Duration 45:53
16+
Play
Video

Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...

Anthony Lyons
Solutions Engineer, Infrastructure at Liberty Mutual Insurance
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
322
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

  • Anthony Lyons
    Solutions Engineer, Infrastructure at Liberty Mutual Insurance
  • Andrew Cohen
    Principal Sales Engineer at Citrix

About the talk

Topic: IT

Hear the key Liberty Mutual enterprise Citrix architect describe how Liberty architected a complex migration of more than 20,000 VDAs to Citrix Virtual Apps and Desktop service. Liberty will describe their motivations for moving to Citrix Cloud and provide insight into their strategy for using Microsoft Azure and Amazon AWS as resource locations. Get key insight into the technical aspects of the move, including the custom tools that Liberty built and the architecture for their geographically dispersed resource locations. Liberty will also describe how they are able to extend Citrix APIs to build custom workflows that have saved them $5MM over the last two years.Note: This session will be available for on-demand viewing post-event on Citrix Synergy TV.

Share

Alright, welcome folks. Thanks everyone for joining. My name is Andy Cohen. I'm a pre-sales engineer. Citrix some 00:04 responsible for many of our Enterprise Accounts at New England. One of those accounts is Liberty Mutual. So I'm pleased today to introduce Tony Lyons. 00:14 Tony is the chief Citrix architect at Liberty Mutual. He's responsible for most of their design and architecture for the Citrix environment as well as 00:22 many other things. So when Tony came to me and said hey I want to do as soon as you presentation. I'm thinking about doing it on our journey to Citrix 00:32

Cloud. I thought it was a fantastic idea. I said, let's go for it. What do you need from us to help? It's a great story a lot of my customers ask 00:41 about how do I get there with my Enterprise environment? I have some uniqueness. I have some customization. How do I get to the new Cloud Model? So I 00:50 thought it would resonate really well with the rest of our customers and I'm really happy. He was able to come here today. Hopefully you learned 00:59 something today that will help with that with your own Journey. I'll give it to Tony and you can take it away. 01:05

My name is Anthony Lyons. I'm at Liberty Mutual Insurance. I'm an IT professional was about 37 years experience and it so like most people with a long 01:19 history and I T. I had an opportunity to work in a few different ones. I was a programmer network engineer systems administrator a few different 01:28 things, but I had the Good Fortune about 18 years ago to get an opportunity to go to work at Liberty Mutual Insurance at one of the first things that 01:37 I was asked very early after I took on my role at Liberty Mutual Insurance. If you think you could get this application to run on this new app new 01:44

platform called metaframe XP any of you have been around for a while know that that's all I have is one of the first stuff arm-based zeynep 01:52 environment to make a long story short. Obviously that went pretty well because I'm for the last 18 years. I've been doing design and architecture 02:01 firms in happens in desktop Solutions at Liberty Mutual Fund as well as a lot of automation with Powershell. Starfinder way to automate things that we 02:10 do with Citrix at Liberty Mutual stop getting them to work in AWS 02:20

get them working as her as well as we did a PLC with such a cloud in the PLC we do with such a cloud a couple years ago. And now we are 02:29 in actively migrating to such as clown in the presentation will talk a little bit about some of the things that we've done in our migrations to Citrus 02:39 clouds some of the utilities that we've built that with we couldn't make those move to secure Cloud along with our will bring infrastructure been 02:48 moving at such a child simply wouldn't be possible for us. So what do we want to get from citrus cloud Liberty Mutual obviously like to get to 02:56

a single point of administration. We've got roughly about twenties in Athens in desktop infrastructure Liberty Mutual better manage individually now, 03:06 I could do an entire PowerPoint presentation on how did we get to a point where we have so many different different infrastructure has a large number 03:15 of different resource locations Acquisitions in a variety of different reasons, and I also am not completely oblivious to the fact that single 03:22 point of administration or single pane of glass is sort of like the unicorn of the IT industry everybody hears about it, but nobody ever sees it. But 03:32

the reality is is there right now with 20 separate sister paper structures that we have to manage. And now the fact that Liberty Mutual has been 03:40 moving for the last two or three years very heavily towards public Cloud infrastructures. We've been moving some of our back in applications to public 03:48 Cloud AWS and in his her what we have found is that if I we didn't find a new way we were going to continue to proliferate Legacy 03:54 Citrix environment throughout the industry through our environment right now just this year alone. We would probably move from twenty separate 04:04

circuits and violets about 25 shepherds pictures environment. If we didn't find a new way of doing things with 04:11 moving to public Cloud we're going to have him some food somewhere. We're going to need to host then I have servers vdi infrastructure or we may not 04:21 want connectivity back to on-premise. We don't want to have a scenario in which we're Network boundaries become an issue with pictures Cloud now, all 04:28 we need is connectivity back for our Cloud connector back into Citrix cloud and we can use that single-pane-of-glass to manage them rather. They are 04:37

in Azure AWS various different regions around the world or on Prim. Another thing that we want to do we want to make sure that our key technology 04:45 didn't go Investments can go on change. We can still move the pictures out and we can continue to use our storefront we can continue to use our next 04:54 week and show me the use of radius 4 to 2 Factor authentication for brokering of our connection and we can use our ETA we go with any other technology 05:03 other than Cloud we're going to have to reinvest and all of that and with a large difference infrastructure, that is an awful lot of work to have to 05:12

recreate the wheel. So how did we get to this point Liberty Mutual said we started taking serious interest in Citrus Club back in early 05:20 2017. We said well, let's do a POC with him. Now. I'm not saying that even today but two years ago. It was even far Left Bank two going to do today. 05:30 And so what we said if you don't want because public cloud is part of the reason that were so interested in such as Club. Let's go ahead and do a POC 05:39 and we're going to do that poc in Azure. We're going to throw 50 developers out there and Azure and we're going to stand up some Cloud connectors and 05:48

we're going to stand up some net scalars and some bda's and our own separate storefront environment so we can isolate him and lady for the 05:57 Authentication. Identify any serious challenges that we didn't think could be overcome either by us or by 06:05 Citrix because we partnered with Patricia and Microsoft on this endeavor. We wanted to do this to you or see we hadn't done any Citrus in public Cloud 06:14 2 years ago. We hadn't done such a Cloud 2 years ago. So Microsoft the Citrus came together to help us get the Fuel City off the ground in and get it 06:22

tested on some things lessons learned during that POC such as some simple things like a clown connector can't authenticate between active directory 06:30 Forest without placing Cloud connectors in Beaufort. Did he sees cam long is a two-way truss to bring their environment we found out there was some 06:40 things like power State and registration were much longer two years ago in such a cloud in they are on the way to get your product on them. But these 06:48 were things that took his promise. I think it's all those things for it. Also things like administrative walking didn't exist back then and such as 06:56

cloud and things like license usage monitoring your child back then but Starting with your sister, So things were coming soon. So we 07:03 decided after that that we were going to give it a little more time, but we started talking some more seriously about moving to pick a cloud at some 07:13 of these things materialize. I'll add this to you know, Tony kind of alluded that early on we had the opportunity to get Tony and his team engaged 07:19 with a lot of our product managers and even our Consulting Group. So as he was exploring such a cloud and bringing up these challenges we were able to 07:28

get that right into a product team to create and handsome and she'll hear a lot of that throughout this this presentation because our folks really 07:36 appreciated. The Tony came right out front of the things that a large complex Enterprise account needs and Citrix Cloud that's not there yet and 07:43 you'll see a lot of those things have been added or it will be at it shortly in a few of those things during our four to six months. We were doing his 07:52 PSI to actually fix some of the things that we brought to their attention during that period for So let's say you're like Liberty Mutual and you 08:00

decided that you want to move supercloud. You got some architectural decisions tonight. And then how are you going to secure 08:08 your control plane access the control planes Keys of the Kingdom. That's how people how you get Define access you define who's going to get access to 08:18 a vdi machine Republic application. Obviously, our security department was very interested in how are we going to secure the access to make control 08:25 planes intersect outside of our Davison or now? Are you going to migrate everything? Are you going to instead of migrating everything to go to my 08:32

break something? So you going to start provision new? But like your old stuff die off organic leave its provision brokered on printer Liberty Mutual. 08:42 We're going to move everything to iCloud almost 08:50 everything and then we decide where we're going to migrate almost everything still didn't might not be exactly the same path. We thought when we first 09:00 started Can you use your continue to use your store bread or you going to use the proposal workspace Liberty Mutual we decided we're going to stick 09:07

with storefront for now. But we do see a future where we could be using which place in the future will Spectrum some things that as it continues to 09:16 develop. Now you going to use your old netscaler architecture or you going to use that tailors in service while obviously knows his Services aren't 09:24 really an option. If you go to work space we're not there yet. But again are we see some opportunities to HughesNet Sales and Service possibly in 09:32 like some of our public Cloud options and things of that nature once we do get to work space. The last two items were huge for Liberty Mutual 09:42

existing Automation and custom Services. You might have built around your Citrix environments. Do you need access to the form of databases of your 09:50 site today Liberty Mutual we've written a lot of orchestration and a lot of automation especially around our xendesktop space and we heavily used to 09:59 put in the data in the performance data databases are xendesktop environment loss of access to that performance data database could be a showstopper 10:09 for us moving to Citrix Cloud because we would lose some utilities that we written and I'm going to talk about some of those here in just a few 10:18

minutes. Well, the first thing our security department wanted to do we went through a 90-day evaluation with our security 10:24 department. And one of the things that they were most interested in is how we going to control that address for control plane while we did it with his 10:33 most people in here probably already know. You can integrate your control plane with is there a d Liberty Mutual already had a Missouri ID 10:40 implementation and I gave us control over password Lane change frequency complexity requirements as well as gave us control over loudest to implement 10:49

2fa and things of that nature for Access or control plane. That we did identify something that we kind of glossed over a little bit before we started 10:58 getting into implementation and that is when it comes to your control plane, you can only add users individually in the Legacy Citrix. You can add a 11:07 nadie group force a help desk to a group. Well, if you take your help desperately put them Alameda group, you grant them access through store for 11:15 ethra studio. Now anytime they want to add to remove help desk people. It's just an ID Services functions your sister expose don't have to worry about 11:22

that and citrus cloud. You do have to administer adding and removing people and granting them to type of permission to show up on a one-on-one basis. 11:31 That is one of the three enhancement request resubmitted the picture to the part of our migration to Citrix Cloud that they've taken it's not a 11:39 showstopper for us. We're moving to it still moving out but it is something that is an annoyance. But now the Citrix team or some administrator from 11:47 IT services now has to add me people remove these people from Citrix cloud. I'm in control pun. Looks like you want to talk about is there's the three 11:56

services are, we got lots of orchestration, we built around our Legacy switch its environment but we've built three orchestrations that are very 12:06 important to the company thing is that we would not move to pick a spot if we couldn't reconfigure these separate Services the work with stickers 12:14 Cloud one of those Self Service portal Bureau, and now also cloudbolt with created some 12:21 self-service provisioning that now users can go in they log into the portal they simply select from a long list depending on who they are and what 12:30

they get a list of catalogs if I can select and improve it in the machine. Now, let's say when they 12:39 open it up it's going to say OK how many how many CPUs is how much memory gives you what a person is going to put you in one applications might come 12:49 with this particular new-build. Use a simply klixon submit or they modify some of those settings and then go get a cup of coffee. They change some 12:55 other work that they needed to do and about an hour later. They get an email says your machines ready. And this is how they also do day-to-day 13:05

operations within this portal. They going to that portal I can say I want to increase the amount of memory. I want to reduce reduce the amount of 13:13 storefront Reclamation of these devices. 13:19 Well with the ability to do that in that portal and we build somewhere in the range of about 8 to 10,000 machines a year between Baton the 13:28 machines are getting reclaimed that's cute. But something didn't know administrator gets involved to self service portal it just Auto Provisions 13:38

because of the way we set it up now if we had to get manual involved in that that would be a real problem for us. We don't use MCSO PBS because his 13:46 mcsm PBS for the great tools for provisioning machine. Wanted to do a whole lot of other things with that orchestration adding machines to databases 13:55 and then adding them to HR for charge back in a lot of different other things that we do with those machines besides just standing up a machine. Now 14:03 there is something we did encounter some problems. When we were setting this up and migrating to our our own provisioning to Citrix Cloud, we 14:11

encountered an eight you need to know. This is just a quick example of the Legacy. Side is really pretty much a 14:19 self-contained most people when they the provisioner Citrix environment staying within a physical data center. You'll have your site database. You 14:28 have your baby sees you have UTI targets and when you provision a new vdi machine that new big vdi machine is added to active directory and get that 14:37 attack you directly. Then you are orchestration comes along it hits one of those with a remote RM connected to one of those ddc's in that data center 14:46

and it says, okay now I'm going to do a new broker machine. It's going to add it to machine catalog and it goes through all the orchestration without 14:53 adding it to delivery groups and hiding the user or not a friendly names and things of that nature. And I don't works just fine in a legacy 14:59 environment. Now fast-forward with Margaret started migrating are delivered such as cloud. Look pretty similar you all of your vdi 15:07 machines your Cloud connectors and all of that are still there. Just like your idea PCS work, but the one thing is is the database extracted out of 15:17

your data center. Well, what's the big deal with the big deal is is now what happens is is now you using a power spell server. I go ahead Market 15:25 provision goes out and it does the same thing that always did would be right here. Oh it and the Machine it added to active directory after dad's at 15:35 the Active Directory. It goes to the Powershell server, and it does that new broker machine. It to its machine catalog in Citrix cloud. Where the rub 15:42 comes in Canaan for us and we spent a month working with the Citrus clouds folks on the development of this it was when you go to add that 15:51

machine to the machine catalog. If you do that right after adding it was say I provision of machine in Datacenter one after I'm a provision that 16:01 machine a Datacenter one. I immediately tried to do an Uber per machine in the Legacy model the controllers as the 16:09 machines at the BT I registered with in that same space. But now I know which data center the machine is in all 16:19 it knows you're going to provision a new machine into surgery probably knows the name of the machine that knows what active directory it's in but it 16:29

doesn't know what data center. It doesn't know which resource location that it might happen to be in if your a d doesn't replicate relatively quickly 16:36 between these David says what can happen in this was what was happening to us for a good. Of time was it that you would build the machine and date? 16:43 You do the new broker machine such as probably say okay. I've got to look up these three pieces of information. I need to look up the same name to 16:50 said name of the DNS name and has to happen if the cloud connector in because it doesn't know what date it might use the Car Connection data center 16:57

for or data center 3 and Spencer Davis in the one if your a D hasn't replicated those identities and the DNS and if your Cloud connected are using 17:04 different DNS servers been Cloud connectors in data should have one or their beady eyes and David said I want you could run into a scenario where like 17:13 we were running into Citrix Cloud instead of getting a Sam name in the commission catalog. You got to sit. Cuz I couldn't resolve that DNS man now r a 17:20 d represents pretty quick. It didn't require much of a delay, but we had to put some orchestration changes so that there's a slight delay between when 17:29

we bring the machine and Doctor directory and then when we tried to do the Mary adding a machine to the machine catalog this occurs because of this 17:38 change in the way of the fact that citrus cloud Hood Do they work out on a cam connector Edition the wrong Datacenter again? We 17:44 do have a change request in on this one. And because when you do the mission new machine the new broken machine command you are 17:54 passing the type of bread crumbs are there that could look up and say, okay. Well, I mean on this 18:04

hose connection you are the inputs on that. I know it's in this Zone if you seen this Donuts in this resource location, therefore, I know which 18:14 continent is I should be doing that a d look up on so that it happens in the same Davis Center the bread crumbs are there and we do have a request 18:20 into Citrix to see if they can change the functionality of that. The second of these utility that we couldn't migrate the Citrus clouds and 18:28 less so we can stall making sure they worked when we move the Citrus out as we build her own custom Reclamation services and I didn't obviously didn't 18:38

do this. When I did this in conjunction with some other really intelligent guy that work on the orchestration side, but we wrote as some custom power 18:46 so it goes out and it gets all of our video environments in pools in all the metadata isn't necessary to make decisions or Reclamation. Then it also 18:52 goes out and talk to me performance databases of all those vdi environment combines the date of it and get back from both of those who choose on a 19:00 little bit and it decides if those vdi machine should be a purgative Reclamation again, this is a fully automated Reclamation service. So they are 19:09

admins don't have to get involved in chasing users down to get them to reclaim their machines when the machines hit 30 days of not being 19:16 used the Reclamation Services. You haven't used this machine in 30 days. It seems an email to the users letting you know you haven't used this 19:25 machine. 30 days if you don't need it reclaim it or someday we might have to take it from you get 45 days. We 19:34 have to go to work. If you just don't respond to those first two when 19:40

it's 60 days of non-use are Reclamation service automatically goes out every time the machine delete delete stuff from Citrix removes it from all the 19:50 other internal systems that we that we track those machines in and it says the user a nice friendly email just says reclaim your machine if you need 19:58 another machine, this is how you can request another machine. Obviously this what this process is done is it has reclaimed 1000 machines in 2 years. 20:06 If you just assume my $300 a year run right for your video that is saved Liberty Mutual $5000000 Plus in 2 years and run, right? We 20:16

can't move the super cloud and losing you told me that can save was $5000000 in Runway. So we had to let me answer. Now. We have one other 20:26 utility now. Like I said, was that a lot more than three utilities that we've written that are accustomed in the house. But the other one of those 20:35 with power management now, a lot of people in this room is going to look at California state, but tell me they've got to the cloud power management 20:41 built right into the product. Why are you writing your own power management 20:47

developers are really interesting creatures. 20:50 They can come up with interesting ways to using a vdi machines that you would never believe they're going to do and they found ways in which we could 20:59 use our vdi machines at the Citrus power management didn't recognize him because it didn't recognize. Power management would turn the machines off 21:08 while they were actually still in New so because we have such a large contingent to your developers doing that. I ended up having to write our own 21:16

custom power management management service both have one thing in common that made it a real challenge for us to move the stickers cloud. In the room 21:25 that is both of these services are reliant on the performance data database of all of the Citrix vdi environment inside of our environment moving to 21:35 Citrix Cloud that performance database moves to the cloud with your back with your with your management point. So what I had to do is I had to come up 21:43 with a way. I was very fortunate that does provide us with API that allow us to get it that performance data. So what I did it I said, that's great. 21:52

What I'll do is the NFL created job. I created the database inside of our environment and then I wrote a job that runs every night goes out via odata 22:00 API calls using rest API super cloudy in our account and it pulls down the performance baby into those table. Now that I'm pulling that day to end our 22:08 environment I now have a database again and I can use for Reclamation power management. Now I got to do is modify my power management matter what 22:17 modifier the Reclamation service to take into account this new database that has the data and most of that data is fairly closely format into the same 22:25

way. It was in the performance database. New columns change name so now I can fix this automation. Like we do the other thing you got to do 22:33 to go to make sure that you understand it. When you start doing your Powershell commands instead of being in your legacy environment. You can't just 22:43 run it under a service account that has all the permissions like you do. Now, you got to be able to do things. Like I've been using your keys and 22:48 secret keys and using on the Fly being able to grab are tokens and things of that nature and use them so your Powershell skills have to be increased a 22:55

little bit and I promise this isn't this is not the SDK sessions, but that happened yesterday. But I do I'll talk an awful lot about power show. 23:04 Okay, so I talked enough about what would have kept us from being able to migrate to cities, start talking about what are we going to migrate and then 23:13 I'll get into exactly how do we start migrating our existing work to Citrus? Like I said, we're all in so we might have to 23:21 be able to provision District. 250 or sewing machines everyday in such as 23:27

Cloud now as a result of changing a lot of our catalogs. Right. Now we have somewhere in the range of about 24000 videos in the xendesktop space 23:37 between our UK operation or us operation that were migrating The Searchers clown for legacy data centers, and we got three or two in his ER and we've 23:47 got I told you that we started off thinking we were migrating everything directly to secure cloud or we changed our approach a little bit. We are BJ's 23:56 or up today and we're doing a good job of managing rvda versions of things that nature in Windows 10. So we said, you know what we're going to migrate 24:06

or Windows 10 delivered delivery groups over to Citrix Cloud Windows 7, not so much. We 24:13 got into the Windows 7 stuff when we realize that we haven't done as good a job of keeping bda's up and up to date as we would like to and we decided 24:23 to let you know what it was actually kind of challenging to upgrade some of the older bda's to current if it was 7. 9 or or newer. It wasn't too big 24:31 of a deal, but if it was older. The upgrade processor kind of fell down Paramount more than we would like the what we decided Liberty Mutual had a 24:40

program in place in order to migrate all of our users from Windows 7 to Windows 10 will perfect if we're going to make a great all of our catalogs for 24:48 for visiting new machines the windows. All we got to do is give our users are good healthy nuts to get off of Windows on a provisional new machine. 24:57 They're going to provision a new machine using such as carbon signal Legacy brokering environment Windows 10 Windows 25:06 10 Legacy. Yes, we're moving were migrating does the Citrus clouds Windows 7 were hoping to not have to buy any of our Windows 7 delivery groups over 25:15

the Citrus Height as much as we want to be able to get those users to reprovision. Are you talking about 450 then app servers in the US and UK that 25:25 were migrating District Club our lives in at migrations is a little more of a manual process. I'm going to talk about are Jenna and then desktop 25:34 processor in a little bit in which iron generated a lot of automation for that process or is it at migration is a little more of a conventional 25:41 migration such as you would if you were migrating to a noun Prem solution applications out in our zeynep environment in plus one. So 25:48

it'll be movers in that server into such as Cloud re-published all the applications then once they've been tested by the user's name of the rest of 25:58 the servers over storefront sees both environment. I'm going to talk about our International 26:06 operations which has about a hundred and forties and have service later in the slide deck. And the reason I want to talk about that later because 26:16 that's part of our public Cloud work that we're doing with a quite a few projects that are in public Cloud. They affect our migration to Citrix cloud. 26:21

In fact, all of our stuff is going into public cloud is going to Citrix Cloud. So I'll talk about that a little bit later and you'd like to know if 26:31 they are the one we first started talking about this project. It was a single-use case 500 users and has Liberty started going through the evaluation. 26:40 It's grew too I think twelve or thirteen thousand users not eventually by the time I actually decided to use such as Cloud it was their whole virtual 26:48 environment. So I'm even in that time frame an 8 9 26:55

months discussion a lot of changes in Citrus clouds by the time we got to the end of those discussions. 27:04 Okay, the process we actually are using to migrate our existing delivery groups for vti to circus clown. The first thing I did is I create a 27:15 SQL database SQL database contains all the fields. I need to capture all of the metadata. I need from all my Zendaya and my xendesktop environment. So 27:25 now I've got holes in the metadata from all of my Citrix environment then happens in desktop and all of our 27:34

primary location into a single location. And I ended up finding that I can do that data for a lot of things besides just after migration process. Now, 27:44 I can use that data for things along the lines of power bi I ended up riding a half a dozen little more than half a dozen power bi report 27:52 is pulled in every morning for us to allow me to evaluate if any of the 28:00 neighbors and some things of that nature. I immediately know if a delivery group is ready to move the pictures, or not. 28:07

Email notifications also audio process you're going to have to be able to notify all of your users that you're going to be migrating them in there 28:18 going to be rebooting their machines as a part of that process again that metadata give me a place to get the Quarry in order to find all of the vdi 28:27 machines that are part of a migration who they belong to and then do an email or do it look up an active dry to get their email address and send them 28:33 a custom email. What's the thing that use the metadata database for is actually creation of the mediation Center Cloud because we move 28:40

all of our catalog for provisioning new machines to fix your problem first before we started migrating their catalog. That means that day to become 28:49 Static from now that I'm collecting those videos into that. I don't have to wait for queries and in Powershell command to order to run in order for me 28:56 to migrate machines to pick a spot and you'll see some of the utilities I wrote here in a minute that you get metadata database is rollback. 29:04 I need to build a rolling back. Okay, so 29:14

emailing the note about a week before we migrated delivery route to switch iCloud email the users and we let them know that we are going to be 29:23 migrating their machines out to such as cloud and all they're going to have to do is allow us to reboot the machines that night and after that reboot 29:32 them still log into the same storefront URL what they did before but they need to not be running any applications which might result in them having 29:41 data loss how we do that. I wrote a Powershell script again. You're going to hear me say that a few times here in the next few minutes 29:49

removing a delivery group suspicious clown. It goes off. The medicated A-Basin tells me what are all the delivery groups are 29:55 in that in that metadata. I select the door Datacenter that I heard they delivered that I migrate out the Citrus Club. After I do that with her 30:05 brother just asked me what days now I don't have to know what machines on migrating the second thought. I don't have to know who the users are. I 30:13 don't have to know any of this any administrator that is going to do this migration for us. All they got those three questions. What is it? Do 30:19

I got a custom HTML email that it's in and what it does is it inserts the user's name? I told you it doesn't look up against active directory and it 30:29 gets the user's email address. It might also has the users machine name as any friendly name. They may have assigned to it. It gives them that's nice 30:38 what appears to be a loving way handcrafted email for them, but it actually is a form email that just simply insert a few tag. Now they get the 30:47 instructions. They need to know when we're doing it. What machine is there is that we're going to impact and it also gives them an idea that they need 30:55

to stay out of the machine that night but it also looks like it should have no impact on them the following day after the migration that should be 31:02 able to access everything the way they always do. Then we get to the migration utility. This is the second power cell utility. Now. I had originally 31:09 thought about doing this utility in the next one exactly at the same time and doing all the steps in one but what we found is the migration of the 31:16 Flies and Recreations of the Citrus clouds using automation actually takes longer than you might think Citrus hasn't provided the SD case for 31:24

right now to recreate all of those VTA. I'll just take your time. You have to use the power cell SD 31:32 card and you can't do it this one command. You got many of the commands that have to be ran. So the power show that I wrote I said, you know what I 31:41 was getting an average rate of about ten machine per per minute getting recreated in such as clown many of our delivery groups are 3/4 and some of me 31:49 in five thousand users inside. It's like you're talking hours and hours and hours of the re-creation. So what I did is the best utility is what I use 31:57

for recreating the identities out in citrus cloud. Are clouds you to select the Datacenter? It'll give you a custom list of delivery groups you select 32:05 the delivery group and then you slept the target delivery Google searches cloud, and then you click add and you click. Okay, it'll add all those 32:14 machines you can do this during the production day and have no effect on your using cuz they're still broken using the Legacy infrastructure. You also 32:21 have the ability to roll back. I've got the remove button there that you can select. It is a remove a to remove them from the delivery groups and 32:28

Citrus Club. The other thing I did it I wanted to be able to clean up some of the past and the sins of the past. We met in some cases we have delivery 32:34 groups that why did we divide this into free delivery? There should have been one when we created in the Legacy environment, but we do if we give 32:42 ourselves after I migrate the first machine in the left and the first delivery group in the left all the bda's into a delivery group in citrus cloud. 32:49 I give myself the ability now, I can select another delivery on the left and my great friend and I can even do a third or fourth if I want to so now I 32:57

can consolidate BDA that used to be in separate deliver groups of machine. Can I log into one set of machine catalogue into and delivery group in 33:06 Citrix Cloud don't get to clean up some of the things that maybe we should have done in the past. I'll just adhere the prior to migration. We get had 33:14 the opportunity to engage Tony with some of the folks at Citrix that were familiar with migrations and scripting and in the back in the Citrus clouds. 33:23 So they took a look at his plan and talked about and how he's doing things together to ask some questions and and actually when he began the actual 33:30

migration he did run into some challenges but because we had done that pre-work and got those folks really with the plan. We're able to work through 33:38 them pretty quickly those resources available to answer 33:45 quickly me instead of spending days trying to get an answer. We can you still get an answer within a day went to a question and that's very 33:55 beneficial. Next Step that you have to do this is when we actually make the user start using Citrix Cloud. I told you I can replicate 34:02

relieved that delivery group disabled. So they don't see that far storefront. 34:11 Now comes the night. I want these use it to start using such as Cloud. What I've done is I've got a script that I run the ad these machines 34:21 to an Active Directory Group which applies a new GPO the changes the list of DDC that new lifted edc's tells the machine. Okay, quit registering with 34:31 your and you're going to have to register with the cloud connectors on your next reboot. So what I do, it's a Powershell script. You're 34:40

going to add or remove if you are if you're adding you're moving forward if you say migraine some users and they're having some problems. I want to go 34:50 back to on-prem Legacy. You would click remove you then select the Datacenter you're migrating the vdi machine out of from as far as a cloud the 34:57 third one you select the delivery group, but you want to migrate Citrix cloud. And the third one. All you do is you tell it to a deed group that's 35:07 going to apply that with the DDC who's in the group policy. Once you click okay at this screen right here. All the machines will be added to that 35:14

adgroup by not doing this as part of the previous trip is instead of me having to sit around and wait three or four or five hours for a 35:22 really large delivery group to get recreated in such a child all of that already done. That's what I mean on migration night. Button commands it takes 35:31 to add these machines to an active directory group of five of us to DC that happens very quickly. I can do $3,000 change in a few minutes as opposed 35:41 to waiting hours for those ideas to be for change to get replicated on migration night. What's the target target for Liberty Mutual is to get to a 35:49

hybrid architecture with her sisters environment. What we want is to be able to manage these devices in a single control playing right. Now we had 35:58 here I can through is Magic I can make a machine show up from many different Citrix environment for our users using storefront using is Magic. I can 36:06 use the help the help desk used to manage multiple different types of the same time, but when it comes to managing the environment using Studio, you 36:16 still have to log into each of those 20 separate Citrix environments to manage them. What I want to do is change it from having 20 separate business 36:25

environment that having one production 1 test environment and only have resource location. Now if I stand up another resource location, I'm 36:32 not creating a whole new side database nucific policies. I'm not having to stand up new DC and all of that. I added a couple of cloud-connected. I 36:42 create a new resource location. All the policies are already created from the existing infrastructure. You might have Tweak it with another policy or 36:50 two depending on your youth cake. But now your users are using the environment in your managing very very structure. This is a popular use case and 36:57

it's right for people to go to such a fire-breathing single control plane and resources in different places in the world. And in a typical concern is 37:06 while I have some resources, maybe they'd be might be in asia-pacific or or in Europe in the cloud control plane might be in the United States. What's 37:13 the issue you noticed is that working and Liberties case that that was a concern so we actually did a follow-on proof-of-concept where Tony was able 37:22 to use and US base for collapse in Desktop Service control plane in a resource location in Singapore just to prove out that there wasn't any latency 37:29

around login times and things like that. So and that's true and I've actually the next couple slides don't talk about some of our public Cloud 37:37 initiatives that we got going on at Liberty Mutual and one of them pops very specifically for that task the whole reason we did that POC is one of the 37:46 implementation is that we are currently doing right now and I You ask where we're building machines in Singapore in AWS in Singapore. We're doing AWS 37:53 in Europe doing AWS here in the United States what some of our International? So what are some of the public Cloud projects that we got going on right 38:01

now at Liberty Mutual? Well, one of them is a disaster recovery. We're going to be able to burst 2500 machine and reserve one of them to do it just a 38:11 few hours. So we got a couple of really critical case used as users went good. We want to be able to make sure that we even though we split them 38:19 across data centers and all those wonderful things. We lost half of those users that we lost back really quickly. So what we're wanting to do is be 38:26 able to burst of the cloud and Azure instead of standing up 2500 where users with the capacity and or data center that we've been can't use unless 38:36

there's a disaster it made sense to use Azure for that when we've already built all of the Automation and orchestration to make all that work, we 38:44 built and destroyed over a thousand machines and Azure using this process. The only thing weird still doing at this point in time for that project is 38:53 what continuing to tweak the process so that we can get that number of machines that we can do in a short. Of time up the basic processes. Open and 39:00 play sand in fairly. Well testing. Next time that we've got in Azure as we got in a bunch of developers and data scientist right now. I mentioned to 39:09

you earlier in our POC will our add your base developers were part of our for the POC environment while they obviously 39:17 are very interested in getting themselves added to the whole citrus cloud migration and they've been using a different brokering mechanism not Citrus 39:27 at all in order to get into their devices and Azure and a very eager to get into it. We've already stood up there the resource location. We stood up 39:34 their Cloud connectors at this point in time. The only thing we have left to do for them and get the bda's installed so that we can start broker no 39:41

connections for those users. Now when it comes to this is probably one of them or 39:47 even though I've talked mostly about our vdi migration and I told you that I resent at migration was a relatively simple migration. We're doing it so 39:57 cold feet on the ground right when it comes to 40:06 decided to migrate most of their 40:10 applications out of their data centers in their 3 data centers to AWS. So they're moving most of their back end application now because they're moving 40:19

most of their back in applications and we brought in a lot of those applications on Xena and those data centers for their users. That means he has to 40:28 go as well. We've already stood up 8 up environment in Singapore and Southeast. 40:38 We've stood up environments in the EU and we stood up at USPS for Latin America folks. We have environments up in all three of those 40:48 regions right now. We have applications already running for adoption for our users in those location. We haven't gotten to the 440 as an app service 40:58

across those three locations where I think we're at like 16th. So we're we probably got about half built out there in applications reader been used 41:06 for production or ban user acceptance testing or that got in those various Realms of work. The nice thing about this is it got that the pictures 41:16 turned out to learn a whole lot of new tools. They got to learn things like bitbucket. How do you use to get to put cloudformation template something 41:24 in and out of bitbucket? How do you use pop formation campus to deploy machine at all? How do you create a confirmation template for deploying server 41:31

and things like how to use Jenkins is a pipeline for the confirmation template so that the so that you end up with a working server 41:39 skills. For the most part it was a very good experience for all of them. The other 41:46 thing that is really good about this is that now we have a sort of a model by which we continue moving other environments out into a SS is more 41:56 back-end applications move next time. It might not be International might be some of our domestic applications a lot of domestic applications at 42:05

Liberty Mutual being reworked to work in the public cloud. And in that particular case, we need to make sure that we're able to build out or is that 42:12 another thing? I know I'm running out of time here, but nothing I wanted to mention also got a POC that's getting ready to start here pretty shortly 42:20 with BMC in AWS problem with 42:28 the fact we've already ordered to serve are the virtual servers out 42:33 there the nicer than the enticing thing and I even heard a presentation earlier about it being really enticing thing for us about that is now week. 42:43

Fieldwork bug out in AWS and if we need to we can then pull those things on Prim. So if we need to purchase to the cloud long as I like to 42:51 move it to another visa center and then realizing all the way of the necessary pointers in the 42:59 database so that you can still find the vdi device. We can now build work clothes out there and literally be in exactly the same format to go get a 43:09 ride on ESX in our data center and then pull them into the Daley Center and run Powershell script vcenter and have them move the machine. That way we 43:16

can get that capacity then build a capacity in the Datacenter that we want cuz it's cheaper there and then moved to devices so we can start working 43:25 on that pattern over the next few days. Just a touch of a few things real quickly that we learned as a wrap up for me 43:35 we learned it was storefront not everything's exactly the same even though you got Duty season you get plow connectors. A lot of people try to use 43:44 that use those two terms interchangeably. They're not exactly the same. They don't function exactly the same we found that you have to use my resource 43:51

locations if you run to have multiple If you're going to have multiple resource locations in the same active directory infrastructure and you're going 43:59 to front end all of those resources locations with the same store Front Sight you need to use aggregation at something that you normally only got to 44:08 be our environment publishing exactly the same I come in this case you need to use it for that. Same thing goes with storefront configuration for 44:16 Citrix Cloud does not support based authentication. You can't pass the authentication off to your DVC like you can with the DDC. How can I support 44:24

that? So if you have a active directory, you're not going to be able to do that and I'll pay the rest of the items on this slide. These are things 44:33 that we talked about throughout the presentation. I just wanted to get as a follow-up here, but I'm going to hand it over to Andy great. Thank you. So 44:42 I'll just add that Tony discussed some of the challenges that he went through the last couple years and things that he needed from Citrix and we 44:51 actually is he alluded to we actually have a team when you become a cloud customer Centric They got engaged part of a customer success team. So what 44:59

are the challenges he was able to get through? Those folks were responsible for driving that within Citrix is to out to the, you know, the success of 45:07 Liberty Mutual. Thank you, Tony. Thanks everybody for joining. I certainly learned a lot of last couple years working to Tony. I hope that you folks 45:15 learned a lot in this will help with your own cloud Journey. Please take some time to fill the conference surveys within the app. You can write the 45:24 session directly this presentation as well as the rest of them will be available either on the website or Dolby Atmos Energy website shortly. So, 45:32

thank you very much for Oaks. 45:41

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...”
Available
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “IT”?

You might be interested in videos from this event

September 28 2018
Moscow
16
122
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN110 - What Liberty Mutual learned from migrating their complex enterprise...”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
505 conferences
19653 speakers
7164 hours of content