SaaS and Web Apps in StoreFront


In a Citrix Virtual Apps and Desktops deployment, many organizations use StoreFront to provide access to Windows and Linux applications and desktops.  A lesser know feature, published content, can let StoreFront publish links to SaaS and web applications in an attempt to bring all resources together into a single view. (I see the differences between SaaS and web apps as follows: SaaS apps are browser-based applications hosted by a 3rd party while a web app is a browser-based app hosted within the internal datacenter).  Unfortunately, SaaS/Web apps introduces some interesting challenges for users: SSO – Users must remember the username … Continue reading SaaS and Web Apps in StoreFront

Authentication: PIN


1, 2, 3, 4, 5 That’s the kind of thing an idiot would have on his luggage Let’s take a look at PIN-based authentication. Isn’t a PIN just like a password? Yes: A PIN is like a password in that a PIN is something you know No: A PIN is not like a password in that the PIN is tied to the device, something you have Does that mean a PIN is considered a multi-factor authentication solution? YES! However, there are some major concerns when it comes to PIN-based authentication Uniqueness: A PIN can only be used on the device … Continue reading Authentication: PIN

Authentication: Two-Step Verification


So far, I’ve realized the following I have way too many identities Password complexity rules are implemented incorrectly Multi-factor authentication will provide additional authentication security So let’s look at one of the most basic forms of MFA. Unfortunately, I’ve seen this take on many names: Two-Step Verification Two-Step Authentication One-Time Password After providing your username and password for certain Web/SaaS-based apps, you are given a screen like the following: Once you enter this verification code, you are successfully authentication.  From the user perspective, this is a pretty easy way to implement MFA.  However, this is NOT multi-factor authentication. With 2-step verification, … Continue reading Authentication: Two-Step Verification

Updated IO Optimization with Machine Creation Services


With the Citrix Virtual Apps and Desktop 1903 release, Machine Creation Services continues to improve! The RAM-based write cache feature has been updated and improved. I wanted to see how the new RAM-based write cache capability compared to the previous version and how it compares to a desktop without using a RAM-based write cache. First, let’s look at the 95th percentile IOPS with a LoginVSI knowledge worker workload running for one hour with different sizes for the RAM cache Seeing a 15-20% reduction in storage IOPS from the 1811 RAM cache and a 50%+ reduction compared to using no RAM … Continue reading Updated IO Optimization with Machine Creation Services

Authentication: Passwords


<Sarcasm> Passwords.  I love them. I love them so much, I have over 150 of them. </Sarcasm> We have our identity and we provide it to a system.  In order to prove we are who we say we are, we need to authenticate. Passwords are one method for authentication.  In theory, passwords are easy, but in practice, if we want to have some level of security, passwords are not easy. Passwords are supposed to be complex. Passwords are supposed to be unique across services Passwords are supposed to be something you can remember All I have to say is “Good Luck!” … Continue reading Authentication: Passwords

Authentication: Factors (MFA)


INCONCEIVABLE! You keep using that word. I do not think it means what you think it means. My favorite quote from my favorite princess movie. “Inconceivable!” It’s what I want to say when I get the typical questions about multi-factor authentication. What license do I need for multi-factor authentication? How do I enable multi-factor authentication? How does multi-factor authentication work? The problem with multi-factor authentication is that it isn’t a product you can buy and deploy. Multi-factor authentication is a concept. It is an approach to authentication. Authentication is how you prove the identity you are providing is really your … Continue reading Authentication: Factors (MFA)

Authentication: Your Identity


Most of us ignore authentication because it is seamless with us using our Active Directory username to log onto a domain-joined Windows 10 PC. But when we expand beyond Windows, there are so many other things to consider. I avoided learning about authentication for a long time.  So many technologies. So many acronyms.  So many options.  I felt like I needed to start learning more about authentication. Most of us see authentication as a big, scary, ugly thing that we want to avoid the details, but those details can help in understanding how all of these different authentication options fit … Continue reading Authentication: Your Identity