Duration 46:05
16+
Play
Video

Citrix Synergy TV - SYN220 - Going cloud? It's where Citrix ADC has a role!

Thorsten Rood
CTO, Regional Director at braincon GmbH
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN220 - Going cloud? It's where Citrix ADC has a role!
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
279
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speaker

I am working in information technology industry and matured into the role of an enterprise architect, still committed validating bits & bytes in daily reality, awarded multiple times as CTP and I'm certified as MSCE/CCP. My strongest fortitudes are technology competence and quality assurance. Rhineland and Ruhr district is my home of choice for a long time now, but customer on-site engineering brings me widely around into different places.

About the talk

Topic: IT

Moving towards a cloud play in your given environment? Thinking that AzureAD will be your future authentication strategy? It’s likely you’ll still need access to some on-premises resources that won’t make it over that quickly or others that are running outside of a pure Microsoft feature set, such as Amazon (AWS) or Google Cloud Platform (GCP). In this session, you’ll learn how Citrix ADC bridges the gap between clouds, and how to integrate remaining datacenter resources into a common offering while maintaining user experience. Plus, explore the elements that constitute a true hybrid cloud infrastructure, which will likely be the longest migration episode in many IT lives.Note: This session will be live-streamed during the event and available for on-demand viewing post-event on Citrix Synergy TV.

Share

Morning, everybody my pleasure to give the day with the text session. So thank you for making that in time. I'm trusting I want to take you to a 00:05 journey into Claude and Culp information. And while we do that we have a look on the role of the AC that it has today and future wife and finding out 00:11 what the actual difference is in preparation of synergy sessions. It's always the same ASL you you have an abstract of a session that you just cried 00:21 like in Xavier earlier than the extra show starts and you collect the other things get the story done right and then work on the chapters and then you 00:30

finally give much more content in Mexican prison for 45 minutes about the signed and it turns out the original deck that I intended to give you here 00:38 in a session is practically ready for like 70 or 80 or 90 minutes. So my plans we just do the recording on the 45 45 minutes back what you see now 00:46 where is in the upload section where I get the the deck later on for the organization and you get the full deck later on they can compare which lights 00:55 were being left out. Wild to show right now who she look at the page numbering while moving forward you will see that it does not truly incremental. 01:04

We have some kids in there. I'm so we suggest when you have to recording later on at 6 to the song time to pause and then look at the download What's 01:10 missing in between because I'm just need to squeeze out there and things to be in the time frame the idea why I'm here it comes about like like this 01:18 why having a session about that? It is based on the customer feedback got to work with all the last year because every time you get into discussion 01:25 about moving forward into Cloud. I'm a certain marketing machine comes along with it, right it comes from the closest peace and all the other 01:34

offerings that come they're promoting you are certain Readiness state of what is in their package and at least behind some kind of impression that 01:41 this is the end of the fish biting flies that we working with over the years and maybe there's also a fair question to ask if that changes the game at 01:49 all and that's the motivation while running that session. the first start about transformation If you think about your own Journey there about 01:56 your own customers for as long as your partner, everybody's different and now everybody's claiming that because of cloud everything is happening 02:06

different than before my question is if that really is and what are they like to suggest in any political management debate that goes on when you move 02:13 cloud is bringing up just a very simple statement like this. There is no cloud cloud is just a business at just about technology is just another day 02:21 to send select for running your services and infrastructure cross Club is just the economic perspective of that we talked about we talk about lousy at 02:29 Turtle requirements. But why you go there please make sure how long the debate are you talking about? A Services subscription are talking about that 02:39

your poster infrastructure and someone else if they decide to because that's just the two flavors that typically everybody has to run through and 02:49 decide how to move forward his own. I'm set up and how this can be modernized over the course of time. Another aspect that you will easily find out 02:55 when you do the journey that this is one cloud is not enough thingy thing comes up not every cloud has the full features that you re require a special 03:05 on the service is cheaper. There are strong differences and differentiation States competition. They are alternates and if you mix that together you 03:13

find out that you need to hold this all together and putting things together. It's also a disciplinary important like it's the statement that off and 03:22 get hurt that this is also the end of address on Perimeter in your existing it infrastructure be but what's the remaining is it important question of 03:30 who was in charge of identities. It's do you use right? It's not a structure that is just sitting there and it's something that is purpose-built for 03:40 certain user audience and it is different for each user audience. So controlling identities and who has access to which title information is in 03:48

important authentication becomes the ultimate important question. How do you say authentication resources? Under the hood. What is what is covered in 03:56 front of the music? What is Tomales interactively on display? And that's that's really important thing. So talking about the cloud. We need to compare 04:05 our traditional infrastructure stack with at least two options that you can pursue. The first one in the middle is situational infrastructure, tear 04:12 while you drive into someone else's data center services to host of the ends. And of course, it is getting off the exit and giving up portions of 04:21

control in regarding to infrastructure. It goes even further if you think about platforms and services offerings way completely give up your own idea 04:28 of how to operate It And subscribe to a logical service instead music compared your today's work. If you are on the left hand side and work 04:36 traditional eyeteeth. You accept that Rinaldi ATC is living somewhere in between these two layers and fair to say if we take this picture as an 04:45 example and move forward to the right that there may be something different now because you don't own the whole stack anymore. So maybe You Don't Own 04:54

Me Specific portions were traditionally a DC was a perfect fit for because you don't have that level of control maybe depending on what it is. It is 05:02 go even more severe if you move further to the right hand side, obviously, there's something different. So this is maybe some of the the reasons on 05:11 why the traditional Nelson comes up that ATC is now that's and I would say it's at least Dead from the very traditional perspective working with ATC 05:21 technology technology, but it doesn't necessarily mean it goes completely away. Sabrina doing this At least when the clickers with him. 05:28

It's that ATC has a strong competency on the infrastructure tear. So if you go in infrastructure-as-a-service offerings on 05:37 regardless of being as OK Google Amazon whenever you can subscribe to their infrastructure to you in terms of the yams, but that's not necessary means 05:47 that you take the whole set from them. So this VMS is still something that you have met us from the inside for the operating system in the front 05:55 office to yours. So maybe atc's also something that is not something that is provided by the clutters provided still something that you have to 06:03

maintain and operate their own because you have existing infrastructure that is just moved over the main ER talkin that lift and shift phenomenon 06:11 that going Cloud not answering me and let me Take the existing it puzzle and we think anything of components and 06:21 invest into development in recreating modern applications and more than middleware and modern infrastructure eyes and said, we're just lifting 06:31 uplifting traditional workload. Remember what was in the keynote we may have heard that on the side note is the theory is accurate that by 90% of 06:38

applications are still there in four years the reason for a simple because he just doing lift and shift into cloud with traditional stuff. We're not 06:48 we creating those things. The reason why this specifically is not a cloud native. I don't want to talk about you and me and all that stuff. We talked 06:55 about traditional itsm at your house today the product that you don't today in your Datacenter that have to go kind of a cloud weigh his mother that 07:03 lift and shift comes back. Of course moving further to the right AC on the Identity or is something that can complement existing 07:12

platform and services offerings in tremendous difference. So it's easier to talk about all that picture as a puzzle and I brought with me a puzzle and 07:21 it's actually the agenda for today. I've toured with me to different flavors of how to look at ADC technology when looking on a clogged transmission 07:30 Journey, the first one said that the infrastructure perspective and the second flavor comes from the identity of perspective and from a timing 07:39 perspective the law saying I would exceed any 45 minute session. If you go further, I need to limit that you at least these 6 puzzle pieces with his I 07:46

think I'm a good overall perspective of things that are important to talk about what we talked about Services talk about the sides to talk about in 07:55 networking flavor or something with me that it's maybe unexpected to you. Let's let's get the price on that. Of course as your ID takes a very 08:03 important Place holy here because that's 50 factors, that nobody can negate any more as his running Windows stuff and windows shop. The Android is 08:12 just their Aggregates we like it or not, but has actually two pieces. I'm to get that discussed and we won't be at Cinergy not talk about these work 08:20

space and we have at least some some new flavor sitting where I would place a bet that you have no clue about that is coming because some of it 08:28 actually just arrived last week. So let's go with that first chapter about the services. I wouldn't want to start the old school Murray stress the old 08:34 school services available availability thing. So we going down to the infrastructure tear and talking about availability for services in what is 08:43 important. If you move from the existing it infrastructure into the cloud is the thing that is called uptime SLA. I think everybody of you has a 08:52

certain infrastructure component in house management has decided that this component may not be touched during business hours in June with decks where 09:01 it where the Masons window is hard-coded. We find to give my work on it. On a Saturday afternoon. Nobody else has a chance to to get in there. If you 09:10 imagine those disciplines and then working with the SLA enough time this when you go into a cloud service provider world, you were just screwed 09:20 because they have also working hours. They have Mason's windows and stuff like that. So they simply ignore the fact that you might be uncomfortable. 09:28

If a system goes down at 2 p.m. If it's their maintenance window because there's hundreds and thousands of customers. It's just their maintenance 09:35 window to double-check and take care what their concerts are in terms of this terminology like an update the main a full-time mean availability zones 09:44 regions and an unfortunate all these terminals. It's different for each cloud service provider. So it's not easy to understand what the methodology 09:54 diaper cute to guarantee up time. The guarantee is not at the granular into individual of the end of the uptime guarantee is for the whole set that 10:02

follows down their recommendations of how to build reliable service. Provide us assume that you'll open isn't that you'll open practically everything 10:10 which is not the real Riley to where we come from today, but you need to keep that in mind when going forward down that road. So that's obviously the 10:20 reason why I load balancing technology is part of any service provider offering like you can subscribe to their functionality and make that happen and 10:29 you need to take care about take care if you have shingles or what it wants and how to deal with that and if you put that into the clouds need to 10:36

remember, okay, how many clouds to actually need is running just in one is it Morris Pro love Service locations where there is a pint in the only 10:43 answer the very first result of thinking about the tell transformation journey is that automation is fundamentally requires to get that manage 10:52 somehow. So it's about questioning of learning curve that need to invest for to automate your existing for this Mighty in those areas where automation 11:01 has not taken place yet, you know, everybody has already What is the ultimate everything? I personally doubt it's as good as that is but it's still a 11:10

different thing as ghosts called Wiseau thinking about that. And this is obviously an extreme example of a spread the service across many many 11:19 locations are the picture or three of them and still about an example. It's about a development cycle for a new version. It's about the life State on 11:27 whatever side and place you want to run. It may be located on NPR perspectives. It can be explored perspective and you need to push that out. Right? 11:36 So what happens if you if you if you have no service has spread around certain areas and use every single available offering you 11:45

have a load make a Youtube mix of availability options in there. You're kind of aloe and lb functionality for your desk because I need something you 11:54 maybe have a mature one in your primary production side. You maybe have something Cloud specific lb and there and just to get the h a quality there 12:03 and what you do there is some sort of engine. And obviously some sort of scripting all around these services. So it starts with a question if 12:12 individual lb Solutions each place where you put services on a feeling the Best Buy going forward in the excuse that it cost you money putting 12:21

something in there that has a product character is not the only perspective all this is scripting and all these Mason thing cost you money. It's even 12:30 more space cost to people let's go to stuff. So one perspective could be in transitioning to the next slide is unifying the load balancing 12:38 technology and putting an ATC every witch at least simplifies the script in perspective because what the strip on the inside on the low parenting is 12:47 the same regardless of which side is Select, but looks like the best way to stop a visitation is a fundamental counterpart and complementary 12:57

selection to to automation right? But if you just stop at that later, you're not saving any single dollar. Will become more expensive than everything 13:07 go did it before because started ization. It's just the starting point what you actually need and transition to the next slide is an orchestration 13:16 solution what you need to go for. If you have your death results, we create the require consideration and check that end in carnival template Mentor 13:24 into an orchestration system that then acts on behalf of you and spread this knowledge to whatever Target site is meant to be used for 13:32

running that specific service to what I'm saying is make this a and this example necklace a Citrix problem of actually talked into specific place and 13:42 pushing configurations and stuff in there and don't waste the time on this infrastructure learning thing but put more pressure on freezing the 13:50 template that says you more money. I'm going to be any different. So that's the first thing how to rethink our services can be deployed and by that it 13:59 brings back a certain documentation line yatc even in the cloud infrastructure. Say it's just a question which position would it take on the total 14:08

cost of ownership of maintaining a k Services there as human we did that writes. It could still be a subject to failure. Is there a certain age 14:17 a service still can go down to need to know about the sites phenomenal talking about sites mean means that that's Donald L D is good for a reason 14:27 but I miss Siri something that allows you a good app time when it has to cross certain geographical boundaries. And what I recommend is that you 14:37 rethink your service is offering the same way as he's pissed. Do you think in a multi-site approach because they also aware of the fact that a certain 14:46

side may go down for some reason over certain and so want this brings you is a bunch of dependencies in a bunch of 14:54 advantageous. What I personally like is not only The Independents that certain flop may go down for whatever reason it brings to a simplified approach 15:04 of worsening when I customers finding their upgrades on model 6 systems it is because of reason that you patch a certain Olympic 15:12 system. And the next time you hit the system everything has to be working. If you need to rethink your state philosophy in terms of sites that have 15:22

a productive side and a back outside for example, and you do versioning on the back outside first and then moved you was over there and check that out 15:32 in terms of a canary deployment or just as a test face forward and backwards versioning option of just going easier for when it comes to updating loss 15:40 Melissa complications. So this move my side could also be a great opener. I'm from Richmond Concepts. And that means you need to think about how 15:50 traffic routing actually works. You need to get your your infrastructure ready. So that uses don't know what to do with sites. They just need to have 15:58

access to a certain service regardless of where it's located in Europe need to need to take care of all the US get their dough from the graphic 16:07 perspectives. I would like you to use a terminology like intelligent connection distribution mechanism need to find a way for users access the systems 16:14 in that very basic examples and extra festive side where the path of stars actually not ready to take traffic and that requires that a certain 16:23 compound that is part of this connection distribution. Mechanism has the word us about the health State there and if you compare traditional traffic 16:32

routing from a cloud Source Products than one and compare that with the service monitoring they can do on a ATC cheer in the ABCs much more granular 16:40 actually knowing that the whole time the whole availability of the whole back and forth. So have a probe to 16:48 watch the back on if it's a database is there is a day to actually it's any good State and and get it all together as a service Health State and 16:58 decide on where to rob the user. So that allows you switching over users from active to passive side easier and for extra festive deployments that is 17:07

pretty much the minimum such as you needed a good with that but you obviously can do you can manipulate the way that decision is made so switching 17:17 over uses between the side a and side B has never become easier. If you have this routing mechanism on top of that and of course, that's the the old 17:25 Story one when discussing ATC functionality if you put together the local nursing functionality together with a traffic steering competency and just 17:34 one instance is gets obviously she could because Yuri Yuri use existing as a better half their that's always a good recommendation not putting 17:42

pinpoint ATC somewhere because of the cost for print but instead combining features on a box if they logically make sense there and that's on American 17:48 do on that picture it sold so technically at that picture. It's not for atc's just till 2 to Paris something that can do a job in 17:57 transition to next slide if we think about an active exercise, what does apsley the way you want to go 18:04 forth or better use the quality better resilience, which obviously need you to solve the replication for better than you may have today. That's that 18:14

the only thing where surface can help you out. Cannot help you at all. But that's okay. There are the same person that can do so and you still need a 18:22 service availability. You stay protected us from the exit passive philosophy over to act of active networking. And this is where the world has little 18:29 changed because of an acquisition that Citrix made we talked about the thing that the global terminal balancing knows about your back and chest that's 18:38 no doubt. But what is the overall traffic quality situation across the internet routing. That's the reason why that intelligent. Meet spring 18:47

comes into play which allows you combining the quality of the of the of the traffic behavior in between client and you're in points together with the 18:57 hell State on that your own Datacenter side or your closet actually has and so it's about shining these two functionalities sew-in. If you're on an 19:07 active active World rethinking your existing gsod design in favor of adding ice cream on top makes a huge difference there in just a few the quality 19:15 in case that those two sides span the globe it said they adjust in a single state at pretty pretty easy if they spent like an e on ATT IMEI, you ask 19:25

whatever I'm just really makes a difference that the traditional atcg S&B itself alone cannot do but combining these two flavors together message use 19:34 different there. Networking. I promise there comes something surprising in there. I would bring your attention 19:43 into something very different if you mix up clouds and if you mix up offerings on the office, please pray your services around and you have multiple 19:53 VMS running in multiple places and you get that problem of Ip routing. Right? What is interesting to at least think about and is not a general purpose 20:02

of recommendation, but it's something that may help you in certain situations is expanding your IP Rancho existing IP range into someone else's 20:10 Datacenter. That means we talked about net for virtualized contacts while you bring your own IP into someone else's environment 20:19 to be fairly. Amber has gained some some good efforts with NSX on 20:28 maturity so that you're wearing his has grown. What is pretty much unknown as I've learned is that a DC has been out of the game for a while and it's 20:38

a specialized sooner but in case you are there and we'll look like this you have your existing size Cloud white supremacist or in whatever location 20:48 that is an under the assumption that the technology allows you apply in this type of transport. You can spend the existing Network to another computer 20:56 side using the same IP scheme so its Lair to transparency the Moving Service fold, and back is way easier. If you don't have rotting bottom, right? 21:04 There's no new DNS names. There's no routing specialization. It's just as the service were part of your original at work and that way You can easier 21:14

have some specialized computer options moved out of your asset in Saint Cloud offering by twice still maintaining all the Independence Day of all the 21:22 services and what you also can do if you can expand this into any auto and electric employment employment as well. It's the way how difficult 21:30 situation can also work on the future because it's there an ATC for a while and it is the best of muse but if you 21:37 have this specialized requirements and the the environment than the cfp that you're working with allows you to do so, this is the great power just 21:47

rethink that over your way for certain special icing artist. Would I want to close down on the infrastructure and move to identity identity is a 21:54 hard thing and we need to start with a j a d as this I was saying earlier on is the most relevant identity play that we have in the market space and 22:04 drums to wear when you are in Marksmanship. You can get out of that. Right? So we started with the has your ID integration. It's just that little 22:13 directory that has some some poor intensive conditioning services Building Solutions on top of a solution. 22:20

There is technically No Way Around The Assault as your protection proxy, that's the way it all the story starts. Like that's their way of rid of you 22:30 bringing web services and RDP Services into an edger world and integrating them with their authentication system. So it's fair to say that they 22:39 provide you with kind of a lightweight ATC reverse proxy technology that can do at least the job for this specialized purpose and it's a very 22:48 minimalistic which has advanced because simple learning curve but it doesn't exceed that minimalistix conservation approach as it is. 22:56

And the thing is is Marcus of Noah pushes a 84 word extensively. That's really something that happens in customer environments heavily on what does it 23:07 mean to the traditional approach of publishing services using traditional AC Footprints the marketing terminology tells you there's no money for 23:15 third-party ATC appliances. If you go pee pee right that's often heard there and that also means any ATC that you replace has an equal, department is 23:24 he right? There is no footprint Behavior changes just another one. So there's nothing there. It was 23:34

almost like in the debate is that that I would say Marketing in Fletcher over that's saying heads the end up getting that needs. That's her picture 23:44 with that. This is the way it looks like if it's deployed in the HOA men are so is your eyes your network tenant? You have at least two proxies 23:52 passage that are available to connect your web services on to the outside world. And that's the way how you going to provide authenticated services 23:59 Twitter users. Assuming that you migrate. It's your environment in a state. Where as you're a d provide authentication to any using us working Visa 24:09

application process must Benjamin members to provide your single sign-on capabilities to Windows back and otherwise all these cases you think never 24:18 will it's also it is a domain joint machine per se and from a slope respect. You just have a checkbox in saying I want these traffic to be 24:24 authenticated to Azure. It is pretty simple checkbox feature and you're good to go to look attractive No Doubt So you can go through as your comes 24:33 back slowly application parks and has access to infrastructure. What's interesting at that point is the the simplification about this. No DM that 24:41

thing the traffic that comes to the inside technically is nothing else than Ingress VPN connection because logically or 24:50 connection from the Bible perspective, but this isn't a permanently maintains connection that 24:59 is ready to take incoming traffic. This is nothing else and services publishing. The traditional way. It is more style is less obvious what's 25:09 happening under the covers but does nothing else than incoming traffic from Azure Network and Marcus to take care of that only the good guys take down 25:17

the road. So it's even if something goes wrong on the edger. I don't know. What's the most may be happening. There is if somebody finds a way to take 25:24 the beer out downwards to any customers a piece without being stopped by any local DMV type of setup. That's the reason why in the diagram the AP 25:31 stats shield in between 5 walls so that you have a restriction here to your which systems going to actually published. I'm using that mechanism. 25:41 So it's fair to say if that's the other technology. I'm let's bring back to say that it doesn't 25:51

8% markup language is okay, but no picture and 25:59 and saying okay, we don't even know the healthiness. They're so something just brakes. He will find out when the user clicks or resource and the ape 26:09 shitt on title application. That's way less quality in Wireless monitoring capabilities than we had previously when the same position Indians that 26:15 was occupied by Jason ABC song ABC back in here in the requirement. Is that as you're a d is Vida Factor authentication son. 26:25

He still has a domain Calling functionality to have the quesadilla to the back and still the same functionality Pacific's can do that quesadilla for a 26:35 while. And of course you can make this system ready to have your authentication capabilities for the music even doesn't know the difference cuz 26:45 actually nothing music and can observe. I'm in to replace a P with ATT verse were so it's just the same functionality only only difference that it 26:53 actually does it is that the traffic now, text you directly at the artegon from DMZ tour comes back to directly in your clothings at where you place 27:01

the other day since that's the only real technical difference that you make that more visible again, but traffic hit you directly but only remaining 27:10 component adjust the same as before so it should be good to go and then why would stay in because of the better health check capabilities. It is 27:18 important to notice as it is a Citrix ATC. It's not only for what technology is not only if you need to 27:26 publish an existing work shirts and desktop on-prem. Whatever adult education so she made it you're not already in workspace, but still maintain the 27:35

more traditional way of Hosting HDX V8 in the requirement from businesses take everybody in the organization as the authentic at using as your ID. 27:45 You can use a TC to bring all these resources in exactly. That's why so there's no functionality Gap in there and could even do more quotes on top. 27:54 You have a better Quality Inn Federal Services money fine with that. What's interesting and that's all so shocking to me if you compare the quality 28:04 of what the service is now have left inside looks pretty much. Okay, it's what I look at the details to compare the 28:14

marks of offering you want an ATC. It is getting Orange. It's not getting orange since last week's getting orange first few months already. So if you 28:24 if you think that koalas is pretty much good in in analyzing and testifying what SSL Readiness and which encryption standard Geo Solutions have 28:33 the Marcos office really liking behind because they try to be compatible to any client on the planet including XP. If you will where is on the 80s 28:42 heater you can decide on what the level is and what's more shocking to me? That's not even if it's just as it is and if you have an existing 18 your 28:50

environment 1:40 today to get exactly that result and you can go beyond that point. So it's smallest thing something has a week. Sorry for I really 28:59 think about the security panel of the infrastructure has Yahoo point is the authentication door is urd itself. 29:07 As I was saying as your ID is required for any LG 65 Journey that you have sodium is Tommy change OneDrive the apps on the regardless of its windows 29:18 or it's an iPhone and Android whatever it requires authentication, right? And if you look at all the indication needs I'm there's obviously the the 29:26

chance that you are good with giving marks with your credentials. If I work with customers, the majority of them complained that the last thing I 29:34 wanted was giving marks on my credentials night. So the reason why they do not do the password has copy I'm with 84 next and the same applies to the 29:42 password authentication with which is sometimes promoted as much as it doesn't have your passport, but technically you provide the password into a 29:49 market infrastructure for sending them back to your premises or Cloud environment to actually validate the password. So what did end up in his favor. 29:57

So the whole idea that story just part of the game. You can't do an Enterprise as your ADL syndication strategy without without having a s s 30:06 in place kind of This also requires you rethinking your motorcycle strategy, right? You may have existing Solutions if they are not followed person be 30:15 compatible to run on top of Aeneas as infrastructure you screwed. It needs to be something that some of it did Next Generation type of motorcycle 30:25 solution to get that GameFly in a good shape. And it's regardless if she is still running on treadmill, he move these a vast web infrastructure into a 30:33

a clothes site is still the underlying technology that is required and it requires a bunch of functionality. So I don't try more voice you have these 30:42 two zones whether one's own support your internal uses and the demons that don't support your ex only uses for the internals go to the short way 30:51 across and I'll be that you have to provide and the extra-long guys go through the elderly across the web and go all this way the interesting thing 30:59 from the architectural perspective. Is that the MFA entitlement to get strong authentication for outside use this technically list on the inside 31:07

machine so that it's just a reverse proxy functionality to differentiate that is coming from the outside. Indication 31:16 live inside of the Avis framework you feel something that is older or is something that you created over cuz of time yourself using engineering 31:26 efforts, and it doesn't comply with that. I think the picture if we move out the as much as possible and just retain the 80 of us. 31:33 It's actually like this goes all backwards and forwards you can practically everything works of except for the 80s of self and get the exact same 31:43

functionality. So that means internal users use the same words before where is the external guys know hit you in the same manner as they for example 31:53 you on your HDX place so that you can recognize the existing authentication dialogue. So they say were familiar I'm with you. I was also important to 32:03 the fuses that you have new front door of indication moth that I'm now appropriate to type password inside. 32:11 That's that's something caustic if you retain the existing URI, that's way easier in terms of use adoption at Quality Inn with also important using 32:21

that approach any existing MSA that you have to Jay continuous work. There's nothing to need to take care of because technically on the 80s. MFA 32:29 requirement for that you can open it. If you will let in front of an ATC. I know going to have an ETA function if you want to scan those machines for 32:39 certain other requirements, you can do that as well and is exact same functionality the footprint that you actually there is pretty much low. It says 32:47 she's single AJ pier in the send you all the stuff so, you know what how to partition netscaler into different zones. You really can do a very 32:56

minimalistic approach opening a great idea that's running authentication and what importance that's why I'm saying there are technically and all the 33:03 netscaler has been made ready to actually call WS pet support that's a different and checking maintenance required turn engine engine changes what 33:12 also important issue compared to to the Wop experience that you have today that prefix meaning of the username in the input box is not all the 33:20 possible for the password and it just comes down from the original footprint level rates. Lowest volume possible 33:29

scenarios to use a Parcel Plus a multi-factor. This is all comply native is poop. So there's no comfortability words that you have to go through and 33:39 the next-gen ATP is produced on the way. So in a few I would say weeks or at least a month from now we have the full feature said you were a wreath 33:47 safe to go there as a full wave is proxy replacement so that web can go all the way and that's way center for tonight. 33:54 Finally the last candidates. It's a big place and that's really a monster in terms of discussing identity. And the reason is pretty simple to 34:05

start offering it lives outside of your own boundaries, right? Hello there. 34:14 So we talked about the login for users to watch their work space. They log into an intern offering that is obviously 34:23 located on the outside of your existing it environment where internal uses may want to access internal resources and after 34:32 undergoing authentication mechanism in the same time, but you just go to the same place all so exciting. Internal internal resources 34:42 in what's that you have there and you don't want to 34:50

have everybody titan go through the puzzle that right if you're promoting your your VA loan work space. So if you have seen that uses there and let's 35:00 for example allow a desktop access or allow access to your bi system or ever the last thing you want to have the rest of the week off syndication pay 35:10 the right. What can I do there? That's one of the reasons by Citrix has brought up an integrated smoke detector solution flight. So it's the owner 35:17 says no app that you can use to enrich the authentication strengths are but this isn't for you. This is a new enrollment into a new technology. If you 35:26

have something existing other MFA in place, that's my perspective. That's just the way it is, but you may want that and you also may want to have the 35:35 ability to bring your identity control completely back in your hands with a Federated against that environment you may want to have something but you 35:44 don't even have to type password. So you won't have strong factors like fingerprints my light. Something like that, but you don't want to have 35:52 musically with passwords and that's all the way that's what it's not is not built by Design but it is preferable. So it's the default design typing 35:58

that credentialed are the credentials of them being sent over across the connector for active directory validation. And if that's you talking to you 36:08 you implement to Citrix MSI on top so that typing required An additional criteria to have strong indication. Unfortunately that also applies to 36:15 interviews of them. It's not different. I want to make everybody lucky. 36:24 Next best approach to there is saying okay. I want to link my existing workspace into is your ID. As the majority of a 36:34

TX customers likely will have some sort of security entitlement. Why not? So you make Citrix workspace a nap inside as your ID and have uses 36:43 authenticate their list moves the requirement of a good authentication to what is your ID with a previous chapters about how you can authenticate user 36:51 Adidas that some of us gameplay that you can go for so you have a different Chase between intra and Inter Alia intro next song uses because of the way 37:01 how you design a does your ADL syndication but it leaves behind one single element that uses in the very first phase have to 37:10

specify their name before authentication. You can start because you already has no clue about Dort and you need to type the name, right? So this is 37:20 not the ultimate best play and even if you have a there it's still not a hundred percent be comfortable. That's why I'm saying there's something you 37:27 what you can now do is bring your existing or a dedicated ATC and play that has an awareness about internal clients. Set for example speaker vs. Adult 37:34 education. It has a good awareness of external users with any external MFA Whatever by this way, you know have an open 37:44

relationship. You connect relationship between Citrix workspace in your environment, which requires an update on your workplace tenant and requires 37:53 and you specialize firmware on your on your premises or cloud and that they need to stick together. And with that you have the ability that have a 38:02 sign in login where is external users have the full-blown MFA EPA even possible Nest whenever I'm locking capability and white that you have a very 38:11 use a compatible version of bringing uses into work space seamlessly it take for you that's about to end quickly. 38:20

So it's the last thing our first like cute real and it's going out into fun at work and wash OKC weather look like that's crazy and pretty easy. First 38:30 I start with my existing climb that is not in a refrigeration yet. So I go to my cloud workplace and type in my credentials in the same way others 38:39 would do before that piece even existed. So time user name and tarantula is a check to wash my directory and it doesn't matter. There's an extra 38:46 internal clients. It's the same for everybody getting resources always has done so that the the undesired way right from there I switch off to my 38:53

menstration control panel solar screen switches to read this morning my Administration perspective I go into my were in my account going to identities 39:02 lease require some sort of preparation. I already obviously configure to the AA enforcement and the pairing. So it's available as a configured auction 39:11 right now and then you go into your work space and say this is didn't you default that. I want my music to use for authenticating to work space after 39:21 you commit that it takes approximately 10 minutes of downtime before your service is available back in public. That's something so we corporation that 39:28

is done underneath and from there when he died. Sister service, it requires omadi Federation with your with your interest rates of the new brought 39:35 into the country duration. So I have a client with two network cards. It is now join to domain Network open the browser type the exact same URL and 39:44 you will see some Flippin, but you won't see any infertility except for taking me directly as my workplace because Kerberos authentication negotiate 39:52 just happens. There's more resources. Same office reply to the workspace app. It will also fade in an external browser 39:59

window off the typing GIF to them because it doesn't know that it's getting seamless. It is technically I'm a type something but it's it's ending 40:09 faucet. So you see his opening and closing in the electron. The Kerber's is done texting to my workplace contact on a 97 swap. So far so good so we 40:16 know sanitized environment. So I'm deleting the count in the in the workplace app. I'm logging out from the browser. 40:26 The browser by the way, now it says goodbye on my ATC cheer. So the exit message not comes from you bruise one was sent from the cloud. This is your 40:42

own right now, and we move that plant now into the zone. Sounds like being located the road warrior somewhere else. 40:49 You see if our volt switch to private Network Mode now. I don't have any more direct access to my to my network anymore. So I'm on the way to go 40:59 opening the browser back at the same logic inside. But it now getting getting picked by the ATC that sees them come from the outside and goes for the 41:08 standard authentication dialogue that you are willing to prevent the user with so like user possible MSHA smart card, whatever other sort of identity 41:18

play when I get there. I'll tend to Kate and it takes it to work place. So the work space sorry. His ass off and obviously insane proof for the native 41:26 app. 41:36 Bring something by the browser going to be Authentication. Next next next Chelsea they have and this is this is important in many places because for 41:47 example, if you if she proves we just had the is your ideal option in Citrix workspace that implies that any user is enrolled again. The first 41:56 limitation that maybe a little earlier for your audience. Second thing is these these ergonomic sings. This is my be problematic. You may have 42:05

different authentication needs an authority than you have for your HDX workspace need so you can separate these two things and was also important if 42:14 there is something in terms of an authentication need that does not fit into the has your ID world's today. You can take no ATC is a bridge that 42:23 device to degrade one of your life has the the uif all the luck and if you have to get some other identity provider like a little Google thing know 42:31 whatever with your workplace strategy or strategies you can use that ATC is kind of a silent. 42:41

Of mentoring the request from the cloud to add any other identity resource. Just make it happen that you don't get there in the right place. So he can 42:51 count my six chapters. I should be ending when I have one more thing in the tradition of synergy. So must have one is a flavor that I still think it's 43:01 has become certain kind of important because if we move our our resources outside of our our environment and put them in somewhere close it 43:09 is still impossible important that uses have a clue how to get there and you want to minimize the number of authentication dial of the uses face with 43:19

right. Do you think about your domain join computers? I think I have all a mess up left for work for us on the way. They need to access to our 43:28 environment. I think the old fashioned VPN thing is still alive and still a very applicable. Technology to 43:34 bring uses back into your environment without nagging them about the underlying technology. So VPN, is there for a while even VPN on a DC's nothing 43:44 new? What is new? However is the flavor that if you know, but what type of exercise has been a while and you know, the dark exercise ended on the 43:52

Microsoft and that subjects ATC can now take over any existing dark excess philosophy of operating a rooming device being 44:00 always connected to your environment one that has any connection with no heater infertility was Saul of the indications of certificate wise to get a 44:09 connection to your data center to try to see any point in from there. You have all the resources required and that also applies to the free login 44:19 face, which is the important one to give up a laptop to use with Sports Albany to change the password before authentication, you know this train John 44:27

next lock-in check box with a VPN. That is both even before the login face all that's very powerful and sold at the latest. StudentVue 44:35 Well, that's takeaways. I think cloudfront summation is not that easy to resync all the puzzle pieces how they make up together. What is an 44:45 application? What is in service mode requires authentication? What is the best place to do out invitations how many authentication from the user 44:52 actually requires that you gave us for all these questions you will see that ABC is kind of the bridge set component that ties all these things back 44:59

together. And so I think at least for the next 3 to 5 years Club transformation will be very interesting because ATC put this all back together and so 45:08 the total is better than the individual. So this is my puzzle. I would like to offer in favor of the time which ends price is right. Now. We are 45:17 ending in that here. So before you get out, please take the app and and both of the session and give the feedback here needs adoption before 45:24 eventually come back next year and thank you for that. The download was charged as it is announced. I will put the long presentations that in there 45:30

instead of the show that you have seen here, since you go to recording go back to work and see the pages not moving. Currently there is something 45:39 that. That is back in the deck that will upload there and with that there's some more ATC stuff around during the rest of synergy and will that thank 45:46 you. Enjoy the rest of the time, but why we're done. Thank you. 45:54

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN220 - Going cloud? It's where Citrix ADC has a role!”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN220 - Going cloud? It's where Citrix ADC has a role!”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content