Citrix Cloud identity features are still up in the air
We appreciate Citrix’s move towards identity, but there’s still a lot of manual work to do in many cases, which erodes some Citrix Cloud benefits.
Over the past few months, there has been a surge in the number of customers that provide Citrix virtualized apps and desktops to users via Citrix Cloud.
Today, Citrix Cloud is well suited for straightforward deployments of Citrix Apps and Desktops. The core components are centralized and deployed with a few clicks, and customers only needs to maintain the VDAs. Pretty easy, but from a business and technical standpoint, only generic use cases fit the current mold.
Many organizations have more intricate requirements, including identity management scenarios such as complex authentication or partner access requirements. Citrix made identity a big theme back at Synergy 2018, so how does Citrix Cloud handle this today?
Identity needs are growing
Many Citrix consultants and customers have been spending more time with identity than ever before, so it’s worth talking about.
Take authentication, for example. Am I really who I say I am? When my login is presented to a system resource, is it truly me or could it be a malicious bot attempting to log in? Of course, users want authentication to be as simple as possible, and corporate security teams want it to be as difficult as possible. And as we saw two weeks ago, this is not an easy undertaking; even Citrix can experience failures.
A plethora of terms and acronyms surround identity, like assertion, IdP, SSO, and SAML. Identity is a deeper subject than space permits here, so for now, let’s just focus on what Citrix Cloud offers—and what it doesn’t.
Citrix Cloud identity features and gaps
A key feature of Citrix Cloud is the ability to append Citrix Gateway functionality with just a few clicks—literally. For those that have simple requirements and don’t want to deal with SSL certs, upgrades, security patches, and more, this is a fantastic solution.
However, for the average enterprise that wants to deploy Citrix Apps and Desktops in Citrix Cloud, Citrix Gateway only provides basic secured HDX proxy functionality, and many customers have found that they must deploy their own Citrix Application Delivery Controllers (ADC, formerly NetScaler) in order to achieve the full array of authentication features.
For example, federation, in particular, gets even more complex because there is increasing interest in allowing partner companies access to specific resources securely. Active Directory Federation Services (ADFS) is complex to administer, and the Azure B2B and B2C capabilities are largely invitational from the hosting entity, which brings its own set of administrative headaches. While Citrix has publicly roadmapped Cloud-Enabled Federated Authentication Services, there have been no announcements as to timelines or availability.
A noteworthy reason for moving to Citrix Cloud is to have Citrix manage all of the centralized components, including the ADCs (NetScalers). However, in order to use SAML, federation, or any other complex authentication mechanism, these appliances must be added back into the list of enterprise-managed devices, and StoreFront must be deployed as well. As a result, the components that Citrix maintains as part of the control plane are reduced to licensing, Studio, Delivery Controller, site database, and Director. Not so compelling.
Wait or move forward?
One thing that we’ve learned about all cloud offerings is that they are rapidly morphing and improving. Once Citrix can add features to Citrix Gateway and enable more robust identity and authentication options, enterprises with complex requirements will indeed find Citrix Cloud to be more compelling.
But in addition, this means that keeping abreast of changes is a constant endeavor for administrators. Enterprises are faced with deciding whether to wait for a specific capability or move forward, possibly in a hybrid mode or with partial functionality. Decisions often need to be made today, rather than wait for future technologies, but architectures should be designed with an eye for what’s coming and how to potentially transition.
When the cloud first surfaced several years ago, technology partners and consultants worried that their usefulness had peaked. Quite the contrary! The cloud encompasses such fast-evolving technologies that reseller partners and consultants are in even more demand to help enterprises move forward, because they are information repositories and experts in specific technologies.