Citrix Workspace Authentication: Citrix Gateway


One of the challenges with using cloud services is getting the same experience you had in an on-premises deployment. For the past 20+ years, many Citrix Virtual Apps and Desktop deployments utilized a Citrix Gateway to provide an ICA proxy through the firewall. For external users, Gateway also authenticated those users. Over the years, admins determined the authentication schema for their organization, most likely incorporating additional factors beyond passwords, like TOTP, certificates, RADIUS, nFactor, etc. Fast forward to 2019 and we now need to figure out how to use Citrix Workspace without impacting our secure authentication profile. Currently in tech … Continue reading Citrix Workspace Authentication: Citrix Gateway

Authentication: TOTP


Let’s make one thing perfectly clear… TOTP ≠ OTP OTP = One-Time Password TOTP = Time-based One-Time Password As discussed in the Two-Step Verification post, OTP sends the one-time password to the user’s mobile phone via SMS or to the user’s email address. TOTP, on the other hand, uses a local app on the mobile device to generate a pass-code. If we look at the factors for an app using a password and TOTP code, we see that it is something you know and something you have. When a user registers a mobile device, they receive a key (either as … Continue reading Authentication: TOTP

Access Control for StoreFront – Demo


I recently talked about how you can add SaaS and web applications to an on-premises StoreFront deployment.  The integration goes beyond simply publishing links to the SaaS and web apps.  The integration utilizes the Citrix Access Control service, providing SSO to SaaS No more passwords. No more access after employees have left the company. Enhanced security for SaaS apps No more printing, downloading, copying data locally URL filtering within SaaS apps No more blind faith that my users understand security implications of selecting a link The following demonstrates the user and admin experience for enabling this functionality. Continue reading Access Control for StoreFront – Demo

SaaS and Web Apps in StoreFront


In a Citrix Virtual Apps and Desktops deployment, many organizations use StoreFront to provide access to Windows and Linux applications and desktops.  A lesser know feature, published content, can let StoreFront publish links to SaaS and web applications in an attempt to bring all resources together into a single view. (I see the differences between SaaS and web apps as follows: SaaS apps are browser-based applications hosted by a 3rd party while a web app is a browser-based app hosted within the internal datacenter).  Unfortunately, SaaS/Web apps introduces some interesting challenges for users: SSO – Users must remember the username … Continue reading SaaS and Web Apps in StoreFront

Authentication: PIN


1, 2, 3, 4, 5 That’s the kind of thing an idiot would have on his luggage Let’s take a look at PIN-based authentication. Isn’t a PIN just like a password? Yes: A PIN is like a password in that a PIN is something you know No: A PIN is not like a password in that the PIN is tied to the device, something you have Does that mean a PIN is considered a multi-factor authentication solution? YES! However, there are some major concerns when it comes to PIN-based authentication Uniqueness: A PIN can only be used on the device … Continue reading Authentication: PIN

Authentication: Two-Step Verification


So far, I’ve realized the following I have way too many identities Password complexity rules are implemented incorrectly Multi-factor authentication will provide additional authentication security So let’s look at one of the most basic forms of MFA. Unfortunately, I’ve seen this take on many names: Two-Step Verification Two-Step Authentication One-Time Password After providing your username and password for certain Web/SaaS-based apps, you are given a screen like the following: Once you enter this verification code, you are successfully authentication.  From the user perspective, this is a pretty easy way to implement MFA.  However, this is NOT multi-factor authentication. With 2-step verification, … Continue reading Authentication: Two-Step Verification

Updated IO Optimization with Machine Creation Services


With the Citrix Virtual Apps and Desktop 1903 release, Machine Creation Services continues to improve! The RAM-based write cache feature has been updated and improved. I wanted to see how the new RAM-based write cache capability compared to the previous version and how it compares to a desktop without using a RAM-based write cache. First, let’s look at the 95th percentile IOPS with a LoginVSI knowledge worker workload running for one hour with different sizes for the RAM cache Seeing a 15-20% reduction in storage IOPS from the 1811 RAM cache and a 50%+ reduction compared to using no RAM … Continue reading Updated IO Optimization with Machine Creation Services