Edelweiss - Fotolia
Organizations that use Citrix Virtual Apps and Desktops as well as Microsoft's online services should understand how to take full advantage of both Citrix and Microsoft deployments.
First, IT should understand the functionalities of the Citrix platform. From within the Citrix Cloud platform, Citrix provides Virtual Apps and Desktops, its main VDI offering. Citrix Analytics works as an active access control platform based on end-user activity and machine learning.
Citrix also offers networking products such as Application Delivery Controller (ADC), which provides load balancing, security and identity management and remote access using the Citrix Gateway functionality. IT can use the SD-WAN product to optimize internet traffic between multiple locations and to SaaS applications or cloud infrastructure.
Identity and authentication
The most common use case for combining Citrix and Microsoft products is to build virtualized apps and desktops in the cloud with a cloud-based identity product. Citrix has built-in support for provisioning virtual desktops in Azure using Machine Creation Services. IT can combine that with AutoScale to automatically power on/off and scale desktops, which benefits the cloud-based cost model.
IT can provide modern authentication using Azure Active Directory as the main identity source to Citrix Virtual Apps and Desktops. First, admins need to configure Citrix Workspace with cloud-based Federated Authentication Service (FAS). This allows IT to authenticate end users directly with Azure AD and provides single sign-on (SSO) from the end client to an app or desktop.
Citrix Analytics has integrations with the Microsoft Security Graph API, which provides risk indicators from its online services. This allows Citrix Analytics to access data from Microsoft, which can provide better detection and reaction if endpoints are infected or user credentials are leaked.
There is also an integration between Microsoft Intune and Citrix Gateway that allows for better access control on connecting devices. The devices need to be compliant with Intune before they can connect to Gateway, however.
Navigate Office 365 challenges with Citrix
Admins who deliver Office 365 from a cloud-based desktop in a Citrix virtual environment must deal with a variety of challenges. How can IT provide optimal performance -- without affecting servers -- for video and audio content when end users run a video conference for a remote session, for example? How can IT handle user profile data when users move to another session or server each time they log in?
There are ways to work around those issues, however. Citrix's built-in add on to Skype for Business, HDX Optimization Pack, essentially offloads video and audio content back to the connecting end-client. Citrix also released a new version, which provides the same support and functionality for Microsoft Teams.
Microsoft's acquisition of FSLogix aims to solve user profile data for Office 365 in a roaming VDI environment and is now available for free for RDS or Window 10 customers.
Organizations that move services and applications to the cloud also need to have better control of their network, especially the wide area network (WAN). This means IT should have optimized network paths to the cloud services to ensure low latency and optimized Transmission Control Protocol (TCP) traffic.
Citrix has built its SD-WAN product to ensure direct integration with Office 365 and Microsoft Azure. It has support for Azure Virtual WAN, which can allow IT to optimize traffic between multiple locations and Azure.
Currently Microsoft doesn't offer a single portal that can provide unified access to web applications and Windows applications. My Apps in the Azure AD and Office 365 portal supports on-premises web applications using Azure AD Application Proxy and other SaaS applications, but does not support Windows applications.
The best approach is to use the Citrix Gateway as the main application portal. This allows support for Citrix-based applications and the ability to publish Office 365 and other web applications there. This way, IT can also provide SSO for Azure AD-based devices and users.