Duration 45:53
16+
Play
Video

Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...

Anthony Lyons
Solutions Engineer, Infrastructure at Liberty Mutual Insurance
+ 1 speaker
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22, 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
344
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Anthony Lyons
Solutions Engineer, Infrastructure at Liberty Mutual Insurance
Andrew Cohen
Principal Sales Engineer at Citrix

About the talk

Hear the key Liberty Mutual enterprise Citrix architect describe how Liberty architected a complex migration of more than 20,000 VDAs to Citrix Virtual Apps and Desktop service. Liberty will describe their motivations for moving to Citrix Cloud and provide insight into their strategy for using Microsoft Azure and Amazon AWS as resource locations. Get key insight into the technical aspects of the move, including the custom tools that Liberty built and the architecture for their geographically dispersed resource locations. Liberty will also describe how they are able to extend Citrix APIs to build custom workflows that have saved them $5MM over the last two years.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

Alright, welcome folks. Thanks everyone for joining. My name is Andy Cohen. I'm a pre-sales engineer. Citrix some responsible for many of our Enterprise Accounts at New England. One of those accounts is Liberty Mutual. So I'm pleased today to introduce Tony Lyons. Tony is the chief Citrix architect at Liberty Mutual. He's responsible for most of their design and architecture for the Citrix environment as well as many other things. So when Tony came to me and said hey I want to do as soon as you presentation. I'm thinking about doing it on our journey to Citrix

Cloud. I thought it was a fantastic idea. I said, let's go for it. What do you need from us to help? It's a great story a lot of my customers ask about how do I get there with my Enterprise environment? I have some uniqueness. I have some customization. How do I get to the new Cloud Model? So I thought it would resonate really well with the rest of our customers and I'm really happy. He was able to come here today. Hopefully you learned something today that will help with that with your own Journey. I'll give it to Tony and you can take it away.

My name is Anthony Lyons. I'm at Liberty Mutual Insurance. I'm an IT professional was about 37 years experience and it so like most people with a long history and I T. I had an opportunity to work in a few different ones. I was a programmer network engineer systems administrator a few different things, but I had the Good Fortune about 18 years ago to get an opportunity to go to work at Liberty Mutual Insurance at one of the first things that I was asked very early after I took on my role at Liberty Mutual Insurance. If you think you could get this application to run on this new app new

platform called metaframe XP any of you have been around for a while know that that's all I have is one of the first stuff arm-based zeynep environment to make a long story short. Obviously that went pretty well because I'm for the last 18 years. I've been doing design and architecture firms in happens in desktop Solutions at Liberty Mutual Fund as well as a lot of automation with Powershell. Starfinder way to automate things that we do with Citrix at Liberty Mutual stop getting them to work in AWS

get them working as her as well as we did a PLC with such a cloud in the PLC we do with such a cloud a couple years ago. And now we are in actively migrating to such as clown in the presentation will talk a little bit about some of the things that we've done in our migrations to Citrus clouds some of the utilities that we've built that with we couldn't make those move to secure Cloud along with our will bring infrastructure been moving at such a child simply wouldn't be possible for us. So what do we want to get from citrus cloud Liberty Mutual obviously like to get to

a single point of administration. We've got roughly about twenties in Athens in desktop infrastructure Liberty Mutual better manage individually now, I could do an entire PowerPoint presentation on how did we get to a point where we have so many different different infrastructure has a large number of different resource locations Acquisitions in a variety of different reasons, and I also am not completely oblivious to the fact that single point of administration or single pane of glass is sort of like the unicorn of the IT industry everybody hears about it, but nobody ever sees it. But

the reality is is there right now with 20 separate sister paper structures that we have to manage. And now the fact that Liberty Mutual has been moving for the last two or three years very heavily towards public Cloud infrastructures. We've been moving some of our back in applications to public Cloud AWS and in his her what we have found is that if I we didn't find a new way we were going to continue to proliferate Legacy Citrix environment throughout the industry through our environment right now just this year alone. We would probably move from twenty separate

circuits and violets about 25 shepherds pictures environment. If we didn't find a new way of doing things with moving to public Cloud we're going to have him some food somewhere. We're going to need to host then I have servers vdi infrastructure or we may not want connectivity back to on-premise. We don't want to have a scenario in which we're Network boundaries become an issue with pictures Cloud now, all we need is connectivity back for our Cloud connector back into Citrix cloud and we can use that single-pane-of-glass to manage them rather. They are

in Azure AWS various different regions around the world or on Prim. Another thing that we want to do we want to make sure that our key technology didn't go Investments can go on change. We can still move the pictures out and we can continue to use our storefront we can continue to use our next week and show me the use of radius 4 to 2 Factor authentication for brokering of our connection and we can use our ETA we go with any other technology other than Cloud we're going to have to reinvest and all of that and with a large difference infrastructure, that is an awful lot of work to have to

recreate the wheel. So how did we get to this point Liberty Mutual said we started taking serious interest in Citrus Club back in early 2017. We said well, let's do a POC with him. Now. I'm not saying that even today but two years ago. It was even far Left Bank two going to do today. And so what we said if you don't want because public cloud is part of the reason that were so interested in such as Club. Let's go ahead and do a POC and we're going to do that poc in Azure. We're going to throw 50 developers out there and Azure and we're going to stand up some Cloud connectors and

we're going to stand up some net scalars and some bda's and our own separate storefront environment so we can isolate him and lady for the Authentication. Identify any serious challenges that we didn't think could be overcome either by us or by Citrix because we partnered with Patricia and Microsoft on this endeavor. We wanted to do this to you or see we hadn't done any Citrus in public Cloud 2 years ago. We hadn't done such a Cloud 2 years ago. So Microsoft the Citrus came together to help us get the Fuel City off the ground in and get it

tested on some things lessons learned during that POC such as some simple things like a clown connector can't authenticate between active directory Forest without placing Cloud connectors in Beaufort. Did he sees cam long is a two-way truss to bring their environment we found out there was some things like power State and registration were much longer two years ago in such a cloud in they are on the way to get your product on them. But these were things that took his promise. I think it's all those things for it. Also things like administrative walking didn't exist back then and such as

cloud and things like license usage monitoring your child back then but Starting with your sister, So things were coming soon. So we decided after that that we were going to give it a little more time, but we started talking some more seriously about moving to pick a cloud at some of these things materialize. I'll add this to you know, Tony kind of alluded that early on we had the opportunity to get Tony and his team engaged with a lot of our product managers and even our Consulting Group. So as he was exploring such a cloud and bringing up these challenges we were able to

get that right into a product team to create and handsome and she'll hear a lot of that throughout this this presentation because our folks really appreciated. The Tony came right out front of the things that a large complex Enterprise account needs and Citrix Cloud that's not there yet and you'll see a lot of those things have been added or it will be at it shortly in a few of those things during our four to six months. We were doing his PSI to actually fix some of the things that we brought to their attention during that period for So let's say you're like Liberty Mutual and you

decided that you want to move supercloud. You got some architectural decisions tonight. And then how are you going to secure your control plane access the control planes Keys of the Kingdom. That's how people how you get Define access you define who's going to get access to a vdi machine Republic application. Obviously, our security department was very interested in how are we going to secure the access to make control planes intersect outside of our Davison or now? Are you going to migrate everything? Are you going to instead of migrating everything to go to my

break something? So you going to start provision new? But like your old stuff die off organic leave its provision brokered on printer Liberty Mutual. We're going to move everything to iCloud almost everything and then we decide where we're going to migrate almost everything still didn't might not be exactly the same path. We thought when we first started Can you use your continue to use your store bread or you going to use the proposal workspace Liberty Mutual we decided we're going to stick

with storefront for now. But we do see a future where we could be using which place in the future will Spectrum some things that as it continues to develop. Now you going to use your old netscaler architecture or you going to use that tailors in service while obviously knows his Services aren't really an option. If you go to work space we're not there yet. But again are we see some opportunities to HughesNet Sales and Service possibly in like some of our public Cloud options and things of that nature once we do get to work space. The last two items were huge for Liberty Mutual

existing Automation and custom Services. You might have built around your Citrix environments. Do you need access to the form of databases of your site today Liberty Mutual we've written a lot of orchestration and a lot of automation especially around our xendesktop space and we heavily used to put in the data in the performance data databases are xendesktop environment loss of access to that performance data database could be a showstopper for us moving to Citrix Cloud because we would lose some utilities that we written and I'm going to talk about some of those here in just a few

minutes. Well, the first thing our security department wanted to do we went through a 90-day evaluation with our security department. And one of the things that they were most interested in is how we going to control that address for control plane while we did it with his most people in here probably already know. You can integrate your control plane with is there a d Liberty Mutual already had a Missouri ID implementation and I gave us control over password Lane change frequency complexity requirements as well as gave us control over loudest to implement

2fa and things of that nature for Access or control plane. That we did identify something that we kind of glossed over a little bit before we started getting into implementation and that is when it comes to your control plane, you can only add users individually in the Legacy Citrix. You can add a nadie group force a help desk to a group. Well, if you take your help desperately put them Alameda group, you grant them access through store for ethra studio. Now anytime they want to add to remove help desk people. It's just an ID Services functions your sister expose don't have to worry about

that and citrus cloud. You do have to administer adding and removing people and granting them to type of permission to show up on a one-on-one basis. That is one of the three enhancement request resubmitted the picture to the part of our migration to Citrix Cloud that they've taken it's not a showstopper for us. We're moving to it still moving out but it is something that is an annoyance. But now the Citrix team or some administrator from IT services now has to add me people remove these people from Citrix cloud. I'm in control pun. Looks like you want to talk about is there's the three

services are, we got lots of orchestration, we built around our Legacy switch its environment but we've built three orchestrations that are very important to the company thing is that we would not move to pick a spot if we couldn't reconfigure these separate Services the work with stickers Cloud one of those Self Service portal Bureau, and now also cloudbolt with created some self-service provisioning that now users can go in they log into the portal they simply select from a long list depending on who they are and what

they get a list of catalogs if I can select and improve it in the machine. Now, let's say when they open it up it's going to say OK how many how many CPUs is how much memory gives you what a person is going to put you in one applications might come with this particular new-build. Use a simply klixon submit or they modify some of those settings and then go get a cup of coffee. They change some other work that they needed to do and about an hour later. They get an email says your machines ready. And this is how they also do day-to-day

operations within this portal. They going to that portal I can say I want to increase the amount of memory. I want to reduce reduce the amount of storefront Reclamation of these devices. Well with the ability to do that in that portal and we build somewhere in the range of about 8 to 10,000 machines a year between Baton the machines are getting reclaimed that's cute. But something didn't know administrator gets involved to self service portal it just Auto Provisions

because of the way we set it up now if we had to get manual involved in that that would be a real problem for us. We don't use MCSO PBS because his mcsm PBS for the great tools for provisioning machine. Wanted to do a whole lot of other things with that orchestration adding machines to databases and then adding them to HR for charge back in a lot of different other things that we do with those machines besides just standing up a machine. Now there is something we did encounter some problems. When we were setting this up and migrating to our our own provisioning to Citrix Cloud, we

encountered an eight you need to know. This is just a quick example of the Legacy. Side is really pretty much a self-contained most people when they the provisioner Citrix environment staying within a physical data center. You'll have your site database. You have your baby sees you have UTI targets and when you provision a new vdi machine that new big vdi machine is added to active directory and get that attack you directly. Then you are orchestration comes along it hits one of those with a remote RM connected to one of those ddc's in that data center

and it says, okay now I'm going to do a new broker machine. It's going to add it to machine catalog and it goes through all the orchestration without adding it to delivery groups and hiding the user or not a friendly names and things of that nature. And I don't works just fine in a legacy environment. Now fast-forward with Margaret started migrating are delivered such as cloud. Look pretty similar you all of your vdi machines your Cloud connectors and all of that are still there. Just like your idea PCS work, but the one thing is is the database extracted out of

your data center. Well, what's the big deal with the big deal is is now what happens is is now you using a power spell server. I go ahead Market provision goes out and it does the same thing that always did would be right here. Oh it and the Machine it added to active directory after dad's at the Active Directory. It goes to the Powershell server, and it does that new broker machine. It to its machine catalog in Citrix cloud. Where the rub comes in Canaan for us and we spent a month working with the Citrus clouds folks on the development of this it was when you go to add that

machine to the machine catalog. If you do that right after adding it was say I provision of machine in Datacenter one after I'm a provision that machine a Datacenter one. I immediately tried to do an Uber per machine in the Legacy model the controllers as the machines at the BT I registered with in that same space. But now I know which data center the machine is in all it knows you're going to provision a new machine into surgery probably knows the name of the machine that knows what active directory it's in but it

doesn't know what data center. It doesn't know which resource location that it might happen to be in if your a d doesn't replicate relatively quickly between these David says what can happen in this was what was happening to us for a good. Of time was it that you would build the machine and date? You do the new broker machine such as probably say okay. I've got to look up these three pieces of information. I need to look up the same name to said name of the DNS name and has to happen if the cloud connector in because it doesn't know what date it might use the Car Connection data center

for or data center 3 and Spencer Davis in the one if your a D hasn't replicated those identities and the DNS and if your Cloud connected are using different DNS servers been Cloud connectors in data should have one or their beady eyes and David said I want you could run into a scenario where like we were running into Citrix Cloud instead of getting a Sam name in the commission catalog. You got to sit. Cuz I couldn't resolve that DNS man now r a d represents pretty quick. It didn't require much of a delay, but we had to put some orchestration changes so that there's a slight delay between when

we bring the machine and Doctor directory and then when we tried to do the Mary adding a machine to the machine catalog this occurs because of this change in the way of the fact that citrus cloud Hood Do they work out on a cam connector Edition the wrong Datacenter again? We do have a change request in on this one. And because when you do the mission new machine the new broken machine command you are passing the type of bread crumbs are there that could look up and say, okay. Well, I mean on this

hose connection you are the inputs on that. I know it's in this Zone if you seen this Donuts in this resource location, therefore, I know which continent is I should be doing that a d look up on so that it happens in the same Davis Center the bread crumbs are there and we do have a request into Citrix to see if they can change the functionality of that. The second of these utility that we couldn't migrate the Citrus clouds and less so we can stall making sure they worked when we move the Citrus out as we build her own custom Reclamation services and I didn't obviously didn't

do this. When I did this in conjunction with some other really intelligent guy that work on the orchestration side, but we wrote as some custom power so it goes out and it gets all of our video environments in pools in all the metadata isn't necessary to make decisions or Reclamation. Then it also goes out and talk to me performance databases of all those vdi environment combines the date of it and get back from both of those who choose on a little bit and it decides if those vdi machine should be a purgative Reclamation again, this is a fully automated Reclamation service. So they are

admins don't have to get involved in chasing users down to get them to reclaim their machines when the machines hit 30 days of not being used the Reclamation Services. You haven't used this machine in 30 days. It seems an email to the users letting you know you haven't used this machine. 30 days if you don't need it reclaim it or someday we might have to take it from you get 45 days. We have to go to work. If you just don't respond to those first two when

it's 60 days of non-use are Reclamation service automatically goes out every time the machine delete delete stuff from Citrix removes it from all the other internal systems that we that we track those machines in and it says the user a nice friendly email just says reclaim your machine if you need another machine, this is how you can request another machine. Obviously this what this process is done is it has reclaimed 1000 machines in 2 years. If you just assume my $300 a year run right for your video that is saved Liberty Mutual $5000000 Plus in 2 years and run, right? We

can't move the super cloud and losing you told me that can save was $5000000 in Runway. So we had to let me answer. Now. We have one other utility now. Like I said, was that a lot more than three utilities that we've written that are accustomed in the house. But the other one of those with power management now, a lot of people in this room is going to look at California state, but tell me they've got to the cloud power management built right into the product. Why are you writing your own power management

developers are really interesting creatures. They can come up with interesting ways to using a vdi machines that you would never believe they're going to do and they found ways in which we could use our vdi machines at the Citrus power management didn't recognize him because it didn't recognize. Power management would turn the machines off while they were actually still in New so because we have such a large contingent to your developers doing that. I ended up having to write our own

custom power management management service both have one thing in common that made it a real challenge for us to move the stickers cloud. In the room that is both of these services are reliant on the performance data database of all of the Citrix vdi environment inside of our environment moving to Citrix Cloud that performance database moves to the cloud with your back with your with your management point. So what I had to do is I had to come up with a way. I was very fortunate that does provide us with API that allow us to get it that performance data. So what I did it I said, that's great.

What I'll do is the NFL created job. I created the database inside of our environment and then I wrote a job that runs every night goes out via odata API calls using rest API super cloudy in our account and it pulls down the performance baby into those table. Now that I'm pulling that day to end our environment I now have a database again and I can use for Reclamation power management. Now I got to do is modify my power management matter what modifier the Reclamation service to take into account this new database that has the data and most of that data is fairly closely format into the same

way. It was in the performance database. New columns change name so now I can fix this automation. Like we do the other thing you got to do to go to make sure that you understand it. When you start doing your Powershell commands instead of being in your legacy environment. You can't just run it under a service account that has all the permissions like you do. Now, you got to be able to do things. Like I've been using your keys and secret keys and using on the Fly being able to grab are tokens and things of that nature and use them so your Powershell skills have to be increased a

little bit and I promise this isn't this is not the SDK sessions, but that happened yesterday. But I do I'll talk an awful lot about power show. Okay, so I talked enough about what would have kept us from being able to migrate to cities, start talking about what are we going to migrate and then I'll get into exactly how do we start migrating our existing work to Citrus? Like I said, we're all in so we might have to be able to provision District. 250 or sewing machines everyday in such as

Cloud now as a result of changing a lot of our catalogs. Right. Now we have somewhere in the range of about 24000 videos in the xendesktop space between our UK operation or us operation that were migrating The Searchers clown for legacy data centers, and we got three or two in his ER and we've got I told you that we started off thinking we were migrating everything directly to secure cloud or we changed our approach a little bit. We are BJ's or up today and we're doing a good job of managing rvda versions of things that nature in Windows 10. So we said, you know what we're going to migrate

or Windows 10 delivered delivery groups over to Citrix Cloud Windows 7, not so much. We got into the Windows 7 stuff when we realize that we haven't done as good a job of keeping bda's up and up to date as we would like to and we decided to let you know what it was actually kind of challenging to upgrade some of the older bda's to current if it was 7. 9 or or newer. It wasn't too big of a deal, but if it was older. The upgrade processor kind of fell down Paramount more than we would like the what we decided Liberty Mutual had a

program in place in order to migrate all of our users from Windows 7 to Windows 10 will perfect if we're going to make a great all of our catalogs for for visiting new machines the windows. All we got to do is give our users are good healthy nuts to get off of Windows on a provisional new machine. They're going to provision a new machine using such as carbon signal Legacy brokering environment Windows 10 Windows 10 Legacy. Yes, we're moving were migrating does the Citrus clouds Windows 7 were hoping to not have to buy any of our Windows 7 delivery groups over

the Citrus Height as much as we want to be able to get those users to reprovision. Are you talking about 450 then app servers in the US and UK that were migrating District Club our lives in at migrations is a little more of a manual process. I'm going to talk about are Jenna and then desktop processor in a little bit in which iron generated a lot of automation for that process or is it at migration is a little more of a conventional migration such as you would if you were migrating to a noun Prem solution applications out in our zeynep environment in plus one. So

it'll be movers in that server into such as Cloud re-published all the applications then once they've been tested by the user's name of the rest of the servers over storefront sees both environment. I'm going to talk about our International operations which has about a hundred and forties and have service later in the slide deck. And the reason I want to talk about that later because that's part of our public Cloud work that we're doing with a quite a few projects that are in public Cloud. They affect our migration to Citrix cloud.

In fact, all of our stuff is going into public cloud is going to Citrix Cloud. So I'll talk about that a little bit later and you'd like to know if they are the one we first started talking about this project. It was a single-use case 500 users and has Liberty started going through the evaluation. It's grew too I think twelve or thirteen thousand users not eventually by the time I actually decided to use such as Cloud it was their whole virtual environment. So I'm even in that time frame an 8 9

months discussion a lot of changes in Citrus clouds by the time we got to the end of those discussions. Okay, the process we actually are using to migrate our existing delivery groups for vti to circus clown. The first thing I did is I create a SQL database SQL database contains all the fields. I need to capture all of the metadata. I need from all my Zendaya and my xendesktop environment. So now I've got holes in the metadata from all of my Citrix environment then happens in desktop and all of our

primary location into a single location. And I ended up finding that I can do that data for a lot of things besides just after migration process. Now, I can use that data for things along the lines of power bi I ended up riding a half a dozen little more than half a dozen power bi report is pulled in every morning for us to allow me to evaluate if any of the neighbors and some things of that nature. I immediately know if a delivery group is ready to move the pictures, or not.

Email notifications also audio process you're going to have to be able to notify all of your users that you're going to be migrating them in there going to be rebooting their machines as a part of that process again that metadata give me a place to get the Quarry in order to find all of the vdi machines that are part of a migration who they belong to and then do an email or do it look up an active dry to get their email address and send them a custom email. What's the thing that use the metadata database for is actually creation of the mediation Center Cloud because we move

all of our catalog for provisioning new machines to fix your problem first before we started migrating their catalog. That means that day to become Static from now that I'm collecting those videos into that. I don't have to wait for queries and in Powershell command to order to run in order for me to migrate machines to pick a spot and you'll see some of the utilities I wrote here in a minute that you get metadata database is rollback. I need to build a rolling back. Okay, so

emailing the note about a week before we migrated delivery route to switch iCloud email the users and we let them know that we are going to be migrating their machines out to such as cloud and all they're going to have to do is allow us to reboot the machines that night and after that reboot them still log into the same storefront URL what they did before but they need to not be running any applications which might result in them having data loss how we do that. I wrote a Powershell script again. You're going to hear me say that a few times here in the next few minutes

removing a delivery group suspicious clown. It goes off. The medicated A-Basin tells me what are all the delivery groups are in that in that metadata. I select the door Datacenter that I heard they delivered that I migrate out the Citrus Club. After I do that with her brother just asked me what days now I don't have to know what machines on migrating the second thought. I don't have to know who the users are. I don't have to know any of this any administrator that is going to do this migration for us. All they got those three questions. What is it? Do

I got a custom HTML email that it's in and what it does is it inserts the user's name? I told you it doesn't look up against active directory and it gets the user's email address. It might also has the users machine name as any friendly name. They may have assigned to it. It gives them that's nice what appears to be a loving way handcrafted email for them, but it actually is a form email that just simply insert a few tag. Now they get the instructions. They need to know when we're doing it. What machine is there is that we're going to impact and it also gives them an idea that they need

to stay out of the machine that night but it also looks like it should have no impact on them the following day after the migration that should be able to access everything the way they always do. Then we get to the migration utility. This is the second power cell utility. Now. I had originally thought about doing this utility in the next one exactly at the same time and doing all the steps in one but what we found is the migration of the Flies and Recreations of the Citrus clouds using automation actually takes longer than you might think Citrus hasn't provided the SD case for

right now to recreate all of those VTA. I'll just take your time. You have to use the power cell SD card and you can't do it this one command. You got many of the commands that have to be ran. So the power show that I wrote I said, you know what I was getting an average rate of about ten machine per per minute getting recreated in such as clown many of our delivery groups are 3/4 and some of me in five thousand users inside. It's like you're talking hours and hours and hours of the re-creation. So what I did is the best utility is what I use

for recreating the identities out in citrus cloud. Are clouds you to select the Datacenter? It'll give you a custom list of delivery groups you select the delivery group and then you slept the target delivery Google searches cloud, and then you click add and you click. Okay, it'll add all those machines you can do this during the production day and have no effect on your using cuz they're still broken using the Legacy infrastructure. You also have the ability to roll back. I've got the remove button there that you can select. It is a remove a to remove them from the delivery groups and

Citrus Club. The other thing I did it I wanted to be able to clean up some of the past and the sins of the past. We met in some cases we have delivery groups that why did we divide this into free delivery? There should have been one when we created in the Legacy environment, but we do if we give ourselves after I migrate the first machine in the left and the first delivery group in the left all the bda's into a delivery group in citrus cloud. I give myself the ability now, I can select another delivery on the left and my great friend and I can even do a third or fourth if I want to so now I

can consolidate BDA that used to be in separate deliver groups of machine. Can I log into one set of machine catalogue into and delivery group in Citrix Cloud don't get to clean up some of the things that maybe we should have done in the past. I'll just adhere the prior to migration. We get had the opportunity to engage Tony with some of the folks at Citrix that were familiar with migrations and scripting and in the back in the Citrus clouds. So they took a look at his plan and talked about and how he's doing things together to ask some questions and and actually when he began the actual

migration he did run into some challenges but because we had done that pre-work and got those folks really with the plan. We're able to work through them pretty quickly those resources available to answer quickly me instead of spending days trying to get an answer. We can you still get an answer within a day went to a question and that's very beneficial. Next Step that you have to do this is when we actually make the user start using Citrix Cloud. I told you I can replicate

relieved that delivery group disabled. So they don't see that far storefront. Now comes the night. I want these use it to start using such as Cloud. What I've done is I've got a script that I run the ad these machines to an Active Directory Group which applies a new GPO the changes the list of DDC that new lifted edc's tells the machine. Okay, quit registering with your and you're going to have to register with the cloud connectors on your next reboot. So what I do, it's a Powershell script. You're

going to add or remove if you are if you're adding you're moving forward if you say migraine some users and they're having some problems. I want to go back to on-prem Legacy. You would click remove you then select the Datacenter you're migrating the vdi machine out of from as far as a cloud the third one you select the delivery group, but you want to migrate Citrix cloud. And the third one. All you do is you tell it to a deed group that's going to apply that with the DDC who's in the group policy. Once you click okay at this screen right here. All the machines will be added to that

adgroup by not doing this as part of the previous trip is instead of me having to sit around and wait three or four or five hours for a really large delivery group to get recreated in such a child all of that already done. That's what I mean on migration night. Button commands it takes to add these machines to an active directory group of five of us to DC that happens very quickly. I can do $3,000 change in a few minutes as opposed to waiting hours for those ideas to be for change to get replicated on migration night. What's the target target for Liberty Mutual is to get to a

hybrid architecture with her sisters environment. What we want is to be able to manage these devices in a single control playing right. Now we had here I can through is Magic I can make a machine show up from many different Citrix environment for our users using storefront using is Magic. I can use the help the help desk used to manage multiple different types of the same time, but when it comes to managing the environment using Studio, you still have to log into each of those 20 separate Citrix environments to manage them. What I want to do is change it from having 20 separate business

environment that having one production 1 test environment and only have resource location. Now if I stand up another resource location, I'm not creating a whole new side database nucific policies. I'm not having to stand up new DC and all of that. I added a couple of cloud-connected. I create a new resource location. All the policies are already created from the existing infrastructure. You might have Tweak it with another policy or two depending on your youth cake. But now your users are using the environment in your managing very very structure. This is a popular use case and

it's right for people to go to such a fire-breathing single control plane and resources in different places in the world. And in a typical concern is while I have some resources, maybe they'd be might be in asia-pacific or or in Europe in the cloud control plane might be in the United States. What's the issue you noticed is that working and Liberties case that that was a concern so we actually did a follow-on proof-of-concept where Tony was able to use and US base for collapse in Desktop Service control plane in a resource location in Singapore just to prove out that there wasn't any latency

around login times and things like that. So and that's true and I've actually the next couple slides don't talk about some of our public Cloud initiatives that we got going on at Liberty Mutual and one of them pops very specifically for that task the whole reason we did that POC is one of the implementation is that we are currently doing right now and I You ask where we're building machines in Singapore in AWS in Singapore. We're doing AWS in Europe doing AWS here in the United States what some of our International? So what are some of the public Cloud projects that we got going on right

now at Liberty Mutual? Well, one of them is a disaster recovery. We're going to be able to burst 2500 machine and reserve one of them to do it just a few hours. So we got a couple of really critical case used as users went good. We want to be able to make sure that we even though we split them across data centers and all those wonderful things. We lost half of those users that we lost back really quickly. So what we're wanting to do is be able to burst of the cloud and Azure instead of standing up 2500 where users with the capacity and or data center that we've been can't use unless

there's a disaster it made sense to use Azure for that when we've already built all of the Automation and orchestration to make all that work, we built and destroyed over a thousand machines and Azure using this process. The only thing weird still doing at this point in time for that project is what continuing to tweak the process so that we can get that number of machines that we can do in a short. Of time up the basic processes. Open and play sand in fairly. Well testing. Next time that we've got in Azure as we got in a bunch of developers and data scientist right now. I mentioned to

you earlier in our POC will our add your base developers were part of our for the POC environment while they obviously are very interested in getting themselves added to the whole citrus cloud migration and they've been using a different brokering mechanism not Citrus at all in order to get into their devices and Azure and a very eager to get into it. We've already stood up there the resource location. We stood up their Cloud connectors at this point in time. The only thing we have left to do for them and get the bda's installed so that we can start broker no

connections for those users. Now when it comes to this is probably one of them or even though I've talked mostly about our vdi migration and I told you that I resent at migration was a relatively simple migration. We're doing it so cold feet on the ground right when it comes to decided to migrate most of their applications out of their data centers in their 3 data centers to AWS. So they're moving most of their back end application now because they're moving

most of their back in applications and we brought in a lot of those applications on Xena and those data centers for their users. That means he has to go as well. We've already stood up 8 up environment in Singapore and Southeast. We've stood up environments in the EU and we stood up at USPS for Latin America folks. We have environments up in all three of those regions right now. We have applications already running for adoption for our users in those location. We haven't gotten to the 440 as an app service

across those three locations where I think we're at like 16th. So we're we probably got about half built out there in applications reader been used for production or ban user acceptance testing or that got in those various Realms of work. The nice thing about this is it got that the pictures turned out to learn a whole lot of new tools. They got to learn things like bitbucket. How do you use to get to put cloudformation template something in and out of bitbucket? How do you use pop formation campus to deploy machine at all? How do you create a confirmation template for deploying server

and things like how to use Jenkins is a pipeline for the confirmation template so that the so that you end up with a working server skills. For the most part it was a very good experience for all of them. The other thing that is really good about this is that now we have a sort of a model by which we continue moving other environments out into a SS is more back-end applications move next time. It might not be International might be some of our domestic applications a lot of domestic applications at

Liberty Mutual being reworked to work in the public cloud. And in that particular case, we need to make sure that we're able to build out or is that another thing? I know I'm running out of time here, but nothing I wanted to mention also got a POC that's getting ready to start here pretty shortly with BMC in AWS problem with the fact we've already ordered to serve are the virtual servers out there the nicer than the enticing thing and I even heard a presentation earlier about it being really enticing thing for us about that is now week.

Fieldwork bug out in AWS and if we need to we can then pull those things on Prim. So if we need to purchase to the cloud long as I like to move it to another visa center and then realizing all the way of the necessary pointers in the database so that you can still find the vdi device. We can now build work clothes out there and literally be in exactly the same format to go get a ride on ESX in our data center and then pull them into the Daley Center and run Powershell script vcenter and have them move the machine. That way we

can get that capacity then build a capacity in the Datacenter that we want cuz it's cheaper there and then moved to devices so we can start working on that pattern over the next few days. Just a touch of a few things real quickly that we learned as a wrap up for me we learned it was storefront not everything's exactly the same even though you got Duty season you get plow connectors. A lot of people try to use that use those two terms interchangeably. They're not exactly the same. They don't function exactly the same we found that you have to use my resource

locations if you run to have multiple If you're going to have multiple resource locations in the same active directory infrastructure and you're going to front end all of those resources locations with the same store Front Sight you need to use aggregation at something that you normally only got to be our environment publishing exactly the same I come in this case you need to use it for that. Same thing goes with storefront configuration for Citrix Cloud does not support based authentication. You can't pass the authentication off to your DVC like you can with the DDC. How can I support

that? So if you have a active directory, you're not going to be able to do that and I'll pay the rest of the items on this slide. These are things that we talked about throughout the presentation. I just wanted to get as a follow-up here, but I'm going to hand it over to Andy great. Thank you. So I'll just add that Tony discussed some of the challenges that he went through the last couple years and things that he needed from Citrix and we actually is he alluded to we actually have a team when you become a cloud customer Centric They got engaged part of a customer success team. So what

are the challenges he was able to get through? Those folks were responsible for driving that within Citrix is to out to the, you know, the success of Liberty Mutual. Thank you, Tony. Thanks everybody for joining. I certainly learned a lot of last couple years working to Tony. I hope that you folks learned a lot in this will help with your own cloud Journey. Please take some time to fill the conference surveys within the app. You can write the session directly this presentation as well as the rest of them will be available either on the website or Dolby Atmos Energy website shortly. So,

thank you very much for Oaks.

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...”
Available
In cart
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “Software development”?

You might be interested in videos from this event

September 28, 2018
Moscow
16
157
app store, apps, development, google play, mobile, soft

Similar talks

Carisa Stringer
Senior Director at Citrix
+ 3 speakers
Randy Cook
Principal PM at Microsoft
+ 3 speakers
Pieter Wigleven
Sr. Program Manager at Microsoft
+ 3 speakers
Harsh Gupta
Director Product Management at Citrix
+ 3 speakers
Available
In cart
Free
Free
Free
Free
Free
Free
Kireeti Valicherla
Director, Product Management at Citrix
+ 1 speaker
Paul Carley
Senior Product Marketing Manager at Citrix
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Rob Zylowski
Senior Architect at Citrix
+ 1 speaker
Martin Zugec
Senior Architect - Technical Marketing at Citrix
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
551 conferences
21655 speakers
8015 hours of content