All hail Citrix Remote PC!

Posted by

Why is Citrix Remote PC proving so popular with organisations during the COVID-19 outbreak.

Since my time at Citrix, which is 3 years I have had many customer conversations, but I can’t remember a single conversation around a specific Citrix Virtual Apps and Desktop Advanced and Premium feature called Remote PC.  That was, until a few weeks ago when the COVID-19 situation started to get a little more serious, and organisations of all types and sizes started to realise that they may have to close the doors to their staff and customers.

So the big message from the Government (at the time of writing this blog post… situation changing almost daily) is anyone that can work from home should, my colleagues and I here at Citrix have been doing just that since March 16th 2020. Luckily for us, we work for an organisation that has the infrastructure in place to allow all employees to work from home, after all, that is what Citrix is all about at the end of the day. Unfortunately, as we have discovered, we are in the minority, with many organisations struggling to deal with the speed at which the COVID-19 outbreak is spreading with their existing Business Continuity Plans (BCP). One of the main issues is dealing with the requirement of dramatically increased strain on infrastructure capacity needed to allow employees to work from home.

Let’s go through some scenarios and highlight the Pro’s and Con’s of each.

Scenario 1.

This is the perfect scenario, the customer is already a Citrix customer and their environment is 100% virtualised. This customer is in the best position, as employees can already reach their resources from any location, using any device. So, working from home in this scenario doesn’t cause too many headaches for IT.

Pro’s:

  • Users work from home and continue to work as normal.
  • Very few, if any at all, infrastructure changes.
  • Rapid transition to a Work From Home (WFH) model.

Con’s:

  • Users have no excuse for not being productive while the organisation is in a WFH model.
  • Cabin Fever.

Scenario 2.

However, we have many organisations who, even though they may already be existing Citrix customers, have a mixed user environment, with some of the user population still desk bound, using FAT desktops. This can be for many reasons, but in this scenario IT have serious problems and a lot of questions to answer before they can transition to a WFH model for all users.

Scenario 3.

The final scenario is even more serious. If the organisation has no virtualisation in place with 100% of the user population desk bound, using FAT desktops.

What now? How do organisations that fall into either Scenario 2 and Scenario 3 ensure business can continue even after the doors have closed? How can they provide a WFH model for all or some of their essential user population.

Let’s take a look at the options.

In scenario 2, we have an organisation with a mixed user environment, some virtualised, some desk bound using FAT desktops.

Option 1. Increase existing Citrix license count to accommodate all users that are currently desk bound.

Pro:

  • Existing FAT desktop users will be able to connect to a virtual workspace.

This is assuming the following of-course:

Cons:

  • The organisation has the additional infrastructure capacity required to host the additional user count.
    • Organisations could purchase new infrastructure, if they have the datacentre space available and can actually get hold of the hardware with most hardware vendors struggling to keep up with demand. If they are lucky enough to get hold of hardware, this hardware takes time to procure, to design and implement – not ideal when under pressure and time constraints.
  • Then there is the public cloud option if they don’t have the datacentre space available.
    • Well, we all know what is happening in that space. Capacity is draining globally; more and more service restrictions are being imposed and, this approach can be expensive and take a great deal of time to design and implement.  
  • Firewalls, Gateways and all other networking infrastructure has to cope with the new increased demand.
    • License increases, capacity increases, Bandwidth increases and even hardware appliance swap outs may be in order. Virtual appliances may be the way to go here considering the lack of hardware supply mentioned previously. However, this switch to virtual appliances negatively impacts infrastructure resources.
  • Users have an unfamiliar environment, a new desktop, a new way of working to deal with.
    • The chances are that this will be an extremely unproductive period of transition for users.
  • Any local applications on the FAT desktops will need to be virtualised, if they can be that is.
    • This is a time-consuming process and there is no guarantee that at the end of it, the application can be virtualised.
  • Any local data will need to be migrated.
    • Again, this is an extremely time-consuming process. They will need to also factor in the effect this additional data will have on existing central storage capacity.
  • Unused FAT Desktops scattered around the organisation potentially holding senstitve organisational data.

This is not looking like a straightforward exercise.

In scenario 3, we have an organisation with no virtualisation in place whatsoever.

Option 1: Ask users to take their FAT desktops home with them.

Pros:

  • Users have access to a familiar desktop.

However………..

Cons:

  • In order to access any resources on network drives and shared locations, VPN connectivity is required.
    • License count increase, capacity increase and potential hardware swap outs. Again, virtual appliances may be the better option due to hardware shortages but these negatively impact existing infrastructure capacity.
  • Traditional client/Server applications do not have optimised bandwidth requirements for use over VPN connections.
    • This results in application performance degradation and eventually application unresponsiveness.
  • VPN’s are notoriously difficult to install and configure. They require installation of VPN software on the FAT desktops before they are taken home and require complex policies to prevent an untrusted device from having unrestricted access to the corporate network, resources, and data.
    • Time consuming roll out and configuration activity required.
  • It is difficult to keep security policies synchronized between VPN infrastructure and on-premises infrastructure.
  • VPN’s will be something a user is generally not familiar with; they are fiddly and can be unreliable at times (most of the time).
    • A skilling up activity is most likely required.
  • Potential issues with domain trust relationships if this COVID-19 and WFH situation lasts longer than 60 Days.
    • This will potentially result in users not being able to log on to their machines
  • Potential issues with Software using KMS if this situation lasts longer than 180 Days.
    • KMS activations are valid for 180 days (The activation validity interval). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days.
  • Many organisations use fixed IP addressing on FAT desktops.
    • Extensive re-configuration activity is required prior to users taking home their desktops.

Option 2: Implement a brand new virtualisation infrastructure and virtualise all users required to WFH.

Wow. I mean, where do we even start with this option. Besides all the Con’s mentioned in Scenario 2, Option 1. This is a mammoth task and quite honestly, with the timescales and urgency organisations are dealing with, it simply is not a short term option.

So what is the simplest, most effective way forward in the short term for organisations that fall into Scenario 2 and Scenario 3.

Remember that Citrix Virtual Apps and Desktops Advanced and Premium edition feature I mentioned at the very beginning of this blog post?

Citrix Remote PC!

Organisations are rolling this feature out in scale as we speak, and in most cases they are WFH capable in a matter hours or days at the most (depending on the size of the organisation). Minimal infrastructure requirements, minimal configuration, minimal disruption to the users.

So, what is Citrix Remote PC access?

Citrix Remote PC Access allows a user to log on remotely from virtually anywhere to the FAT desktop that is deskbound and physically innaccessible back in the office.

See this use case video here (excuse the acting):

Let’s look at the pro’s and con’s of the Citrix Remote PC option for organisations that fall into Scenarios 2 and 3.

Pro’s

  • Minimal infrastructure requirements.
    • In Scenario 2, if you are an existing Citrix Cloud or Citrix on-premises customer, the infrastructure is already in place and if you are running Citrix Virtual Apps and Desktops (or Vitual Apps and Desktops Service) Advanced or Premium, you even have the Citrix Remote PC entitlement. No more additional infrastructure is required.
    • In Scenario 3, these oganisations can sign up to Citrix Cloud in a matter of minutes. Citrix Cloud Connectors will need to be deployed in pairs within the customers infrastructure (Resource Location) but these Cloud connectors have a very small footprint. 2 x Cloud Connectors @ 4vCPU and 8GB RAM each = 8vCPU and 16GB RAM in total and each allow a whopping 5000 Max user connections. Cloud Connectors are also extremely easy to set up, with only a very small software install required. All traffic is outbound on Port 443, so no akward discussions with the Firewall / Security teams either.
  • Rapid deployment with minimal configuration.
    • IT teams will have to create a Site for the Remote PC’s, Machine Catalogs and Delivery Groups.
    • IT Teams will then need to deploy the Virtual Delivery Agent (VDA) to the physical macines. This can be done manually, scripted, or through a management platform such as SCCM, Symantec Mangement Platform (Altiris) or th likes.
    • There are even GITHUB scripts to automate deployment:
  • Users will have full access to all of their apps and data to perform their job.
    • Everything on the user’s FAT desktop is accessible. Nothing to copy, nothing to migrate. Evrything in the exact same place.
  • User’s will be familiar with the environment. It is their machine they are connecting to after all. This ensures full productivity on day 1 of the new WFH model.
  • The ICA protocol connecting the user’s home device to the FAT desktop back in the office dynamically adjusts based on network conditions.
    • This ensures application response and usability.
  • Remote PC can rapidly scale to support unexpected need.
    • Once the VDA has been deployed to a FAT desktop, IT can simply enable the Remote PC Access capability within Studio.
  • Protect organisational resources from any untrusted endpoint devices.
    • Citrix Gateway creates a reverse proxy between the users home device and FAT desktop in the office.
    • With Citrix session policies, administrators can block users from transferring data to/from the work PC and corporate network.
  • Easily integrate with the current infrastructure.
    • Citrix Remote PC is simply a different type of virtual desktop within the Citrix Virtual Apps and Desktops solution.
  • Wake on LAN capable (on-premises only).
    • No need to keep the PC’s running all the time, reducing electricity consumption.
  • Maintain the same security profile during a business continuity event such as COVID-19.
    • Citrix Remote PC connects users to their FAT desktop that is physically located back in the office.
    • Users have the ability to access the same resources, the same way as if they were physically in the office.
  • Time Based One Time Passwords (TOTP). (Cirix Cloud only)
    • For added security, organisations can utilise TOTP for a second factor of authentication.
  • No VPN’s!!!!!

Con’s

  • For organisations that are new to Citrix, upskilling will be required to familiarise themselves with the Citrix Cloud and Citrix Remote PC.
  • Firewalls, Gateways and all other networking infrastructure has to cope with the new increased demand.
    • License increases, capacity increases, Bandwidth incrases and even hardware appliance swap outs may be in order. Virtual appliances may be the way to go here considering the lack of hardware supply mentioned previously. However, this switch to virtual appliances negatively impacts infrastructure resources.
  • Users will need an endpoint device at home and sufficiant connectivity.

and lastly…….

  • Users have no excuse for not being productive while the organisation is in a WFH model.
  • Cabin Fever.

As you can see, Citrix Remote PC is really making a huge impact to organisations that are feeling the impact of COVID-19 and bing forced to rapidly adjust to an often unfamilier WFH model. In the long term, organisations will HAVE to re-think their Business Continuity Planning in order to cater for such events in the future. Will this capability be an expectation of insurance companies going forward? Will there still be executive level resistance to change? Who knows? but in the short term this small, normally insignificant Citrix feature is making a huge impact on many oganisations ability to remain operational in these unprecedented times.

See more Citrix Remote PC information here:

RemotePC Reference architecture: https://docs.citrix.com/en-us/tech-zone/design/reference-architectures/remote-pc.html

RemotePC Requirements and Considerations: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/remote-pc-access.html#technical-requirements-and-considerations

RemotePC Security Considerations: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/secure/best-practices.html#remote-pc-access-security-considerations

See Wendy Gay’s blog post here that discusses the mysteries of Citrix licensing options!

https://citrixie.com/2020/03/25/citrix-licensing-options/

2 comments

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.