer XA-XD App & Data Layer Single Sign-on client User authenticates to NetScaler XM XNC Control layer CDW Confidential, 2016 MA M Internal Users Topologies: Out of Path XD server Server network WAN Switch No network changes to go into test or production CDW Confidential, 2016 XD server XA/XD FARM Endpoint Analysis Which Platforms? CDW Confidential, 2016 Scan points Pre-authentication Post-authentication CDW Confidential, 2016 OPSWAT OPSWAT multi-scanning technology Integrated into Gateway end-point scanning Scan strings for 1000s of applications Frequent update of OPSWAT engine – includes latest application strings Seamless upgrade of OPSWAT libraries Supports pre and post authentication scan points CDW Confidential, 2016 OPSWAT Application types Anti-phishing Antispyware Antivirus Backup Client Device Access Control Data Loss Prevention Desktop Sharing Firewall CDW Confidential, 2016 • Health Agent • Hard disk Encryption • Instant Messenger • Web Browser • P2P • Patch Management • URL Filtering Non-OPSWAT scans OS (Win8.1?/Mac?) OS service pack/hot fix Domain membership Registry scan (numeric/binary/string) MAC address File/Process/Service Time-based scan CDW Confidential, 2016 Device certificate scanning Performed before pre-authentication policies Windows system certificate store contains device certificate User proceeds to pre-auth only if valid device cert is presented CDW Confidential, 2016 SmartAccess Data centre DMZ FW Access Layer User Layer User1 from secure laptop client DC FW Same User1 from UNsecure laptop Allow apps app1, app2, app3, app4 Allow only app1 XA-XD XM XNC Control layer CDW Confidential, 2016 App & Data Layer MA M Secure access to Citrix app and desktop virtualization An integrated delivery infrastructure Citrix Receiver Branch Repeater Access Gateway XenApp XenDesktop XenServer NetScaler Delivery Network CDW Confidential, 2016 Citrix SmartAccess Other SSL VPNs only go this far Who and Where? Which User What Device What Resources? Web and File Resources How Fast? Networks How? VPN Access Clientless Access XenApp XenDesktop •Applications •Desktops •Virtual Channels •Virtual Channels Repeater What What Authentication Location Endpoint Analysis Authentication Mail Servers Applications Access Control CDW Confidential, 2016 Acceleration Action Control SmartControl SmartControl CDW Confidential, 2016 SmartControl Compliant ICA Traffic Intranet Limited: NetScaler with Unified Gateway Copy/Paste Storefront farm DC Fw DMZ Fw Full Access Storefront farm Drive Access Print Access Storefront farm Storefront farm CDW Confidential, 2016 Citrix Virtualizatio n solution SmartControl: What can be controlled? All of these features can be controlled. • • • • • • • • • Client clipboard redirection Client Drive mapping Client USB Device Redirection Client audio redirection Client COM port redirection Client LPT port redirection Client printer redirection Multi stream File sharing for Receiver for HTML5 • Rather than making the admin configure capabilities on multiple backend XA/XD servers, with SmartControl, NetScaler becomes a single point of configuration. • Users can be granted access based on EPA checks. CDW Confidential, 2016 SmartControl: Limitations • Not all XA/XD features can be controlled as of now. • EPA related checks will work only in the Gateway mode. EPA related checks wont work for the LAN users or Transparent users. The workaround would be to make these users to go through the Gateway. • Since the SmartControl enforcement is done at session setup time, if the EPA periodic check fails after the connection is established, we cannot change the already enforced SmartControl for that connection. CDW Confidential, 2016 SmartControl - License requirement SmartControl is supported only with the Platinum License. CDW Confidential, 2016 Visibility CDW Confidential, 2016 NetScaler Insight Center apps users AppFlow data from NetScaler to Insight centre • Insight centre User and app data (reports, graphs, tables, etc.) • HDX Insight Web Insight CDW Confidential, 2016 Gateway Insight Visibility into user experience Gateway user sessions info So What Kind of Data Gets Logged? Periodic Stats on Data Transfers and Bandwidth Virtual Channel Events User login, EPA, SSO, app-launch, termination ICA Session handshake, start and stop Application Start and Stop AppFlow Record CDW Confidential, 2016 TCP Events (Latency, Jitter, RTT) HDX Insight Data centre DMZ FW User Layer DC FW Access Layer XA-XD App & Data Layer XM client Which Users? What apps? What is the latency? Which network component? Why auth failed? Why app is not enumerated? Which server gone down? Bandwidth consumption? Top URLs? Clients? Browsers? ….... XNC Control layer CDW Confidential, 2016 MA M New Gateway Insight AppFlow data Gateway Insight • Visibility into user experience • Gateway user session info HDX CDW Confidential, 2016 Reporting Capabilities Endpoint Analysis (EPA) Authentication Access Modes Single Sign-On (SSO) Network Web CDW Confidential, 2016 App Launch Session Termination Virtual Apps & Desktops Time bound summaries CDW Confidential, 2016 Visibility into errors and EPA methods CDW Confidential, 2016 Troubleshoot user authentication errors CDW Confidential, 2016 Troubleshoot single sign on issues CDW Confidential, 2016 Troubleshoot application launch issues in HDX sessions CDW Confidential, 2016 COFFEE BREAK 11am – 11.15 CDW Confidential, 2016 XENMOBILE AND INTUNE Andy Osborne – CDW Workspace Solution Architect What is Microsoft Enterprise Mobility Suite (EMS)? EMS includes 3 cloud services: 1. MS Intune - MDM & MAM (~12 MAM policies) 2. Azure Rights Management – control policies for files stored in OneDrive For Business (incl. data encryption, identity, & authorization policies) 3. Azure Active Directory Premium - identity management & SSO EMS/Intune is often included with O365 subscription CDW Confidential, 2016 Why do need need Intune/EMS Why docustomers customers Intune/EMS? . • To containerize Office Mobile apps. • MS doesn’t allow any other EMM vendor to do so. CDW Confidential, 2016 How does XenMobile compare to MS EMS? On prem or cloud More secure Enterprise grade productivity apps CDW Confidential, 2016 Deployment flexibility How is MS EMS priced? CDW Confidential, 2016 XenMobile embraces Office 365 Apps 1. Deploy a unified App Store 2. Enforce device encryption 3. Use microVPN for secure data communications 4. Apply Open-In policy for Office 365 mobile apps 5. Block saving of files to un-sanctioned storage CDW Confidential, 2016 XenMobile How XenMobile coexists with EMS today CDW Confidential, 2016 XenMobile app interoperate with EMS Managed Office Mobile Apps XenMobile co-exists with EMS/Intune Enables separation between Personal and Work docs used by Office 365 mobile apps - Without XM value-add, MS DLP policies only apply to files first stored in OneDrive for Business - Now with XM coexisting with EMS, MS DLP policies will also apply to docs coming from XenMobile – without the need to first store the docs in OneDrive for Business DLP: Data Loss Prevention CDW Confidential, 2016 Synergy 2016 MS and Citrix Partnership Announcement CDW Confidential, 2016 Citrix XenMobile and EMS What does the partnership announcement enable? Understanding the Announcement 11 7 Citrix Secure Mail and other XM apps to be EMS enlightened* Citrix VPN to be EMS enlightened* Citrix XenMobile MDM to be offered in Azure Cloud Citrix XenMobile to integrate with Azure Active Directory (AAD) *enlightened is a Microsoft term which means “managed” CDW Confidential, 2016 Citrix for EMS offering Citrix for EMS sku on Azure (1Q 2017) Citrix value for EMS customers Enterprise-grade: 1. Device and data-in-motion security 2. Intuitive mobile productivity apps 30 © 2016 Citrix | Confidential •NetScaler micro VPN for EMS •Secure Mail for EMS •Secure Tasks for EMS •Secure Notes for EMS •Secure Web for EMS •Secure MDM Service CDW Confidential, 2016 XenMobile and Office 365 – Better Together 1 Unified Enterprise App Store Access to any type of app from a single common store 2 Enforce device encryption Secure data-at-rest on the device 3 Secure communication to Office services Configure VPN for secure data-in-motion 4 Open attachments in Office 365 mobile apps Open-in policy for specific apps 5 Block access to unsanctioned storage Deploy CASB using XenMobile to intercept file uploads Netskope – CASB CDW Confidential, 2016 1 World-class Experience with Mature Security Unified Enterprise App Store Allows users access to any type of app from a single store • • • • • • Office mobile apps Citrix XenMobile apps SaaS apps Windows desktop (virtual) Company internal apps 3rd party mobile apps Single Sign-On to any app and between apps • PIN • Certificates • Touch ID CDW Confidential, 2016 Enforce Device Level Encryption Enfore Device Level Encryption 2 Enforce device passcode using XenMobile MDM to encrypt and secure all data on the device including the documents for Office mobile apps – encrypted data-at-rest In MAM-Only mode, check and mandate that device pin/passcode is set CDW Confidential, 2016 Configure Secure Communications Configure Secure Communications 3 XenMobile mVPN secures the communications to services in the cloud or resources in the data center – encrypted data-in-motion CDW Confidential, 2016 Open Attachements in Native Office Mobile Apps Open Attachments in Native Office Mobile Apps 4 When choosing to open an attachment from WorxMail, Office 365 mobile apps can be made available via XenMobile policy Open-In policy can configured for specific apps – fine-grained control CDW Confidential, 2016 Leverage CASB to Block Unsanctioned Storage Leverage CASB to Block Unsanctioned Storage Block access to unauthorized storage in the cloud utilizing a CASB deployed by XenMobile Partnership with Netskope CASB: Cloud Access Service Broker CDW Confidential, 2016 5 MICROSOFT WINDOWS SERVER 2016 Kyle Davies – CDW Workspace Solutions Architect ITS HERE! • Released October 12th 2016 ---- Been in tech preview since October 2014! • Support for OpenGL 4.4 and OpenCL 1.1 • Added layers of Security • New deployment Options • Built-in containers • Cost efficient storage with SDS • Innovative networking (SDN) • Azure inspired innovation / Cloud ready operating system • Citrix support day one! CDW Confidential, 2016 CITRIX SUPPORT & WINDOWS SERVER 2016 • Windows Server 2016 virtual apps & desktops requires 7.11 Server VDA • Xenserver 7 required for Server 2016 VMs • XAD 7.11 Infrastructure is supported on Windows Server 2016: • • • • • • • • • • • Controller Studio Director StoreFront Provisioning Services Hyper-V through SCVMM 2016 License Server (new release) SCOM Management Packs (new release) AppDNA (new release) Session Recording (new release) GPU pass-through on HyperV 2016 support CDW Confidential, 2016 USER EXPERIENCE CDW Confidential, 2016 CDW Confidential, 2016 ACCELERATE ONTO WINDOWS SERVER 2016 • Add 7.11 VDA and start launching shared hosted server desktops • • Publish your key applications, like Office 2016 Start your app validation testing for Server 2016 with AppDNA • Migrate your control & access tiers to Server 2016 & XAD 7.11 • AppDNA included for platinum licensed organizations CDW Confidential, 2016 WHY USE APPDNA • Every application and operating system has DNA • Citrix AppDNA uses heuristic algorithms • Build assessment and Interop testing • Simple Green, Amber or Red status against each app tested • 89% time saving • You may already be licensed! CDW Confidential, 2016 WHAT ABOUT RESOURCE REQUIREMENTS? SIZING??? It Is Early Days It Depends …. Come And See Me At The Breakout CDW Confidential, 2016 LAKESIDE SYSTRACK Tom Howie – Lakeside Software HYPERCONVERGED ATLANTIS Jim Moyle – Atlantis Computing APPSENSE Daniel Moss – AppSense CDW Confidential, 2016 CDW Confidential, 2016

Cdw Citrix 10 Things Event

Rating

Date

Size

Views

Categories

Share

Transcript