122: The Citrix Session: Deliver an amazing UX with a non-domain joined (NDJ) Citrix Linux VDA

Dec 6, 2022

In Citrix Consulting Services, most of our engagements involve Microsoft technologies. But Linux virtual desktops have proved to be an interesting use case for many of our customers.

It’s an ideal solution for developers, high-graphics users, and others. One interesting scenario I worked on recently involved a non-domain joined (NDJ) Linux VDA, which provides IT departments with the ability to deliver a Linux Desktop in a segregated, secure environment where Active Directory integration is not possible.

By: David Pisa

Host: Andy Whiteside
Co-host: Bill Sutton
Co-host: Geremy Meyers
Co-host: Todd Smith

WEBVTT

1
00:00:02.450 –> 00:00:08.110
Andy Whiteside: Hello, everyone! Welcome to episode 122 of the Citrix Session. I’m. Your your host, your ringleader

2
00:00:08.450 –> 00:00:13.470
Andy Whiteside: gang leader. I’m not sure what it is. Andy White Side today is December fifth.

3
00:00:13.520 –> 00:00:19.349
Andy Whiteside: 2,022. I throw the date in there now, so help myself keep it straight screwed up a couple

4
00:00:19.520 –> 00:00:25.099
Andy Whiteside: a couple of weeks ago. so now i’m working on that making better. I’m trying to improve myself. Guys. That’s what that’s what it is.

5
00:00:25.170 –> 00:00:32.630
Andy Whiteside: I’ve got a great great great great panel of folks today. I’ve got Bill Sudden director of services. Bill, how’s it going? Going. Great, Andy.

6
00:00:33.220 –> 00:00:37.080
Bill Sutton: you getting ready to buy all this Christmas presence. Oh, yeah, it’s already started.

7
00:00:37.780 –> 00:00:44.970
Andy Whiteside: my my son and I sat down and ordered some Christmas presence yesterday. It was so much easier than the old days. I’ll leave it at that.

8
00:00:45.530 –> 00:00:57.559
Bill Sutton: I can remember being I can remember being the single guy at the 11 o’clock on Christmas e running through the Mall, trying to by the last minute. Yes, now i’m the married guy pretty much doing the same thing

9
00:00:57.630 –> 00:01:01.099
Bill Sutton: if I do it online 2 days before.

10
00:01:01.270 –> 00:01:15.090
Geremy Meyers: It’s getting expensive, though it’s getting a way more expensive. My my kids are getting older and what they are into is not cheap. But I did do a a a look up. I wanted to find how much that super nintendo from back in the day was now my kid wants an oculus.

11
00:01:16.350 –> 00:01:17.170
Bill Sutton: wow!

12
00:01:17.270 –> 00:01:24.819
Andy Whiteside: Here we are. Yeah, My son asked for a $1,400 thing the other day, and I’ve got one. So he just assumed he should have one.

13
00:01:25.370 –> 00:01:29.810
Andy Whiteside: It’s great, especially when you like toys yourself and Amazon clause comes every single day.

14
00:01:31.080 –> 00:01:43.909
Geremy Meyers: That was the voice of Jeremy Myers. Jeremy is the director of the Sales engineers on the east Coast for Citric Jeremy. How’s it going? It’s going Well, it’s going. Well, I just got a notification that Baker Mayfield just got drop Todd, so I thought you might appreciate it.

15
00:01:44.200 –> 00:01:46.349
Geremy Meyers: That little negative info from the panthers

16
00:01:47.360 –> 00:01:49.729
Todd Smith – Citrix: I live the history of Baker.

17
00:01:51.170 –> 00:01:54.429
Andy Whiteside: the myth of Baker May. But did they play yesterday?

18
00:01:55.370 –> 00:01:57.629
Geremy Meyers: Okay.

19
00:01:57.730 –> 00:02:06.050
Andy Whiteside: the kid didn’t lose. That’s that’s a good point. I was so busy as we can, I can tell. I raked leaves for the fifth week in a row. I live in the woods.

20
00:02:06.550 –> 00:02:07.690
Andy Whiteside: It’s insane.

21
00:02:08.220 –> 00:02:15.190
Andy Whiteside: I want to move every year this time, and then I realize how beautiful it is rest of the year. But, man, 5 weeks in a row, raking leaves at least one weekend day.

22
00:02:15.880 –> 00:02:22.350
Andy Whiteside: Todd Smith, Director of Sales Engineering for all of Canada. How’s it going? I’m doing well, Gandy, how are you?

23
00:02:23.060 –> 00:02:27.569
Andy Whiteside: I’m good Last week I was at aws, so i’m I didn’t get home until Saturday, and

24
00:02:27.600 –> 00:02:31.020
Andy Whiteside: holy cow 60,000 people at a conference. I’d never seen such a thing

25
00:02:32.560 –> 00:02:35.260
Andy Whiteside: so competing with the old consumer electronics show.

26
00:02:35.570 –> 00:02:44.239
Andy Whiteside: Oh, yeah, Well, I think that’s still bigger all the drivers were like, oh, this is nothing. We can come back in January or whatever it is. January, December. Which one was it?

27
00:02:44.870 –> 00:02:50.610
Todd Smith – Citrix: It was January typical. Yeah. So I remember going out there. What was the old contacts.

28
00:02:50.650 –> 00:02:51.360
Andy Whiteside: Hmm.

29
00:02:52.110 –> 00:02:57.160
Andy Whiteside: In this situation it was aws plus the rodeos in town. That was quite interesting.

30
00:02:58.730 –> 00:03:00.679
Geremy Meyers: That’s funny. Now, where was it at this year?

31
00:03:00.800 –> 00:03:04.190
Andy Whiteside: That was Las Vegas. I don’t think you could have anywhere else. It’s too big.

32
00:03:04.830 –> 00:03:15.580
Geremy Meyers: I’d say what we did it in Atlanta a few years ago, and the thing that struck me so, Sisters kind of booth, and you know i’m the virtualization guy don’t get me wrong. I love that scaling. But you know the virtualization. Guy

33
00:03:15.600 –> 00:03:26.310
Geremy Meyers: and the folks who came up to me were primarily interested in networking, which I thought was pretty interesting. And then just walking around a lot of the booths. What was really exciting was just the ecosystem of what is aws. So

34
00:03:26.380 –> 00:03:40.239
Geremy Meyers: that’s when I I got my first taste of what Delops was, and just the all the little players off, not the little players, but just all the players in the space. And I mean it was data, lakes and devops, and just the the entire Re. Was pretty really interesting. Actually.

35
00:03:40.360 –> 00:03:54.710
Andy Whiteside: that was impressed next. But all all the different vendors we work with in the Uc. Space which I think you would find. I think you’d find that if you went this year in user compute was very much a small conversation but bigger than ever and bigger than I thought it would be.

36
00:03:55.850 –> 00:03:56.909
It is interesting.

37
00:03:57.230 –> 00:04:01.849
Andy Whiteside: I think aws is caught on to that middleware that end user story, and how you know that’s

38
00:04:01.970 –> 00:04:06.820
Andy Whiteside: starting point for lots of other technology conversations

39
00:04:07.250 –> 00:04:08.750
Andy Whiteside: in their ecosystem

40
00:04:09.980 –> 00:04:13.579
Andy Whiteside: in pandemic right had an impact on people needing

41
00:04:13.720 –> 00:04:20.619
Andy Whiteside: to explore this world. But I tell you this, and I mean you got to. I was in many, many, many sessions where people they didn’t know what Rdp. Was.

42
00:04:20.640 –> 00:04:23.039
Geremy Meyers: They didn’t know what a virtual desktop was.

43
00:04:23.270 –> 00:04:27.309
Andy Whiteside: They know what a hypervisor was. It’s a whole new generation of

44
00:04:28.120 –> 00:04:30.020
Andy Whiteside: people, some young, some old.

45
00:04:30.270 –> 00:04:36.519
Andy Whiteside: that don’t know what it is. We do every day and act like it’s just being invented for the first time it was insane.

46
00:04:36.800 –> 00:04:46.899
Geremy Meyers: I’ll tell you what’s interesting, and you know. I guess it is sort of a little bit of lead into the blog post we’ve got today, but you know, running Linux and azure. The idea of standing up a Linux Vda

47
00:04:46.980 –> 00:05:01.009
Geremy Meyers: virtual desktop agent in azure. You roll out a a Linux machine. You have to actually go in and install the go. You have to go in and install Rdp and all these different steps. And you know I’ve monkeied around with Linux over the years on a physical desktop, and

48
00:05:01.160 –> 00:05:09.590
Geremy Meyers: that’s something I’ve never had to do before. And yet I find myself, you know, tracking down the exact app get packages just installed. Now

49
00:05:09.630 –> 00:05:16.820
Geremy Meyers: it’s fascinating because you got folks who are doing Linux in in the clouds. Who this is not something that’s not something to eat right? It’s very interesting.

50
00:05:17.190 –> 00:05:21.810
Andy Whiteside: Well that that’s part of my topic, too. From last week I was talking to a guy, young guy.

51
00:05:21.870 –> 00:05:35.119
Andy Whiteside: He was all about how he wanted to to virtualize his desktop users, but had no idea where to even start. I’m like, okay, where you been, but he’s doing. He didn’t know a different. And I start talking about Rdp. Like remote desktopping into a a terminal server or something to get work done. It’s like I don’t know what that is.

52
00:05:35.370 –> 00:05:40.399
Andy Whiteside: And finally I said, Well, ssh! He goes. No, I do, sah. It all the time. It’s like, oh, okay, now we can talk.

53
00:05:40.460 –> 00:05:44.200
Andy Whiteside: And he got the concept once I could tie it back to a a cli world.

54
00:05:46.300 –> 00:05:51.809
Andy Whiteside: So our our last panelists and Mr. Patrick Cobel, Patrick, I assume you’re sitting in Tennessee somewhere. Are you somewhere else.

55
00:05:51.970 –> 00:06:07.409
Patrick Coble: Yeah, yeah, Just got back from Wisconsin for a. V mug and then leave out in a day to Cincinnati and then Portland the week after. So yeah, it’s a musical cities for the next little bit.

56
00:06:08.000 –> 00:06:25.649
Andy Whiteside: So I will note while look at Patrick in the spotlight. Here Patrick does an amazing job doing Vdi security assessments. If you have a virtual app or desktop environment, and you don’t have Patrick looking at it, or someone like Patrick, because he’s probably one of the only his teams on the planet that actually does this for a living you need to, because

57
00:06:25.690 –> 00:06:33.790
Andy Whiteside: the the opportunity to find security vulnerabilities that nobody else is looking for inside a virtual app and desktop environment is a no-brainer that you should

58
00:06:34.000 –> 00:06:35.300
Andy Whiteside: make sure you have that covered

59
00:06:35.940 –> 00:06:50.459
Patrick Coble: probably on a quarterly basis. Patrick, what your ideal customer, how to would they take a look at that environment? most people when we do a audit that’s yearly, but sometimes it takes months to remediate. So I’ve had clients that have had to that it’s taken

60
00:06:50.470 –> 00:07:04.669
Patrick Coble: almost a year or mediate because they had hundreds of findings because we looked at active Directory. We looked at privilege account management, and we looked at like vdi security, which is kind of the big 3 thing, the trifecta of success or doom depending on how they’re configured?

61
00:07:04.750 –> 00:07:32.689
Patrick Coble: And is it? Do you agree with what I said just now that your normal intrusion protection or your normal security audit is not going to be looking for the things you’re looking for, at least in the virtual side of the equation. Right? Yeah. Yeah. In most cases they completely exclude that domain, that deployment, that whole thing from the audit, and even in some some big deployments that I would have never thought it would be like. That is like that. and it. And so that expertise of the Vdi side

62
00:07:32.700 –> 00:07:48.070
Patrick Coble: to make sure that your session policies are strong, and that you have Ssl and Tls turned on in the right places and the right settings configured for Security, you know, gets overlooked. If you did any penetration test from somebody that was at Vdi aware

63
00:07:48.610 –> 00:07:51.850
Andy Whiteside: what’s what’s the term? I’m looking for? Not intrusion, protection, but

64
00:07:52.830 –> 00:07:55.280
Patrick Coble: what the the the of audit?

65
00:07:55.520 –> 00:08:04.480
Andy Whiteside: well, I mean it’s a vulnerability assessment, or it’s a penetration test

66
00:08:04.590 –> 00:08:13.450
Andy Whiteside: a lot of times. You build this in parallel virtual app and desktop presentation streaming world to get around, You know the normal stuff.

67
00:08:13.540 –> 00:08:23.830
Andy Whiteside: But when you go to audit you don’t audit that stuff, because but yet this is the stuff you invented. They’re created to go around the traditional stuff, and you just sit there. Look at the traditional stuff over and over again.

68
00:08:23.870 –> 00:08:24.669
Patrick Coble: That’s right.

69
00:08:25.830 –> 00:08:45.469
Andy Whiteside: all right. Well, guys, the the blog we agreed on today was for no no November seventeenth is because, says deliver an amazing ux with a non domain joined in. Dj: You guys are talking a while ago about that acronym, and that’s first time I’ve seen it. But maybe everybody else has Citrix Linux Vda, which is a virtual

70
00:08:45.810 –> 00:08:48.190
Andy Whiteside: delivery agent in this case.

71
00:08:48.430 –> 00:09:00.880
Andy Whiteside: cause why? Why does this matter? Who’s who’s using Linux and their virtual desktop world. i’ll. I’ll go to Bill first, because, Bill, you were talking about a project where we ran into this recently.

72
00:09:01.170 –> 00:09:02.449
Andy Whiteside: When do we see this come up?

73
00:09:02.960 –> 00:09:22.239
Bill Sutton: Well, I think when it comes to there’s 2. There’s really 2 pieces of this question. When it comes to Linux I think it. A lot of it is is certain industries that favor, Linux and I think this is dealt with in the article, probably the one we’ve we’ve seen historically with in our projects is oil and gas. so we’ve we’ve had a couple of customers that wanted to leverage

74
00:09:22.290 –> 00:09:25.030
Bill Sutton: Linux workloads

75
00:09:25.090 –> 00:09:34.600
Bill Sutton: with citrix, virtual apps and desktops for the purposes of accessing certain applications that were written or developed in the Linux platform, or on the Linux platform.

76
00:09:34.630 –> 00:09:35.590
Bill Sutton: and

77
00:09:35.600 –> 00:09:56.450
Bill Sutton: those, however, those were the main joined, so you had to install lots of things on the image in order to enable that to connect properly to Active Directory, and allow for Active Directory based authentication and things along those lines. What this is talking about is the concept of that Linux Vda, and and by extension. We we also, and this will come up.

78
00:09:56.460 –> 00:10:08.429
Bill Sutton: I had a situation where we had a windows environment where the customer wanted to access non domain joined workloads running in the cloud really running anywhere, for that matter.

79
00:10:08.530 –> 00:10:26.039
Bill Sutton: so the concept of non domain joined has really always not been around. We we’ve always required active directory or some other sort of identity provider. In the case of Cbad that they’re centric search labs and desktop. It’s always been active Directory as the repository for the user accounts and all the security and such

80
00:10:26.080 –> 00:10:31.760
Bill Sutton: but this concept of non domain joined is something relatively new. I think so

81
00:10:31.950 –> 00:10:39.500
Bill Sutton: that that’s really kind of 2 answers to one question. But the the Linux pieces we’ve seen it mostly at all, and gas

82
00:10:39.540 –> 00:10:42.350
Bill Sutton: but non domain joined is a whole new ball game.

83
00:10:42.500 –> 00:11:00.659
Andy Whiteside: and I want to do that. I want to encourage the group to. As you talk to this, explain not only the Linux piece but the non domain join piece, and how it applies to the windows. World, Todd, you! You got the Canadian team these days? Have you seen enough time? You had enough time in the seat there to see the old and gas piece of Canada looking for the I have a solution.

84
00:11:00.670 –> 00:11:06.329
Todd Smith – Citrix: Yeah, a little bit, Andy. I mean, we’ve got obviously Western Canada has a ton of oil and gas

85
00:11:07.250 –> 00:11:13.619
Todd Smith – Citrix: and it’s it’s definitely got a use case. We’re seeing an awful lot in the education space as well for Linux

86
00:11:15.390 –> 00:11:23.190
Todd Smith – Citrix: It is primarily due to the cost model, right? So people see Linux as being a a much lower cost alternative to

87
00:11:23.410 –> 00:11:30.229
Todd Smith – Citrix: giving someone a full-blown windows environment and with students not being joined to the domain on their devices

88
00:11:30.460 –> 00:11:40.990
Todd Smith – Citrix: that could open up a lot of a lot of opportunity as well. but we’re, I I think, part of it is also generational. And this is where the the challenge that we’ve got.

89
00:11:41.750 –> 00:11:45.060
Todd Smith – Citrix: You know our users have actually changed

90
00:11:45.080 –> 00:11:46.470
Todd Smith – Citrix: some of their behavior.

91
00:11:47.670 –> 00:11:49.319
Todd Smith – Citrix: they’re doing much more.

92
00:11:49.580 –> 00:11:56.369
Todd Smith – Citrix: you know, in a Linux environment because it’s not always the same as the windows. A little bit more open source

93
00:11:56.620 –> 00:11:59.209
Todd Smith – Citrix: driven so we’re seeing a lot more of that.

94
00:12:00.380 –> 00:12:09.140
Andy Whiteside: So because it what we we we’re talking about, the machine itself, the the Vda, the desktop, the server that we’re connecting to not being joined to the domain.

95
00:12:09.200 –> 00:12:18.320
Andy Whiteside: but the user is in some kind of directory, maybe active Directory, and maybe not, Pat Patrick. How does this is what I just said true. And how does this change the security landscape?

96
00:12:18.900 –> 00:12:25.410
Patrick Coble: Oh, yeah, I mean I I I definitely think it’s right, because this is this is a good way for

97
00:12:25.630 –> 00:12:31.700
Patrick Coble: any any system joined. Active Directory has inherit rights unless you have locked it down

98
00:12:31.900 –> 00:12:32.810
Patrick Coble: to

99
00:12:32.820 –> 00:13:02.789
Patrick Coble: pretty much everything in the domain. even when we were back in the eighties and Internet used to fall out the back of the cable. If you didn’t put a terminator on the Bnc connector, same thing happens here. You can. A a domain computer can join a domain computer to the domain. The domain user can join it to the main. A guest can join it to the domain. So you can have a lot of device pro proliferation unintendedly because of default after directory permission. So if you haven’t fixed those things, then you, just being a member of the domain, is an inherent risk

100
00:13:02.800 –> 00:13:10.180
Patrick Coble: to the domain. So I I agree with Bill. I’ve seen this in oil and gas, and I’ve seen it in a couple banking industries to

101
00:13:10.220 –> 00:13:22.470
Patrick Coble: and so they get off windows, so they don’t have to worry about that because they can ensure that there’s no they don’t they have no more extra privileges on that system other than what’s allowed

102
00:13:22.480 –> 00:13:36.639
Patrick Coble: based on the Linux distro that they picked so it can make a make a good impact. It’s not for everybody. I think the most important thing that’s overlooked, and I’ve done a couple of audits on non domain join systems on the window side and a couple on the Linux

103
00:13:36.650 –> 00:13:53.980
Patrick Coble: is that then those devices become completely unmanaged, and they’re just wild Wild West. So you still want some type of big fix tanium in tune. Whatever your poison of choice is to make sure you still know what in the world that endpoint is doing, and not just

104
00:13:54.050 –> 00:13:57.530
Patrick Coble: make it non domain join, and just hope for the best

105
00:13:57.540 –> 00:14:19.039
Andy Whiteside: it’s it’s kind of a double-edged sword right where you’ve got you want it in the domain. So you know it’s there and you know what you’re trying to monitor and maintain and secure at the same time that gives us privileges in the Microsoft world. It gives you access to things like being able to join it to the domain that you may not want somebody to have, which is enabled to 2, a 3. Jeremy, would you agree that that’s what you see in the Microsoft world often.

106
00:14:19.350 –> 00:14:26.920
Geremy Meyers: Yeah. 100. But you know what I think. what we’re also seeing is especially for like cloud native environments.

107
00:14:26.960 –> 00:14:45.309
Geremy Meyers: you’ve got customers who don’t need a. They don’t need active directory. They don’t want to stand up an active directory simply, for you know identity, you know they just want to stand up desktops in the cloud, and the idea they want to use is something else. Google, you know Pain, you know, pick an identity doesn’t really matter.

108
00:14:45.320 –> 00:14:47.610
Geremy Meyers: But you get some folks who are just.

109
00:14:48.100 –> 00:14:54.430
Geremy Meyers: They don’t need it right? So they find themselves standing up an arbitrary directory simply to support traditional end user compute

110
00:14:54.530 –> 00:15:02.710
Geremy Meyers: for things like windows. And so, you know, I think maybe what this this article is really getting to is you got options right? You don’t necessarily need

111
00:15:02.870 –> 00:15:07.049
Geremy Meyers: directory to support this anymore. You know you don’t need.

112
00:15:07.210 –> 00:15:17.749
Geremy Meyers: you know, need domain, join machines to provide access. So this is a this is a fascinating article in a few different areas it bleeds over into the windows, or even though this is specifically Linux focus.

113
00:15:18.080 –> 00:15:24.140
Andy Whiteside: So let me ask this question to the group. And you guys just respond as you want. Do you think Microsoft’s got to the point where they

114
00:15:24.310 –> 00:15:27.879
Andy Whiteside: see that this is part of the future, and they’re open to

115
00:15:27.930 –> 00:15:32.630
Andy Whiteside: not having to control the Directory and where the machines live. They just want to be part of the workloads

116
00:15:34.060 –> 00:15:53.409
Geremy Meyers: they do. They do. If you look at their architectures around, add your Id right. So you don’t necessarily need active directory back or after directory back in your azure the accounts if you don’t need to. There’s a way to do it. They’ve had hybrid AD Jo. But if you go look at creating spinning up windows, machines, and azure these days. It gives you the option to

117
00:15:53.570 –> 00:16:01.879
Geremy Meyers: to leverage as your AD as a single sign on point. so even Microsoft understands that identity is a big deal here, and the way things have been

118
00:16:02.020 –> 00:16:06.649
Geremy Meyers: done for 20 years it’s certainly changing. And so I I think they very much get it.

119
00:16:07.400 –> 00:16:08.090
Yeah.

120
00:16:08.250 –> 00:16:09.169
So is

121
00:16:09.500 –> 00:16:14.720
Andy Whiteside: Guys. Would you agree that? so that fight over the directory where the machine lived? It’s still there.

122
00:16:14.880 –> 00:16:20.689
Andy Whiteside: But there’s so many different avenues to take these days that nobody’s going to go to their grave fighting over that one.

123
00:16:23.890 –> 00:16:25.810
Geremy Meyers: Yeah, I would agree, I would agree.

124
00:16:27.190 –> 00:16:36.760
Andy Whiteside: So, guys, for I move on. David Pisa is the author of this blog on to make sure he gets credit for that with. We’re just the guys talking about it. He’s the smart guy that wrote it up.

125
00:16:40.030 –> 00:16:45.080
Andy Whiteside: let’s jump in the next section requirements and current limitations Todd. You want to

126
00:16:45.120 –> 00:16:47.189
Andy Whiteside: try to tell us what David’s covering here.

127
00:16:48.070 –> 00:16:56.140
Todd Smith – Citrix: Yeah. So so a couple of things, right? So you know, you need to know a little bit about what the restrictions are, what the limitations are.

128
00:16:56.280 –> 00:17:01.449
Todd Smith – Citrix: It is currently focused on Das right? So it’s our desktop as a service offering

129
00:17:01.700 –> 00:17:05.520
Todd Smith – Citrix: and you have to be using the netscal or gateway service.

130
00:17:05.680 –> 00:17:13.790
Todd Smith – Citrix: and if you’re using Linux desktops you have to be deploying them, using machine creation services, Gram Cs: so it’s kind of a focused

131
00:17:13.970 –> 00:17:14.930
Todd Smith – Citrix: approach.

132
00:17:16.730 –> 00:17:20.930
Todd Smith – Citrix: there are some limitations, right? So you know, storefront

133
00:17:21.160 –> 00:17:26.230
Todd Smith – Citrix: not being supported, you have to use such workspace and the muscular gateway service.

134
00:17:26.250 –> 00:17:29.990
Todd Smith – Citrix: Once again. you need to be able to

135
00:17:30.130 –> 00:17:34.710
Todd Smith – Citrix: understand that we we also don’t support the remote PC. Right now.

136
00:17:36.400 –> 00:17:41.280
Todd Smith – Citrix: you know. Once again we’ve we’ve got a lot of product documentation that it includes this, for. So there’s a

137
00:17:41.550 –> 00:17:46.359
Todd Smith – Citrix: very, very valuable links in here about where to go to to find

138
00:17:46.770 –> 00:17:52.840
Todd Smith – Citrix: the restrictions and limitations. but the biggest thing is, you know, understanding where

139
00:17:52.980 –> 00:17:55.709
Todd Smith – Citrix: what Linux distributions

140
00:17:56.180 –> 00:18:00.999
Todd Smith – Citrix: it covers, and what we’ll also what hypervisors are supported as well.

141
00:18:02.570 –> 00:18:10.179
Andy Whiteside: So the rest of the team any any concerns about the those limitations and those being show stoppers for possible use cases.

142
00:18:11.660 –> 00:18:30.989
Geremy Meyers: not really I mean, I think if this is your use cases not domain, join you. Let’s be clear about this, You know, with the on-premise product you we support Linux right, and we support Linux that are domain joined, so that use case is not stopped. that works with storefront. It works with the on premium n scale as well. But you know, I think, what we’re talking about here specifically.

143
00:18:31.000 –> 00:18:33.979
Geremy Meyers: you know non domain join access, which

144
00:18:34.620 –> 00:18:35.589
Geremy Meyers: I mean. I

145
00:18:36.190 –> 00:18:46.770
Geremy Meyers: I I don’t know if we have a parallel on from outside of maybe anonymous access, maybe the closest thing, but it’s sort of a new concept, and it’s specifically cloud focus. So you know, I think, for customers looking

146
00:18:47.060 –> 00:19:04.589
Geremy Meyers: for this type of access. they’re probably also looking for maybe an in a unique directory as well. So maybe Google is an idp, maybe as your AD. I don’t know. It probably makes sense to be on the Citrus Cloud platform. This is a just as an East to roll out of being honest. But.

147
00:19:04.750 –> 00:19:19.639
Geremy Meyers: like I said, just real quick. This works on prem it’s just not not done to make joint, You can do Linux vdas on prem for sure. Is this an example of something you think it’s gonna eventually come to the on-prem version or an example of how you can do things in the service offering that you’ll never be able to do with on-prem.

148
00:19:21.040 –> 00:19:30.370
Geremy Meyers: Man, If I had a crystal ball. There. I would love to tell you one way or the other. But I will say this citrix is very committed to the on-premise product, so it wouldn’t surprise me, but I know nothing

149
00:19:30.520 –> 00:19:31.500
Geremy Meyers: whatsoever.

150
00:19:32.000 –> 00:19:38.919
Todd Smith – Citrix: And I and and just to chime in here, you know, I think Jeremy brought up a very valid point about the anonymous access.

151
00:19:39.360 –> 00:19:44.559
Todd Smith – Citrix: we’re seeing customers across the board moving away from this anonymous access model.

152
00:19:44.820 –> 00:19:49.479
Todd Smith – Citrix: and i’m sure Patrick probably sees this in his security audits that he does

153
00:19:49.680 –> 00:19:55.679
Todd Smith – Citrix: a lot where customers and the compliance programs moving away from

154
00:19:56.050 –> 00:20:00.239
Todd Smith – Citrix: allowing anonymous access, you need to be able to identify who the users are

155
00:20:00.390 –> 00:20:05.830
Todd Smith – Citrix: and where they’re coming in from, and all the all the other security components. An anonymous access kind of just

156
00:20:05.850 –> 00:20:07.419
Todd Smith – Citrix: breaks that entire model.

157
00:20:08.460 –> 00:20:15.160
Patrick Coble: Yeah, for sure, I mean, Kyc laws depending on your industry. You know your customer have been cranked up to 11,

158
00:20:15.280 –> 00:20:34.849
Patrick Coble: and so you, you, as a business in most cases banking retail, especially socks. Pci hipaa you have. You can’t allow anonymous access to things like that to any type of sensitive or privileged information. So you you have to know who they are. so.

159
00:20:34.860 –> 00:20:44.600
Patrick Coble: And then 1 point out what we were talking about on the as your AD side is. I stood up a client that did cloud PC. So their very first time they ever did it. Just kind of a side story.

160
00:20:44.620 –> 00:20:48.670
Patrick Coble: But this goes to show you that as your AD is not secure by default.

161
00:20:48.760 –> 00:20:55.459
Patrick Coble: they went next. Next Next join the Cloud chug. In the Kool-a got their virtual desktops had as your AD next next next.

162
00:20:55.490 –> 00:21:06.869
Patrick Coble: and what’s it? Security score? What would you guess? The security score is as your AD out of the box never had a good configuration or bad configuration. It’s a 100 point scale. Does anyone get a guesses?

163
00:21:07.330 –> 00:21:13.400
Geremy Meyers: You know what i’ll say? I’ll say a c. So we’ll we’ll get. I’ll say 75. I’m: 25 Bill. What? Are you thinking

164
00:21:13.840 –> 00:21:17.509
Patrick Coble: Probably 2025. Oh, that’s good Jeremy

165
00:21:18.790 –> 00:21:36.490
Patrick Coble: that was so yeah. Yeah. So what a bill? Say? 25. I’ll be 5. Point one. Okay, you’re doing prices, right?

166
00:21:36.590 –> 00:21:38.859
Patrick Coble: Yeah. So it’s 52.7, 8.

167
00:21:38.930 –> 00:21:52.530
Patrick Coble: Yes, out of the box and f right right, and that goes to show you that active directory out of the box, even from Microsoft, from the mothership on the cloud Kool-aid.

168
00:21:52.730 –> 00:21:56.089
Patrick Coble: It’s not all sunshine and rainbows. You still have

169
00:21:56.140 –> 00:22:20.070
Patrick Coble: hundreds of policies that have to be configured, and that backwards compatibility of legacy operating systems is the number one reason it’s like that. and so it it just kind of blew my mind. I was like no way, because it’s the first time I had ever set up a new, active, directory tenant that wasn’t synced from someone’s old Active Directory. Tenant, you know, so kind of wild.

170
00:22:20.700 –> 00:22:37.139
Patrick Coble: but that’s where this non domain join stuff comes in, because if you’ve got a F on your AD right now, because you just set it up, and as your AD you can have it a plus on the Linux side when it comes to. You know what permissions those users are effectively going to have on those systems, so

171
00:22:37.170 –> 00:22:45.259
Andy Whiteside: it can be a good trade.

172
00:22:45.480 –> 00:22:52.369
Andy Whiteside: It it’s still there, I mean still a decade or 2 decades after getting serious about security which they have. But still.

173
00:22:53.180 –> 00:23:02.159
Andy Whiteside: if you just follow the the default installs, you end up in a place where you need Patrick Cobb to come Talk to you.

174
00:23:02.200 –> 00:23:20.590
Patrick Coble: Yeah, we’re we’re sitting here staring at this part. Here we’re on the page. We’re on the Linux Vda where you got to install your whatever ui of choice there is this is kind of something that blew me away. I didn’t know you could join something to Microsoft in tune without a gui.

175
00:23:20.880 –> 00:23:38.710
Patrick Coble: There’s no command line interface to do that. So like if you’re on Amazon Linux or bun to Red Hat sushi whatever whatever flavor of choice you pick, you have to put a gui on there so that you can walk through their wizard to enroll the device you can install in tune, but it can’t connect to the mothership.

176
00:23:38.720 –> 00:23:46.869
Patrick Coble: So if we’re looking at this little line here, it’s getting all the good he’s done for dotnet, so that the Vda will be happy.

177
00:23:47.120 –> 00:23:51.809
Geremy Meyers: I love the fact that you’ve got a few different desktops. I mean, that’s that’s always been

178
00:23:52.050 –> 00:23:54.929
Patrick Coble: so. The thing with Lettx is you got offices there? There’s actually

179
00:23:55.100 –> 00:23:59.850
Geremy Meyers: I think, 3 or 5 different ways. You can add Linux to a domain if you need to like.

180
00:23:59.940 –> 00:24:06.769
Patrick Coble: yeah, certain ways to do that, I just it. It’s very interesting how this this whole ecosystem works is completely different than what I used to.

181
00:24:07.880 –> 00:24:12.299
Andy Whiteside: Yeah, the idea you have to install a user Ui machine

182
00:24:12.520 –> 00:24:13.470
Andy Whiteside: to go.

183
00:24:13.920 –> 00:24:15.700
Andy Whiteside: Well. So okay, so make sure.

184
00:24:15.900 –> 00:24:19.360
Andy Whiteside: In order to do this, a non domain joined.

185
00:24:19.400 –> 00:24:23.330
Andy Whiteside: Vda: you have to have a Ui, that’s what this is, pointing out

186
00:24:23.590 –> 00:24:27.670
Andy Whiteside: any additional contact content you want to add to that?

187
00:24:29.670 –> 00:24:31.050
Todd Smith – Citrix: No, I’m.

188
00:24:32.560 –> 00:24:42.880
Todd Smith – Citrix: you know. I think the fact that we’re going back to a conversation around command line brings us back to the days when we all probably had to deal with auto exec up at files and

189
00:24:43.140 –> 00:24:45.469
Todd Smith – Citrix: login scripts and all that fun stuff.

190
00:24:46.140 –> 00:24:49.339
Todd Smith – Citrix: Command dot B. And all that good.

191
00:24:49.480 –> 00:24:57.260
Andy Whiteside: Well, I think my Linux in Aix or Unix friends probably get didn’t appreciate that comment to but yes, command line.

192
00:24:58.010 –> 00:25:10.490
Andy Whiteside: So like I kind of grew up around a unix guy, and he made it clear earlier on. That’s the command line thing I was messing with, and you know, in t days is not the same as the shell which these days it is a show with power.

193
00:25:10.930 –> 00:25:15.779
Geremy Meyers: and to go back to what I just said. You got multiple options for a shell, too, if you get

194
00:25:15.820 –> 00:25:17.709
Geremy Meyers: it. Bash, you get the regular show.

195
00:25:18.510 –> 00:25:23.889
Patrick Coble: and it. It goes back to what we’re talking about. A little bit about Microsoft and Linux in that situation

196
00:25:24.060 –> 00:25:31.439
Patrick Coble: you can run their Linux You can run power. Show on anything. Now you can run their visual studio code on anything now

197
00:25:31.490 –> 00:25:46.989
Patrick Coble: and you can run Linux on windows now, so that windows 11 desktop that we’re on right now you can run Linux on it and use it’s ui and command structure so there the the force is strong now with Microsoft, and Linux it’s it’s

198
00:25:47.000 –> 00:25:54.149
Patrick Coble: it’s going there. So I think it’s because they also, you know, want to be able to be in on that deal, so someone will still have something.

199
00:25:54.850 –> 00:25:56.810
Andy Whiteside: Yeah, miss, Linux Trains coming

200
00:25:57.040 –> 00:26:05.089
Andy Whiteside: for various reasons. And Microsoft didn’t stupid. They want to be part of that plus. Now you got this as your thing where they want any workload possible on azure.

201
00:26:05.150 –> 00:26:07.570
Andy Whiteside: whether it’s based on a windows kernel or not.

202
00:26:10.360 –> 00:26:16.530
Geremy Meyers: they, I I think they would tell you that a lot of their workloads and azure are probably Linux based. So yes, it behooves them.

203
00:26:16.860 –> 00:26:21.569
Geremy Meyers: I can use it all the work it moves them to to really invest. For sure

204
00:26:22.120 –> 00:26:26.950
Andy Whiteside: I mean the site that’s currently running the citrus blog. Do you think that’s a windows box behind the scenes? Probably not.

205
00:26:28.350 –> 00:26:29.410
Geremy Meyers: Probably not.

206
00:26:30.170 –> 00:26:48.939
Andy Whiteside: And then now some in user workloads are showing up there as well, all right. So Bill, as a technical guy, or and all of us are technical. But as the guy who actually has consultants out doing work, this cover, this.net net thing for me, and why why it matters Well, i’m not going to go in all the details, because there’s a boatload of them in here. But fundamentally, I think.

207
00:26:48.950 –> 00:26:55.779
Bill Sutton: Patrick touched on it. Do you need net to install and and run the Vda for? Linux so

208
00:26:55.790 –> 00:27:12.089
Patrick Coble: you know that the.net runtime is, is what is it? Visual studio or visual, c. I’m. Not sure what the language is that underlies it, or if it’s its own language. But oh, it it’s it’s kinda it’s almost true.net, but it’s basically just an interpreter.

209
00:27:12.100 –> 00:27:23.740
Patrick Coble: I I said this at the conference last week because they were talking about powershell, and how you can run it on anything now, and they were like, Well, you have. You can run power. Show on anything, but you have to put net on it first.

210
00:27:23.750 –> 00:27:50.360
Patrick Coble: and I was like, oh, yeah, so.net’s pretty much the Microsoft Java, and it was like I. I stabbed a couple of people in the park. They were like. You can’t say that in the same sentence I was like. It’s a universal programming language that can be obfuscated and created on other operating systems. I was like, that’s the definition of what Java was for for better, for worse. It’s for the better part for now. but dotnets have to get updated all the time, too, because of threats. So

211
00:27:50.370 –> 00:28:09.809
Bill Sutton: I think the take away here, Andy is that this is just. It’s a dependency. It’s a requirement. In order for the Vda to run properly. You have the same dependency on windows. You’ve got to have the correct version of the.net runtime running on that operating system in order for the Vda and other applications to run properly, and that’s really what they’re talking about here on. Linux

212
00:28:10.100 –> 00:28:18.149
Andy Whiteside: I think the big difference right in modern day. I don’t know how long it’s been, but it’s been a while, dot that’s just on there whether it’s the updated version, not to another question, but

213
00:28:18.160 –> 00:28:33.750
Patrick Coble: I don’t I don’t remember having to install.net, or having you know, the window, the citrix installer kick off a.net install in a while. Maybe I just haven’t done enough of them. Yeah, it. It fires it off. It does Yup, and then and then that’s the same thing. Now, with power show right? Like. If you depending on your operating system, it’s partial 5.

214
00:28:33.790 –> 00:28:46.130
Patrick Coble: They skip 6, because it was just like a terrible experience for the whole world. And now everything’s on 7. So if you have it updated your power, shell 2, 7, then it’s not it doesn’t come down automatically from windows updates right?

215
00:28:46.140 –> 00:29:05.929
Patrick Coble: So so let me clarify that real quick. So, and I do a server install. It installed.net, and then the Vda when I do a client install, in other words, on windows 10 or 11. Is it dotnet already there, or am I Just not? It it should be, but I think all it does is do some pre rerecks for it. So if you’ve got a fully up to date system, I I don’t think it blasts it down anymore.

216
00:29:06.160 –> 00:29:21.899
Patrick Coble: yeah. But I think it also office gates a lot of that in the new installer. So it might be doing it, and you just don’t know before it did actually show the lines of it doing all these things. I think it’s there, and I think that ties in this conversation in the server, Multi-user and vda

217
00:29:21.910 –> 00:29:35.749
Andy Whiteside: they don’t put Microsoft doesn’t put stuff on server it doesn’t need therefore.net not there until you need it. And then, all of a sudden, you’re going to need it for the Vda. But in the client OS I think it is there, and it’s just a matter of configuring it when the Vda install that if I remember the install process right

218
00:29:37.880 –> 00:29:50.319
Andy Whiteside: nonetheless in Linux world, you gotta do it. And then now you gotta go out and get the citrix virtual desktop age. Oh, wait a virtual delivery agent. Sorry i’m an old school for a minute. Here I use the right acronym or the right. The definition, Jeremy.

219
00:29:50.840 –> 00:29:51.660
Todd Smith – Citrix: you did.

220
00:29:51.820 –> 00:29:55.940
Geremy Meyers: You did. You did, although it is funny that it says in desktop via. So that’s

221
00:29:56.670 –> 00:29:57.490
Yeah.

222
00:29:57.560 –> 00:30:02.099
Geremy Meyers: this is a little contradiction, but we’ll we’ll look. You know it’s it’s baked in there. It’s, you know.

223
00:30:03.370 –> 00:30:16.370
Patrick Coble: Hey? We still got dazzle in the registry. So I I think. Yeah, that’s right. Nasal lives on forever. It’s going to be like a cockroach in the Citrix world is going to be there forever, and I’m and i’m excited and always happy every time I see it in the registry

224
00:30:16.460 –> 00:30:32.440
Andy Whiteside: you like did in this okay. So I I put the desktop you at the user Ui on. I downloaded through some browser. I assume. I assume you guys tell me if they’re actually probably going to do that through the the cli or the shell, and then now i’m doing the whole package install

225
00:30:32.530 –> 00:30:33.500
Andy Whiteside: from

226
00:30:33.650 –> 00:30:47.869
Patrick Coble: you can see that your the way that package works, and the Debian package manager for this. you just pull it down from its its repository. So you don’t have to actually do. you don’t have to go to the website for anything.

227
00:30:48.000 –> 00:31:05.030
Andy Whiteside: and this is probably a little side joke and pretty telling about me. But when I do get a chance to work in shell, which is almost no none other time anymore. But when I was doing my hex stuff and Linux stuff anytime, I’ve typed the command, and I started seeing it do all its magical things and number and letters going across the screen. I just felt so smart.

228
00:31:05.190 –> 00:31:25.050
Patrick Coble: Yeah, yeah, Linux Linux in that sense does have a very gratifying Ui when you have it right, because it’s telling you what it’s doing, and it’s telling you with little Ascii characters. And oh, i’m at 13, and it really is at 13 versus we’re so used to windows installers Where? Says 13, and that’s still another hour and a half.

229
00:31:25.060 –> 00:31:25.720
Bill Sutton: Right.

230
00:31:25.970 –> 00:31:29.370
Patrick Coble: It’s a random number generator actually

231
00:31:29.590 –> 00:31:34.660
Todd Smith – Citrix: well back in the day you used to have. We used to install Nobel products. You have a dot

232
00:31:34.680 –> 00:31:39.399
Patrick Coble: working his way across the screen.

233
00:31:39.470 –> 00:31:47.440
Geremy Meyers: I I do like this one line, though, so you can see what what that installer does. Is it not only installs the Vda, but it goes, and it grabs all the dependencies.

234
00:31:47.550 –> 00:32:04.580
Geremy Meyers: from the it looks like we’re probably running a bunch of here right? So we’re grabbing the the a bunch of dependencies, but you’ll notice down below there’s a there’s a special command called, If you do app fixed broken install, and it will, it will fix your install, which is amazing.

235
00:32:04.860 –> 00:32:06.830
Geremy Meyers: I’ve never had to run that. But

236
00:32:07.460 –> 00:32:09.670
Geremy Meyers: I just think that’s amazing that they’ve included that.

237
00:32:09.710 –> 00:32:20.529
Patrick Coble: Yeah, I I think that that’s a that’s a Linux debate that’s like, you know, Chevy versus Toyota, or whatever is what Sudo does, and

238
00:32:20.900 –> 00:32:28.769
Patrick Coble: because it gets you so much, and it’s the way to office gate, so you don’t have to change into route, but to use it so much

239
00:32:28.800 –> 00:32:34.559
Patrick Coble: you pretty much are route, you know. You’re just not root with root. So that’s very true.

240
00:32:35.640 –> 00:32:39.790
Andy Whiteside: alright? Guys. So help me understand this next piece where we’re configuring the Vda

241
00:32:40.210 –> 00:32:49.799
Patrick Coble: am I doing this through a Ui or my doing this through that’s all command line to it’s a one-liner yup so that way it knows how to et phone home to the dazz mother’s chip.

242
00:32:50.430 –> 00:33:05.349
Andy Whiteside: and it says, let’s see by bypassing the local cloud connectors. The machine must have the following range of it. So what what does it mean by bypassing the cloud connectors? So in a traditional citrix environment with like windows machines, what you would

243
00:33:05.360 –> 00:33:18.669
Geremy Meyers: typically, although you can do this with windows, machines, lots of with the windows machines, you know. You’re identifying the cloud connectors is your your brokers, if you will, and the cloud connector is gonna register that virtual, that Vda on behalf

244
00:33:18.890 –> 00:33:33.890
Geremy Meyers: of the cloud. Right? So it goes to the cloud connector to the cloud where the video goes to the cloud connected to register, and the cloud connector registers that mediate with with the cloud service. What we’re doing here is skipping the cloud connectors all together. And so in this case you’ve got your Vdas

245
00:33:34.040 –> 00:33:36.070
Geremy Meyers: registering directly with

246
00:33:36.160 –> 00:33:38.889
Geremy Meyers: the D service. And so, in order to do that.

247
00:33:38.970 –> 00:33:49.790
Geremy Meyers: you got to have a user in the password, I mean. Why else would you know the cloud, you know? Trust you so? in Citrus Call how we don’t call it using in a password. We call it client, Id and secret.

248
00:33:49.920 –> 00:33:51.510
Geremy Meyers: And so that’s what we’re creating here.

249
00:33:51.600 –> 00:33:54.580
Geremy Meyers: and that’s what you’ll use on your Linux media

250
00:33:54.840 –> 00:33:57.270
Geremy Meyers: it’s sort of a an authentication piece.

251
00:33:57.720 –> 00:34:05.099
Geremy Meyers: What’s nice about this is if you’re running something like Mcs, which is what we’re doing here. You know that same client using the password can be used

252
00:34:05.240 –> 00:34:09.309
Geremy Meyers: with all the Mcs images as well. So all these machines will register directly with

253
00:34:09.580 –> 00:34:10.709
Geremy Meyers: that service.

254
00:34:11.400 –> 00:34:19.339
Andy Whiteside: And so Mcs, because this isn’t single monolithic images. Mcs. Because this isn’t you know, provisioning server.

255
00:34:19.400 –> 00:34:22.160
Andy Whiteside: worthy or qualifiable, or both

256
00:34:24.270 –> 00:34:41.180
Geremy Meyers: Ncs, so that we can do a little bit well in Cs versus Pbs. Is one question. So in this case we’re just it’s a native tool. So there’s not additional pieces to set up. So we’re doing, we’re doing it. Cs: but secondly, I think Patrick hit on this right. So how you manage non domain

257
00:34:41.210 –> 00:34:42.489
Geremy Meyers: machines

258
00:34:42.560 –> 00:34:51.880
Geremy Meyers: and a scenario where you don’t have a typical tool that you’re going to install them to manage them right? So in the windows world, yeah, we just have true policies. Well, now, we’re non domain joined.

259
00:34:51.980 –> 00:35:01.709
Geremy Meyers: How do we manage this so we can still do. Single image management of non domain will join machines. So we update and patch once all of my linked images they all get. It.

260
00:35:03.760 –> 00:35:14.039
Andy Whiteside: Is is that because so? I totally get that, and I understand provisioning services, and it’s magical, Active Directory related stuff. It did so forget about that from it. But I I need to use

261
00:35:14.100 –> 00:35:18.350
Andy Whiteside: Mcs if I want image man, but I couldn’t do this on standalone machines, or I could.

262
00:35:19.380 –> 00:35:24.830
Patrick Coble: no, I don’t. I I think you have to use Mcs because I don’t think this is.

263
00:35:25.070 –> 00:35:33.090
Patrick Coble: I Well, I guess you could not use it. Well, no, you would, because even if you did persistent desktops, as soon as you make that machine catalog, it’s going to walk you through all that.

264
00:35:33.170 –> 00:35:33.930
Patrick Coble: So

265
00:35:34.100 –> 00:35:51.239
Patrick Coble: and then and then that way Everything’s a clone of each other. So just like you said, is you get that patch done once, and then you roll it out. You’re done for all but it just means you’ve got to pay attention to it, and honestly, in some cases Linux depending on how you do. Your packaging

266
00:35:51.250 –> 00:35:57.670
Patrick Coble: can stay up to day and more secure than windows, because windows will only update windows

267
00:35:57.730 –> 00:36:17.469
Patrick Coble: right. So if you Don’t have Patch, my PC. Or some other third party patching thing going on. It’s not going to patch that adobe in that other application, the other application. Whereas when you do app, get, or yum, update or upgrade on any Linux box, it updates every single thing that’s installed, every package, every dependency, every little do, dad

268
00:36:17.480 –> 00:36:20.079
Patrick Coble: and windows. Does it do that by default?

269
00:36:20.970 –> 00:36:33.789
Geremy Meyers: And, Andy, let’s not forget if we’re doing this in the cloud. if you’re doing that full desktop. Now we can. We can turn on auto scaling. So if I’ve got dedicated desktops, then that means for all 100 users. I’ve got 100 machines that

270
00:36:33.930 –> 00:36:41.930
Geremy Meyers: you know for a good user experience. I got to predict when those users are going to be on so I can power it on appropriately or on all the time, and it gets very expensive.

271
00:36:42.000 –> 00:36:51.419
Geremy Meyers: Where in this case, you know, we could do a pool desktop, even though Linux machines and just scale up, scale down as we need to. So we can potentially just reduce that cloud span if we need to.

272
00:36:51.640 –> 00:36:54.410
Andy Whiteside: Yeah. So just for my clear we’re talking about Ped

273
00:36:54.460 –> 00:36:56.229
Andy Whiteside: non- persistent

274
00:36:56.400 –> 00:37:01.610
Andy Whiteside: images, and you guys may not know the answers. But could you do persistent a pool

275
00:37:01.630 –> 00:37:19.999
Patrick Coble: shooting that pull? But assigned Mcs images where the difference in disk lived on until you updated the image, and it would break it all. Or did that even make sense? I know you can on on site in the classic deployment, because I’ve done it so you You can do that there, and I would guess you’d probably be able to do it here. I think this is showcasing

276
00:37:20.040 –> 00:37:25.210
Patrick Coble: the the dazz portion, which would definitely probably be more in line with that non- persistent side.

277
00:37:25.240 –> 00:37:28.539
Patrick Coble: But it should still be able to do the same dance, I would guess.

278
00:37:29.390 –> 00:37:30.640
Andy Whiteside: Yeah. And so

279
00:37:31.260 –> 00:37:40.239
Andy Whiteside: yeah, go ahead. And i’m sorry I I was. What i’m bringing up is kind of a very corner case, and probably almost stupid to bring up. But that’s where my mind went. So sorry about that You hear me go ahead.

280
00:37:41.010 –> 00:37:53.390
Geremy Meyers: no! I was going to hit on that one graph that you got right there. So you know what we’re doing in this particular instance is, we are registering this Linux Uda directly with the desk service, but we’re brokering the Hdx session

281
00:37:53.510 –> 00:37:55.069
Geremy Meyers: through the cloud. Connector.

282
00:37:55.110 –> 00:38:10.070
Geremy Meyers: what you see later in this articles. I think we’re probably going to run out of time. we can also do this completely connectorless, if we need to, which means not only can we register directly with the desk service? But we can bypass the connector as well. If we’re using rendezvous version 2

283
00:38:10.380 –> 00:38:14.670
Geremy Meyers: which is a protocoling that we use with the videos.

284
00:38:14.690 –> 00:38:17.239
Geremy Meyers: and just bypass connectors all together.

285
00:38:19.120 –> 00:38:24.650
Andy Whiteside: So the next section here goes into setting up the the runtime environment. Mcs configuration

286
00:38:24.770 –> 00:38:30.609
Andy Whiteside: stored where they’re stored. But what? What, what if anything, do we need to for our listeners highlight in this section about

287
00:38:30.650 –> 00:38:35.020
Patrick Coble: the runtime environment? do you have to do it exactly right, or it will not work.

288
00:38:39.130 –> 00:38:43.469
Patrick Coble: Choose your correct text, Editor. Good luck!

289
00:38:43.740 –> 00:38:53.200
Geremy Meyers: But but Patrick, does this make your scheme calls here to Guy, for standard installations. Leave everything, is there?

290
00:38:53.320 –> 00:39:04.669
Patrick Coble: It’s the kind of the nature of the beast a little bit. And so yeah, I mean, the good thing is in many cases this stuff can’t work unless it’s perfectly configured. So if you mess up on one of these lines here.

291
00:39:05.040 –> 00:39:07.580
Patrick Coble: then it’s not going to do its dance. So

292
00:39:08.320 –> 00:39:15.670
Andy Whiteside: so, Patrick, you ever do a project, and then turn on. Come back the next day and offer a assessment and go find all the things that you little nuggets you left behind for yourself.

293
00:39:15.730 –> 00:39:34.100
Patrick Coble: Yeah, Usually I try not to leave too many nuggets, but the thing is is Microsoft and Citrix and Vmware, and pretty much every technology company makes new nuggets all the time. So I pretty much always have to be watching kind of the cyber security news kind of thing, and the patches that come out for the operating systems to try to understand

294
00:39:34.110 –> 00:39:36.719
Patrick Coble: what the next thing is.

295
00:39:37.100 –> 00:39:56.819
Andy Whiteside: Okay. So we got our template created shut down. And now we’re going through creating the creating the catalog and the delivery group. Bill. You want to kind of just walk us through anything special about this piece. Well, I, if you scroll up a little bit, I found an interesting interesting item to go up a little farther just at the bottom of the prior section.

296
00:39:57.090 –> 00:40:02.350
Bill Sutton: It said that the Linux Vda is configured by default as a multi session machine.

297
00:40:02.530 –> 00:40:10.760
Bill Sutton: I thought that was an interesting nugget. There, you have to manually or specifically set it if you want it to be a

298
00:40:11.110 –> 00:40:20.300
Bill Sutton: oriented workload. I don’t know if anybody has any insight into that. But I I thought that was interesting, and then that that relates to the section we were just going to discuss

299
00:40:20.380 –> 00:40:27.740
Bill Sutton: it looks like they set it up when they go through the Mcs process. In this article they are setting it up as a multi-session machine.

300
00:40:27.820 –> 00:40:28.970
Andy Whiteside: so so

301
00:40:29.000 –> 00:40:35.659
Andy Whiteside: so right, Linux unix, and then Linux Those were multi-session machines multiple machines from day one.

302
00:40:35.720 –> 00:40:43.520
Andy Whiteside: Believe me, my unix friends, at my very first. It job like to make fun of me over that, because I didn’t know what they were talking about. Time. Now I do

303
00:40:43.700 –> 00:40:47.920
Andy Whiteside: But I guess. Linux. Yeah. I mean it makes sense Linux by default is multi-user.

304
00:40:48.580 –> 00:41:03.019
Bill Sutton: So when you go through that, the wizard that you’re talking about here the creating a machine catalog or related delivery group. This is very standard stuff. with the exception of the last screen there, which is the machine identity?

305
00:41:03.190 –> 00:41:09.499
Bill Sutton: I mean. Obviously you’re you’re starting off with your your machine type. You’re setting Mcs selecting the

306
00:41:09.620 –> 00:41:13.460
Bill Sutton: the image you know, and then and then

307
00:41:13.620 –> 00:41:24.700
Bill Sutton: where you presumably you would have taken a snapshot or something that you would leverage for that. But then, it gets down here to machine identities where you select non domain joined and then, of course, give it to naming

308
00:41:24.870 –> 00:41:33.259
Bill Sutton: and then it runs through the magic that it always does in Citrix, and creates the creates the machines, the number of machines you requested with the name you requested.

309
00:41:33.990 –> 00:41:34.669
Yeah.

310
00:41:35.370 –> 00:41:38.710
Andy Whiteside: Does any additional content or comments on this section?

311
00:41:41.170 –> 00:41:55.600
Geremy Meyers: Standard goodies? Yeah, how would you? I would just say, because I just look this up. I wasn’t sure. But there is a section when you’re doing this with windows where specifically with non domain join machines. You’re going to manage this with a lim

312
00:41:55.910 –> 00:42:03.999
Geremy Meyers: as a way to push policies out to this to the to the Vdas. I’m. Not seeing that when supports and Linux so that could be

313
00:42:04.050 –> 00:42:23.169
Geremy Meyers: some to be aware of. Yeah, I don’t think it does when the workspace environment, management, workspace environment, Manager. Yeah. Yeah. So but you know, like we said earlier, you might manage windows vdas that are non-d main or that are domain joined with with group policy. If they’re not domain, join, you know. How do you push out configuration settings and things like that? You can do that with

314
00:42:23.310 –> 00:42:32.599
Geremy Meyers: Windows Environment Manager. for windows. So you’re probably going into the actual template and making your setting configurations there. Right, Patrick.

315
00:42:32.850 –> 00:42:50.670
Patrick Coble: Yeah, Totally Well, in in some cases that’s kind of you may want, because you want this to be kind of like Air Gap from other systems. Maybe one of the reasons you’re doing this so that you know, with absolute, every machine is the same, and they’re all just like this. There’s no automatic thing changing stuff.

316
00:42:50.690 –> 00:42:57.730
Patrick Coble: so it just means that updates You’ve got to have a lot more attention to detail and stuff like that. But you know you can still do some cool stuff.

317
00:42:58.020 –> 00:42:58.729
Yeah.

318
00:42:58.990 –> 00:42:59.720
okay.

319
00:42:59.970 –> 00:43:16.170
Andy Whiteside: I will highlight little screenshot here, which I think is for me. It helps to visualize. The machine is not domain joined, but the user has some type of directory. That’s it’s responsible for that requires active Directory or it doesn’t matter at that point. That’s I think we had a covered earlier. Just kind of validating

320
00:43:16.460 –> 00:43:18.770
Geremy Meyers: doesn’t matter. Yeah, so it looks like

321
00:43:19.110 –> 00:43:26.179
Geremy Meyers: there’s an identity of some kind, but it doesn’t need to be active Directory base could be could be any identity. It’s supported by sisters workspace. Actually.

322
00:43:27.190 –> 00:43:33.009
Bill Sutton: if it’s non domain joined, it’s probably a local identity. At least I know it is in the windows world. Right, Jeremy.

323
00:43:33.050 –> 00:43:38.530
Bill Sutton: Well, I when you, when you log into the desktop it’s using it’s creating a local account. That’s how it should frame it

324
00:43:38.740 –> 00:43:40.310
Bill Sutton: as opposed to an identity.

325
00:43:40.650 –> 00:43:46.259
Geremy Meyers: That’s correct. That’s for yeah, it’s like a you, and it’s got to log in the windows somehow. Correct? So it’s one on the fly.

326
00:43:46.860 –> 00:43:50.390
Andy Whiteside: So the next section, the blog gun it goes through. Once you’re in there. If you want to

327
00:43:50.440 –> 00:43:56.859
Andy Whiteside: either go validate yourself or go show off for your girlfriend. Jump in there and start proving that you You’ve done what you set out to do

328
00:43:57.670 –> 00:44:03.149
Andy Whiteside: and then the next section I’ll go to Todd on this, making the making things scale with Rendezvous

329
00:44:03.230 –> 00:44:09.409
Andy Whiteside: V. 2 protocol maybe Todd just a quick, quick recap on Braunt Ronnie. But we touched about a while ago. But

330
00:44:09.560 –> 00:44:12.610
Andy Whiteside: then, how does this help us cover the scaling part?

331
00:44:12.890 –> 00:44:24.080
Todd Smith – Citrix: Yeah, I think the biggest thing it’s going to add in as far as value goes, is bra Navy was designed to kind of eliminate the need for constant going back and forth through the cloud connectors.

332
00:44:24.330 –> 00:44:27.789
Todd Smith – Citrix: so once you establish that connection, it allows you to go

333
00:44:27.860 –> 00:44:31.359
Todd Smith – Citrix: and eliminate those extra hops as much as possible.

334
00:44:33.580 –> 00:44:38.870
Andy Whiteside: and that, gets me out of single points of failure around the cloud.

335
00:44:39.440 –> 00:44:40.040
Todd Smith – Citrix: Yeah.

336
00:44:41.040 –> 00:44:52.980
Bill Sutton: yeah, I think the original, the original rendezvous Protocol v. One, was designed to enable the actual Ica Hdx traffic to go directly from the gateway service to the Vda.

337
00:44:52.990 –> 00:45:12.180
Bill Sutton: But the control traffic still went through the cloud connector. So the you know the concept of assignments, and and generating the icon, or generating a file that’s needed to make connection rendezvous. V. 2 essentially has the Vda communicating directly with the cloud control plane versus the cloud connector. So in in most cases, or in theory.

338
00:45:12.210 –> 00:45:15.760
Bill Sutton: and perhaps in practice, you could eliminate the cloud connectors altogether.

339
00:45:15.840 –> 00:45:19.850
Bill Sutton: because the Vdas are communicating directly with

340
00:45:21.000 –> 00:45:50.979
Bill Sutton: with a control plane. The I and I should qualify that the only question in my mind it, particularly in this article, is whether the cloud connectors are still required to enable communication with an on. If you’re dealing with on-premises, or perhaps even Cloud to communicate with the quote unquote hypervisor and I don’t. I don’t know that. That’s if you if you’re on site. The answer is, Yes, yes, yes, you’re in the cloud. No, yeah, you’re leveraging aws or azure right? Because there’s a there’s some peering stuff between the citrus cloud broker and

341
00:45:50.990 –> 00:46:08.709
Patrick Coble: and all the other type, all the other clouds, so that you can just click next next. So if you’re on site, you still got connector Potomas. But now you’ve also got that Linux virtual alliance which actually does a really good job right, and saves you some headaches of things to patch and maintain as much because it takes of itself Pretty good.

342
00:46:09.170 –> 00:46:25.910
Geremy Meyers: hey, Bill, If you were completely in one of the cloud infrastructures you could get away with, just having your vdas in that cloud footprint, and that’s it connectors No, no active directory. It could just be desktops in that location. It would feel a little arbitrary standing up a resource location.

343
00:46:25.920 –> 00:46:29.430
Bill Sutton: because there’s nothing that you would put in there. There’s no cloud connectors there right?

344
00:46:31.030 –> 00:46:34.919
Andy Whiteside: Because this is such a such a geeky, awesome conversation.

345
00:46:35.550 –> 00:46:41.240
Andy Whiteside: but we’re running out of time so, Todd, you want to take us home with the conclusion as to I’ll come around the Horn. But

346
00:46:41.520 –> 00:46:44.669
Andy Whiteside: why is this important? Why is it matter? Why do we cover it?

347
00:46:44.980 –> 00:46:52.049
Todd Smith – Citrix: primarily because of there’s some new use cases that are coming out from customers who would traditionally avoid

348
00:46:52.280 –> 00:46:58.970
Todd Smith – Citrix: a desktop as a service offering, because it didn’t provide flexibility you get with, Linux and the the

349
00:46:59.070 –> 00:47:08.560
Todd Smith – Citrix: the cost savings associated with it, I mean. Think about. Think about industries where you’re spinning up a lot of different resources for very small minute. Well-defined tasks.

350
00:47:08.730 –> 00:47:15.340
Todd Smith – Citrix: Where Linux is a really good alternative for them and it’s something that they can control.

351
00:47:16.550 –> 00:47:19.139
Andy Whiteside: You. Do you think we look up in 10 years, and it’s like

352
00:47:19.300 –> 00:47:22.179
Andy Whiteside: close to the default, if not the default?

353
00:47:23.430 –> 00:47:27.689
Todd Smith – Citrix: Good day, and especially as we’re starting to see more and more

354
00:47:27.910 –> 00:47:30.599
Todd Smith – Citrix: of the small form factor.

355
00:47:30.760 –> 00:47:35.040
Todd Smith – Citrix: purpose-built devices that are out there, I mean, think about it. Think about it now I mean

356
00:47:35.070 –> 00:47:37.970
Todd Smith – Citrix: a lot of the gaming consoles

357
00:47:38.110 –> 00:47:46.979
Todd Smith – Citrix: are moving off of a welfare. Either they they were either never on a windows based platform or they’re moving off a windows based platform towards

358
00:47:47.030 –> 00:47:48.370
Todd Smith – Citrix: more of a Linux

359
00:47:49.390 –> 00:47:51.460
Todd Smith – Citrix: open source type of

360
00:47:51.560 –> 00:47:52.739
Todd Smith – Citrix: type of environment.

361
00:47:52.950 –> 00:47:53.740
Yeah.

362
00:47:54.920 –> 00:48:02.029
Andy Whiteside: yeah, that was in those aws last week, like I said, and I said it on a table one time with guys that said they hadn’t been on windows in over 10 years

363
00:48:02.880 –> 00:48:06.609
Andy Whiteside: they were developers. So that makes sense. But

364
00:48:06.880 –> 00:48:10.749
Andy Whiteside: you know it’s coming. There’s more and more of use cases more and more users that are going to be like that.

365
00:48:11.040 –> 00:48:11.649
Yep.

366
00:48:12.210 –> 00:48:16.310
Andy Whiteside: Jeremy, anything we left off here. You’d like to make sure we point out before we let you go.

367
00:48:17.170 –> 00:48:34.249
Geremy Meyers: No, but I I I don’t know what you just said, with with Todd right? So I don’t. I mean, I think we we like to live in a binary world. Where is it? All windows? Is all Linux I mean, I think it’s like the cloud conversations we’re having now. We’re land somewhere in the middle, you know customers don’t go all in cloud, especially folks who have traditionally had an on from footprint. They land somewhere in the middle.

368
00:48:34.420 –> 00:48:38.789
Geremy Meyers: you know it’s the use case that that drives the actual technology, which is.

369
00:48:38.960 –> 00:48:55.340
Geremy Meyers: which is, which is fine. you know I I’ll be honest on the East Coast that I cover. I don’t quite often see the Linux va as a big use case. but there’s a lot of parallels to this article, and what i’m seeing customers do. In fact, Bill and I this week this last week.

370
00:48:55.350 –> 00:49:13.149
Geremy Meyers: Now we’re basically good a poc for a customer where it was the same thing. But with windows it was basically no active directory, no connectors. They wanted auto scaling pool desktops. They wanted to all back with an identity there. Wasn’t windows based, then go, and, to be honest, we were able to quick this thing up and make it work, and it wasn’t that hard.

371
00:49:13.160 –> 00:49:20.550
Geremy Meyers: So it was pretty impressive. How far we’ve come, and the fact that these tools are already in place, that if that is your use case, you can do that today, and you’re completely supported.

372
00:49:20.660 –> 00:49:21.450
Yeah.

373
00:49:21.560 –> 00:49:27.209
Andy Whiteside: So, Patrick, how about you anything we didn’t cover you’d want to highlight, or maybe add on to this conversation.

374
00:49:27.240 –> 00:49:31.740
Patrick Coble: No, I think this is good. I think we’ve pretty much hit a lot of the points. I think

375
00:49:32.000 –> 00:49:49.540
Patrick Coble: if you’re in a position where this could make sense, this is one of those options that Citrix has that other Vdi vendors, Don’t. And so this is something you really have to look at. And this is where I get excited about Citrix. because of its flexibility.

376
00:49:49.550 –> 00:50:00.229
Patrick Coble: And this flex. This shows that flexibility in that innovation, and being able to come up, and this could have came from literally 2 or 3 clients telling Citrix knock on the door like, hey? We need this 100,

377
00:50:00.240 –> 00:50:15.750
Patrick Coble: and here it is at at our doorstep, and that’s what I’ve always kind of loved about the innovation, and it’s not that you know Vmware, or works by, or your stream, or you know Microsoft, Don’t do those same things, but it’s great to see it working and see these cool features

378
00:50:15.800 –> 00:50:20.420
Andy Whiteside: Well, this could be foreshadowing as to what they expect out of Citrix over the next 5 years, now that the

379
00:50:20.520 –> 00:50:25.489
Andy Whiteside: some other things have happened, and they’re going to go back to put more emphasis on this space.

380
00:50:25.530 –> 00:50:27.060
Patrick Coble: Yup agreed.

381
00:50:27.630 –> 00:50:29.559
Andy Whiteside: I think we lost type of bill.

382
00:50:29.820 –> 00:50:42.110
Bill Sutton: Yeah, I would. I would really. I would really just echo what everyone else says I. In my view, when I, when I read this, you know the Linux Vda. conversation is a lot of detail on this article about that, and Linux certainly as a

383
00:50:42.120 –> 00:50:53.769
Bill Sutton: a target for you, says I, to deliver applications or desktops is is there, and we’ve seen it. that’s integr. But I think the big question, the big identifier of the big

384
00:50:53.780 –> 00:51:13.540
Bill Sutton: part of this article is the whole concept of non domain joined and leverage being able to leverage that not just, for Linux which is what this article is all about, but also for windows and potentially other. You know other environments where customers maybe just have Google identity. Maybe they just have as your AD. And being able to leverage that to deliver a workload to their

385
00:51:13.550 –> 00:51:29.820
Bill Sutton: their users. I think that’s the key, or perhaps the most important part of this. Yeah Linux or not. I think a world of windows that’s not domain, Jo, but it’s still managed is correct. Yeah, I think device management is going to be that thing. That’s 10 years

386
00:51:29.830 –> 00:51:36.919
Patrick Coble: I do a lot of you know, obviously security stuff. And so I deal with a lot of insurance companies and doing cyber-risk assessments for their insurance

387
00:51:36.960 –> 00:51:54.740
Patrick Coble: and that device management is going to be there just like multi-factor authentication and endpoint protection and the same and a backup solution that’s going to be one of those like 5 core things that you have to have.

388
00:51:54.750 –> 00:52:01.980
Andy Whiteside: Well, gentlemen, thank you for your time. This was really good conversation. Hopefully. Our listeners will appreciate it, and we’ll do it again next week.