Cloud Discovery and the nuts & bolts of Citrix Cloud and Horizon Cloud

VDI workstation virtualization is a common approach for corporate desktop and application access, and it allows IT to centralize information in the corporate datacenter.  These approaches allow for some key business benefits, with the biggest being mobility. Users can work from anywhere and at anytime, allowing for a great amount of flexibility of work teams.  There are of course many other reasons to commit to a VDI strategy, and if you are interested in learning more we covered it here.

Now let’s add a twist to this conversation, one in which we consider what it means to deploy VDI in the cloud.

Why Cloud?

In order to get VDI to the cloud, your organization would need to first justify moving to the cloud.  Moving data to the cloud is an organizational decision that often involves many people, including your security team.  To help simplify some of this, here are some of the primary strategic and technical reasons that organizations move some or many of their workloads to the cloud.

Immediately after the commitment is made to move certain workloads to the cloud, these topics should be part of the conversations you have with your cloud providers.  Not all cloud providers are created equal, and if the above items cannot be met by a vendor, you may want to shop around a bit more.

Checklist of Considerations for VDI in the Cloud

Now that you have decided to move some workloads to the cloud, and more specifically VDI virtual workstations, what are the technical considerations to start looking at?  Before choosing the provider you plan to work with, know the answers to these questions to make sure you are completely comfortable with the vendor’s responses.

  • Which hardware components will need to remain on-premises if any?  Keep in mind that depending on the migration approaches offered by the vendor you choose, there could be some hardware integrations with your existing configuration.  These can be short-term or long-term integrations, depending on the vendor and options chosen. It’s important to ask the right questions and understand this up front.
  • Are there any backup and recovery options included?  In my experience with a cloud model there are typically a lot of redundancy and high availability options.  That being said, cloud providers do not always meet the needs of every SLA that is being offered today on-premises.  Understanding this up front will ensure that your strategy and technical approach is designed in the best way to support your organization.
  • Hybrid Configuration and On-premises integrations –  If your plan is to migrate existing workstations to a cloud offering, then discussions about a hybrid deployment should occur. In this scenario typically, a seamless user experience during the migration process can occur. In this scenario a seamless user experience is key, particularly during migration, as is a failback process in case of unforeseen challenges.  Sometimes a hybrid configuration will require some on-premises equipment remain forever or some undetermined amount of time. All great questions for discussion when choosing your provider.

Now that we have the breakdown of some of the major considerations when moving or embarking on a VDI virtual workstation in the cloud, I have selected two of the key players in this space to break down the technical facts about: Horizon Cloud and Citrix Cloud.

Peeling Back the Layers on VMware Horizon Cloud Architecture

VMware Horizon Virtual desktops and applications can be delivered through Horizon Cloud.  When thinking about architecture the first thing that comes to my mind is “How does this integrate with my on-premises solution?” and “Can I set this all up in the cloud?”  It is possible to deploy a hybrid scenario leveraging some of you own infrastructure, but going all cloud and removing the upkeep of the components can prove to be invaluable if that suits your business direction.  So, for now we will focus on VMware Horizon Cloud only, and the differing Active Directory options available within this architecture scenario.

Active Directory Integrations and User Experience

To deploy Horizon completely in the cloud it’s important to understand which scenarios are supported, and what this means for the user experience.  Let’s look!

As the table above describes, there are several user experience considerations for authentication to Horizon Cloud, but also be sure to investigate pricing.  Each of these Microsoft options for synchronizing your directory can have different price points and can influence the authentication model an organization moves forward with.

Horizon Cloud Infrastructure

It is also important to take some time to understand the architecture behind Horizon Cloud on Azure.  So, let’s first start with the following diagram from VMware.  In this diagram the Horizon Cloud Control Plane is deployed in AWS, and is completely managed by VMware.  Your administration will be done through an interface known as the Horizon Cloud Administration Console.

Analyzing the above diagram even further, there are several other important points.

  • A set of resource groups will automatically be deployed through the node deployment process in your Azure Tenant by using the node manager.  Resource groups created by Horizon Cloud in your Microsoft Azure tenant will be named with the prefix vmw-hcs.
  • All load balancing, VPN-Gateway (configured by the customer), DMZ, public IP’s and Unified Access Gateways are deployed and configured in Azure.
  • You may also notice something called a JumpBox.  JumpBox is a VM that helps orchestrate the buildout of your imaged nodes.  When networking is properly configured the JumpBox establishes a connection with VMware Horizon Cloud Service.
  • Also, the created Resource Groups (RGs) organize the assets the environment needs.   This includes virtual subnets, the virtual machines for the master RDS-enabled images, VMs for published images, network interfaces, IP addresses, and disk to get started with.

While there are many moving parts to deploying your virtual workstations in Horizon Cloud,  up-front research will greatly aid in being able to do a good comparison of product options when your organization is ready to move VDI to the cloud.

Citrix Cloud

Active Directory Integrations and User Experience

With Citrix Cloud, organizations have many options in integrating with Active Directory, while ensuring a positive user experience.  When virtualizing desktops, the choices made about Active Directory integrations will impact not only your user’s experience, but also your ability to deploy virtual machines with Machine Creation Services (MCS) that is used to deploy your VMs into Citrix Cloud.  Also keep in mind that for when choosing your Active Directory Integration when deploying virtual desktops that you will need a Windows Active Directory server in Azure, or you will need to use Azure Active Directory Domain Services (AADDS). This is to ensure that during the workstation deployment process your workstation will be automatically created as needed into Active Directory.  If of interest, multi-factor authentication can also be configured with both options. Based on this, lets further evaluate.

User experience, and stable delivery are typically the top considerations for any authentication choices made, but it is important to keep in mind that while there are other combinations of Active Directory delivery options available for Citrix Cloud that these will work the best for deploying virtual workstations in Citrix Cloud to your enterprise.

Citrix Cloud Infrastructure

Next let’s review the architecture of a Citrix cloud deployment in Azure.  The diagram below highlights the deployment of all your Citrix infrastructure in the cloud also known as the “Citrix Managed Option”.  First thing to note about this option is to consider what we discussed about Active Directory above all resources are hosted in Azure.

Some components Citrix will manage, and others will be managed by your IT Team.  Let’s break this down:

  • Citrix Managed
    • Netscaler Gateway Services, Citrix Workspace (including StoreFront), and the XenApp and XenDesktop Services.  This means that Citrix will maintain and update these services for their customers. All of this in our scenario described today is hosted on Azure.
  • IT Team Managed
    • The diagram below shows that all of your windows applications, desktops, and Linux applications can be run on either your own on-premises hypervisor or the cloud. This is nice because the architecture can not only be configured for the cloud-only scenario we’ve been discussing, but also for a hybrid deployment.
  • Citrix Cloud Connector
    • This connector is important to your environment’s configuration and design.  The connector enables Active Directory management and removes the need for trust relationships, enables publishing from resources in your resource locations (XenApp/XenDesktop), enables XenMobile enterprise mobility management, and enables the delivery of machine provisioning into your resource locations.  So, it’s clear that this connector does a lot of things to ensure that cloud management works without a lot of complex networking or infrastructure.
    • The Cloud connector also encrypts data using HTTPS (443) and it doesn’t allow any incoming connections to be accepted.
    • Also important is that while the connector is hosted on IT Team resources, it is managed by Citrix.  Once configured, the connectors also self-update to ensure stability.

For anyone who has deployed Citrix VDI before, most of this architecture should look familiar, and provide comfort in trialing this as a cloud-based option for your enterprise deployment.  If you are new to Citrix, an all-cloud deployment greatly simplifies systems management, when compared to a similar on-premises Citrix environment.

Thinking about Citrix Cloud and VMWare Horizon Cloud

It’s clear that both offerings are well thought out, and will likely meet the needs of your enterprise cloud-based VDI deployment.  While you’re probably hoping I’ll tell you which one to choose, I won’t for several reasons — the most important being that “It really does depend”.  Organizational culture, comfort-level with the product, business needs, direction toward the cloud, and all of the things we covered above play a role when it comes to “Why the Cloud”.

If your organization has committed to moving to the cloud, what I do recommend is that you trial both technologies.  Taking a hard look at performance, business needs, and which one will help you with the long-term direction of best supporting your organization’s business needs.

Top Monitoring Challenges with the Cloud

As we move forward with deploying our enterprise workloads to the cloud, our ability to monitor and know what is going on in our environments becomes more challenging.  We no longer have control over the architecture and the way we manage monitoring of our solutions on-premises. So, what are the challenges that we should be considering?

  1. Consider the fact that cloud architecture has all on-premises components; from load balancers, to gateways, your controllers, brokers, and other components needed to successfully run your deployment.  If there are issues, even when they are in the cloud, clear visibility into the deployment is needed to understand the root cause and  to provide details to leadership.
  2. Every system that you deploy to the cloud will come with basic monitoring capabilities, regardless of the of the cloud option you choose; Citrix or VMware.  To make sure that you have the right insights into troubleshooting, choose a monitoring solution that can provide monitoring and analytics above and beyond the platform’s default solution.
  3. The monitoring solution you choose should be able to monitor any architecture you deploy.  Today you are likely have an on-premises solution and you are probably considering one that is all cloud or hybrid.  Make sure your monitoring solution can work for you regardless of your configuration. This will save you money and time in the long run.
  4. Evaluation of cost for the portions of your deployment that are in the cloud.  As we know cloud is not cheap, and some monitoring tools can help in this area.  Keeping an eye on the resources consuming in the cloud and translating them to cost can only help your budgeting for the long-term.

Final Thoughts

Before your enterprise workloads are moved to the cloud, be sure you are choosing cloud for the right reasons, and that you do a thorough assessment.  After that take a look at all the key players.

In this article we cover two of the major players in this space, but do your own research and factor in your existing deployment, enterprise culture, and long-term goals.

Finally, choose a monitoring solution that will allow you to monitor on-premises and cloud-based workloads from a single pane of glass to ensure long-term success for your users.

About the author

Trentent Tye

Trentent Tye, a Tech Person of Interest, is based out of Canada and its many, many feet of snow. FUN FACT: Trentent came to ControlUp because, as a former customer, the product impacted his life in so many positive ways—from reducing stress, time to remediation, increased job satisfaction, and more—he had to be our evangelist. Now an integral part of ControlUp’s Product Marketing Team, he educates our customers, pours his heart and soul into the product, and generally makes ControlUp a better place. Trentent recently moved to be closer to family. He does not recommend moving during a pandemic.