To Cloud or not to Cloud…

by Benjamin Crill, CTA, N. Indiana CUGC Leader

In case you hadn’t heard, which means you aren’t following any Citrix news at all, Citrix now offers XenApp and XenDesktop as a service. What this means for you is that the management plane for your XenApp and XenDesktop environment can be hosted in the cloud where Citrix will manage it for you (think ShareFile-like architecture for XenApp & XenDesktop). Assuming you migrate to the service, you will no longer have to worry about installing broker hotfixes, version numbers, and upgrades. Whereas, before, you had to worry about ‘am I on the right broker version and hotfix?’, ‘is my SQL compatible?’ – all that goes away. Even the SQL server goes away. Instead of having two brokers (because we always have two for fault tolerance) and a SQL server (really two or more for fault tolerance), you have two (there’s a pattern) cloud connectors that replace the role of brokers and SQL server. The advantage is that these servers talk to the Citrix cloud service to gets updates to the connector software, require less resources than a broker would, and don’t require SQL server licensing.

The ultimate question though is this: How does one know if they should change to the Citrix cloud service? That is a large question and as with all large questions, we need to assume a few things in order to make comparisons.

Assumption 1 – your compute doesn’t matter

Whether or not you go with Citrix’s XenApp & XenDesktop cloud service or purchase traditional licensing, your desktops and application servers are what they are. If you have them on-prem they can continue to stay on-prem. Likewise, if they are in the cloud they can continue to be leveraged from the cloud. Regardless, the XenApp and XenDesktop service revolves around the management plane (the brokers mainly). If you are looking at going to the cloud service to bend your costs on compute, sorry. Not saying that isn’t possible but that isn’t what this solution addresses.

Assumption 2 – Remote access must be CAREFULLY considered in both scenarios

Seems like a no brainer, so let me expound. In either XenApp & XenDesktop service, or traditional Citrix licensing, SECURE remote access is a separate purchase. For the cloud service, you pay a monthly fee per user. For traditional on-prem you need to look at purchasing a minimum of a NetScaler Gateway VPX to cover basic secure remote access. Which route, cloud service or traditional on-premises, depends on a number of external factors. You may start one way and move to the other depending on need and capability.  Regardless, understanding the solution and its offerings are imperative to choosing the best solution for your business.

Assumption 3 – I’m not in sales

Another no brainer, this is a technical forum. However, we have to make decisions that are both technically sound and financially sustainable. That being said, there are a number of discounts and programs that can impact pricing. Those are not going to be addressed. Financial considerations are important to factor in. Your company’s purchasing power can easily sway the decision one way or the other, sometimes despite the technical maturity or lack thereof.

Items to Consider

High Availability

Many organizations struggle with getting to a state of true high availability. Think of all the things that have to be taken into account: SQL servers, hypervisors, networking, DNS, storage, and many more not listed. Having expertise in all these areas to have full high availability can be done, but it can be quite expensive. Smaller to mid-size organizations can’t always afford that level of human resources to maintain that level of service. For those companies, this makes high availability of the Citrix management more financially achievable. 

With the cloud service, all you have to ‘manage’ are the cloud connectors. These are the servers that would sit in your compute environment and talk to the Citrix cloud service. The requirements for these servers is 4GB of memory and 40GB of hard drive space. Once installed and connected, Citrix manages the connector as part of the service. For comparison, if you were to have full HA of the brokers on-prem you would need at least two brokers and two SQL servers. You would have to manage the Windows platform, Citrix broker install, and SQL install. SQL high availability alone can make the decision to move toward the cloud. I have seen fully staffed SQL DBA teams not get the SQL HA setup correct. In my experience, this is the most frequent cause of Citrix outages. 

GSLB is included with the Gateway service add-on for Citrix cloud, which is a big deal. Let’s consider if you wanted to have GSLB in an on-premises solution. In order to do that, one must have a minimum of two NetScaler Enterprise edition instances. With two, that means one would be in each datacenter so if anything happens to one NetScaler in one datacenter, you immediately fail to the other datacenter. If you want to prevent that from happening, then four NetScaler Enterprise editions are needed. The cost can quickly add up in the on-premises solution, particularly if it is just for ICA proxy.

The cloud service has a lot of advantages on the high availability front. Between the simplicity of the cloud connector and the inclusion of GSLB with the gateway service, it reduces some significant investments that most smaller organizations just can’t afford. It definitely levels the playing field on availability.

Customization of Interface

When customers deploy Citrix, they often want to brand the interface so that it’s custom to their business. It isn’t uncommon to see company logos, custom messages to users, and legal notices. If you are used to having these and modifying them, then you will need to keep your StoreFront services on-prem. Most small to mid-size companies can get away without branding, but large organizations almost always demand it. 

It may not seem like a big issue, but this can be significant. By having to keep StoreFront on-premises, and possibly NetScalers, that reduces the value of the investment pretty significantly.

Remote Access

The Gateway service with its included GSLB is a significant value add. However, it doesn’t come without its limitations. Are you currently using two factor authentication? Do you have a use case for full SSL VPN or endpoint scanning? The Gateway service is just ICA Proxy, so if you have a need for some of those additional security features, you are still going to have to plan for on-prem NetScaler/Storefront deployments. This can negate a significant cost savings. Two factor should be something that is capable in any cloud service. Granted integrating with an existing on-prem two factor may not be feasible, but a cloud two factor should be something the Citrix cloud service should be able to provide. 

On the secure remote access front, while the cloud capabilities are certainly secure, on-prem solutions still have greater flexibility and capability. However, don’t discount the simplicity of setting up the gateway service. You slide a bar and choose a button and done. On-premises configuration will not be as easy.

Business Process

With any technical solution, you have to take into account how it enables the business. As part of that, you need to know if the technical model fits the business model. Is the business moving towards consumed services versus local investment? Does the business value operating budget over capital? Does the pricing work out over the short term AND the long term? 

I have a large number of customers where their budget tilts towards capital investments, so a cloud service doesn’t make sense from a financial perspective, even if the technical specs align. 

Keep in mind that with perpetual licensing, while you have a large initial investment, the ongoing isn’t as much.  Subscription allows for a lower initial investment and lower incremental for increases, but that can be costlier in the long term. 

This is a situation where neither has an advantage, but where you show your advantage in being able to align the technology to the business. 

Conclusions

The Citrix XenApp and XenDesktop service is a very viable technical solution. It is not fully on-par with the on-premises solution, however it is quickly developing so it isn’t something to be dismissed. If you were to name the two biggest drawbacks right now, arguably they could be listed as:

  1. No solution for legacy
  2. Procurement

Number one is debatable. One cannot expect Citrix to develop a cloud solution to address legacy XenApp environments. However, we cannot ignore them either. Numbers of customers have XenApp 6.5 environments for numerous reasons whether they be application compatibility, regulatory requirements, or some simply because it isn’t a high enough business priority. Either way for customers in those situations, they may not be able to take advantage.

Procurement can be an issue around the cloud service as there is still some flux around minimum purchasing, elastic licensing, and a couple other minor issues. All of these are issues to address with your Citrix partner and Citrix representatives as there are a number of items that can influence. I am working on a rudimentary calculator to show differences in pricing and show value estimates. If you are interested, let me know and perhaps we can develop it further.

Most important though, begin looking at the XenApp and XenDesktop service offering from Citrix. It may not be what you need right now, but it has its place and will become more and more prevalent. If you are a smaller shop, it is definitely worth serious consideration as the benefits are greater for the smaller shops. Large enterprises may not see the value out of the investment just yet, but it will get there, and you will need to know what to expect. It never hurts to be prepared!

Leave a Reply