Citrite 239

Citrix has released an update to Access Gateway Enterprise Edition. It has some great new features like clientless access to web sites, file type association and better usability. The clientless access technology is the same URL rewriting engine used by the Application Firewall and it is screaming fast! We also spent a lot of time working on improving the documentation and adding wizards in the admin UI to make setup a little easier. You can get the new Admin Guide and other documents here:

Access Gateway Enterprise Edition 8.1 Documents

There are a few minor gotchas to watch out for with this release:

Support for Windows Vista

Version 8.1 (finally) supports Windows Vista for endpoint analysis and full network-layer access. In version 8.0 we only had beta-level Vista support. But there are two limitations in 8.1:

1. The IE Active Plugin does not work on Vista, you have to deploy the full client.
2. Only 32-bit Vista is supported.

Clientless access to web sites and file shares

This is a highly demanded feature and for a first release it works great. There may be some web apps, especially those that make heavy use of AJAX or complex client-side Javascript to calclate URLs, that don't work through the clientless access. In this mode of access, as the web traffic passes through the Access Gateway, the gateway rewrites all the HTML so that any internal links or URLs use the Access Gateway address instead. This search-and-replace process occasionally misses links if they are constructed by a programming language instead of normal HTML. Outlook Web Access 2003 and 2007 work fine, and a lot of effort went into correcting the rewrite misses. SharePoint sites still see a few glitches in this version when going clientless.

Web Interface Integration

You can now simply point the Access Gateway to a Web Interface site URL and it will automatically display in the Access Gateway's default home page. When you hear "Web Interface Integration" it's easy to conclude that Web Interface is running *on* the Access Gateway appliance, but that's not the case here.

The user interface is more or less the same, except the old "dog bone" desktop icon is now a nice blue padlock circle matching the theme of all the other Citrix products.

One thing that always bugged me about the 8.0 client was that when you launched it, all it did was add an icon to the system tray. Then you had to go and right-click the icon to log on. Not good for all those users who haven't discovered their right mouse button yet. In 8.1, the client loads *AND* the logon page appears. And in 8.0 if you were already connected and you double-clicked the icon, you basically got yelled at with "another instance is already running!" In 8.1, if you launch the desktop icon while you are already connected, it politely asks if you want to log off.

If there are any AG-E customers out there reading this, please let me know what you think of version 8.1.

Jay

Posted by JayT at 04:25 PM | Permalink | Comments (0) | TrackBacks (0)

Today's announcement that VMWare has acquired Thinstall speaks volumes. And despite what you might think, this is great news for Citrix.

First, some background. Thinstall virtualizes elements of the Windows operating system like files and registry hives, so applications install and run in a "sandbox" without impacting other apps or system components. Their virtualization framework gets packaged in along with the application executable and DLLs, which means there's no software required on the endpoint. Applications don't have to be installed, they just run. And since each app gets its own sandbox, you don't have to worry about Application A causing problems with Application B.

In other words, Thinstall solves the same set of problems as Microsoft SoftGrid and the Application Streaming feature of Citrix Presentation Server.

Clearly this extends the competition between VMWare and Citrix. Both companies are out pitching solutions for virtual desktop market (VMWare VDI, Citrix XenDesktop) as well as the virtual server market (VMWare ESX, Citrix XenServer). The acquisition of Thinstall illustrates VMWare's desire to compete in the App Delivery market too.

VMWare understands that the hypervisor is on a path to commoditization, that they have to expand their solution set through acquisitions to solve more problems than server consolidation (and do so as quickly as possible before their P/E ratio comes back to earth). And they are right to be looking up the stack toward the application as the direction to move. As Citrix has been saying for years, applications are the central unit of thought for IT managers, the raison d'etre for IT. Applications alone make IT relevant to the business.

Why this is good news for Citrix

Yes, this means competition against the mainstream Citrix product portfolio, which at first blush looks like bad news for Citrix. But the move only validates that the Citrix story around app delivery is moving from a relative niche market where Citrix enjoyed 80% market share into the mainstream IT market that will be shared by multiple large vendors. As VMWare, undeniably the hottest technology IPO of 2007, enters this market, it raises the visibility of what Citrix has been doing all along: virtualizing application access. I would expect to see more acquisitions related to app delivery over the next year or two, and it would also follow that as the app delivery market matures and consolidates we will see more innovation and lower prices.

App Delivery is Citrix turf. Thank you, VMWare for shining the spotlight on our corner of the data center!

Posted by JayT at 01:28 PM | Permalink | Comments (0) | TrackBacks (0)

Slowly but surely, Secure Gateway and SmartAccess features have made it onto the NetScaler platform. Today Citrix posted a new maintenance build of the Access Gateway, Enterprise Edition firmware (build 8.0.50.3) which brings a few new capabilities to the Enterprise Edition of Access Gateway:

1. Client Choices - You can offer the user a choice page where they decide whether to launch the Secure Access Client and initiate a full VPN tunnel, or just go with Presentation Server access via Web Interface. You can also make it so that when the user fails to meet some endpoint analysis criteria, the only choice they get is Web Interface.
   
   
2. Access Method Fallback - Without showing a client choice page you can simply fall back from VPN access to Web Interface access if the client fails an endpoint analysis scan. Presentation Server is used as a quarantine access method.
3. Windows Vista VPN Client (Beta) - Build 8.0.50.3 includes a beta Vista VPN client. It lacks a few features but for basic tunnelling it works fine.
   

If you want more technical detail on how to configure AG-E and get the SmartAccess hooks into Presentation Server that allow you to control which apps a user can launch and which ICA virtual channels they can use based on endpoint analysis, then you should download my SmartAccess Deployment Guide for AG-E. The guide has step-by-step instructions for setting up a basic deployment, from installing the license and certificate to configuring AG and CPS policy settings. Once you get the basic configuration steps done, tweaking the deployment for your needs is a lot easier.

Jay

Posted by JayT at 12:36 AM | Permalink | Comments (0) | TrackBacks (0)