- See more at: https://www.mywot.com/en/blog/adding-ratings-to-your-website#sthash.oJcL3NDa.dpuf

Tuesday, 30 May 2023

VDI vs DaaS: What's changed?

It has changed a lot since my last post in 2015 on VDI vs DaaS. The wind has totally changed now and many organizations have already made a move to DaaS platforms or thinking of moving. COVID-19 has changed the picture about remote working and many organizations have invested their time and money to strategize their remote working journey. 

vdi vs daas: key differences

Citrix Cloud has evolved over last 5 years, Microsoft Azure Virtual Desktop (aka AVD) has been launched since we last discussed about VDI vs DaaS along with their new DaaS offering called Windows 365 (which is similar to AWS workspaces). VMWare is not far behind with latest advancements and feature-rich suite of Horizon Cloud (VMware DaaS).

Many Organizations are re-evaluating their current dying VDI infrastructure and planning a move to a better DaaS product. Before you make a switch, we need to understand:

What DaaS offer? 

What are the considerations?

And choosing the right product. 

DaaS has many benefits over VDI and some of them are listed below.

DaaS Benefits:

1) Simplification: DaaS decouples the Control Infrastructure responsibilities to the service provider, allowing customers to focus more on their core business. Organizations can save time and effort for their internal IT teams required to patch, update and do hardware maintenance of their control infrastructure. 

 2) Scalability and flexibility: When compared to VDI, DaaS is more scalable and flexible. Virtual desktops can be added or removed by organizations without a lot of infrastructure design or expense. DaaS is the perfect choice for enterprises with varying user needs or seasonal workloads because of its agility.

3) Accessibility: DaaS is a great choice for remote work, branch offices, and mobile staff because users can access their virtual desktops from any location with an internet connection. Having the freedom to work from any device improves productivity and teamwork.

Some Considerations on DaaS:

1) Downtime & SLAs: Organizations that choose DaaS rely on the service provider to guarantee the performance and availability of the virtual desktop infrastructure. To reduce downtime and guarantee data security, it's critical to select a recognized supplier with a solid infrastructure and dependable service level agreements (SLAs).

2) Security & Compliance: Another key aspect is to carefully evaluate the security measures implemented by the DaaS provider. It must comply with the organization's data encryption, access control and regulatory compliance requirements.

3) Connectivity: Moving away from VDI to DaaS changes the way how user connect to the virtual desktops. DaaS relies on stable high-speed internet connection instead of MPLS/S2S VPN links. Slow internet connection can lead to latency issues or disruptions in accessing their virtual desktops. So, organization must get some decent internet links for office-based users.

VDI or DaaS Selection:

Based on the specific needs of your organization, a number of variables need to be taken into account when choosing between VDI and DaaS:

1) Infrastructure & IT Skills: Always analyze your company's infrastructure resources and capabilities. DaaS does help you with taking away the need to maintain the control infrastructure, but it still relies on stable internet connection for your end users. On the other hand, VDI would need organization to make some upfront investments in software, hardware and IT skills. 

When making a switch from VDI to DaaS product, we need to be mindful about the necessary skills required if we are switching the technology. For example, it might be easier for IT teams to manage and support end users if they are switching from On-Prem Citrix to Citrix DaaS compared with switching to AVD/VMware Horizon which would mean that they might need some new skills now.

2) Scalability and Flexibility: Consider your organization's needs for scalability as well as its capacity to manage changing user demands. Compared to VDI, DaaS is more flexible and scalable, making it simpler to change the number of virtual desktops as needed. VDI may call for more infrastructure design and deployment work.

3) Security and compliance: Consider both the VDI and DaaS systems' security precautions and compliance capabilities. Choose the option that best complies with the compliance norms and security requirements of your organization.

4) Cost Management: Budgetary considerations Costs connected with VDI and DaaS should be compared. VDI requires an upfront financial investment for IT resources, infrastructure, and maintenance, whereas DaaS often has a subscription-based pricing model. Analyse each option's long-term costs and return on investment.

The decision between VDI and DaaS ultimately comes down to the unique requirements, financial constraints, and organizational priorities of your company. It is advised to carefully compare the two options, take future expansion strategies into account, and even investigate hybrid models that mix on-premises VDI with cloud-based DaaS. Engaging with IT experts, consulting with service providers, and running test projects can all offer insightful information that will aid in your decision-making.

Thursday, 12 November 2015

Citrix NetScaler Gateway - Keeping External and Internal URL same for users - Easy way

Citrix NetScaler Gateway one URL for External and Internal users

Recently, while working at my customer site for designing their Citrix XenApp 7.6 Infrastructure for 200+ users, I got a requirement from them to have single URL for external and internal users. They just had single HA pair of Citrix NetScaler VPX 200 (v10.5) devices and were not interested in procuring any more devices.

Requirement: External users should have 2FA while logging to Citrix NetScaler logon page and internal user should see only LDAP authentication. The solution is based on the fact that customer doesn't want to procure additional NS devices and utilize just one pair.

Out of Scope: Citrix Receiver discovery configuration, customer using only web receiver.

Solution: Citrix NetScaler HA pair is placed in a DMZ network using old school Sandwich method where NetScaler have firewalls from both sides. This is one of the most common method used to deploy NetScalers and it works well. There are other methods as well to deploy Citrix NetScalers like 3-Tier Network etc.

However, I had to follow this design as customer had Citrix Infrastructure VMs on Public Cloud and Citrix NetScalers in their DMZ Perimeter network.

The Citrix NetScaler Appliances were imported on two Hyper-V hosts in DMZ cluster and configured in HA mode using dedicated NIC and VLAN for HA sync and other NIC for Management, traffic routes.

Refer CTX136926 for details on how to create VLAN for particular subnet on Citrix NetScaler.

Traffic Flow Externally:

Citrix NetScaler Gateway - External




















We have placed our Citrix NetScalers in DMZ zone, Network administrator need to open port 443/80 for the public IP in the external firewall and do the NAT configuration to allow Network address translation to happen from public IP to private IP translation on ports 80 and 443.

Further, Network Admin/System Admin need to open required ports on the other firewall which could be considered as internal corporate firewall, It was Cloud ACL for us. We had to open ports for Citrix Infrastructure, RSA servers, AD, DNS to allow NetScaler SNIP to talk to backend infrastructure.

LDAP:                                                    TCP 389/636
Radius:                                                    UDP 1812/1813
DNS:                                                       TCP/UDP 53
Citrix XenApp Controller XML:           TCP 80/8080
Citrix SF SSL:                                        TCP 443
Citrix XenApp VDA:                             TCP 1494/2598

Other requirements for Citrix NetScaler Gateways-
- Public IP 201.22.46.x
- Third Party SSL Certificate
- VIPs for NG1, NG2, SF Pair etc
- External DNS entry for public URL remote.domain.com
- NG1 (External Gateway) to have Authentication (LDAP + Radius)
- NG2 (Internal Gateway) to have just LDAP authentication
- Session Policies for NG1 and NG2 to point to Citrix SF base URL

  • External users would hit URL "https://remote.domain.com" which would resolve to public IP and then using NAT and allowed exception it would enter DMZ network to hit NG1 vServer 192.168.1.4.
  • User would be presented with Citrix NetScaler Logon Page to enter LDAP + Radius Credentials.
  • Then, user would be connected to internal Citrix SF resources post successful authentication.

Internal Traffic Flow:

Citrix NetScaler Gateway - Internal Users
 
For Internal users to use same URL, we need to make a DNS A record in DNS server to point remote.domain.com  to NG2 192.168.1.5. This Citrix NetScaler Gateway vServer would be configured for LDAP authentication only with Single Sign-on enabled, so that users can pass through Citrix Store Front to see all their published resources.
  • Make sure that you have created local host file entries on the Citrix Storefront servers to point remote.domain.com to 192.168.1.4 (NG1). Otherwise, Citrix NetScaler Callback would fail for external users.
  • So, If any internal user resolve remote.domain.com from their desktops, it should always resolve to 192.168.1.5 (NG2)
  • Citrix Storefront when resolves remote.domain.com, it should resolve to NG1 - 192.168.1.4
  • Citrix Storefront Base URL should be different than Citrix NetScaler Gateway URL.
  • There shouldn't be any DNS A record for base URL sf.domain.com
In this way, the same URL "https://remote.domain.com" can be used for both internal and external users smoothly with just one pair of Citrix NetScalers.



 

Monday, 9 November 2015

Virtualization - VDI vs DaaS

It has been sometime now hearing words like VDI and DAAS. VDI stands for virtual desktop infrastructure, you host virtual desktops in your Data Centre and provide them to your users over remote access using Microsoft RDP, Citrix XenDesktop, VMware horizon view etc. With the cloud technologies evolving and customer moving their Server infrastructure to cloud rather than having them hosted in their Data Centre.

You would definitely want to move your VDIs in a similar fashion to Cloud using a cloud services provider to ease management, scalability and flexibility. Virtual desktops hosted on a cloud is often referred as "Desktop as a Service" or "DAAS".

There is not a big difference in these two terminologies. Both shared a more or less similar benefits of providing virtual desktops in an efficient, less complex, scalable and robust virtual infrastructure that is a key to virtualization platform.

However, there are some limitations of using DAAS platform such as security, licensing and data control. Below is the list of Pros and cons of choosing DAAS for delivering virtual desktops.

PROS:

  • Keep VDI technology out of IT hands - Organization IT team need not to worry about the VDI technology being used. Further, its Cloud services provider responsibility to take care of resources required for VDI; be it memory, CPU or storage disks. Even, you don't have to worry about the network issues.
  • You save cost on VDI Infrastructure and if your organization relies on enterprise web apps, DAAS is the solution for you.
  • Ease complexity and you need not to hire VDI skilled staff for troubleshooting issues. They just need to take care of Operating System and applications.
  •  Easy to build, patch, backup and restore the VDIs on Cloud. Service provider can spin the desktops for your users in just 5-10 mins.
CONS:
  • Regardless of the benefits we explained, still there are some worry areas that keep organization away from going with DAAS. IT admins won't have similar control over the data which seems to be a major concern for some organisations.
  • Other major pain is managing licensing - Many cloud providers ask organisations to bring their own windows licenses for Windows Desktop Operating System. Maybe, as Microsoft has not yet offered DAAS providers an Enterprise licensing agreement where they can offer bundled license benefits to its customers.
  • DAAS provider SLA agreements for Network outages. Before signing a contract, make sure that your DAAS provider is ready to sign SLA agreement in case of network connectivity outages.
  • Another area of concern is that you cannot personalize desktops to a level that you can do it with your on-premises VDI solution that puts DAAS off for some customers.
Please see my new post as some of the above mentioned information is now outdated and may not be relevant:
https://gurpinders.blogspot.com/2023/05/virtualization-vdi-vs-daas-2023-whats.html 

Thursday, 5 November 2015

Publishing Google Chrome in XenApp 7.6

There has been known issue with publishing Google Chrome on Citrix XenApp from Chrome version 12 and it has still not been resolved by Google and Citrix in their recent versions.

If you normally publish Google Chrome by choosing normal command line option http://www.google.com; it may return a famous error Aw, Snap !! on Google Chrome published application. This error means that Google Chrome has been crashed and try loading it again.

If you click on re-load, nothing happens and you are returned to same screen as before. The funny thing is that you can't even open settings in the browser.

I recently faced it while working at one of my customer site, they needed to publish one URL which runs well on Google Chrome. The error look likes as shown below.
You need to publish it using Citrix provided command line options  --allow-no-sandbox-job --disable-gpu as shown below.
After making these changes, you would be successfully able to open Google Chrome on Citrix XenApp 7.6

Virtualization - Food For Everyone

Virtualization basics explained
 
Virtualisation has become a bandwagon for everyone in nowadays world. Every organization is rushing into it to save cost and ease the complexity of managing big physical infrastructure in the DataCentres.

Many small scale enterprises have also started to look into it to take benefits and save some cost for their IT infrastructure. Consider an example, if a small organization has 50 Physical servers running Windows Servers that may include Domain Controllers, application servers, SQL servers, web servers and other roles. There would be big cost for the underlying physical servers hardware and Windows licensing.

So, to take advantage of virtualization, they can save this cost and ease their manageability of IT infrastructure.

Windows 2012 R2 Standard Edition license cost you $882 per Device (this excludes CALs). So, if we take licensing into account it is going to cost an organization $44100. Now, consider an example of providing a virtualization solution to this organization.

They can procure two Windows 2012 R2 DataCentre Edition licenses which would cost them 2x $6155 = $12310. I have taken example of DataCentre Edition license because with this license you can run Hyper-V mode on physical server and host unlimited virtual machines. So, ultimately organization can scale their virtual environment in later run without having to invest any more money on Windows VM licenses.

However, if an organization is really small with upto 10 Windows servers and they can go with purchasing 10 Windows Standard licenses and can have Hypervisor role installed on 1 physical server to start with.

I have taken Microsoft Hyper-V into account as Hypervisor because this is free with Microsoft Windows 2012 R2 license and for smaller organization it doesn't make sense to invest big money on purchasing VMware, Citrix Xen or other industry Hypervisor solutions.

Many times we have been asked a question by IT Managers.

Is Virtualization answer to all the requirements for my business?

The answer depends upon the organization current Infrastructure and the requirements. My advise to everyone would be to ask some questions that can help them take this decision.

1) How many servers are you having in your IT Infrastructure? Does decommissioning of physical servers and moving to virtualization would save relevant hardware cost.

If you are running a project that would require you to procure and build 50 more servers and you decide to choose virtualization for your project. It is going to save money for you as you can purchase two physical servers and run Hypervisor on them to host 50 VMs. It again depends what Hypervisor you choose to go with and the budget of a project. However, in a longer run virtualization would always benefit you if planned well.

2) Does all the apps running on them support virtualization and run well in virtualized mode?

The answer to this question is yes from most of the vendors as the hypervisors have been developed and got more matured in last few years and rigorous testing have been performed on Enterprise applications to support them on virtual platform. However, if you have any in-house custom developed application, proper application compatibility testing and load testing should be performed as a part of POC solution.

3) Do you already have Enterprise storage solution running? If not you might need to procure one for building your virtual infrastructure.

If you have a very small IT Infrastructure; let's say 10-12 servers and you are thinking of taking advantage of virtualization. You better look at the storage solution for the infrastructure. Because, currently the environment might be running individual HDD on each server of 500 GBs (less or more). If the organization is looking to expand in near future, they must procure a Enterprise Storage solution from EMC, NetApp, HP, IBM etc.

4) Do you need Fault Tolerance and DR planning ?

Some small organization doesn't have DR sites and doesn't require DR site level redundancy. They are happy to live with HA and site level fault tolerance. However, if an organization is looking for DR sites and create better fault tolerant solutions, virtualization would be the definite answer for them.

5) The most Important - IT Budget

Do you have a required budget for the virtualization project. To get answer to this question, you should first research virtualization and have in-depth understanding of the software, hardware requirements including the cost requirements for your organization. You can also contact a advisor or consultant to help answer your questions before deciding on virtualization