I am working in information technology industry and matured into the role of an enterprise architect, still committed validating bits & bytes in daily reality, awarded multiple times as CTP and I'm certified as MSCE/CCP. My strongest fortitudes are technology competence and quality assurance. Rhineland and Ruhr district is my home of choice for a long time now, but customer on-site engineering brings me widely around into different places.View the profile
About the talk
Moving towards a cloud play in your given environment? Thinking that AzureAD will be your future authentication strategy? It’s likely you’ll still need access to some on-premises resources that won’t make it over that quickly or others that are running outside of a pure Microsoft feature set, such as Amazon (AWS) or Google Cloud Platform (GCP). In this session, you’ll learn how Citrix ADC bridges the gap between clouds, and how to integrate remaining datacenter resources into a common offering while maintaining user experience. Plus, explore the elements that constitute a true hybrid cloud infrastructure, which will likely be the longest migration episode in many IT lives.Note: This session will be live-streamed during the event and available for on-demand viewing post-event on Citrix Synergy TV.
Morning, everybody my pleasure to give the day with the text session. So thank you for making that in time. I'm trusting I want to take you to a journey into Claude and Culp information. And while we do that we have a look on the role of the AC that it has today and future wife and finding out what the actual difference is in preparation of synergy sessions. It's always the same ASL you you have an abstract of a session that you just cried like in Xavier earlier than the extra show starts and you collect the other things get the story done right and then work on the chapters and then you
finally give much more content in Mexican prison for 45 minutes about the signed and it turns out the original deck that I intended to give you here in a session is practically ready for like 70 or 80 or 90 minutes. So my plans we just do the recording on the 45 45 minutes back what you see now where is in the upload section where I get the the deck later on for the organization and you get the full deck later on they can compare which lights were being left out. Wild to show right now who she look at the page numbering while moving forward you will see that it does not truly incremental.
We have some kids in there. I'm so we suggest when you have to recording later on at 6 to the song time to pause and then look at the download What's missing in between because I'm just need to squeeze out there and things to be in the time frame the idea why I'm here it comes about like like this why having a session about that? It is based on the customer feedback got to work with all the last year because every time you get into discussion about moving forward into Cloud. I'm a certain marketing machine comes along with it, right it comes from the closest peace and all the other
offerings that come they're promoting you are certain Readiness state of what is in their package and at least behind some kind of impression that this is the end of the fish biting flies that we working with over the years and maybe there's also a fair question to ask if that changes the game at all and that's the motivation while running that session. the first start about transformation If you think about your own Journey there about your own customers for as long as your partner, everybody's different and now everybody's claiming that because of cloud everything is happening
different than before my question is if that really is and what are they like to suggest in any political management debate that goes on when you move cloud is bringing up just a very simple statement like this. There is no cloud cloud is just a business at just about technology is just another day to send select for running your services and infrastructure cross Club is just the economic perspective of that we talked about we talk about lousy at Turtle requirements. But why you go there please make sure how long the debate are you talking about? A Services subscription are talking about that
your poster infrastructure and someone else if they decide to because that's just the two flavors that typically everybody has to run through and decide how to move forward his own. I'm set up and how this can be modernized over the course of time. Another aspect that you will easily find out when you do the journey that this is one cloud is not enough thingy thing comes up not every cloud has the full features that you re require a special on the service is cheaper. There are strong differences and differentiation States competition. They are alternates and if you mix that together you
find out that you need to hold this all together and putting things together. It's also a disciplinary important like it's the statement that off and get hurt that this is also the end of address on Perimeter in your existing it infrastructure be but what's the remaining is it important question of who was in charge of identities. It's do you use right? It's not a structure that is just sitting there and it's something that is purpose-built for certain user audience and it is different for each user audience. So controlling identities and who has access to which title information is in
important authentication becomes the ultimate important question. How do you say authentication resources? Under the hood. What is what is covered in front of the music? What is Tomales interactively on display? And that's that's really important thing. So talking about the cloud. We need to compare our traditional infrastructure stack with at least two options that you can pursue. The first one in the middle is situational infrastructure, tear while you drive into someone else's data center services to host of the ends. And of course, it is getting off the exit and giving up portions of
control in regarding to infrastructure. It goes even further if you think about platforms and services offerings way completely give up your own idea of how to operate It And subscribe to a logical service instead music compared your today's work. If you are on the left hand side and work traditional eyeteeth. You accept that Rinaldi ATC is living somewhere in between these two layers and fair to say if we take this picture as an example and move forward to the right that there may be something different now because you don't own the whole stack anymore. So maybe You Don't Own
Me Specific portions were traditionally a DC was a perfect fit for because you don't have that level of control maybe depending on what it is. It is go even more severe if you move further to the right hand side, obviously, there's something different. So this is maybe some of the the reasons on why the traditional Nelson comes up that ATC is now that's and I would say it's at least Dead from the very traditional perspective working with ATC technology technology, but it doesn't necessarily mean it goes completely away. Sabrina doing this At least when the clickers with him.
It's that ATC has a strong competency on the infrastructure tear. So if you go in infrastructure-as-a-service offerings on regardless of being as OK Google Amazon whenever you can subscribe to their infrastructure to you in terms of the yams, but that's not necessary means that you take the whole set from them. So this VMS is still something that you have met us from the inside for the operating system in the front office to yours. So maybe atc's also something that is not something that is provided by the clutters provided still something that you have to
maintain and operate their own because you have existing infrastructure that is just moved over the main ER talkin that lift and shift phenomenon that going Cloud not answering me and let me Take the existing it puzzle and we think anything of components and invest into development in recreating modern applications and more than middleware and modern infrastructure eyes and said, we're just lifting uplifting traditional workload. Remember what was in the keynote we may have heard that on the side note is the theory is accurate that by 90% of
applications are still there in four years the reason for a simple because he just doing lift and shift into cloud with traditional stuff. We're not we creating those things. The reason why this specifically is not a cloud native. I don't want to talk about you and me and all that stuff. We talked about traditional itsm at your house today the product that you don't today in your Datacenter that have to go kind of a cloud weigh his mother that lift and shift comes back. Of course moving further to the right AC on the Identity or is something that can complement existing
platform and services offerings in tremendous difference. So it's easier to talk about all that picture as a puzzle and I brought with me a puzzle and it's actually the agenda for today. I've toured with me to different flavors of how to look at ADC technology when looking on a clogged transmission Journey, the first one said that the infrastructure perspective and the second flavor comes from the identity of perspective and from a timing perspective the law saying I would exceed any 45 minute session. If you go further, I need to limit that you at least these 6 puzzle pieces with his I
think I'm a good overall perspective of things that are important to talk about what we talked about Services talk about the sides to talk about in networking flavor or something with me that it's maybe unexpected to you. Let's let's get the price on that. Of course as your ID takes a very important Place holy here because that's 50 factors, that nobody can negate any more as his running Windows stuff and windows shop. The Android is just their Aggregates we like it or not, but has actually two pieces. I'm to get that discussed and we won't be at Cinergy not talk about these work
space and we have at least some some new flavor sitting where I would place a bet that you have no clue about that is coming because some of it actually just arrived last week. So let's go with that first chapter about the services. I wouldn't want to start the old school Murray stress the old school services available availability thing. So we going down to the infrastructure tear and talking about availability for services in what is important. If you move from the existing it infrastructure into the cloud is the thing that is called uptime SLA. I think everybody of you has a
certain infrastructure component in house management has decided that this component may not be touched during business hours in June with decks where it where the Masons window is hard-coded. We find to give my work on it. On a Saturday afternoon. Nobody else has a chance to to get in there. If you imagine those disciplines and then working with the SLA enough time this when you go into a cloud service provider world, you were just screwed because they have also working hours. They have Mason's windows and stuff like that. So they simply ignore the fact that you might be uncomfortable.
If a system goes down at 2 p.m. If it's their maintenance window because there's hundreds and thousands of customers. It's just their maintenance window to double-check and take care what their concerts are in terms of this terminology like an update the main a full-time mean availability zones regions and an unfortunate all these terminals. It's different for each cloud service provider. So it's not easy to understand what the methodology diaper cute to guarantee up time. The guarantee is not at the granular into individual of the end of the uptime guarantee is for the whole set that
follows down their recommendations of how to build reliable service. Provide us assume that you'll open isn't that you'll open practically everything which is not the real Riley to where we come from today, but you need to keep that in mind when going forward down that road. So that's obviously the reason why I load balancing technology is part of any service provider offering like you can subscribe to their functionality and make that happen and you need to take care about take care if you have shingles or what it wants and how to deal with that and if you put that into the clouds need to
remember, okay, how many clouds to actually need is running just in one is it Morris Pro love Service locations where there is a pint in the only answer the very first result of thinking about the tell transformation journey is that automation is fundamentally requires to get that manage somehow. So it's about questioning of learning curve that need to invest for to automate your existing for this Mighty in those areas where automation has not taken place yet, you know, everybody has already What is the ultimate everything? I personally doubt it's as good as that is but it's still a
different thing as ghosts called Wiseau thinking about that. And this is obviously an extreme example of a spread the service across many many locations are the picture or three of them and still about an example. It's about a development cycle for a new version. It's about the life State on whatever side and place you want to run. It may be located on NPR perspectives. It can be explored perspective and you need to push that out. Right? So what happens if you if you if you have no service has spread around certain areas and use every single available offering you
have a load make a Youtube mix of availability options in there. You're kind of aloe and lb functionality for your desk because I need something you maybe have a mature one in your primary production side. You maybe have something Cloud specific lb and there and just to get the h a quality there and what you do there is some sort of engine. And obviously some sort of scripting all around these services. So it starts with a question if individual lb Solutions each place where you put services on a feeling the Best Buy going forward in the excuse that it cost you money putting
something in there that has a product character is not the only perspective all this is scripting and all these Mason thing cost you money. It's even more space cost to people let's go to stuff. So one perspective could be in transitioning to the next slide is unifying the load balancing technology and putting an ATC every witch at least simplifies the script in perspective because what the strip on the inside on the low parenting is the same regardless of which side is Select, but looks like the best way to stop a visitation is a fundamental counterpart and complementary
selection to to automation right? But if you just stop at that later, you're not saving any single dollar. Will become more expensive than everything go did it before because started ization. It's just the starting point what you actually need and transition to the next slide is an orchestration solution what you need to go for. If you have your death results, we create the require consideration and check that end in carnival template Mentor into an orchestration system that then acts on behalf of you and spread this knowledge to whatever Target site is meant to be used for
running that specific service to what I'm saying is make this a and this example necklace a Citrix problem of actually talked into specific place and pushing configurations and stuff in there and don't waste the time on this infrastructure learning thing but put more pressure on freezing the template that says you more money. I'm going to be any different. So that's the first thing how to rethink our services can be deployed and by that it brings back a certain documentation line yatc even in the cloud infrastructure. Say it's just a question which position would it take on the total
cost of ownership of maintaining a k Services there as human we did that writes. It could still be a subject to failure. Is there a certain age a service still can go down to need to know about the sites phenomenal talking about sites mean means that that's Donald L D is good for a reason but I miss Siri something that allows you a good app time when it has to cross certain geographical boundaries. And what I recommend is that you rethink your service is offering the same way as he's pissed. Do you think in a multi-site approach because they also aware of the fact that a certain
side may go down for some reason over certain and so want this brings you is a bunch of dependencies in a bunch of advantageous. What I personally like is not only The Independents that certain flop may go down for whatever reason it brings to a simplified approach of worsening when I customers finding their upgrades on model 6 systems it is because of reason that you patch a certain Olympic system. And the next time you hit the system everything has to be working. If you need to rethink your state philosophy in terms of sites that have
a productive side and a back outside for example, and you do versioning on the back outside first and then moved you was over there and check that out in terms of a canary deployment or just as a test face forward and backwards versioning option of just going easier for when it comes to updating loss Melissa complications. So this move my side could also be a great opener. I'm from Richmond Concepts. And that means you need to think about how traffic routing actually works. You need to get your your infrastructure ready. So that uses don't know what to do with sites. They just need to have
access to a certain service regardless of where it's located in Europe need to need to take care of all the US get their dough from the graphic perspectives. I would like you to use a terminology like intelligent connection distribution mechanism need to find a way for users access the systems in that very basic examples and extra festive side where the path of stars actually not ready to take traffic and that requires that a certain compound that is part of this connection distribution. Mechanism has the word us about the health State there and if you compare traditional traffic
routing from a cloud Source Products than one and compare that with the service monitoring they can do on a ATC cheer in the ABCs much more granular actually knowing that the whole time the whole availability of the whole back and forth. So have a probe to watch the back on if it's a database is there is a day to actually it's any good State and and get it all together as a service Health State and decide on where to rob the user. So that allows you switching over users from active to passive side easier and for extra festive deployments that is
pretty much the minimum such as you needed a good with that but you obviously can do you can manipulate the way that decision is made so switching over uses between the side a and side B has never become easier. If you have this routing mechanism on top of that and of course, that's the the old Story one when discussing ATC functionality if you put together the local nursing functionality together with a traffic steering competency and just one instance is gets obviously she could because Yuri Yuri use existing as a better half their that's always a good recommendation not putting
pinpoint ATC somewhere because of the cost for print but instead combining features on a box if they logically make sense there and that's on American do on that picture it sold so technically at that picture. It's not for atc's just till 2 to Paris something that can do a job in transition to next slide if we think about an active exercise, what does apsley the way you want to go forth or better use the quality better resilience, which obviously need you to solve the replication for better than you may have today. That's that
the only thing where surface can help you out. Cannot help you at all. But that's okay. There are the same person that can do so and you still need a service availability. You stay protected us from the exit passive philosophy over to act of active networking. And this is where the world has little changed because of an acquisition that Citrix made we talked about the thing that the global terminal balancing knows about your back and chest that's no doubt. But what is the overall traffic quality situation across the internet routing. That's the reason why that intelligent. Meet spring
comes into play which allows you combining the quality of the of the of the traffic behavior in between client and you're in points together with the hell State on that your own Datacenter side or your closet actually has and so it's about shining these two functionalities sew-in. If you're on an active active World rethinking your existing gsod design in favor of adding ice cream on top makes a huge difference there in just a few the quality in case that those two sides span the globe it said they adjust in a single state at pretty pretty easy if they spent like an e on ATT IMEI, you ask
whatever I'm just really makes a difference that the traditional atcg S&B itself alone cannot do but combining these two flavors together message use different there. Networking. I promise there comes something surprising in there. I would bring your attention into something very different if you mix up clouds and if you mix up offerings on the office, please pray your services around and you have multiple VMS running in multiple places and you get that problem of Ip routing. Right? What is interesting to at least think about and is not a general purpose
of recommendation, but it's something that may help you in certain situations is expanding your IP Rancho existing IP range into someone else's Datacenter. That means we talked about net for virtualized contacts while you bring your own IP into someone else's environment to be fairly. Amber has gained some some good efforts with NSX on maturity so that you're wearing his has grown. What is pretty much unknown as I've learned is that a DC has been out of the game for a while and it's
a specialized sooner but in case you are there and we'll look like this you have your existing size Cloud white supremacist or in whatever location that is an under the assumption that the technology allows you apply in this type of transport. You can spend the existing Network to another computer side using the same IP scheme so its Lair to transparency the Moving Service fold, and back is way easier. If you don't have rotting bottom, right? There's no new DNS names. There's no routing specialization. It's just as the service were part of your original at work and that way You can easier
have some specialized computer options moved out of your asset in Saint Cloud offering by twice still maintaining all the Independence Day of all the services and what you also can do if you can expand this into any auto and electric employment employment as well. It's the way how difficult situation can also work on the future because it's there an ATC for a while and it is the best of muse but if you have this specialized requirements and the the environment than the cfp that you're working with allows you to do so, this is the great power just
rethink that over your way for certain special icing artist. Would I want to close down on the infrastructure and move to identity identity is a hard thing and we need to start with a j a d as this I was saying earlier on is the most relevant identity play that we have in the market space and drums to wear when you are in Marksmanship. You can get out of that. Right? So we started with the has your ID integration. It's just that little directory that has some some poor intensive conditioning services Building Solutions on top of a solution.
There is technically No Way Around The Assault as your protection proxy, that's the way it all the story starts. Like that's their way of rid of you bringing web services and RDP Services into an edger world and integrating them with their authentication system. So it's fair to say that they provide you with kind of a lightweight ATC reverse proxy technology that can do at least the job for this specialized purpose and it's a very minimalistic which has advanced because simple learning curve but it doesn't exceed that minimalistix conservation approach as it is.
And the thing is is Marcus of Noah pushes a 84 word extensively. That's really something that happens in customer environments heavily on what does it mean to the traditional approach of publishing services using traditional AC Footprints the marketing terminology tells you there's no money for third-party ATC appliances. If you go pee pee right that's often heard there and that also means any ATC that you replace has an equal, department is he right? There is no footprint Behavior changes just another one. So there's nothing there. It was
almost like in the debate is that that I would say Marketing in Fletcher over that's saying heads the end up getting that needs. That's her picture with that. This is the way it looks like if it's deployed in the HOA men are so is your eyes your network tenant? You have at least two proxies passage that are available to connect your web services on to the outside world. And that's the way how you going to provide authenticated services Twitter users. Assuming that you migrate. It's your environment in a state. Where as you're a d provide authentication to any using us working Visa
application process must Benjamin members to provide your single sign-on capabilities to Windows back and otherwise all these cases you think never will it's also it is a domain joint machine per se and from a slope respect. You just have a checkbox in saying I want these traffic to be authenticated to Azure. It is pretty simple checkbox feature and you're good to go to look attractive No Doubt So you can go through as your comes back slowly application parks and has access to infrastructure. What's interesting at that point is the the simplification about this. No DM that
thing the traffic that comes to the inside technically is nothing else than Ingress VPN connection because logically or connection from the Bible perspective, but this isn't a permanently maintains connection that is ready to take incoming traffic. This is nothing else and services publishing. The traditional way. It is more style is less obvious what's happening under the covers but does nothing else than incoming traffic from Azure Network and Marcus to take care of that only the good guys take down
the road. So it's even if something goes wrong on the edger. I don't know. What's the most may be happening. There is if somebody finds a way to take the beer out downwards to any customers a piece without being stopped by any local DMV type of setup. That's the reason why in the diagram the AP stats shield in between 5 walls so that you have a restriction here to your which systems going to actually published. I'm using that mechanism. So it's fair to say if that's the other technology. I'm let's bring back to say that it doesn't
8% markup language is okay, but no picture and and saying okay, we don't even know the healthiness. They're so something just brakes. He will find out when the user clicks or resource and the ape shitt on title application. That's way less quality in Wireless monitoring capabilities than we had previously when the same position Indians that was occupied by Jason ABC song ABC back in here in the requirement. Is that as you're a d is Vida Factor authentication son.
He still has a domain Calling functionality to have the quesadilla to the back and still the same functionality Pacific's can do that quesadilla for a while. And of course you can make this system ready to have your authentication capabilities for the music even doesn't know the difference cuz actually nothing music and can observe. I'm in to replace a P with ATT verse were so it's just the same functionality only only difference that it actually does it is that the traffic now, text you directly at the artegon from DMZ tour comes back to directly in your clothings at where you place
the other day since that's the only real technical difference that you make that more visible again, but traffic hit you directly but only remaining component adjust the same as before so it should be good to go and then why would stay in because of the better health check capabilities. It is important to notice as it is a Citrix ATC. It's not only for what technology is not only if you need to publish an existing work shirts and desktop on-prem. Whatever adult education so she made it you're not already in workspace, but still maintain the
more traditional way of Hosting HDX V8 in the requirement from businesses take everybody in the organization as the authentic at using as your ID. You can use a TC to bring all these resources in exactly. That's why so there's no functionality Gap in there and could even do more quotes on top. You have a better Quality Inn Federal Services money fine with that. What's interesting and that's all so shocking to me if you compare the quality of what the service is now have left inside looks pretty much. Okay, it's what I look at the details to compare the
marks of offering you want an ATC. It is getting Orange. It's not getting orange since last week's getting orange first few months already. So if you if you think that koalas is pretty much good in in analyzing and testifying what SSL Readiness and which encryption standard Geo Solutions have the Marcos office really liking behind because they try to be compatible to any client on the planet including XP. If you will where is on the 80s heater you can decide on what the level is and what's more shocking to me? That's not even if it's just as it is and if you have an existing 18 your
environment 1:40 today to get exactly that result and you can go beyond that point. So it's smallest thing something has a week. Sorry for I really think about the security panel of the infrastructure has Yahoo point is the authentication door is urd itself. As I was saying as your ID is required for any LG 65 Journey that you have sodium is Tommy change OneDrive the apps on the regardless of its windows or it's an iPhone and Android whatever it requires authentication, right? And if you look at all the indication needs I'm there's obviously the the
chance that you are good with giving marks with your credentials. If I work with customers, the majority of them complained that the last thing I wanted was giving marks on my credentials night. So the reason why they do not do the password has copy I'm with 84 next and the same applies to the password authentication with which is sometimes promoted as much as it doesn't have your passport, but technically you provide the password into a market infrastructure for sending them back to your premises or Cloud environment to actually validate the password. So what did end up in his favor.
So the whole idea that story just part of the game. You can't do an Enterprise as your ADL syndication strategy without without having a s s in place kind of This also requires you rethinking your motorcycle strategy, right? You may have existing Solutions if they are not followed person be compatible to run on top of Aeneas as infrastructure you screwed. It needs to be something that some of it did Next Generation type of motorcycle solution to get that GameFly in a good shape. And it's regardless if she is still running on treadmill, he move these a vast web infrastructure into a
a clothes site is still the underlying technology that is required and it requires a bunch of functionality. So I don't try more voice you have these two zones whether one's own support your internal uses and the demons that don't support your ex only uses for the internals go to the short way across and I'll be that you have to provide and the extra-long guys go through the elderly across the web and go all this way the interesting thing from the architectural perspective. Is that the MFA entitlement to get strong authentication for outside use this technically list on the inside
machine so that it's just a reverse proxy functionality to differentiate that is coming from the outside. Indication live inside of the Avis framework you feel something that is older or is something that you created over cuz of time yourself using engineering efforts, and it doesn't comply with that. I think the picture if we move out the as much as possible and just retain the 80 of us. It's actually like this goes all backwards and forwards you can practically everything works of except for the 80s of self and get the exact same
that approach any existing MSA that you have to Jay continuous work. There's nothing to need to take care of because technically on the 80s. MFA requirement for that you can open it. If you will let in front of an ATC. I know going to have an ETA function if you want to scan those machines for certain other requirements, you can do that as well and is exact same functionality the footprint that you actually there is pretty much low. It says she's single AJ pier in the send you all the stuff so, you know what how to partition netscaler into different zones. You really can do a very
minimalistic approach opening a great idea that's running authentication and what importance that's why I'm saying there are technically and all the netscaler has been made ready to actually call WS pet support that's a different and checking maintenance required turn engine engine changes what also important issue compared to to the Wop experience that you have today that prefix meaning of the username in the input box is not all the possible for the password and it just comes down from the original footprint level rates. Lowest volume possible
scenarios to use a Parcel Plus a multi-factor. This is all comply native is poop. So there's no comfortability words that you have to go through and the next-gen ATP is produced on the way. So in a few I would say weeks or at least a month from now we have the full feature said you were a wreath safe to go there as a full wave is proxy replacement so that web can go all the way and that's way center for tonight. Finally the last candidates. It's a big place and that's really a monster in terms of discussing identity. And the reason is pretty simple to
start offering it lives outside of your own boundaries, right? Hello there. So we talked about the login for users to watch their work space. They log into an intern offering that is obviously located on the outside of your existing it environment where internal uses may want to access internal resources and after undergoing authentication mechanism in the same time, but you just go to the same place all so exciting. Internal internal resources in what's that you have there and you don't want to
have everybody titan go through the puzzle that right if you're promoting your your VA loan work space. So if you have seen that uses there and let's for example allow a desktop access or allow access to your bi system or ever the last thing you want to have the rest of the week off syndication pay the right. What can I do there? That's one of the reasons by Citrix has brought up an integrated smoke detector solution flight. So it's the owner says no app that you can use to enrich the authentication strengths are but this isn't for you. This is a new enrollment into a new technology. If you
have something existing other MFA in place, that's my perspective. That's just the way it is, but you may want that and you also may want to have the ability to bring your identity control completely back in your hands with a Federated against that environment you may want to have something but you don't even have to type password. So you won't have strong factors like fingerprints my light. Something like that, but you don't want to have musically with passwords and that's all the way that's what it's not is not built by Design but it is preferable. So it's the default design typing
that credentialed are the credentials of them being sent over across the connector for active directory validation. And if that's you talking to you you implement to Citrix MSI on top so that typing required An additional criteria to have strong indication. Unfortunately that also applies to interviews of them. It's not different. I want to make everybody lucky. Next best approach to there is saying okay. I want to link my existing workspace into is your ID. As the majority of a
TX customers likely will have some sort of security entitlement. Why not? So you make Citrix workspace a nap inside as your ID and have uses authenticate their list moves the requirement of a good authentication to what is your ID with a previous chapters about how you can authenticate user Adidas that some of us gameplay that you can go for so you have a different Chase between intra and Inter Alia intro next song uses because of the way how you design a does your ADL syndication but it leaves behind one single element that uses in the very first phase have to
specify their name before authentication. You can start because you already has no clue about Dort and you need to type the name, right? So this is not the ultimate best play and even if you have a there it's still not a hundred percent be comfortable. That's why I'm saying there's something you what you can now do is bring your existing or a dedicated ATC and play that has an awareness about internal clients. Set for example speaker vs. Adult education. It has a good awareness of external users with any external MFA Whatever by this way, you know have an open
relationship. You connect relationship between Citrix workspace in your environment, which requires an update on your workplace tenant and requires and you specialize firmware on your on your premises or cloud and that they need to stick together. And with that you have the ability that have a sign in login where is external users have the full-blown MFA EPA even possible Nest whenever I'm locking capability and white that you have a very use a compatible version of bringing uses into work space seamlessly it take for you that's about to end quickly.
So it's the last thing our first like cute real and it's going out into fun at work and wash OKC weather look like that's crazy and pretty easy. First I start with my existing climb that is not in a refrigeration yet. So I go to my cloud workplace and type in my credentials in the same way others would do before that piece even existed. So time user name and tarantula is a check to wash my directory and it doesn't matter. There's an extra internal clients. It's the same for everybody getting resources always has done so that the the undesired way right from there I switch off to my
menstration control panel solar screen switches to read this morning my Administration perspective I go into my were in my account going to identities lease require some sort of preparation. I already obviously configure to the AA enforcement and the pairing. So it's available as a configured auction right now and then you go into your work space and say this is didn't you default that. I want my music to use for authenticating to work space after you commit that it takes approximately 10 minutes of downtime before your service is available back in public. That's something so we corporation that
is done underneath and from there when he died. Sister service, it requires omadi Federation with your with your interest rates of the new brought into the country duration. So I have a client with two network cards. It is now join to domain Network open the browser type the exact same URL and you will see some Flippin, but you won't see any infertility except for taking me directly as my workplace because Kerberos authentication negotiate just happens. There's more resources. Same office reply to the workspace app. It will also fade in an external browser
window off the typing GIF to them because it doesn't know that it's getting seamless. It is technically I'm a type something but it's it's ending faucet. So you see his opening and closing in the electron. The Kerber's is done texting to my workplace contact on a 97 swap. So far so good so we know sanitized environment. So I'm deleting the count in the in the workplace app. I'm logging out from the browser. The browser by the way, now it says goodbye on my ATC cheer. So the exit message not comes from you bruise one was sent from the cloud. This is your
own right now, and we move that plant now into the zone. Sounds like being located the road warrior somewhere else. You see if our volt switch to private Network Mode now. I don't have any more direct access to my to my network anymore. So I'm on the way to go opening the browser back at the same logic inside. But it now getting getting picked by the ATC that sees them come from the outside and goes for the standard authentication dialogue that you are willing to prevent the user with so like user possible MSHA smart card, whatever other sort of identity
play when I get there. I'll tend to Kate and it takes it to work place. So the work space sorry. His ass off and obviously insane proof for the native app. Bring something by the browser going to be Authentication. Next next next Chelsea they have and this is this is important in many places because for example, if you if she proves we just had the is your ideal option in Citrix workspace that implies that any user is enrolled again. The first limitation that maybe a little earlier for your audience. Second thing is these these ergonomic sings. This is my be problematic. You may have
different authentication needs an authority than you have for your HDX workspace need so you can separate these two things and was also important if there is something in terms of an authentication need that does not fit into the has your ID world's today. You can take no ATC is a bridge that device to degrade one of your life has the the uif all the luck and if you have to get some other identity provider like a little Google thing know whatever with your workplace strategy or strategies you can use that ATC is kind of a silent.
Of mentoring the request from the cloud to add any other identity resource. Just make it happen that you don't get there in the right place. So he can count my six chapters. I should be ending when I have one more thing in the tradition of synergy. So must have one is a flavor that I still think it's has become certain kind of important because if we move our our resources outside of our our environment and put them in somewhere close it is still impossible important that uses have a clue how to get there and you want to minimize the number of authentication dial of the uses face with
right. Do you think about your domain join computers? I think I have all a mess up left for work for us on the way. They need to access to our environment. I think the old fashioned VPN thing is still alive and still a very applicable. Technology to bring uses back into your environment without nagging them about the underlying technology. So VPN, is there for a while even VPN on a DC's nothing new? What is new? However is the flavor that if you know, but what type of exercise has been a while and you know, the dark exercise ended on the
Microsoft and that subjects ATC can now take over any existing dark excess philosophy of operating a rooming device being always connected to your environment one that has any connection with no heater infertility was Saul of the indications of certificate wise to get a connection to your data center to try to see any point in from there. You have all the resources required and that also applies to the free login face, which is the important one to give up a laptop to use with Sports Albany to change the password before authentication, you know this train John
next lock-in check box with a VPN. That is both even before the login face all that's very powerful and sold at the latest. StudentVue Well, that's takeaways. I think cloudfront summation is not that easy to resync all the puzzle pieces how they make up together. What is an application? What is in service mode requires authentication? What is the best place to do out invitations how many authentication from the user actually requires that you gave us for all these questions you will see that ABC is kind of the bridge set component that ties all these things back
together. And so I think at least for the next 3 to 5 years Club transformation will be very interesting because ATC put this all back together and so the total is better than the individual. So this is my puzzle. I would like to offer in favor of the time which ends price is right. Now. We are ending in that here. So before you get out, please take the app and and both of the session and give the feedback here needs adoption before eventually come back next year and thank you for that. The download was charged as it is announced. I will put the long presentations that in there
instead of the show that you have seen here, since you go to recording go back to work and see the pages not moving. Currently there is something that. That is back in the deck that will upload there and with that there's some more ATC stuff around during the rest of synergy and will that thank you. Enjoy the rest of the time, but why we're done. Thank you.
Buy this talk
Access to all the recordings of the event
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.