Category Archives: Xenclient

The Future Is Now

I recently discovered a video on “Citrix TV” that does as good a job as I’ve ever seen in presenting the big picture of desktop and application virtualization using XenApp and XenDesktop (which, as we’ve said before, includes XenApp now). The entire video is just over 17 minutes long, which is longer than most videos we’ve posted here (I prefer to keep them under 5 minutes or so), but in that 17 minutes, you’re going to see:

  • How easy it is for a user to install the Citrix Receiver
  • Self-service application delivery
  • Smooth roaming (from a PC to a MacBook)
  • Application streaming for off-line use
  • A XenDesktop virtual desktop following the user from an HP Thin Client…
    • …to an iPad…
    • …as the iPad switches to 3G operation aboard a commuter train…
    • …to a Mac in the home office…
    • …to a Windows multi-touch PC in the kitchen…
    • …to an iPhone on the golf course.
  • And a demo of XenClient to wrap things up.

I remember, a few years ago, sitting through the keynote address at a Citrix conference and watching a similar video on where the technology was headed. But this isn’t smoke and mirrors, and it isn’t a presentation of some future, yet-to-be-released technology. All of this functionality is available now, and it’s all included in a single license model. The future is here. Now.

I think you’ll find that it’s 17 minutes that are well-spent:

The Cost of a Windows 7 Migration

According to an August 26 Gartner press release, your Windows 7 migration may have a painful impact on your budget. The heart of the problem is summed up in this quote from Gartner managing vice president Charles Smulders:

Corporate IT departments typically prefer to migrate PC operating systems (OSs) via hardware attrition, which means bringing in the new OS as they replace hardware through a normal refresh cycle. Microsoft will support Windows XP for four more years. With most migrations not starting until the fourth quarter of 2010 at the earliest, and PC hardware replacement cycles typically running at four to five years, most organizations will not be able to migrate to Windows 7 through usual planned hardware refresh before support for Windows XP ends.

Because of this time crunch, Gartner says that you really have only one of three options:

  1. Accelerate your PC replacement schedule. This obviously will impact your capital budget.
  2. Upgrade some of your existing PCs. Unfortunately, not all of your PCs are likely to support Windows 7 without some upgrades. In fact, Gartner estimates that 25% of the installed base of PCs will require some kind of hardware upgrade to run Windows 7. Also, unless you’re prepared to stretch out the life of these upgraded PCs beyond your usual upgrade cycle, those users are going to end up being migrated twice, not once, during the next four years. Gartner’s estimate of the migration cost per PC, assuming a large enterprise with 10,000 PCs where all PCs are upgraded: between $1,274 and $2,069, depending on how well-managed the environment is to begin with, which, by the way, is not a heck of a lot less than their estimated migration cost if you do just replace them.
  3. Migrate some users to a “hosted virtual desktop” instead of a new PC.

If you’ve been following this blog for any length of time, you know were we stand on the “hosted virtual desktop” issue. To most people, the term “hosted virtual desktop” refers to a virtual instance of a PC OS (e.g., Windows 7) running on a virtualized infrastructure such as VMware, Hyper-V, or XenServer. However, this is only one way to deliver a virtual desktop to a user. Other ways include:

  • Delivering a shared desktop from a server using Remote Desktop Services and XenApp (we’ve been doing this for years).
  • Streaming the PC OS from a common, shared image to a physical PC across the local area network. (Note that this would still require that the hardware in the physical PC be able to support the new OS.)
  • Streaming the PC OS to a client-side hypervisor (XenClient) so the client device can be disconnected from the network and continue to operate.

We’re also of the opinion that no single one of these approaches will fit all use cases. But the nice thing about Citrix XenDesktop is that you can mix and match any and all of these use cases to the needs of your users, all under a single license model.

It still isn’t going to be inexpensive. As Gartner points out, you have to build the virtual infrastructure to deliver those desktops, which will involve both capital costs and labor costs. Anyone who tells you that VDI will save you money in immediate capital costs compared with buying new PCs is not being straight with you. But you can, according to other studies, save up to 40% in your “Total Cost of Ownership” (“TCO”).

And your other alternatives aren’t inexpensive either. So why not take advantage of this opportunity to change the way you deploy and manage PCs? Take a look at what you can do with XenDesktop today, think about how much easier and less costly your Windows 7 roll out would be if you already had XenDesktop in place, and then think about how much easier and less costly your next major PC upgrade project will be if you deploy XenDesktop now.

Windows 7 is going to impact your budget one way or another. Gartner estimates that if you just decide to accelerate your upgrade cycle, the percentage of your IT budget that you spend on PCs will need to increase somewhere between 20% and 60% in 2011 and 2012. If, as in many organizations, your PC spending accounts for 15% of your overall IT budget, that means that in 2011 and 2012 you’re going to be spending between 18% and 25% of your budget on PCs instead of 15%. And that will impact other projects.

As if that wasn’t bad enough, Gartner also predicts that the demand for “highly qualified Windows 7 migration IT personnel” will exceed supply in 2011 and 2012. Remember those discussions about supply & demand back in Economics 101? Yep, that means that IT labor costs are going to go up. In fact, Gartner predicts that the labor shortage, and higher costs, will persist into 2013 as organizations realize that they’re behind in their planned migration schedule and try to figure out what to do about it.

Mr. Smulders had a recommendation on that as well: “Begin talks with suppliers now about putting in place contracts that can deliver flexible levels of resources at a fixed rate over the migration period.”

If you want to purchase a copy of the full report from Gartner, you can order one through their Web site. Or, if you just want to take Mr. Smulders’ advice, you can reach us at (206) 774-0619, or by email at, or by using our handy information request form. We’re here to help.

Citrix Formally Announces XenClient and XenVault

Yesterday (August 25), Citrix formally announced XenDesktop 4 Feature Pack 2. It’s expected to be available by the end of September, and, of course, will be available at no charge to existing XenDesktop customers whose Subscription Advantage is current. The big news in this Feature Pack is the incorporation of XenClient and XenVault.

We’ve talked a lot about XenClient here, but haven’t said much about XenVault. It’s high time we did, because it’s a pretty cool piece of technology in its own right.

If you’ve used Citrix products in the past, you know that we have administrative control over whether, for example, users who are running applications on a XenApp server are able to save data back to a disk drive on their client device. With the advent of Smart Access (enabled by Access Gateway Enterprise policies), we can get even more granular: we might allow a user to save data to a client drive if they’re connecting from within the protected network, or connecting from a corporate-owned laptop, but deny that same user the ability to do so if they’re connecting from a personal device or public location like a hotel business center.

Unfortunately, once the data is on a client device, you now have a security risk. It could potentially be copied to a USB drive. The corporate laptop could be lost or stolen. (For some of the more high-profile examples, check out the “laptop losers hall of shame.”) Nevertheless, it’s often viewed as a risk we have to take so that our mobile users can be productive.

XenVault, which was first previewed at the Synergy event last May, is designed to address this risk. XenVault is a new plug-in for the Citrix Receiver. As such, its deployment and configuration are controlled through the Citrix Merchandising Server. To quickly review, Merchandising Server is the preferred tool Citrix has provided for installing and configuring client software. The first time a user authenticates to the Merchandising Server (through a simple browser interface), the Citrix Receiver will be pushed down and installed on the client device, together with whatever plug-ins and configuration details the administrator has defined for that user. Subsequently, the Citrix Receiver will check back with the Merchandising Server behind the scenes, and receive any configuration updates that may be available.

The XenVault plug-in creates a secure, encrypted (256-bit AES) storage area on the client hard disk. Typically, any application that is running remotely on a XenApp server or XenDesktop virtual PC will only be able to store data in the secure, encrypted location, if it is allowed to store data on the client drive at all. Same for an application that has been streamed via XenApp for local execution on the client (regardless of whether it was packaged with the Citrix streaming tools or with App-V). While the user will be able to use Windows Explorer to look at the secure location and see what files are there, the user will not be able to copy files from the secure location to a non-secured area of the hard disk, nor open the files with applications other than those specified by the administrator. For a deeper explanation of how this works, see Joe Nord’s blog post on the subject.

If the laptop is lost or stolen, the administrator can issue a “kill pill” that will cause the secure, encrypted area to be locked or deleted the next time the Receiver checks in with the Merchandising Server. Pretty cool.

If you can’t wait until the end of September to try it out, and you have a mycitrix login, you can download the XenVault technology preview now. And keep watching this space, because I’ve got a feeling that this will be a good subject for a future video blog.

Citrix Synchronizer and XenClient Demo

Over the past few months, we’ve made several posts about XenClient. But in case you haven’t read them, or you need to refresh your memory, XenClient is (quoting from Citrix here): “…a high-performance, bare-metal hypervisor that runs directly on the client device hardware, dividing up the resources of the machine and enabling multiple operating systems to run side by side in complete isolation.”

Of course, there are other ways to run multiple operating systems side by side on a client device, although they may not give you the level of performance that XenClient - because of its small footprint - brings to the table. The tricky part is figuring out how to manage that environment once the user unplugs the laptop from the network and takes it on the road. How do you patch it? How do you back up user data? What do you do if the laptop is lost or stolen? If one of the OS instances is corrupted, or accidentally deleted, how do you get it back?

That’s the job of the Citrix Synchronizer - a virtual appliance that runs back in your data center and communicates with your XenClient-equipped laptops securely (via SSL) over the Internet. But rather than try to describe to you in detail exactly how that all works, it’s probably easier to simply show you. So take a few minutes to watch our own Steve Parlee demonstrate the interaction between Synchronizer and XenClient.

A First Look At XenClient

If you’ve following our blog for a while, you know that XenClient is the new client-side hypervisor from Citrix. It’s purpose is to allow you to take your virtual desktop with you and still have an elegant way to keep it up to date and to synch your important documents. We’ve been testing the “Release Candidate” that Citrix recently made available as a public beta.

Even though it is obviously not finished code, it’s pretty impressive!

Our Dell Latitude demo system is configured with two VMs – one Windows 7 and the other Windows XP. Further I have Access 2003 installed on the XP image and Access 2007 installed on the Win7 image and I’m “passing through” Access 2003 from the XP VM to the Win7 VM. In other words, I can “publish” an application from one desktop – in this case, I’m publishing Access 2003 from the XP desktop – and “subscribe” to it from the other desktop. In practice, this is similar in appearance to how a XenApp published application looks when it runs on the client device.

There are a couple of advantages to this. The obvious one is that an application that won’t run on Win7 can be installed on the XP desktop and made available to the Win7 desktop. A more subtle advantage is in the area of security. For example, let’s assume that the XP desktop is your “business desktop,” and is locked down such that the user has no administrative rights. Let’s further assume that the Win7 desktop is your “personal desktop,” and you have the rights to do whatever you want with it – which could include getting infected with malware. But the applications running on the business desktop cannot be affected by malware on the personal desktop – even if they’re being passed through.

In an earlier blog post, we linked to a Citrix TV video that demonstrated this “secure application sharing.” In that video, they’ve deliberately infected one desktop with a keylogger. You can see that any interaction with a browser running on that desktop is being logged by the keylogger. However, a browser session that is running on the other desktop, but being passed through to the infected desktop, is immune to the keylogger. Pretty cool.

With regards to functionality, I’m very hopeful that Citrix will fix some of the issues we’ve seen in the RC. Here are some of the things we’ve seen reported on the Citrix on-line forums, some of which we’ve seen ourselves:

  • Many people are finding hardware problems with simple devices such as mice even for hardware on the Hardware Compatibility List. Smart cards are also an issue.
  • XenClient requires that a few different Virtualization technologies be present in order to function correctly, so today the HCL is pretty limited. This should be improving each day but it is still something to watch out for so be sure to check the HCL carefully. There is an HCL included with the XenClient 1.0 RC User Guide.
  • HDX (High Definition) video/audio:
    • If you run both a corporate Desktop and a Personal desktop at the same time, only one VM can have HDX running at a time – and to switch HDX functionality between VMs you have to shut them down…it cannot be done on the fly. This is unfortunate because without HDX, video is really choppy and difficult to watch. Citrix has already said this will not change before RTM (Release to Manufacturing).
    • If you are taking advantage of the feature we described earlier where you publish an application from one desktop and subscribe to it from the other, you can have HDX running in the subscribing desktop, but not in the publishing desktop.
  • We’ve not yet been able to do a successful physical-to-virtual (“P2V”) migration of a desktop OS into the XenClient environment. Citrix has said it will release a version of XenConvert that will be able to do this, but they say it probably won’t be until after RTM.
  • Integrated video cams do not work. This could be a significant issue, since the product is aimed at “road warriors” and many of them will want to use a cam for meeting. It supposedly supports USB video cams, but we have not yet tested this. However, I’m concerned that many users will push back on having to carry an extra peripheral with them. We’ve been told by Citrix that this should be working by RTM.
  • OS Snapshots are not available yet but should be in a future release.
  • No support for 64 bit guests yet.
  • Graphic support for non-Intel graphic chip sets is limited.

Still, this is shaping up to be a great product that will make life easier for many a desktop administrator. If you’ve ever had to manage desktops, you’ve had to deal with this “Catch-22:”

  1. My users are breaking their desktops…I need to lock them down.
  2. When I lock them down, I end up with managers in my face because they can’t install their favorite (fill in the blank).
  3. I back off and give them local admin rights so they can install (fill in the blank).
  4. Return to Step 1, repeat ad nauseum.

XenClient gives us a glimmer of hope that we may be able, sometime soon, to break out of this cycle!