What and why Citrix?

Citrix is a serverbased computing package that incorporates a proprietary network protocol that separates an application’s logic from its user interface allowing clients to run “thin.” Thin clients have little or no secondary storage and are used only as clients depending on the server for software, processing and secondary storage. The proprietary network protocol that allows users to use Citrix technology is the Independent Computing Architecture (ICA). ICA is the basis of Citrix server based computing with MetaFrame XP and ICA Client software. The ICA protocol transports an application’s screens from a MetaFrame XP server to ICA Client users and returns the users’ input to the application on the server. All application logic is run on a server, while the only events traversing the network are keystrokes, mouse clicks and screen updates. Citrix is a centralized applications server that offers easy access to fully featured applications.You can think of Citrix as a virtual workspace where you can use programs that are not installed on your personal computer. Applications run from Citrix will work exactly like applications installed locally. Accordingly, programs available to users on Citrix are fully functional and offer the same interface and features as their local counterparts.

Advantages:

• Advantage of publishing applications using citrix is that it allows people to connect to these published applications remotely, from their homes, airport internet kiosks, smart phones, and other devices outside their corporate networks with high security.
• The application is actually being executed on citrix server, screenshots and mouse/keyboard inputs that are being sent back and forth between server and client.

Why use Citrix

Diverse computing environments are commonplace in today’s business enterprise. A computing infrastructure is typically made up of assorted client devices such as PCs, terminals and laptops. They typically employ various operating systems, protocols and network connections. However, applications must be available to users regardless of the diversity of an organization’s computing infrastructure. Deployment of applications to users is essential to business regardless of network and desktop configurations. Citrix allows companies to keep their current desktops regardless of type and use the same network hardware and protocols resulting in lower total cost of ownership (TCO) and a greater return oninvestment (ROI).

Let’s start this conversation by clearing up two myths / misconceptions about this whole “Citrix versus Terminal Server” thing.

Misconception #1: ICA is better than RDP. This is false. They are the same. Years ago, Citrix’s ICA protocol was much better than Microsoft’s RDP protocol. However, with RDP 5.2 (the version of RDP that comes with Windows Server 2003), the protocols are basically the same. They both support 24-bit color and huge resolutions. They both support port mapping, printer mapping, shadowing, audio, and encryption. In terms of performance, they both perform about the same. (It’s all how you tweak and tune everything for whoever is sponsoring the research.) This is not to suggest that Citrix (or other third-party vendors) don’t expand on ICA or RDP in cool ways. The key point though is that the ICA and RDP protocols themselves are for all intents and purposes the same. (This is also true of client devices. There are plenty of open source RDP clients that let you connect from UNIX, Linux, etc.)

Misconception #2: If you have 50 (or 75, or 100, or whatever) number of users or less, you can use pure Terminal Server. With more users you need Citrix. This is false. There are plenty of pure Terminal Server environments with thousands of users and no Citrix. The opposite is also true. There are hundreds of customers with 15, 25, or 50 users who use (and need) Citrix. (In fact, Citrix has an SMB edition of their product called “Access Essentials” that’s specifically designed for this.) My point here is that whether you do or do not need Citrix has absolutely nothing to do with the number of users you have.

So if you can’t make the decision as to whether or not you need Citrix based on the number of users in your company, then how can you decide? Do you need Citrix? It depends on whether Citrix has features that you need. As obvious as it sounds, the only way you can know for sure is to figure out your needs and see if you can solve them with Terminal Server alone. If not, then look at which third party product can solve those needs for you.

Without going off onto a tangent about project needs analysis, let’s take a look at the pure Terminal Server capabilities built-in to Windows Server 2003. Even though the RDP protocol offers the same functionality of ICA, there are a few key limitations of Terminal Server today:

• No published applications
• No seamless windows
• No SSL gateway or proxy
• No web interface
• No application-level load balancing

Let’s take a quick look at why each of these is a limitation.

No published applications When using pure Terminal Server, a user must connect to a server and then run an application. Even though the application that is run can be specified as part of an RDP connection file, the file must first point the user to a specific server.

No seamless windows Pure Terminal Server environments work great for connecting clients to full remote desktops, but when clients only need to connect to specific applications, the user is forced to experience a clunky, non-resizable window.

No SSL gateway or proxy It is possible to fully encrypt an RDP connection with Service Pack 1 for Windows Server 2003. However, this encryption is done on a server-by-server basis. Therefore if you have ten Terminal Servers then you’ll need ten holes in your firewall for client connections.

No web interface While it’s true that there is a Terminal Server client that can be launched via a web browser, Terminal Server does not include a full and automatic web interface like Citrix.

No application-level load balancing The out-of-the-box load balancing capabilities of Windows Server 2003 only support load-balancing calculations based on network load. Citrix and the other third-party add-on tools can load balance servers based on several more appropriate characteristics, such as user load or CPU utilization. (As a quick aside, this is an area where Citrix lacks too. While better than Microsoft, Citrix only lets you load balance your servers based on 11 pre-selected performance counters while the other third-party products let you load-balance your servers based on any performance counter.)

Almost all of the third-party server-based computing vendors offer all five of these core capabilities in their products. It’s also widely assumed that Microsoft will be building most of this functionality into the next major release of Windows.

The title is this editorial suggests that it focuses on Citrix and Microsoft. To that end, there are two other features of Citrix that are worth mentioning that none of the other products really do. Citrix calls these capabilities SmartAccess and Workspace Control.

Citrix Smart Access

“Smart Access” is the stupid marketing name given to a set of really cool technologies that allow an administrator to specify how users can access their applications from various locations. In the old days you could build Citrix policies that enabled or disabled certain features of the ICA protocol based on where a user was connecting from. (Connect from your office and you can do everything; connect from outside the firewall and clipboard integration and client drive mapping is disabled, etc.)

Citrix’s Smart Access technologies take this a step further and let you apply Citrix policies to an ICA session based on certain characteristics of the client device (beyond the simple IP address). Does the client device have current antivirus software installed? Give them full access to their local drives from with their session. If not, the user still could get access to their applications—they just wouldn’t be able to access their client device’s drives. You can apply these policies based on a myriad of client characteristics. Is the client device in the corporate domain? Did the user two-factor authenticate? Is certain software installed on the client? etc.

Without wanting to sound like a blatant marketing pitch for Citrix, it’s important to know that from an objective standpoint, Citrix Smart Access technologies are very cool and a set of technologies that are only offered by Citrix. (Sure there are competing products from Cisco, WholeSecurity, and (soon) Microsoft, but these technologies do not tie into Presentation Server in the way that Citrix’s Smart Access does.) If you need these capabilities today, then you have to buy Citrix regardless of the size of your user base.

With all the upside of Smart Access, there are a few negative points. The first is that in order to use these Smart Access technologies, users must access your Citrix Presentation Servers via one of Citrix’s 1U hardware appliances called the “Citrix Access Gateway” (or CAG). Even though Citrix tries to spin it as something else, the CAG is basically an SSL VPN appliance that’s very tightly integrated into Citrix Presentation Server. The $2500 price tag notwithstanding (double that if you want failover by buying two), selling the Citrix Access Gateway internally at a company that already has a VPN strategy can be tough. I can’t tell you how many times the “Citrix team” at a large company goes to the “Network Team” and tells them that they want to implement so CAGs. “You wanna buy a what? Who is Citrus?” (What ends up happening is that the Citrix team buys the CAGs anyway, and they just put them in their rack with the new Citrix servers and don’t ever mention that they’re SSL VPNs.)

The other downside is the fact that in order to use the Smart Access technologies, you’ll need to plunk down another $150 per concurrent user (in addition to the $300-400 that you’re already paying for Presentation Server itself).

Citrix Workspace Control

The other significant capability that Citrix brings to the table that no one else does right now is Workspace Control—the marketing name applied to a set of technologies that allow a user to log in to different client devices and pull (or “flow”) all of their applications to the new device. (It’s like a one-button logon and logoff of all their applications from all remote servers.) Workspace Control is one of those technologies that isn’t very sexy from a marketing standpoint but that quietly makes server-based computing just “work” and feel natural. A user logging on from a different location will have all of their applications reconnected for them without having to re-authenticate or manually “click click click” on all of their icons to fire up the applications.

Citrix’s SmoothRoaming (no space between those words) technologies also contribute to this Workspace Control fluidity in that applications can be reconnected from client devices with different characteristics (resolution, color depth, etc.) and the remote application sessions are automatically reconfigured to fit on the new client. This capability also fully integrates with the Citrix policies and Smart Access technologies as described previously, with specific client device characteristics affecting session capabilities even when reconnecting to existing sessions from different client devices.

Conclusion

So to conclude why you should use Citrix into seven key capabilities that Citrix adds to Terminal Server:

• Application Publishing
• Seamless Windows
• Intelligent Load Balancing
• SSL Gateway / Proxy
• Intelligent Web Interface
• Smart Access
• Workspace Control

What does this mean moving forward? This topic probably deserves its own article, but here’s the 30-second version:

Many, many other vendors offer products that are much cheaper than Citrix that offer the first five capabilities on the list. (In fact, it seems as Microsoft will even build application publishing, seamless windows, an SSL gateway, and a cool web interface into some future version of Windows.)

The real value for Citrix is in the last two capabilities (Smart Access and Workspace Control). If you’re not starting to make use of these technologies in your company then you’re not getting the full value out of Citrix, and you can probably get away with one of the other third party server-based computing products. If you’re only connecting users to server desktops (instead of seamlessly published applications) from inside the firewall then you probably don’t need any third party product at all.

Posted in BrianMadden Blogs

Apart from the above mentioned benefits, Citrix Value added features over windows microsoft terminal services are, ICA, load balancing, centralized management, proper Web access, streamed applications, powerful policies, EdgeSight, Provisioning Services(PVS).