Are we there yet? An update on Citrix Workspace experience
Citrix is pushing a security message, and they have a lot of interesting components they could put together. But how far will they go, and will Citrix become an IDaaS?
Here we are with fewer than 60 days to Synergy 2018, waiting to see what Citrix will have in store for us. Last year, one interesting product that Citrix showed was the Workspace experience. (Also known as Workspace Service, as well as StoreFront++. Jack Madden used the term Workspace Service at the time, but now we’re told that the official name is Workspace experience.) You can read Jack's recap here, but this effort was intriguing because it opened up the possibility that Citrix was interested in the IDaaS space, which is currently occupied by other EUC vendors such as Microsoft, VMware, Okta, Ping, and Centrify.
Almost a year later, the question remains: is Citrix going to indeed play in this space? And along with Citrix Analytics Service and their big security push (also announced at Synergy 2017), what type of additional security products might Citrix bring to market?
The state of Citrix Workspace experience
First, what is a “workspace?” It’s essentially what Citrix has always aspired to do: provide access to desktops, apps, and data from any device and any location, with a single identity and the appropirate contextual policies to keep everything secure. Aside from Citrix and VMware, some vendors to keep an eye on are Workspot, Workspace 356, ASG Technologies, and Awingu.
At Citrix Synergy 2017, we saw a demo that included many of these capabilities. The Citrix Workspace experience was shown as a user interface that was available from many devices and gave users SSO access to Windows apps and desktops, SaaS and web apps, mobile apps, and data. Users could kick off workflows, and the selection of apps could adapt to the device—for example, it would show mobile apps on an iPad but not on a desktop. There were also contextual security policies—for example, on a managed device, web apps open in the local browser, while on an un-managed device, they can be routed to a secure remote browser.
As folks walked away from the show, the top question was, is this functionality actual available? The answer was that it depends.
After Synergy 2017, there was no formal release of “Workspace experience” per se, but the features demoed on stage were available via Citrix Workspace Suite. Some of these features have been around for a while, but in order to get all of the functionality from the demo, you had to be running the Citrix StoreFront on-premises. If you were using hosted StoreFront in Citrix Cloud, there were several gaps, inclucing the lack of customization, single sign-on, and multi-factor authentication.
Fast forward to today, and Citrix has made some enhancements to the Workspace experience. First, Citrix moved the configuration of the Workspace from Storefront into a separate native web GUI. You can now use that GUI to integrate and manage services, as well as customize your Workspace URL and modify the interface with your logo and primary color scheme. Lastly, there’s support for federated authentication, advanced MFA, and self-service password chages, all through a tech preview integration with Azure Active.
To get Workspace experience, you as a customer need to own XenApp or XenDesktop Service, or XenApp or XenDesktop Essentials. What is still missing is the ability to support HDX optimal routing, thin client support, and global server load balancing. In addition, Citrix Reciever for iOS and Android still does not support the Workspace experience. And finally, to gain the full benefit of what was demoed, you still need to have an on-premises StoreFront and NetScaler, so that notion has not changed since last year.
Questions also remain on how this will be packaged. From my purview, this should eventually be available to any Citrix Cloud customer, but what remains to be seen is if they will ‘tier’ out features as functionality evolves.
Where is all this going?
Getting back to our question, after almost a year it’s still unclear what Citrix’s own identity ambitions are. If they want to be in the identity market on their own, there are a lot of features they need, including user authentication, trust elevation, session management, security token services, authorization enforcement, developer access APIs, and SaaS app user provisioning. Citrix seems to be moving slowly with basic functionality in each bucket. They now have support for OTP within NetScaler, but there’s still a lot more to do. If they’re going to emphasize IDaaS partners like Microsoft Azure AD and others, they need to present a clearer message that.
Again, when you look at this along with Citrix Analytics Service, they have components for all sorts of security products. Back at Synergy 2017, Citrix stated their security goals loud and clear. So the wider question is what other products they put together.
Synergy is coming soon, so we’ll be watching. Personally, I welcome these developments (full disclosure, I had my own stint as a Citrite) and feel that if Citrix is not aiming to own the whole stack, they are selling themselves short.
