132: The Citrix Session: Citrix Secure Private Access On-Premises — Announcing General Availability

May 22, 2023

As organizations embark on adopting zero trust network access (ZTNA) solutions, they often desire the flexibility of a hybrid strategy with the choice to use a mix of SaaS-based and / or customer-managed solutions to best suit their needs. Particularly organizations with closed networks, highly regulated environments, and / or strict data & privacy controls continue to prefer an on-premises solution while leveraging a vendor-operated cloud-based solution where it makes sense without compromising security and end-user experience outcomes.

One year ago, we launched Citrix Secure Private Access service — a cloud-based zero trust security solution that provides comprehensive ZTNA to all IT-managed applications, a curated end-user experience through Citrix Enterprise Browser, adaptive authentication, app protection, and adaptive security controls including Remote Browser Isolation, to provide unified access and protect against data loss threats. Citrix has been a leader in delivering unified, secure, zero trust access to enterprise applications for decades. We are committed to the principles of “Never Trust, Always Verify” and have continued our innovation to meet our customers where they are in their secure access strategy.

Today, we are pleased to announce the General Availability of Secure Private Access On-Premises solution — a major milestone in our journey to deliver ZTNA as a full customer-managed on-premises solution.

Host: Bill Sutton
Co-host: Todd Smith
Co-host: Geremy Meyers
Co-host: Patrick Coble

WEBVTT

1
00:00:03.020 –> 00:00:22.740
Bill Sutton: Hello, everyone! And welcome to the Citrix Session Episode Number 132. I’m your host bill sutton. Mr. White Side is not with us today. He’s off doing other things, so we’ll welcome him back on the next episode hopefully. I have with me, as usual, a couple of folks from from the Cloud software group also known as Citrix

2
00:00:22.790 –> 00:00:25.580
Bill Sutton: Todd. You want to say hello, Todd Smith.

3
00:00:25.900 –> 00:00:29.140
Todd Smith: hey? Guys thanks for thanks for taking the time and joining us today.

4
00:00:31.150 –> 00:00:37.770
Todd Smith: Been somewhat a summer day here in Boston, with the Bruins losing last night and over time, so

5
00:00:37.790 –> 00:00:42.200
Todd Smith: that’ll be a tough thing. But, hey, you know what we’re. We’re on to baseball season.

6
00:00:42.420 –> 00:00:49.110
Bill Sutton: not going to do it so great there, but you know, never done it. Things like they did pretty Well, number last series. So

7
00:00:49.190 –> 00:00:49.920
Todd Smith: yeah.

8
00:00:50.100 –> 00:00:54.060
Bill Sutton: also with us, Jeremy Myers from the Cloud software group, Jeremy will say, Hello.

9
00:00:54.510 –> 00:01:02.860
Geremy Meyers: You know what happy, happy Monday gang. It was a quick weekend. We had a lot of fun. Took the Kiddos come scout camping.

10
00:01:02.870 –> 00:01:06.800
Geremy Meyers: That was super super entertaining lot like

11
00:01:06.910 –> 00:01:08.180
Geremy Meyers: taking kittens

12
00:01:08.220 –> 00:01:14.720
Geremy Meyers: camping just from an attention span perspective. But we had a good time when we got rained on twice, so

13
00:01:15.250 –> 00:01:25.580
Bill Sutton: Well, that’s part of the experience. I was a couple of scouters on this call with you myself, as well as Mr. Cobble. Patrick Cobbles with us today, too, from Vd. A Sec. Patrick, you will say Hello.

14
00:01:28.040 –> 00:01:30.180
Bill Sutton: You’re on Mute Patrick. If you are there

15
00:01:31.710 –> 00:01:42.580
Bill Sutton: all right, we’ll let him join back in when he gets a chance. So no worries. All right. So today we’re going to go through this blog by Praveen. I’ll just leave it at that.

16
00:01:42.790 –> 00:01:48.620
Bill Sutton: It’s called eccentric. Secure private access on premises announcing general availability.

17
00:01:48.810 –> 00:01:57.930
Bill Sutton: So this article covers that obviously the secure private access which has been available at the centric Cloud for a little while now over a year.

18
00:01:58.110 –> 00:02:08.330
Bill Sutton: and this is bring making its way to the on-premises environment to provide 0 trust network access for customers who aren’t able to leverage

19
00:02:08.440 –> 00:02:10.350
Bill Sutton: leverage the service in the cloud.

20
00:02:10.360 –> 00:02:19.130
Bill Sutton: particularly those with close networks or regulated environments, etc. Government environments may need to to leverage on premises resources.

21
00:02:19.300 –> 00:02:26.860
Bill Sutton: so i’ll just hand it over to the the folks from Citrix Todd or Jeremy jump in, Give general comments on this, and then we’ll go through the article.

22
00:02:27.380 –> 00:02:42.200
Geremy Meyers: Yeah, let’s Jeremy jump in first. Okay, Well, thank you for that Todd. So Sba secure. Private access, I guess, is a solution has been something that has been available as a cloud service, for

23
00:02:42.650 –> 00:02:57.580
Geremy Meyers: well, actually, it wasn’t always called Spa. I think we had a couple of names for it. It was called something else. Yeah, but maybe 2 years at the most. It was a part of our workspace service. Initially, we were just doing single sign on in the web web apps.

24
00:02:57.720 –> 00:03:03.790
Geremy Meyers: But now this is sort of a VPN. Replace you. Know, I think one of the key use cases

25
00:03:03.940 –> 00:03:08.530
Geremy Meyers: is around, and this is regardless of how you have this deployed on-prem, or even as the service

26
00:03:08.550 –> 00:03:22.710
Geremy Meyers: is. Let’s just say you’ve got internal websites, and you want to provide access to, you know. Historically, a citrix administrator would publish a web browser, and I’m. Publishing chrome, or depending on how long you’ve been doing this. It was, ie.

27
00:03:22.710 –> 00:03:34.740
Geremy Meyers: You know, with Java attached. But ultimately the idea was, I want to provide internal access. I’m going to do it with a citric session, the idea being. you know, I want to protect the web access. I didn’t necessarily want to use a VPN for it

28
00:03:34.780 –> 00:03:53.470
Geremy Meyers: straight proxy. And I mean, listen. It was a great solution, because I could manage data leakage, so all the policies around could copy and paste and restricting printing, and who could have access? And who didn’t? The idea was was, you know, let’s transition from publishing a browser

29
00:03:53.470 –> 00:04:02.800
Geremy Meyers: to doing that natively on the endpoint, using a managed browser. But again, still providing all those same control. So you know, there is a browser baked into workspace, app.

30
00:04:02.970 –> 00:04:10.350
Geremy Meyers: If you weren’t aware, called the enterprise browser, and you can wrap those same controls around it. But in this case you’re offloading.

31
00:04:10.390 –> 00:04:13.110
Geremy Meyers: You know all of the processing and access to the endpoint.

32
00:04:13.520 –> 00:04:23.480
Geremy Meyers: But you still can sort of containerizing that access, so it proxies through the gateway service. If you’re a an spa service customer or

33
00:04:23.700 –> 00:04:29.650
Geremy Meyers: through a net scalar if you’re on from Spa, which we just introduced here. So it’s a pretty slick solution.

34
00:04:30.250 –> 00:04:34.000
Todd Smith: Yeah. And and and Jeremy to add on to your point. You know, I think

35
00:04:34.320 –> 00:04:40.340
Todd Smith: I think most Citrix admins, you know I certainly had experience with this was

36
00:04:40.580 –> 00:04:48.410
Todd Smith: We would have to publish browsers. because we would inject configuration settings into that published browser session

37
00:04:48.500 –> 00:04:55.020
Todd Smith: without having. You know we we, because browsers didn’t have things like profile management, and

38
00:04:55.240 –> 00:04:56.850
Todd Smith: being able to

39
00:04:57.000 –> 00:05:06.370
Todd Smith: kind of inject the the user personality into a browser session. Right? So you have to build it into the published browser

40
00:05:08.160 –> 00:05:11.940
Todd Smith: application you would publish. So it it was kind of an interesting

41
00:05:12.120 –> 00:05:18.530
Todd Smith: and and very complex way to solve a very basic simple problem so great to see that we’re

42
00:05:18.660 –> 00:05:25.450
Todd Smith: We’ve included this enterprise browser into this, and it kind of fits into our whole 0 Trust

43
00:05:25.490 –> 00:05:31.860
Todd Smith: Network Access philosophy that we’ve introduced, and you know the the whole theme around.

44
00:05:31.890 –> 00:05:32.620
Todd Smith: You know

45
00:05:32.960 –> 00:05:45.480
Todd Smith: the user migrates between different environments, and there’s different. There’s different settings that need to be applied based on where the user is, what device. They’re on kind of that. That whole session management

46
00:05:47.460 –> 00:05:53.470
Todd Smith: type of solution has now worked its way into the you know, web and staff based application delivery.

47
00:05:55.430 –> 00:05:58.670
Bill Sutton: Yeah, absolutely, Patrick, You have any comments here before we move forward.

48
00:06:01.400 –> 00:06:02.560
Bill Sutton: You’re muted man.

49
00:06:05.410 –> 00:06:24.320
Patrick Coble: Yeah, overall it’s a really exciting space. I’ve just wrote a blog about it, or article, or whatever you call it, these days, whatever the kids are calling it. Just last week, about Vdi versus this, and then a couple of weeks before that. Then I wrote one that compared Citrix against Google against Talon.

50
00:06:24.320 –> 00:06:30.270
Patrick Coble: and then i’ll have a update and a little bit on traffic and

51
00:06:30.330 –> 00:06:36.510
Patrick Coble: island, and a couple of others that are in this space, because it’s a very interesting space.

52
00:06:36.620 –> 00:07:05.980
Patrick Coble: It’s it’s way more. It’s way cooler than I thought it was when I first started looking at it, and i’m excited to see where it goes. And Citrix has a really really good solution, and it’s big and powerful and strong, and I think anybody that has a percentage of web applications that run their day to day business is something they seriously need to look at. If you already own citrics, and that’s the easy button. This is just like click, and such a cloud. Next. Next, I want to do this.

53
00:07:06.030 –> 00:07:20.300
Patrick Coble: so that there’s no no excuse to not do it. And then some of the remote browser isolation and stuff like that’s really cool. The policy engines getting better. It. It’s pretty good right now. But there’s

54
00:07:20.430 –> 00:07:36.810
Patrick Coble: that. The the only thing that’s re the biggest takeaway for me. Oh, in this whole space of this enterprise, Browser and Spa on the citric side is that Citrix is the only one that has it all their stuff out on the Internet and is publicly available.

55
00:07:37.160 –> 00:07:48.550
Patrick Coble: Google kinda has their stuff with beyond Corp, but it’s all obfuscated, and it’s thousands of pages of nonsense. It’s not a clear and concise message. And then every other vendor

56
00:07:48.720 –> 00:08:17.100
Patrick Coble: is just word salad on the Internet. They don’t have a screenshot of the product. There’s no demos. There’s no guides. There’s no blogs. No one has a screenshot of the thing. It’s just this magical browser that people are paying X dollars a month per user and you don’t know. And so in my book, Citrix wins in that respect, for sure of at least having blogs, guides, screenshots, tech zone articles, everything you need, and

57
00:08:17.100 –> 00:08:28.890
Patrick Coble: there’s you know the social Media has taken off on its own of people documenting it and telling their experience, whereas all these other places you have to have an nda just to see the demo, and you can’t

58
00:08:28.890 –> 00:08:41.280
Patrick Coble: share the screenshot of the demo. So they’re all top secret squirrel. So but yeah, I mean it. It’s cool. I’m. I’m I’m. Looking forward to seeing some of the stuff keep coming from Citrix and some of the other vendors in this space.

59
00:08:41.870 –> 00:09:00.660
Geremy Meyers: What’s interesting is, you know, a lot of the products that we’ve introduced over the past few years. It’s really hard to experience something new as an end. User right? So listen. New version of Pvs comes out. That’s awesome. I don’t really know what that feels like as an end user right? I’m like all right. I got a desktop right. I made an admin happy, but on the flip side it’s hard to see when.

60
00:09:00.660 –> 00:09:12.150
Geremy Meyers: and we got a lot going on with Whim right now as a service, which is really an interesting conversation itself. But at the end of the day i’m just trying to get to my apps. So as an end, user I don’t really see when either

61
00:09:12.280 –> 00:09:21.080
Geremy Meyers: it’s funny like I use just a little bit of insight into what we do with citrus is, you know, I’ve got workspace app. I get published desktops. I got published apps.

62
00:09:21.400 –> 00:09:25.210
Geremy Meyers: but i’ll be honest. Most of what I access or websites, and

63
00:09:25.450 –> 00:09:34.890
Geremy Meyers: 3 quarters of those are internal websites, and so i’ll fire my desktop literally, just to have website access. But I got to be honest, you know, to fire up a desktop.

64
00:09:34.920 –> 00:09:39.440
Geremy Meyers: you know. Let’s just say I gotta log in. I gotta get my profile all these things just to go launch a website.

65
00:09:39.590 –> 00:09:58.280
Geremy Meyers: Listen, if that’s my only option fine. But once I had access to Enterprise Browser and I’m launching some of these internal tools that I need, that I use daily from this browser. That’s just right next to all the other things i’m running locally. Oh, my gosh! It’s a game changer! It really is exciting to feel this for the first time. All over again.

66
00:09:58.280 –> 00:10:10.280
Patrick Coble: Is it any? User but I think I mean browser in general is a foundational app to the world now, right? I mean it’s it’s it’s a everyday thing.

67
00:10:10.280 –> 00:10:31.520
Patrick Coble: How many tabs does everybody have open right now? I’m probably in the 100 plus club on 4 browsers right now, right like, and that’s just my day to day just doing normal things. And that’s not I’m not even that crazy other than the 4 browsers, probably, but everybody’s in the 20 to 40 plus tabs when they’ve done a bunch of research from Google and release that.

68
00:10:31.520 –> 00:10:50.190
Patrick Coble: So it’s it’s. It’s a big deal, and it’s also the most common attack Avenue. This is where things get clicked on. This is where bad things can happen is we’re good. Things can happen, too, but when it’s your predominant application. It’s it’s a big deal for sure, and i’m glad this is happening.

69
00:10:51.130 –> 00:10:59.420
Todd Smith: Yeah in in. If I put an administrator hat back on, or if I put a CTO. Had someone who’s paying the bills right.

70
00:10:59.430 –> 00:11:12.020
Todd Smith: i’m looking at. If I have to spend a normative amount of resources and a price for those resources. if I can do it, based on a browser, as opposed to having to

71
00:11:12.090 –> 00:11:23.250
Todd Smith: spin up a virtual desktop which consumes a lot of resources on the back end published out. and an application in this case being a browser. those all take up considerable amount of money

72
00:11:23.270 –> 00:11:33.760
Todd Smith: in the form of resources as well as the management level that has to be done every single time. There’s a browser that gets updated, or every single time there’s a plugin that needs to be added in

73
00:11:33.920 –> 00:11:37.620
Todd Smith: in a published browser world, I would have to go and

74
00:11:38.020 –> 00:11:49.160
Todd Smith: go through the administrative tasks of providing that updates going through the testing, publishing it out, and then notifying users that a. There is now a new version of this published app

75
00:11:49.500 –> 00:11:50.330
Todd Smith: out there.

76
00:11:50.340 –> 00:11:53.290
Todd Smith: It’s going to make it a lot simpler.

77
00:11:53.530 –> 00:11:56.010
Todd Smith: It’s going to make it a lot more secure

78
00:11:56.190 –> 00:12:07.930
Todd Smith: because we’re taking that security model for what we used to get out of the published application, or published desktop or virtual desktop, and now pushing it directly into the browser and still maintain that level of control.

79
00:12:08.670 –> 00:12:20.010
Geremy Meyers: Here’s a good example, like 1 1 one of the beefiest websites that a lot of customers go to a salesforce. And there’s a new experience in salesforce that is, salesforce lightning

80
00:12:20.010 –> 00:12:35.450
Geremy Meyers: which is built like every computer’s got a Ford musting engine underneath it, right? It’s just a it’s just a a kind of a heavy website, and so we’ve got plenty of customers. Bill has shared the stories with me of customers who are publishing share salesforce through as an app session.

81
00:12:35.470 –> 00:12:48.600
Geremy Meyers: and it’s just a dog, you know so, but they’ve got to do is split that up into video. I mean, there’s some real cost associated with managing, you know, just the resources to publish some of these browsers, and so I mean, Listen, my my local Mac. Here

82
00:12:48.760 –> 00:13:04.800
Geremy Meyers: we’ve got app, you know, in one silicon right? I mean it’s a fast processor, and you know why not offload a lot of this stuff to the endpoint, and you just freed up resources in the back end, which is a really big deal if you’re publishing from a cloud, and you’re paying on the fly for a lot of these cloud resources, I mean, it’s a very big deal.

83
00:13:04.800 –> 00:13:21.960
Bill Sutton: Well, I think another element to it is you and you touched on this a little bit earlier. Jeremy is, is, I think of it. I’m looking at a lot from the standpoint of the end user experience. And, like you said, you, you can aggregate all of these, all of these apps, whether they’re web, or Sas, or what have you or or you know, installed

84
00:13:21.960 –> 00:13:39.500
Bill Sutton: through the workspace app by publishing them all on, on, you know, on Zen App, or such a commercial apps and desktops. But the the way the world works today, all these, all these Sas based apps like you just said they run a lot better in a native browser rather than through a a hosted session.

85
00:13:39.500 –> 00:14:01.840
Bill Sutton: and being able to aggregate, not just the web and Sas apps in the same environment. That is the workspace app as you do your published desktops and your published apps that you may still need to run because they’re maybe they’re old. There’s some of the old legacy. 32 bit 5 server type apps, and they’re still around that still need to be published from a Windows Server versus those that have already transitioned like salesforce, like work day, like

86
00:14:01.840 –> 00:14:30.110
Bill Sutton: like financial force, like other web-based applications we use a product here that we use for project management called Maven Link. That that is all. You know. A lot of these things are web based, and being able to aggregate that into one place. So the user doesn’t have to make sure they have the right shortcuted chrome on their local machine. All they need to do is open workspace, app click it, and then the beauty of that is, they get the app running locally in the Enterprise browser, and then the the admins on the back end have created

87
00:14:30.110 –> 00:14:44.870
Bill Sutton: controls and security parameters to prevent them from doing the things that they they traditionally couldn’t do in a published app like copy and paste like save to their local drives all of those things. So when I look at it from the standpoint of the end user experience, they just go in one place

88
00:14:44.870 –> 00:14:51.240
Bill Sutton: and they can get to all their apps. It doesn’t matter whether they’re published whether they’re local. What have you? And secured through the Enterprise Browsers

89
00:14:52.950 –> 00:15:00.100
Patrick Coble: as as a security nerd. My favorite thing is that there are controls in Spa

90
00:15:00.160 –> 00:15:08.920
Patrick Coble: that you would pay 10 to $50 a user or more per year to have the ability to do what you can do.

91
00:15:08.960 –> 00:15:22.270
Patrick Coble: And so those things are out of the box as an admin. So when I do a lot of PIN testing audits, you know, if if I can mal out the and fishing emails or something like that, it’s like in the in the bag, right like we’re getting in.

92
00:15:22.270 –> 00:15:41.720
Patrick Coble: And then with this, if I start making some shady websites which I do on a regular basis, then I can use reputations, scoring and device posture on top of that as a part of the add on for Spa, and someone can’t go to my fishing website right? And so you

93
00:15:41.720 –> 00:15:50.700
Patrick Coble: you’re able to have content control and visibility reporting and security triggers. They are impossible.

94
00:15:50.700 –> 00:16:20.020
Patrick Coble: and a couple of cases from any vendor, even if you had them all, or you’d be spending a whole lot of money per user per month per year to have all those features, and they would not be congruent. They would not be together, you would configure this thing, this endpoint, protection client. Then you would configure your content control. Then you configure your proxy. Then you configure your identity management, your conditional access. So you would configure all these things in in 4 to 6 places

95
00:16:20.440 –> 00:16:23.450
Patrick Coble: versus one right? So that’s a big deal.

96
00:16:24.130 –> 00:16:26.170
Geremy Meyers: So I think what you just

97
00:16:26.450 –> 00:16:30.460
Geremy Meyers: maybe you didn’t describe this, but you know, if you scroll up a little bill.

98
00:16:30.510 –> 00:16:34.940
I mean, there is a 0 Trust network access component to this. Now

99
00:16:35.280 –> 00:16:41.010
Geremy Meyers: that this word gets used a lot just for it, it’s used a lot right, so it can mean anything. But in the context, here

100
00:16:41.050 –> 00:16:43.420
Geremy Meyers: like, what are we?

101
00:16:43.960 –> 00:16:55.060
Geremy Meyers: What are we solving from a 0 Trust perspective, Patrick. that, like you, said, all these other tools would be doing layered on, you know, as a result. But you know, how are we doing that with

102
00:16:55.090 –> 00:16:56.590
Geremy Meyers: with Sp in particular?

103
00:16:56.810 –> 00:17:17.359
Patrick Coble: Yeah. Yeah. So I mean it’s based on your device policy posture. And you know, I think Bill has it highlighted. Never trust, always verify right is probably the important part. Because yeah, Z. T. And a. Is pretty much the cloud cuss word of the it. Industry right? Like everyone has to say it like at least 4 or 5 times. If it’s a drinking game, you’d be in big trouble.

104
00:17:17.359 –> 00:17:44.990
Patrick Coble: But in the real world it basically means we don’t trust anything until they’ve proven something right. And so we’re checking that device posture, which is a service from Citrix, and we’re making sure that it’s patched is up to date. It has our certificate. It has our watermark. It has endpoint protection. It has this specific, you know, Kvb: installed. We’re checking these 5, 1015 things before it’s allowed to come in, even with a good authentication request.

105
00:17:44.990 –> 00:17:53.720
Patrick Coble: and so that 0 trust is a big big part of that of of making sure that you have to pass these gauntlets to get access.

106
00:17:53.720 –> 00:18:06.450
Patrick Coble: And so z T. And a. Here means that you don’t have to have z scalar right. You don’t have to buy that product that is kind of built its brand around 0 Trust when that’s really just the networking part of the problem.

107
00:18:06.450 –> 00:18:24.540
Patrick Coble: This is the networking and the browser and the user part of the problem all glued together right so that if someone is browsing around on the Citrix Enterprise browser and they’re going to websites that you control it has the watermark. They can’t copy paste, they can’t. They can’t do this.

108
00:18:24.540 –> 00:18:38.810
Patrick Coble: They’re on, you know. Blah blah website.com blah blah works just fine. They can do all the things that they’ve always been able to do as a user and then that way it’s also, I think it’s a really good thing that they’ve we’ve got in this browser world. Is just it?

109
00:18:38.850 –> 00:18:53.550
Patrick Coble: Because before it was always my thing, their thing personal business company. Now i’m giving you a browser that you can do all the things in it right. You can keep doing all your other things over here. But when you’re doing our work

110
00:18:53.550 –> 00:19:04.340
Patrick Coble: we have control over it, whereas before you know, this kind of a blind side of it at overall is that people didn’t have as good a control on web applications like this.

111
00:19:04.510 –> 00:19:34.510
Patrick Coble: and you’d have to publish a virtual desktop or an application, or something like that, and you know, incur that monthly cost per user per month to deliver that. And it yeah, it works, especially when Java applications were taken over. I mean, I probably deployed 5 or 600,000 citrix users over the course of a couple of years because of Java web applications. We publish a browser, and and it’s because it had to be paired like fine line with cheese right? Otherwise it’d make your tell me upset. Right? So you had to be just

112
00:19:34.510 –> 00:19:42.980
Patrick Coble: right. This Java version, this extension, this browser version, and then the application works any deviation explosions, fire and do right.

113
00:19:43.410 –> 00:19:45.720
Geremy Meyers: Yeah, it was pretty bad. What? So

114
00:19:45.730 –> 00:20:02.330
Geremy Meyers: one of the things that you just hit on Patrick. So doing this network wise? Right. you know. I I think the challenge is how how many folks do this in the past? I mean, there’s a lot of customers that aren’t such as customers right? So they have done this with a VPN. And I think there is some inherent risk

115
00:20:02.460 –> 00:20:04.660
Geremy Meyers: in doing it with a VPN.

116
00:20:05.140 –> 00:20:16.250
Patrick Coble: You know, that has nothing to do with what you’re providing with just the way that access looks. Yeah, yeah, the biggest thing for VPN: the most common, you know. Misconfiguration and auditable finding is

117
00:20:16.250 –> 00:20:31.050
Patrick Coble: is that when you connect to the VPN you connect to every network and all networks all at once, right. It’s everything everywhere all at once, right? So that’s the big problem with Vpns in general is that you get too much network access inherently

118
00:20:31.050 –> 00:20:55.150
Patrick Coble: and by default, and that’s because micro segmentation really wasn’t a thing back when vpns were thing and many VPN have literally been set up for 10 to 30 years without a major reconfiguration. So if you’ve been Rock and Paulo checkpoint, or Cisco, or even fortnet, you may have a VPN gateway that has been configured that way for over a decade.

119
00:20:55.150 –> 00:21:13.650
Patrick Coble: and so the best practices that you might get if you installed it now, or aren’t there. And so we talk about internal applications and external applications. I think that’s the biggest difference. Right is a internal. We’ve been vpning to get access to that website, or we’ve been vd iing to give access to that.

120
00:21:13.780 –> 00:21:16.720
Patrick Coble: And then external websites. We’ve just been like.

121
00:21:16.730 –> 00:21:22.360
Patrick Coble: Go to the website. Good luck, right, and you know, for better for worse. That’s where we’ve gotten ourselves into.

122
00:21:22.820 –> 00:21:35.670
Geremy Meyers: So so one of the things about the VPN. Now we’ve talked specifically about Sas apps here. But of course that’s not the only thing the customers are leveraging a VPN. For so, for instance, this is probably more of an administrator thing than anything. But

123
00:21:35.730 –> 00:21:51.010
Geremy Meyers: you’ve got admins. We need to Rdp. Internally, you know, I think, from a. From a client Server perspective, there’s not too many applications that work really. Well, when you get the client in the data center I mean the the server piece, the back end and the data center, the client on the endpoint. Now.

124
00:21:51.070 –> 00:22:03.170
Geremy Meyers: you know, we’ve used VPN from that perspective before. But you know, I think, to your point, Patrick. The default posture on a lot of Vpns is allow by default, and then you’ve got to go restrict. So you’ve got to go put

125
00:22:03.340 –> 00:22:17.220
Geremy Meyers: an access control list, or you know an acl on your VPN to say, you know, block these types of things. Oh, by the way, you don’t want folks to rtp. We’re gonna block, you know. 3 389, or you don’t want folks to Ssh, or do any of these things. We’re gonna block these ports.

126
00:22:17.430 –> 00:22:21.490
Geremy Meyers: whereas I think what we’re doing here is it is denied by default.

127
00:22:21.510 –> 00:22:29.980
Patrick Coble: and then go enable the specific for. So if you do have a client server, app, you can go. Enable that. But just so, you know it’s off by default. You gotta go turn it on.

128
00:22:30.150 –> 00:22:40.480
Geremy Meyers: And so if you get into a scenario where Patrick’s right, I mean, we’ve got folks with VPN setup for 10 years they have not reviewed those that that posture. They’re letting things that they don’t even realize.

129
00:22:40.710 –> 00:22:45.190
Geremy Meyers: And you’ve got to go find a way, or constantly keep up to date, and that’s really hard to do.

130
00:22:45.210 –> 00:22:51.940
Patrick Coble: Yeah. And I’ve been on a couple of incident responses when bad things have happened, and when we get it down that road a little bit.

131
00:22:52.020 –> 00:23:07.620
Patrick Coble: VPN is where it came from. Right is your VPN, then, and then your network access had a network access to all the things, and one bad click from you is a problem for everybody, right? And so that’s just security that’s been

132
00:23:07.710 –> 00:23:22.090
Patrick Coble: proliferating, as things have been getting smarter and smarter. And right now there’s a really really cool web hook that just came out this weekend from a Security researcher that I’ve got a test this morning, or I’ll probably test this afternoon now on

133
00:23:22.090 –> 00:23:31.610
Patrick Coble: Citrix Enterprise browser, but it’s basically an Http page that I can serve that as I serve it to you. I can screenshot it without javascript.

134
00:23:32.530 –> 00:23:47.860
Patrick Coble: so that means I can make my fishing site like we always do right. And then there’s always usually javascript, so that when I send you a malicious username and password field, and you go blah blah blah he cobalt do to do to do.

135
00:23:47.860 –> 00:24:01.930
Patrick Coble: And then you’re like your spy since goes. Hmm. That doesn’t look right. That color is wrong. There’s no take backs on the Internet. Right? You type that you type the password game over right? Well, now, what this is going to be with this loaded

136
00:24:02.140 –> 00:24:06.900
Patrick Coble: is that if you get in the proper network or Dns paths.

137
00:24:06.960 –> 00:24:20.670
Patrick Coble: you can be a man in the middle, and you can screenshot every single thing that’s going through that web session, whether they come to you directly or indirectly, because of where you placed yourself on the network. So

138
00:24:20.670 –> 00:24:28.990
Patrick Coble: that’s that’s gonna be some cool stuff which is gonna lead to some bad things happening right? So it’s cool for me as a security nerd bad for everyone else in the world. Right?

139
00:24:29.460 –> 00:24:34.560
Geremy Meyers: That’s amazing. If we could just harness this innovation for good.

140
00:24:34.660 –> 00:24:39.190
Patrick Coble: Yeah, that would be so much money, so much money.

141
00:24:39.420 –> 00:24:57.720
Bill Sutton: So we’ve talked a lot about Spa and Ctna. I I want to pivot a little bit and talk about this specific solution and the topic of the article which is spa for sure, but it also spa on premises so essentially it’s from what I’ve read here, and we can. We’ll talk about this. But what i’m reading here, is it?

142
00:24:57.720 –> 00:25:08.140
Bill Sutton: It’s not really that much, if any, different, than it is in the cloud. It’s just that you just have to have the later a later version of storefront. And and that’s scalar.

143
00:25:08.190 –> 00:25:16.780
Bill Sutton: What else? Guys? What I what am I missing? That’s what it basically, says right here, I think. But what else should the listener know about how to get this going?

144
00:25:17.070 –> 00:25:19.790
Todd Smith: Yeah, Well, you you also got to have the workspace App.

145
00:25:19.900 –> 00:25:20.570
Bill Sutton: Yeah.

146
00:25:20.600 –> 00:25:22.740
Todd Smith: to make sure that works

147
00:25:22.910 –> 00:25:31.890
Todd Smith: a a. And really this is, this is no different from our solutions that we’ve had, and asked, where you know you have to have a certain amount of resources on Prem.

148
00:25:33.170 –> 00:25:38.740
Todd Smith: You know the net scalar handles the security, the the workspace app handles, a lot of the client side pieces of it.

149
00:25:38.890 –> 00:25:48.880
Todd Smith: and then you can apply the policies wherever you need them, right, and whatever policies are are necessary for you to to secure your environment and your data.

150
00:25:50.080 –> 00:25:57.200
Todd Smith: You know this this is not a You know this is not a new story for us. This is basically changing the delivery method.

151
00:25:57.800 –> 00:26:10.850
Bill Sutton: Yeah, I I I’ve highlighted it here for those who, looking at the full recording, but one of the things that’s mentioned here. It says, No upgrades are required in storefront, on-prem and net scalar and the solution works with citrix’s existing infrastructure.

152
00:26:10.870 –> 00:26:17.730
Bill Sutton: So they at the bottom of the article which we’ll touch on. There are some minimum requirements, obviously, but there doesn’t appear to be anything

153
00:26:17.980 –> 00:26:29.740
Bill Sutton: additional, if if that makes sense. In other words, you don’t have to add any services or add any agents or anything like that. They just gotta have the workspace app on the endpoint, and then storefront that scalar. And then obviously configuration.

154
00:26:30.340 –> 00:26:39.060
Geremy Meyers: Yeah, I think the the the biggest thing to realize is it is actually a part of the last Ltsr: so that’s a weird one right? So we’re so used to features.

155
00:26:39.090 –> 00:26:45.350
Geremy Meyers: and Ltr. Lts are being so far behind, so that long term service release is not known to be up to date, so to speak.

156
00:26:45.430 –> 00:27:02.770
Geremy Meyers: However, if you get Ltsr Lt. SSR. That that is, that is the minimum, or if you’re not Ltsr, it’s a 2212, but it’ll work with gateway. 12 point. One

157
00:27:05.280 –> 00:27:08.380
Geremy Meyers: more recent versions of the workspace app are required.

158
00:27:10.600 –> 00:27:22.550
Bill Sutton: Yeah, because at the bottom, at the bottom of the blonde article. You have the blog article which you just said, Jeremy. Yeah, the workspace app 2,303, and above for windows 2304 or bob for Mac.

159
00:27:22.650 –> 00:27:35.980
Bill Sutton: and then the other items that you mentioned about storefront, that scalar gateway, and so forth. And then I want to talk a little bit about this. If you guys, i’m not really sure. I know what this is, this global app config service. This is an optional item here.

160
00:27:36.030 –> 00:27:46.080
Bill Sutton: I think what it is in a nutshell is is remote management, if you will, on global management of the workspace app settings. But do you guys know, and can you talk a little bit more about that?

161
00:27:47.410 –> 00:27:56.100
Todd Smith: I’m Sure, Todd go for it. I knew that I knew that was Jeremy.

162
00:27:56.110 –> 00:28:10.990
Todd Smith: Yeah. So so the global app config service is something we released probably couple of months ago. And and basically it’s it’s just like we talked about. It’s a it’s a configuration service that you can use for the Enterprise browser to

163
00:28:11.080 –> 00:28:21.870
Todd Smith: update provide updates right? So before you go out and hit a a a website. If you’re using the Enterprise browser. We’ll go and check with the global app config service to make sure it’s got been updated.

164
00:28:21.940 –> 00:28:33.040
Todd Smith: It’s kind of an orchestrator type of model where it won’t. Let you go out and do something that’s not too intelligent or stupid before it goes through a makes a series of passes

165
00:28:33.570 –> 00:28:36.910
Todd Smith: more, confirms that it’s it’s safe and secure.

166
00:28:37.350 –> 00:28:38.540
Bill Sutton: Right? Okay.

167
00:28:38.890 –> 00:28:58.670
Geremy Meyers: So so. So there are a lot of configuration settings in this service. I mean, you can certainly configure Enterprise browser, but it configures quite a few things in workspace app. So just be aware of that. It it’s basically if you’re an old school, Citrix nerd

168
00:28:58.740 –> 00:29:12.880
Patrick Coble: from probably 2014, 16. This is yeah, this is merchandising server Dazzle 6.7, I think, is what this is right.

169
00:29:12.880 –> 00:29:42.870
Patrick Coble: Yeah, that’s hands. So. But yeah, it. It. It’s what we’ve kind of always wanted, because if we think about all the way back to the access gateway days, our citrus client back then was just smart enough to make the connection and make it kind of good and have some controls. If you bought the Aac version advanced access control version and you configured this little appliance and did all this. So now we can control more than just saying in a citric storefront or nets, get a gateway session

170
00:29:42.870 –> 00:30:02.880
Patrick Coble: as it is, is instantiated. We don’t just say like, hey, you got a citrus client Cool! We’re like, hey? Do you got a citrus client, and do you have all these settings? Here’s our best practices, our defaults, our timeouts, our Citrix enterprise, browser configuration settings so that if you fire up the browser, because we just publish something there. It’s got the settings we expect.

171
00:30:02.880 –> 00:30:15.550
Patrick Coble: So now things can it phone home a lot smarter and keep that workspace experience, congruent and working the way you want it to as an administrator. So it’s really good stuff.

172
00:30:16.630 –> 00:30:19.490
Patrick Coble: These use cases are good.

173
00:30:20.060 –> 00:30:26.090
Todd Smith: and I I think Patrick, coming out of the you know the it audit space.

174
00:30:26.220 –> 00:30:39.160
Todd Smith: I can’t tell you the number of times that we ran into situations where we go in and do an audit check check VPN: concentrators and, more importantly, VPN devices around the field find out that they hadn’t been updated

175
00:30:39.570 –> 00:30:40.910
Todd Smith: in

176
00:30:40.940 –> 00:30:52.810
Todd Smith: months, if not years. for a couple of reasons, right? Nobody wants to touch them and break something. because that’s going to cause a lot of problems downstream. The other thing is that I I think.

177
00:30:53.010 –> 00:30:59.230
Todd Smith: Nowadays, people’s, attitudes of changes change towards this automated update capabilities.

178
00:30:59.630 –> 00:31:01.310
Todd Smith: You know you, you

179
00:31:02.020 –> 00:31:07.530
Todd Smith: thanks to our friends at Microsoft, I mean, we’re used to turning our computer on

180
00:31:07.740 –> 00:31:16.320
Todd Smith: or connecting to our computer on Wednesday morning and find out that it all craft. It’s been rebooted because Microsoft pushed out a lot of patches automatically.

181
00:31:16.470 –> 00:31:31.010
Todd Smith: or getting in the notification of Mac, if he’s already done some updates to the antivirus, and that happens beyond or without the without the user. Even knowing right. But and it’s an administrator.

182
00:31:31.100 –> 00:31:35.490
Todd Smith: I want to make sure this note that that I do have the auto updates turned on.

183
00:31:36.450 –> 00:31:38.380
Todd Smith: It’s just the way of the world right now.

184
00:31:38.570 –> 00:31:41.760
Patrick Coble: Yeah, I think I think this is kind of like the

185
00:31:41.760 –> 00:31:58.770
Patrick Coble: consumerization of electronics, and especially mobile devices like we’ve had a couple of phases in the it world. So first our PC. Started getting faster than our work computers. Now, then, our work endpoints have completely caught up, and it’s almost parody, but they’re just not as cool.

186
00:31:58.770 –> 00:32:12.240
Patrick Coble: And then we got mobile devices, and then we used to just have a little chunky bag phone as the corporate phone, and then eventually we got iphones and mobile device management. Mobile application management came.

187
00:32:12.240 –> 00:32:42.050
Patrick Coble: And now, as part of going on that mobile road, just the mobile devices. It’s bled over into the I called the PC. Mac Linux Space is that it’s expected to get a lots of updates, at least a monthly right, and everyone is getting into, I guess the Circadian River rhythm of doing updates on all your things all the time, and even being more conscious of it like, oh, yeah, that updated. Oh, that Can’t my ring doorbell updated My, this updated

188
00:32:42.050 –> 00:32:55.460
Patrick Coble: my computer. Update my elgato blah blah blah my stream deck, my switch. You know my X box, my playstation, like all these things, are always updating, so it’s just becoming natural. And then with just that consumerization.

189
00:32:55.460 –> 00:33:25.430
Patrick Coble: And then that’s when Mike Fomo kind of comes in. There is like, oh, there’s a cool feature on that new thing. Well, yeah, I’m actually going to click it and go now right like I’m ready to go. And so that’s happening in the consumer side. So much to people but the business side it’s like. If you’re not taking advantage of it, is like the it Nerge, running your ship. You’re You’re missing out. You need to be doing updates. You can’t wait months anymore, right? You’ve got to get these things done, and people are a lot more understanding because it’s the way of the world

190
00:33:25.430 –> 00:33:27.640
or in digital workspace for sure.

191
00:33:29.140 –> 00:33:34.530
Geremy Meyers: Hey, Bill, why do we need something like this when I say, need something like this like an on prem version of Spa

192
00:33:34.740 –> 00:33:44.500
Geremy Meyers: at a high level. Yeah, we at a high level. I think it really is designed for those customers that aren’t ready to go to the cloud or can’t go to the cloud in particular.

193
00:33:44.500 –> 00:34:02.520
Bill Sutton: they they touched on it a little bit at the beginning of the article, you know, regulated industries, government agencies that can enable access to the Internet. Well, at least not put a service in in the cloud today. They’ve got to host it and manage it on premises. Maybe certain regulated industries like financial services, or

194
00:34:02.520 –> 00:34:18.530
Bill Sutton: maybe even law, in some cases. But I think those are the the key, the key drivers for this to go back up in the article towards the top. It talks a little bit about close networks and highly regulated environment. So I think that’s what? Driving the desire for an on-prem solution

195
00:34:18.600 –> 00:34:31.130
Patrick Coble: totally, and and to pair with everything the goal said to is that there’s still just a chunk of web applications that Spa and the Citric enterprise browser can get in the middle and secure Further.

196
00:34:31.199 –> 00:34:36.020
Patrick Coble: they’re still in someone’s data center, right or in the closed network. So

197
00:34:36.020 –> 00:35:04.750
Patrick Coble: when it was cloud only, and when they first releases you know what it was. It was like, okay? Well, that’s cool, because there’s still a lot of people that are using salesforce and company website, a, B, C. D. Efg: right? But then there’s still a whole bunch that are random company website.com right and like, now you’ve bridge the gap. And then this is where that kind of Z T. And a kind of thing really starts shining, because now I can provide that same security access control, visibility, logging.

198
00:35:04.750 –> 00:35:06.610
Patrick Coble: You know the whole

199
00:35:06.850 –> 00:35:24.260
Patrick Coble: analytical security risk behavior stuff, too, for web applications in my data center and out of my data center. And it applications in my data center and applications out of my data center. And we talk about the classic windows kind of Vdi kind of related things. So it’s it’s really cool stuff.

200
00:35:24.810 –> 00:35:37.550
Geremy Meyers: Yeah, I had a few customers last year that we’re running on from C bad that we we gave a demo of Spa to. and they they loved it. And then it became well. How do we integrate this with what we got on? Prem. I was like Well.

201
00:35:37.880 –> 00:35:46.790
Geremy Meyers: it cannot be done without 2 different experiences. Right? I can give you. I can give you a storefront on. I give you gateway on Prem. But then you gotta do this other thing if you want to hit

202
00:35:46.800 –> 00:35:54.790
Geremy Meyers: works based in the cloud or flip between 2. And so that was a that was a pain. So when I saw this I go. There’s gonna be a lot of happy customers who’ve been looking at this for for a long time.

203
00:35:54.870 –> 00:36:04.450
Patrick Coble: Right? Yeah. And and I think that’s it’s good that they did it, too, because if we’re all being honest to like the Citrix workspace app once it’s glued to a store.

204
00:36:04.470 –> 00:36:13.350
Patrick Coble: It likes to be glued to one store, one source of through one oracle. And so if you said you were going to go see that onsite you’re like. Oh, go to this, URL,

205
00:36:13.350 –> 00:36:32.730
Patrick Coble: and if you go to you, go to this URL, and all the things aren’t in both things. Only half the things are in the other place, right? And so when you finally had this, then it’s like, Go to one URL you’ll see all the things. There’s a couple of cloud sprinkles here, but everything else is the regular ice cream you’ve been eating every day right?

206
00:36:32.740 –> 00:36:48.810
Bill Sutton: Exactly so the in the blog it talks a little bit about use cases. I want to touch on these just real quick. They They identified 3 here up there on the screen. One is we’ve talked around a lot of this, but one is, for you know, secure access for employees and contractors.

207
00:36:48.810 –> 00:36:57.460
Bill Sutton: The other is Z. T. And I are 0 trust, and for enforcement for the last mile, and then M. And a. Any comments. Let’s talk about the first use case First

208
00:36:57.470 –> 00:37:11.590
Bill Sutton: secure access for employees and contractors from managed to unmanaged devices to internal web and Sas apps. I think we’ve kind of touched on anybody. Want to make any comments relative to that use case

209
00:37:11.660 –> 00:37:16.580
Todd Smith: changes that have occurred within this contract or in employee use case right.

210
00:37:17.110 –> 00:37:21.510
Todd Smith: push on the contractor side. A a lot of a lot of organizations are are

211
00:37:21.590 –> 00:37:26.580
Todd Smith: starting to use some type of crowdsourcing or some type of gig

212
00:37:26.820 –> 00:37:35.890
Todd Smith: based almost like a task rabbit type of type of approach. Right? I need something very specific done for a very short period of time.

213
00:37:36.130 –> 00:37:42.370
Todd Smith: I need to grant you access, and I can’t go through the month. It’s gonna take to get someone up to speed.

214
00:37:42.390 –> 00:37:45.920
Todd Smith: Get them the system that they need to do. I just need them to hit a website.

215
00:37:46.030 –> 00:37:55.450
Todd Smith: but I wanna make sure I, that website we had a large opportunity a couple of years ago at a at a yearbook company. Actually.

216
00:37:55.530 –> 00:38:00.740
Todd Smith: they do most of the high school yearbooks for. you know.

217
00:38:02.130 –> 00:38:11.690
Todd Smith: students to to get, and they have a lot of you know. The Yearbook Club at the school gets access to the design tools and things like that.

218
00:38:11.770 –> 00:38:21.070
Todd Smith: but it’s for a very short period of time. and they’re uploading and downloading content. They’re editing things. They’re doing all kinds of different components on this

219
00:38:21.580 –> 00:38:26.840
Todd Smith: I don’t want to have to build out a huge infrastructure for something that i’m going to tear down at the end of the school year.

220
00:38:27.010 –> 00:38:37.860
Todd Smith: I needed to be very secure, be able to to have the uploading and downloading what the up, specifically, the uploading of photographs and content and things like that.

221
00:38:37.890 –> 00:38:40.660
Todd Smith: But I want it to go away very quickly.

222
00:38:40.860 –> 00:38:49.370
Todd Smith: That’s being that’s become a very normal business practice, right? Granting someone very temporary access for a very specific task.

223
00:38:49.550 –> 00:38:53.130
Todd Smith: And then, when they’re done with that task. take it away

224
00:38:53.640 –> 00:38:54.310
Bill Sutton: right

225
00:38:54.360 –> 00:38:56.270
Todd Smith: without them to go and collect

226
00:38:56.390 –> 00:38:58.480
Todd Smith: equipment, turn off

227
00:38:59.080 –> 00:39:02.540
Todd Smith: access, and things like that. I just wanted to to be seamless.

228
00:39:02.940 –> 00:39:04.230
Todd Smith: It’s good. You’re so good.

229
00:39:04.360 –> 00:39:23.790
Geremy Meyers: Here’s a little subtle twist on least privilege access. So not quite in this bucket. But when you think about it. What you used to have to do when you were publishing a web browser for contractor. We had to spin up a session on a Zen server in the data center, right? And so you had to make sure that that session was locked down. So even though i’m managing copy and paste and those sorts of things.

230
00:39:23.790 –> 00:39:34.740
Geremy Meyers: you know, within the session to out of the session. I also have just probably smokes. A lot of group policies turned on just to restrict access, had to make sure that Zenap with host was secure the whole 9 yards.

231
00:39:34.770 –> 00:39:49.140
Geremy Meyers: In this case you’re removing that piece of it, and you’re relying simply on that Spa session. And there’s very little that you’re allowing through by default. except for just access to this one web app. So you’ve you’ve got an opportunity just to by default.

232
00:39:49.250 –> 00:39:57.070
Geremy Meyers: you know, provide a different level of security than just given a contractor as an app session, which sounds a little weird, because we always talk about Zen up sessions being pretty secure.

233
00:39:57.330 –> 00:39:58.020
Patrick Coble: Okay.

234
00:39:58.320 –> 00:40:16.300
Bill Sutton: absolutely. So. Use case, too. Looks very similar when you look at the language, but it says, Provide comprehensive, comprehensive last miles, your trust Enforcement, and then it goes through the lot of the same things. So what is last mile? 0 trust Enforcement really referring to there, Patrick, can you take that one?

235
00:40:16.300 –> 00:40:24.140
Patrick Coble: Yeah. Well, I i’m sitting there as soon as you highlighted it. I was like, you know. It should be changed from last mile to the last inch.

236
00:40:24.270 –> 00:40:41.020
Patrick Coble: and why it should be changed to the last inch is because it’s one inch away from clicking this browser versus the Citrix enterprise browser one inch away on your screen from clicking this thing versus that thing working in a space that is secure and working in a space that is not secure.

237
00:40:41.020 –> 00:40:59.810
Patrick Coble: And so that’s where I think it’s there, because after a mile the game’s over right that last inch, that last click where you put your mouse matters. And but yeah, being able to control that endpoint beyond just endpoint, protection or content control right? That’s where this really shines.

238
00:40:59.810 –> 00:41:04.970
Patrick Coble: and that’s where they’re referring to that last mile which should be trained to a last inch

239
00:41:06.020 –> 00:41:10.040
Bill Sutton: Gotcha, and the last use case, accelerate merger and acquisitions.

240
00:41:10.050 –> 00:41:24.110
Bill Sutton: We run into this a lot with with well, with M, and a a lot with M and a and a joint ventures and things along those lines, but it talks about leveraging multiple identity providers here. Anybody want to take this one real quick.

241
00:41:25.150 –> 00:41:40.030
Todd Smith: Yeah, actually, Jeremy, I can probably both take this because we’ve been living this for the past several months, you probably getting access to getting access to companies, websites as new employee, or as a

242
00:41:40.310 –> 00:41:42.140
Todd Smith: employee that’s being

243
00:41:42.180 –> 00:41:45.610
Todd Smith: merged in with another organization.

244
00:41:45.920 –> 00:41:48.770
Todd Smith: Yeah, think about the complexity of

245
00:41:49.160 –> 00:41:50.990
Todd Smith: having to open up

246
00:41:51.150 –> 00:42:03.170
Todd Smith: firewalls and open connecting networks and connecting data centers that used to be. You know, that used to be a 6 month long process. I I think Jeremy and I live through this in a.

247
00:42:03.250 –> 00:42:03.960
Todd Smith: you know.

248
00:42:04.150 –> 00:42:15.160
Todd Smith: One day we’re being told that tomorrow you’re gonna get an email with the following link. And here’s how you sign in it’s gonna be different set of credentials. But Don’t worry your single sign on it’s gonna work. It’s gonna pass through.

249
00:42:15.850 –> 00:42:18.420
Todd Smith: I mean, this is something that

250
00:42:18.790 –> 00:42:23.020
Todd Smith: once again this is becoming part of the new normal. When it comes to

251
00:42:23.220 –> 00:42:27.450
Todd Smith: on boarding new employees or newly acquired employees.

252
00:42:29.190 –> 00:42:30.100
Bill Sutton: Absolutely

253
00:42:30.720 –> 00:42:50.580
Bill Sutton: All right. Let’s see that that covers the entire article. It’s been a great discussion. I I guess we’ll wrap it up now. I I think you know. And Andy said this a couple of weeks ago. I forget what we were, what the subject was at that time that Citrix clearly is, is putting their their money where their mouth is, so to speak, in terms of

254
00:42:50.720 –> 00:43:08.800
Bill Sutton: doubling down and delivering on the concept of the hybrid cloud, and making sure that all of their solutions run not just in the cloud, but also on premises to address those customers. So I, who knows to Citrix for really doing this? This has been one that we’ve had customers ask about, Can I do this on premium? And

255
00:43:08.800 –> 00:43:16.180
Bill Sutton: here we’ve got the solution. Now that we might be able to leverage this for a lot of these customers that are looking for these solutions so definitely a positive thing. There

256
00:43:16.240 –> 00:43:22.590
Bill Sutton: any final words from you guys about this or any any other anything else related to the blog?

257
00:43:23.750 –> 00:43:34.220
Geremy Meyers: Yeah, a couple of things. I’ll highlight the deployment guide at the bottom there. So that is out of tech zone. So if you’re if you’re not a tech zone fan, become one, because there’s a lot of really good content out on tech zone.

258
00:43:34.240 –> 00:43:40.800
Bill Sutton: Yeah. And then the other 2 is really, I guess, kind of some Easter eggs here. So maybe this becomes a thing.

259
00:43:40.830 –> 00:43:45.710
Geremy Meyers: We use the word dazzle, and every podcast going forward. So

260
00:43:45.710 –> 00:44:02.140
Bill Sutton: you have to. You have to find a way. It’s still in the registry, you know, for sure I had a I had a healthcare client many years ago, and that’s what they that’s what they label. We put it in. It was then called Basil, and I think even to this day

261
00:44:02.140 –> 00:44:29.180
Bill Sutton: folks still call it dazzle. We’re going to the Dazzle website. I’m like it’s really not called that any more guys, but just, you know, just go for it with the remember when the Germans Bob Pearl Harbor. Yeah, just let him go with. He’s on, roll it still, and go with it. And then, secondly, Bill, did you say financial force is a an erp system that runs on the salesforce platform. It’s a different company. We’re migrating to that for our internal

262
00:44:29.180 –> 00:44:33.620
Bill Sutton: Psa: our internal project management system in the summer.

263
00:44:33.850 –> 00:44:45.680
Bill Sutton: Okay, I didn’t know that was a thing I thought you were just finding a clever way to not say salesforce, but it runs. It runs on the salesforce on the force platform, which is salesforce is kind of native language, I guess now

264
00:44:45.720 –> 00:44:49.220
Geremy Meyers: so many things are coming together. I didn’t realize the force

265
00:44:49.370 –> 00:44:59.600
Geremy Meyers: was a platform, and I think we’ll probably find out at some point that salesforce was invented over beers. After the first pre Prequel came out.

266
00:44:59.690 –> 00:45:06.690
Bill Sutton: That would be an interesting discussion, for sure it’s. It’s timely that you brought us down this rat whole thing, because.

267
00:45:06.990 –> 00:45:08.000
Todd Smith: you know.

268
00:45:08.050 –> 00:45:21.830
Patrick Coble: I mean we can end on baby yoda, and this is a good that’s a good session. There you go. That’s how the dot coming up on May the fourth yeah, it’s made the fourth, and then Cinco de Mayo.

269
00:45:22.650 –> 00:45:32.310
Bill Sutton: There you go, alright, guys, we’ll wrap it for today. Thanks, thanks a lot. Thanks for joining thanks for listening to our listeners and and have a great day.

270
00:45:32.350 –> 00:45:34.050
Patrick Coble: That excellent. See? You guys.

271
00:45:34.950 –> 00:45:35.680
Bill Sutton: Yeah.