Given center stage at Citrix’s Synergy event in Barcelona as the access and delivery mechanism for an organisation’s data and applications, CloudGateway Enterprise Edition v1.0 is available for download: true to the “released Q4 2012” statement heralded at the same event.
As any good hurdler will tell you, it’s not how high you clear the fence, as long as you clear it.
Citrix state that CloudGateway’s purpose is to aggregate, control and deliver Windows, web, Software-as-a-Service (SaaS) and mobile applications to any device, anywhere. A bold vision. As well as providing end-users with a single point of access and self-service to their business data on a range of devices, CloudGateway also provides the business with a comprehensive single point of aggregation and control for all applications and users.
Will enterprises be dazzled not only by an on-time delivery date, but by the features offered? What features will CloudGateway provide over and above what is on offer now, and are Citrix first over the horizon to offer such a solution?
CloudGateway – Just a pimped Web Interface?
Not at all. Citrix’s Web Interface is on borrowed time. CloudGateway is not a refit, it’s a whole new model.
Citrix’s Web Interface provides two core services:
- Authentication of users to a server farm or farms
- Retrieval of information about available resources (published applications, desktops, and document/URL resources) the user can access.
To achieve this, a Web Interface deployment needs three things: a server farm (of Xenapp/Xendesktop services), a web server (to host the interface) and a user device. The user device could be any computing appliance capable of running a Citrix client and a Web browser.
Citrix admins came to love, hate, love, hate and then tolerate Web Interface depending on the version and how important the user was who was demanding iPad access. But, Web Interface has been given a limited life span, with end-of-life currently scheduled in 2015.
Web Interface can aggregate an organisation’s desktop/published applications and web/file resources: useful not only for users in the “private cloud” (your network) but also for those in the “public cloud” (the Internet). However, WI has become restricted. Its purpose has morphed from being a ‘and-you-can-do-this‘ to being a core delivery and upgrade service.
Early versions had a number of security flaws; it offered no security of access; offered no method of management of the Citrix client at the end-point. It has been tinkered with for sure: the latest 5.4 release perhaps being the most secure within itself. That said, WI still doesn’t offer secure application delivery (this needs a VPN type service), it still doesn’t offer end-point management (you can deliver a client, but not manage it). Importantly, core services in the web interface offering are based on J#, which is itself EOL in 2015.
So, Web Interface service needs to be re-built. As organisations increase their mobility and application/data delivery requirements there is a need to present and manage application and data access to users. Citrix still have three years and with CloudGateway they’re out of the blocks. Early iterations began with Dazzle, which I doubted was really the future. Still, does CloudGateway offer a more coherent service and a viable Web Interface alternative?
CloudGateway Express
Citrix intend CloudGateway Express to be the initial successor for the existing Web Interface/PNAgent Citrix delivery mechanism. The Express edition will be available to XenApp/XenDesktop customers for free. CloudGateway Express has two components:
- StoreFront Services – A Windows component allowing the various Citrix Receivers to connect to the enterprise store, delivering applications to users. Yes, a Windows service like Web Interface (WI) was, however StoreFront will only be supported for installation on Windows Server 2008 R2 with Service Pack 1 and it will require a Microsoft SQL database.
- Merchandising Services – a linux based virtual appliance provides easy management, setup, and distribution of plug-ins to Citrix Receiver end users.
The eagle eyed will spot that Express is essentially WI with a Receiver manager. What I think interesting is StoreFront preview versions had a number of components such as Kerberos authentication, smart card integration, java client fall-back and filtering of applications missing in comparison to the latest WI. A driver for change should be enhancement of features, not degradation.
However, it is fair to say this is a first release, and it will be CloudGateway’s Storefront service, not WI that gets the lion share of development effort. Citrix customers should be dedicating time to understanding this release. It would also be fair to say it is unlikely that v1.0 will be the alternative to WI 5.6 for many. Some may view there is no difference: PNAgent has been replaced by Receiver; Web Interface by StoreFront.Why bother?
The important thing to consider here is – that PNAgent/WI delivered (really) only access to applications. As such, Express edition appears to give little more than cosmetic changes. Fair point well made. To give true access anywhere, any device there needs to be provision of applications and data, on-line and off-line. So, the client component and the delivery environment needs to have greater awareness of the device and the context the user is accessing. Such services come with CloudGateway Enterprise edition.
CloudGateway Enterprise
Unlike Express, CloudGateway Enterprise will require a license. For your money, CloudGateway Enterprise will build on the Express edition in two ways:
- AppController – A linux based virtual machine available for both XenServer and VMware based hosts, will provide a central administrative point for configuration of all enterprise Web and SaaS applications along with single sign-on federation and consolidated provisioning capabilities.
- Gateway services – Delivered through the Access Gateway component, either standalone, or as a feature of the NetScaler MPX, VPX and SDX platforms.
CloudGateway Enterprise offers an interesting set of features for both end users and the business.
- Self-service application access with automated provisioning: enabling customers to setup a simple and powerful enterprise application repository so that end users can get all their apps and data from one place. End users can subscribe to their apps and data via self-service, including Windows apps, Web apps, SaaS apps and mobile apps. Note, there will still be a need to procure and provision those applications (be it package them for a Windows App, develop them for a mobile app, or subscribe to the service if it is a SaaS app), and that process may be outside of the control of the CloudGateway environment. However, once that activity it done, there will be a framework in place for users to access the full range of applications your organisation has access to and request access accordingly. Faster delivery to users, less time needed for administration.
- Federated authentication from any device: delivers end-user flexibility to select their corporate applications on one device and seamlessly gain single-click access to the same set of applications on any Citrix Receiver enabled device with authentication to those services managed so that the user doesn’t have to remember a host of username and password combinations.
- Contextual access : Allows the business to define comprehensive control policies that use the full access scenario context (e.g. user, device or network) and determine which applications and data, and levels of access should be provided including the ability to remote wipe for any data that may be resident locally on a mobile device.
- License optimization and compliance: your organisation can monitor application usage and license utilization to optimise SaaS application licensing provisioning.
Key to this service is the propagation and acceptance of Citrix’s Gateway Services offerings to businesses. Citrix Access Gateway appliances are popular with organisations that have deployed XenApp, or XenDesktop and want to extend those services beyond the network.
To be a true “cloud gateway”, Citrix will have to approach organisations where it is likely there is none of this in place. In which case – how will (if at all) Citrix’s CloudGateway integrate with other gateway-to-the-cloud services? Interestingly, will there be a price difference if you don’t want to utilise Access Gateway? Say, for example, if your application delivery is within a private network?
Aggregated Cloud Access no longer on the horizon?
In September, we considered VMware’s Horizon project and said it was a pretty impressive demo. Interestingly, Horizon is a hosted or in-house service that will centrally manage the provisioning, access and usage of software-as-a-server (SaaS) applications – CloudGateway offers far more than this.
Yet, Citrix’s CloudGateway will sits alongside an existing set of offerings. For example, Centrix Software’s Workspace Universal allows organisations to aggregate and manage the delivery of services provisioned from multiple vendor systems, including published applications and virtual desktops from Citrix, VMware or Microsoft, web applications and local Windows applications as well as catalog entire application estates to gain greater control over application management and the deployment of services to users.
Take a step back and consider that for many organisations it’s not just about the applications and data. VisionApp’s Cloudfactory, for example, or Matrix42’s Workplace Management look to offer services that combine client lifecycle-, cloud-, SaaS-, virtualization and service Management. Citrix are not alone in offering services that allow you to enable users to have transparent access to their data and services, be they internal or cloud-based, from any place, any virtual or physical device at any time.
Aggregated access to applications, both in-house and “in the cloud” has been available for some time. Where CloudGateway has an advantage is in the offering of federated access and account management. When I request access to Salesforce.com, or to Office365 – the process of my account creation, password set-up, access rights all are fully automated (hopefully). When I leave the organisation, the reverse happens. This can save time and money and will be beneficial.
However, for many organisations “in the cloud” translates to a shared service on an existing network infrastructure. How open will the AppConnector pack be? For those using external-via-the-internet services where difficulties could be are in effectively managing SaaS and web services to end users when your organisation needs to now proxy those web services; how you manage a client on an end point where you may not be the only organisation that the end-point has access to (say for a contractor, or a partner). And for Citrix specifically, how long before others arrive with similar offerings?
Because as any good hurdler will also tell you (hurdlers can be very talkative), it’s not just about clearing the first fence.
What’s missing is how the SSO feature described in the Federated authentication accounts for gov and corp security requirements such as multi-factor auth. The Citrix Receiver does not currently support certificates. It would be nice to know if Citrix is still favoring the “look what we can do” approach over actual business requirements in the real world. The Contextual access features described are very promising for managing mobile devices if in fact this gives an ability to lockdown and wipe specific applications and data without completely taking over the user’s personal device as seen with the most current solutions.
@Bwalk, I agree. A major issue facing any organisation is how do you identify the user of those services reliably. By all means, help with automation of creation/deletion of accounts – but you need to have confidence that the user using those services is who they say they are. And this isn’t just a technology problem – getting users to understand the importance of using their access appropriately has long been a problem, with federated services and an increase of mobile access this is only going to be more important that they understand, not less.
Always difficult for any vendor .. do you wait until every feature is available, or do you release with a product timeline. you could argue this a marathon, not a sprint – but it will be interesting to see how Citrix maintain the pace.