Beyond client management

The enterprise mobility trend is a firestorm that shows little sign of fizzle. Driven by more pervasive cloud deployment, greater acceptance of mobile work styles, reduced hardware costs and user fascination with the latest devices, the BYOD market alone is poised for significant growth — estimated in a recent study to reach $266.17 billion in 2019 from $71.93 billion in 2013. Predicated on challenges that enterprise IT faces in deploying the infrastructure needed to support mobility, this growth spells new opportunity that a rising crowd of providers is looking to leverage. But as they work to address mobile market opportunity, what strategies are vendors adopting to differentiate for increased mind and wallet share? For Citrix, the answer lies in moving beyond the device to focus on cloud enablement and networking capability — built on security, which has been a foundational attribute of the company.

Michael Murphy, VP and country manager, Citrix Canada
Michael Murphy, VP and country manager, Citrix Canada

A long-time leader in desktop virtualization, Citrix was a pioneer in the provision of remote access to corporate applications and data. According to , VDI — or “private desktop-as-a-service” — where a monolithic image of what would run on employee PCs or laptops was packaged up for distribution and a common image shared with multiple users on devices running a simple receiver agent, had the benefit of simplified, centralized management. Taken to the next level — desktop-as-a-service — where the image for Windows 8, for example, would be hosted in a multi-tenant environment that could be a public, hybrid or even private infrastructure, was based on a utility model of consumption with monthly fees for desktop services which further simplified the equation for enterprise customers. Rather than build the infrastructure and own the licenses, in the outsourced model, the enterprise would essentially lease these from providers such as Bell, Rogers or CGI in Canada. To support this model, Citrix has enabled XenDesktop and XenApp (virtualization of a single application rather than the whole desktop), to run on Apache’s CloudStack and the Citrix version, CloudPlatform to enable click point provisioning of desktops directly to the cloud without set up of on-premise data centre infrastructure.

While simplifying management of desktop services, VDI and desktop-as-a-service also provided a new layer of security through remote access to resources. As Citrix chief security strategist Kurt Roemer explained, this approach keeps sensitive data in the data centre, and all that moves are “pixels across the wire.” While the user can interact with Windows (for example) on his/her device, desktop-as-a-service “acts like pixelated firewall that keeps sensitive data off the device.” The fact that the data is never installed and never resides locally, “provides a strong level of security,” Roemer added, as it doesn’t matter if the device is lost or stolen. Since the device is irrelevant, VDI, and its hosted cousin desktop-as-a-service, provide a simple means to manage a number of security challenges.

Kurt Roemer, chief security strategist, Citrix
Kurt Roemer, chief security strategist, Citrix

In cases where users need to have corporate apps and data residing on the mobile device, Citrix has developed XenMobile, described by Roemer as an “encrypted enterprise bubble on smartphones/tablets” which allows the enterprise to control apps and data without having to control the device itself. Moving beyond MDM to MAM, this XenMobile platform provides what Murphy sees as the “separation of church and state,” in which the mobile user has secure access, typically through a VPN point-to-point secure tunnel that runs over the Internet, to corporate apps, but can also access personal data through their device. In Murphy’s view, this solution enables the “BYOD device to maintain its personal and private identity,” with a “corporate and secure identity co-existing very neatly on whatever device the individual has as a platform — iOS or Android or Windows.”

Key to each of these products is the separation of device from data to provide protection for corporate systems. But implicit in the solution approach is connectivity between the two, an increasing focus for Citrix as it has rolled out the capabilities needed to deliver an end-to-end mobility solution that includes MDM, MAM and EMM — and the networking functionality users need to connect with their data. According to Murphy, Canadian revenues in the three primary Citrix product categories, SaaS collaboration software, desktop virtualization and cloud products, closely mirror global results, with cloud — made up of CloudPortal, CloudPlatform and the Netscaler family of products — accounting for around a third of the business, and growing at a rate of approximately 40%.

Citrix describes its Netscaler solution as a key networking access technology that “brokers” the connection between a business’ application store, the virtual environment and the data, whether this is in the cloud, on-premise or in a secure container on the device. Murphy calls Netscaler the “corporate traffic cop of secure remote access to apps and data,” which sits between MDM for device management, MAM for separation of personal and corporate resources, and EMM for secure authentication at one end and corporate data that sits behind firewalls in the data centre on the other. Essentially an application or service delivery controller, Netscaler also functions as a load balancer with software defined networking functionality (open APIs and a RESTful interface) which is offered as a physical appliance that sits in front of many large enterprise data centres and as a virtual client that can run in multi-tenant clouds (ex. service provider environments) alongside partner workloads.

But Netscaler also serves as a security platform with capability to provide SSL encryption, authentication, and “micro VPNs” — or security at the desktop virtualization level. Roemer’s list of security capabilities includes SSL acceleration to ensure SSL is on for all websites (not just for logins and access but for all activity), enforcement of SSL VPN capabilities through strong authentication and login to ensure a strong connection and single sign on is in place, as well as a web-application firewall that protects critical web properties against attacks — as required in section 6 of the PCI audit and certification. One component of Netscaler is CloudBridge, which provides a secure connector for bursting to public cloud resources: “one click connectivity to handle networking and encryption” between local and public clouds, according to Roemer.

In cases where customers need specific security capabilities, such as strong, multi-factor authentication, Citrix has enabled leading providers to connect into its platform. On Netscaler, Citrix has built connectors to SiteMinder, a SSO and identity access management solution from CA Technologies, to Palo Alto firewalls and BlueCat Networks IPAM (Internet Protocol management solutions), and has a strong integration with Cisco, which is reselling the Netscaler appliance to provide application delivery control and security services into Cisco environments. Currently, there are over 400 Citrix ready security partners with products that work within the Citrix infrastructure through integration at the API level, through Windows API in PowerShell, through RESTful APIs, and through direct integrations — so connections at the client level, in cloud and on the networking platform.

Citrix focus on developing the Netscaler platform, seen for example in the acquisition and integration of Bytemobile, a provider of bandwidth optimization software to improve telco ability to stream content, highlights the importance of networking and connectivity in Citrix’s mobility play. “Netscaler is really the only platform that integrates load balancing with an application delivery controller, with firewalls and secure proxying,” Murphy explained, and “all of that is built on one stack in order that Netscaler be the networking device to provision a mobile work style or a mobility-as-a-service environment.” But an increasingly important element in its mobility solutions is security: “we have a strong focus on security at Citrix, and going into 2014, you’re going to see us spending a lot more time and resources developing our capabilities and marketing and messaging it,” Roemer noted.

Citrix emphasis on securing the connection between the data and device is in many ways an industry wide phenomenon that is endemic to the ‘mobile cloud era’ and capability in this field may represent the key differentiator for the company and other mobility providers going forward. For more on the Citrix security transformation, stay tuned…


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.