About the talk
Stay up-to-date with the latest Citrix Endpoint Management technology. With three-week releases, it is extremely important to understand what new features are available and what policies are recommended. With the speed of innovation, so much has changed in a year: this tech update session will offer guidance on how to properly design your deployment around the latest technologies and within Citrix Workspace, and show you what to expect in 2019.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.
Good afternoon. Everyone. Can you can hear me at the back of the folks sitting in the back? Can you hear me? Perfect. Thank you. Hello. My name is the product management leave for asset management and I have a 3 oxygen Gujarati who is the distinguished engineer and architect during the presentation at times for Citrix and Pain Management. Like you don't throw calling at 6% for management several times. I just use the word Sam. I'll be plan to provide you information into buckets into two categories. The first section is going to focus on the features that
be released in 2019 and lots of highlights and key differentiators that you have within within the same product line. And the second session II Section will focus on them in the context of Citrix workspace. We will show you how stem makes Citrix workspace even better than 15 to 20 minutes for the first section. And the rest of the time we'll be on the second section where we talked about Citrix workspace and stem in the context of that particular item. Okay, so so when it comes to when it comes to Sam have you been recognized as leaders by
a lot of fun in the Seattle list, as you know, there are a lot of Industry analysts out there who cover the unified endpoint management a category and majority of them have rated of same as as a leader. So we are extremely happy and humbled by this but this rating by quite a few Nursery Angeles that you were being as well is Love by the end users are there are using sexual mean it's been deployed by millions of end-user we get fantastic feedback from them. I'll be very good reviews. There are some reviews where they asked us to improve you look at each and everyone of you and make
sure that bear Possible Be improving big the product have been better to buy for if you look at your mail it in our opinion. It is the best container light solution out there if you compare the solution with the other vendors to provide similar containerized email application. Welcome to device management, which is which is one of the components of off unified endpoint Management Center White the breath and the depth of policies across that I live in 10-point probability iOS Android Samsung to desktop Laptop Windows 10 Mac OS Chrome OS
and even iot Citrix workspace Hub Alexa for business and Apple tv be all can these devices can all be configured using same uses the same workflow and the same process to make it happen. So that is the beauty of providing the device management across all the relevant key and points across the street categories and send semper white stag apart from device management also has the best solution for application management support platform and capabilities. We support iOS manage configuration Android Enterprise Samsung Knox Windows information
protection, and we are also part of La Puente Community when it comes to Abby's mom be able to solution with over 50 plus policies and this is typically used in NY Mets when a man only approach is preferred and you also integrate with Entune, but the InTune graph API primarily to configure Office 365 applications for application management. And when it comes to our solution majority of the new customers are adopting our Cloud solution one of the benefits that we all know,
what is the answer was right, but the second reason is because of architecture all the control traffic goes to the cloud and the data traffic goes from the mobile device to the netscaler gateway to the data center and access is all your internet resources to the architecture that you have created is very very secure for even even the most secure conscious conscious customer and Andy noticing a lot of our existing customers are now migrating to cloud and one of the reasons they doing that is because we have come up with a process to move the instant
to the cloud without the user having to re-enroll and this is a big thing for a lot of customers. They don't want that uses to re-enroll if you move from on from the cloud so we support that large. Customers have not moved to to cloud and you don't have just listed one of the codes from a finish customer who moved from on-premise to cloud and we did that in record time so that the customer was extremely pleased by by the process that we have put in place. Melissa, let's look at the recent highlights and I have a couple of flights which get get into different endpoint. So I'll highlight a
couple of key elements that will deliver in 2019 and I'll also talk about the partnership that we have in place in what we have done to improve the the the integration with those Partners. So looking at iOS iOS 12.2 made some changes to the manual MDM enrollment expedient. Now, the end user has to go to the settings page go and click install the profile the NBA profile and then go back to complete the enrollment text to complete the enrollment. So what we have done is we have enhanced our secular Hub application to guide the user to ensure that
the MDM enrollment happens without any houses. So this is a big Improvement that you have done and water for customers have provided great feedback and in regards to this device enrollment program. It doesn't impact supervised devices going through death This is Only required when an user has to manually MDM Android device into into the into the NBA Management Service. The second thing that you're focused on is on the Android Android Enterprise side or or Android if you look at Google Google used to have a Legacy Management approach called device
administrator in. They plan to deploy as Android Q devices come to the market and they are intelligent recovery customers to leverage Android Enterprise as the modern-style framework to manage Android devices are for boys that I know Enterprise support be support the work profile fully-managed. We support the dedicated decided device and the fourth one which is a combination of fully managed and work profile Bill becoming a coming soon shortly. So we highly recommend for any customer who is using Android and has a device refresh program going on for the corporate issue
devices me recommend that they leverage and deploy Android Enterprise on those on those devices. Lot of customers deploy Samsung KNOX on top of Android if you look at Samsung what they have done is they now have unified and have Embrace Android Enterprise and they are now developing some value-add policies on top of a Samsung S8. Brandon mentioned in regards to this is the Samsung Note 4 Samsung Knox platform playing the phrase what they have done is he now have a service plugin which is available in the Play Store and that
basically provides the value-added policies on top of Android enterprise system integrates with that plug in it leverages the OEM contract protocol in the standard that is required to enhance enhance security all devices and on devices that have adopted the Samsung TV support this sense since a couple of weeks ago. So this this is not in service. So I talked about our Mobility outside of things give you just a key highlights on what you're done with iOS what we're looking at and what we doing for
Android Enterprise perspective and also talked about Samsung and what time is doing be also as I mentioned are heavily invested and continue to invest on the desktop laptop site. So we have a complete Windows 10 a Management Solutions. We support all the relevant a psy.d APA 7 to centralize and be all seven agent based approach wear anything which is not supported by Windows 10 MDM can be can be used and leverage by supporting the ancient way of doing things from a different perspective to a combination of MDM plus an agent-based solution gives the
comprehensive capability than an administrative warrant to to deploy in Malaysia bento's 10 devices. Similarly, we're doing the things on backwards as well be support apple MDM apis for Mac OS management and all that are supported. We have partnered with a company called Citrix ready, partner that provides agent-based capabilities to manage Macbook. So so this is a holistic comprehensive management solution for MacBooks for administrators and Enterprises. As I indicated you don't be stubborn. Enterprise. We have a beer and uproot emm partner
both for Android Enterprise as well as the as well as Chrome Enterprise. And then from into perspective be currently support the following capabilities to protect Office 365 apps can be used to manage Office 365 applications. We also have integrated with InTune graph API to ensure that the Office 365 applications can be configured using the same console. We also have sex your mail and citric spice work seamlessly been in Office 365 applications and in the interim and container and you also have the citric microbpenis DK
that can be deployed by the InTune mam application to ensure a secure internet access Bibles application. So these capabilities are currently supported and available available available to our customers. What they plan to do and it's not coming soon item secure mail for Entune will soon become an approved application for Microsoft and what that means is it will pass the app conditional access to a jury duty. If you look at the app access to a Security application. It's privately Microsoft application. But soon secure mail for
Entune will be part of that particular list you and the second thing and this is something that was discussing the keynote is the endpoint management send solution the integrate with the evolve into device complies apis to provide device compliance that has to actually does supporting the device with conditional access to a security applications be supported on Windows 10 today in ignition will do the same thing for IOS and Android devices for this again is a big thing for our customers to make sure that device base. Washer and the status is provided to actually
any so that we only the device compliant device device implanted devices that are complied will be able to use the adjective the application. Now let's look at the recent highlights. I just want to do you know give you a few highlights on stick your bill as you know, we have a little bit of quite a lot in sector will be constantly improve our second application be adding a lot of enemies with delight and he also add a lot of security features are to make sure our our solution is contained right but it's a it's a perfect solution for for the end user. So I have a couple of things
that I wanted to talk about. One of the key features that you recently started supporting is to anybody exporting your work calendar events to Native calendar there a lot of end users who have mobile applications that integrate with Native calendar for availability. So this is the perfect solution for daughter of end-user to enable doze work calendar event to be exported to Native calendar. Obviously. It's an advent policy the administrator can choose to not not provide us the policy not provide this capability and they can also have granular control. Where they could see that just have the
time slot exported or just had the time slot and the title exported right? So that's the grand alert you of countries that you have provided. The second thing that you're done is on the notification side. We have a fantastic Ridge push notification service that is deployed and doesn't require a non-prime component lot of her competition requires an untrained company for which push notifications do we have this without a non-prime component necessity what we have done is now visa for notifications for subfolders as well. So if you get an email directly go to the sub folder you now can
receive the email notification for those emails as well. And then finally, we are investing a lot in Secure mail be added of a different view of an instrument called the feet and the area kept on adding more and more cars in that particular feed. What we novel do is be even allow the user to delete unwanted feed add feet from certain folders to back pay the customer get to customize View. And another thing that we plan to do is also enable the end-user to reorder the feet. So that's good for me. If meeting invites this very important. I will need that as my first Clark card
when I go to feed to all in all we have done a lot of things across device management application management and even applications. What is interesting and what do you plan to continuously innovate is ven ven a customer deployed send in the context of work list, and this is what my what a cute we talked about in walking through on things that we do to make the Citrix workplace. Bored and board better so I can point management product Citrix. Figure out a solution that you need to use
for managing and securing these devices is an important decision. You'll need to make as part of Designing a workspace for your end users. Has been mentioned we are investing heavily in an endpoint management product. And that's because we believe one device is best managed using one of your volume product and we want volume product to be as complete as possible without any gaps. We know there are quite a few players in the endpoint management space. We also know that the number of you in this room have entitlements. I would rather licensing entitlement the number
of medicine more than one Union products because of various Suites you may have purchased. So given that why should you be using our uem product or which one should you be using with Citrix workspace? So my goal for the next 20 minutes just to help you understand why you should be using our endpoint management, Florida to manage devices that are accessing the Citrix workspace. Before we get into the details of workspace integration. The one thing I wanted to go over with with you guys are the elements of a workspace and the scenario Citrix workspace. This is any
genetic work space and hence the lowercase. W trying to understand the problem as well as how endpoint management product management product helps solve this one. How does the user set up the device to access Citrix workspace? The most of our users today are familiar with the work space app and because of the Integrations we've done with the Citrix workspace service users continue using the app and when they need to enroll a device, they are guided to a very intuitive flow to Androids Android device with the m. I'm just
informing can be completed by using Citrix workspace app itself or in some cases. We are helper a Plex secure Hub approach. The floor is very well integrated so that you don't have to educate your users. I don't what apps do I need to download from the App Store? What do you want us to need to enter a how do they attend to get like this all very integrated and very intuitive? The next along the lines of how are the application settings configured as well as how are the device settings configured for the users device? The one thing you've done we've been nice
for the application so that they reach out to our cloud services to pull the necessary configuration light. So for example an application as soon as the user enter the email address and the pull out the necessary service URLs like the store. Do you want us there? Postal tent acacian the application reach out to the workspace service and fetch the configuration that is targeted to specific users and groups. And these are like this could be application settings for the workspace app. And then lastly the applications as well as the agents running on a device.
They reach out to the cem service and pull out pull down the configuration for the device itself or for the manager app. And all of this can be configured by an admin in a very consistent manner across all the platforms on which we support the workspace app. The next issue is around. How do they induce is fine? All of the applications that are available in the organization? And because the workspace service tightly integrated with pretty much every Citrix product service. We are able to provide a unified App Store to end users such that it
contains the hosted Windows applications provided by the apps on Desktop Service staff applications from the Citrix Gateway service and Nathan applications that are delivered using Pacific endpoint Management Service about that. You say where to find all the apps in one place. In addition that I was able to find all your content from the content collaboration service previously on the Shelf. I live in the same store. So once I use 1/2 and applications than how do I access the internet or the the web apps the web services that are running on their corporate
Network because of the integration swim done with the Citrus Gateway product that are multiple options out here. This can be configured to start manually or in an always-on mode through all traffic is coming. You have the option of canceling for a VPN. So so that only traffic from specific application to funnel and then we also support what we can afford with micro vpns or in a VPN available to SD case that you can use a for tunneling into your corporate Network. And
as a customer, you have an option of using one or more of these on the same device at the same time and we're enhancing these that we have single sign-on across all of these VPN options. That's why I'm all of these VPN options are supported today using the netscaler Gateway appliance, which typically a customer deploys in their DMV or in their Data Center. In addition this week. We're also announcing text preview for the city of for our integration with the secret Gateway service. So I microwave pee and support or covalent bonds through our MDX SDK MDX toolkit is can
be used for creating tunnel studio apartment network using the Citrix Gateway service. So the benefit is that you do not have to deploy netscaler Gateway Appliance in your DMC and be responsible for managing it. You don't want you to not have to open up any inbound Force into your data center instead you use the citric Gateway service and with an to use that cover the black connector on your internal Network without having to open up any inbound Port as a fully manic Appliance. So we highly encourage you to try out for the netscaler Gateway service and endpoint management.
The next issue is that how are you supposed to Tempe creating to the application for Access and are they truly getting single sign-on single sign-on? I don't mean where the user has one identity that the key printing multiple times on the same device means they have one identity and the only device and you're doing the number of Integrations or with a number of enhancements that space as well. We are integration with a separate identity platform. So we have our own application slack workspace app secure Hub. Shell V. I need to attend tk12 control
planes. We have our productivity applications like male web as well as PSO app that need to authenticate Pacific Gateway and then through the gate where they need for the return ticket to any services on the corporate Network. And then you also have third-party apps like Sephora sample Salesforce concour workday flag. They need to authenticate to the SAS services. Margolis and as long as you can take Aiden to any one of our apps you should be able to you should be able to get SSO to all of the other man is asked on a device.
Be the next few days in the in the next issue that you have to think about this in the area of analytics. I'll see you again and see if it's analytics you do get visibility into what are the events that are occurring on a device. Like there's a user install any known malicious app on a device that was it was a device on Android was a device is jailbroken and based on certain based on the events like these the analytics system can take actions fish. Maybe ask them for
last just sending a notification to an admin well as about as big as wiping out the user's device. A little bit then we do have all of this information in in our analytics system. You can use that to do it more advanced form tool access control a conditional access that is in addition to just using the user's identity. You are able to control access to resources using additional parameters, like device location device compliance information. And again for that all of the Citrus products will be able to Grant or deny access to the
resources beso by integrating the endpoint management with only endpoint management can provide information around device location and device compliance. Cinemax show because of all of the indications we have done and will continue to do with the various Citrix Services example with a workspace platform and analytics will be the identity platform and that's going to Gateway integrated experience. Faucet with work space as well as a very comprehensive security posture and this story will
just keep improving over the next few months. On the other hand hasn't mentioned. You have a choice. You have the option of using another uem vendor along with Citrix workspace. But in that case will experience a story is going to be quite fragmented and you're going to have two apps from two different vendors that are not going to be very consistent. There's going to be no guy that flows you will not have a unified app store because for Native apps you will have to use the app store provided by battery inventor. Because
you're using applications developed by two different organizations through single sign-on across the device. And then because you have two different systems that are collecting all of the data from the device again, you won't have one picture when I'm around what's going on a device and as it looks like you won't be able to import Spanish classes properly as well. So can this be made to work? Of course he had to work. Is it more complex to manage just as well as Spell accomplice to manage this and how are they feeling
great with this approach and lastly how border security the security posture is a lot worse what sports with an approach like this one? Holistic aloe vera quick demo. How many of you are familiar with the Citrix workspace app formerly known as receiver are quite a few of them over here somewhere the 3-minute video. I want you to try to count how many new features of workspace app you see in this demo. Starbucks So you're the Windows device? Ed domain join it doesn't have to be or what. I'm trying to show her that it is not MDM Android if you go to settings.
That you see it's not an MDM Android machine. We haven't started work space a planet to save time when you open up for the very first time. how to prompt the user to enter an email address Use angels to email address. And then I'll still click on setup. But as soon as the headset up, the stores have already been discovered. There's one store and has been discovered. And user is asked to attend ticket. What's the user authenticate? They'll send you a new dialogue with just saying that their organization requires them to
enroll this device in order to continue. And as soon as they hit yes, but the wise to get silently Android with the endpoint Management Service. and then when they looking to have sex available to see the applications in the in the workspace App Store. Let's take a look at the settings for workspace app. So long with the stores look spaced-out ones who discovered the settings in which the admin has configured for this user in the past. We have an announcement
to centrally configure settings for users, but it's part of this damn. Well, you seem that the admin configure settings Aberdeen the word to work space app. Add a business quickly show that this device was silently and told us while of course with the users content. And it shows that it is Android with with this DM environment. Take a quick look at the endpoint Management console. And in this conflict a search for that. Use. Are you find there's a device that could present
out here and you can you can take actions like pushing policies or even wiping the device or sending notifications that have been configured for delivery by your endpoint management Advan. If you click on one it takes a few seconds to get installed with the ambient channel for once it does get installers available to the start menu. American also be launched from from the workspace app itself. This was just a simple test application that we are showing how I have an admin in public Enterprise application but
along with that you can also publish application from the Microsoft App Store in Microsoft. Microsoft store for business is an app in the Microsoft store. And even though I love your side by side Enterprise apps So that was a demo so question. So how many new features did I speak? They want to do new features? suppli NYC for let us write the phone new features. The first the first two new features were in the area of the sewing stores as well as discovering stepping event has to work space app that
wakes up and starts the first time at the end user in Spotify. Send email. We heard the auto Discovery services in fresh the global settings for that was based on this information and the future will be also adding support for certificate connect in many organizations app hits the workspace service at a special settings for specific users and groups. And he said things might be application. So I think like audio or display resolution or keyboard amongst the many other settings that double space app
support. The admin has the ability to configure All of Me settings through the worst volksfest configuration service and they should be and they will be able to provide all of this information in a very consistent manner across all of the flags on vegetables play ASAP. It's important or two or have different settings for different user groups along with that. They would also be able to specify whether the end user will be allowed to override your settings
through the workplace configuration page in Citrix Cloud how to release this feature sooner. We are going to be providing support for this feature be an admin Epi instead of waiting for crossword level of the console. You would have access to this feature such that you did but you have to use two simple API that can be used for completing the video settings for store discovery. As well as for the settings in the app settings for radius work space platforms by and for each platform. I just yelled your
windows iOS Android you'll be able to specify a set of name value pair along is better than overridable are not Justa Hamden is required for this users or they can stay a medium is only required when the user attempts to install a native app, then based on their exciting. It would prompt the user to enter the device and the right time and once the devices Android than the native applications get delivered over the Indian Channel. So the next don't want to show is around the mobile SSO feature built.
The last year after we released support for release and hand support for the mobile workspace where we provide and guided flows between or integrated between wax paper app in Secure Hub. We already have a unified store and we already have single sign-on across all of our application for Citrix provided applications. Now what we're doing today, it's always it's the same single sign-on that we're extending the third-party application. So let's take a look at this damn old iPad on which the workspace app is installed. That's what I thought you was our logs
and they'll see the store. Did a few native apps? So what's the user attempt to install slack there guided to complete enrollment using seek your help. under the typical, Iowa Central and Flow And once a complete then flagged against to install on the device. And the user launch slack and yes, you'll notice the user is not prompting for anything. They did not get prompted for a custom domain what not only have to say sign in with Samuel. And they are logged in without any of indication props.
And there you go. Another one thing that I do want you to notice is on the top left corner. You see that the VPN notification and I'll explain in a minute why that VPN notification came up. So how does this work hard party app, which does not contain any of our sdks. We don't do anything for such third party app how to start work. Don't understand that let's take a look at this picture. You have a whole bunch of citrus flower services on the bottom. You have a mobile device. And
for this example slack.com is configured to use our Gateway Service as the Family TV. also endpoint management Has configured the device with the right sort of applications like the citric acid has been pushed the slack app gets installed using endpoint management and also leave pushed apart a VPN configuration for the flakka and that's what a notification came up. Show me the 4th at 3 p.m. Anytime the slack app attempts to make a network all that traffic will be routed through RV p.m.
some of this flow The user Begins by the 20kg in the workspace app Wednesday at 10 to get her to double space service to get the right side which we save Security on the device. Next to use a launches Aflac app. So as soon as the user launch is the flag half the but I believe the internal fires and if uses the same or tokens that were that you obtained when you attend to get on with the workspace app to attend ticket to the Gateway service. The very first request of slack app
is going to make is going to be for tonight. Calm and there is no reason for us to internal that request to our club. So we don't we don't have the only Western tunnel to a cloud is the family requests. Which flag.com is going to redirect the app to yes? White would be absolutely and not download third-party request and we could easily add that the admin control to say route all requests were Club. Absolutely Donald to our Cloud finally takes the same trust fabric the family DPS just able to query the Gateway
service request. Can you tell me the identity of this user to a for which the sun'll is established and using that was Our Lady Peace able to understand with flames? And redirect the application back to flag.com and you're able to start using slack without any authentication prompts. This is how that works know what we heard from many of our customers is that they already have an IDP in place. So you may be using a number of times and then the party party ideas helicopter. So what are you do
2.2 ratp? We just need to put us somewhere in the ID picture. See if you wanted to walk Tarpon or some other IDP. Just put us behind an IDP. And as long as we are in the beach and it will still be able to get single sign-on using using this feature because your Microsoft support for Native party ideas. Something like this can only be done by a company that provides both and endpoint management solution and eye leafy and actually I was just one more a VPN product need to work together in order
to provide Nathan mobile assault. And by the way, thank you. This is another feature for which Rihanna knows exactly where this week so I can highly encourage you guys to try it out right up with your apps and give us feedback. Certain type of the two things. I want to say. The first day is as well as mentioned. We are we are investing heavily on a 10-point management product. We already support iOS Android and other other platforms like Windows Mac Chromebook having said that we continue to invest more and more on improving a story for Windows 10 management as well as Android
Enterprise. So again, please try to the other area of investment that we have are in the area of workplace Integrations. And I want to leave you guys with this picture. It's as I mentioned you guys have choices you can choose to use the Citrix workspace with Arden Pointe management product or with a third party and when Madison Florida and we are happy to work with you so that you'll make the right choice. Thank you.
Buy this talk
Access to all the recordings of the event
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.