80: IGEL Weekly: Enhance Endpoint Security with Citrix Endpoint Analysis (EPA) for IGEL OS

Jun 3, 2023

IGEL and Citrix have enjoyed a strong technical and marketing alliance within end-user computing for decades. The latest evidence of this is IGEL integrating the Citrix Gateway plugin into the IGEL OS for direct access to Citrix Endpoint Analysis.

This integration in IGEL OS is unique and supports our joint customers with easy, direct access so they can run device checks centrally from the IGEL Universal Management Suite (UMS) management console without requiring any further plugin permission or installation.

WEBVTT

1
00:00:02.640 –> 00:00:19.170
Andy Whiteside: Everyone welcome to the episode. 79 of Idl Weekly and Host Andy White Side this week is at a corporate edition. We’re gonna to mix it up, though, and actually, we’ll blog from the citric site and talk a little bit about endpoint analysis, and simply how it relates to I gel got Chris, Feeney with me. Chris, how’s it going?

2
00:00:19.190 –> 00:00:28.269
Chris Feeney: It’s going well, man, I feel like it’s been forever in a day since we’ve been together in the same. Podcast been busy first part of the year. That’s for sure.

3
00:00:28.540 –> 00:00:36.720
Andy Whiteside: Things are Things are well, yeah, part of the year. It’s June, almost right. We’re still. It’s crazy. Not only remember where the first half, when?

4
00:00:37.860 –> 00:00:47.250
Chris Feeney: Yeah, looking at the lot of expense reports getting in and out. And now but there’s been a lot of things to talk about, and exciting beginning of the year, for sure. So

5
00:00:47.750 –> 00:01:07.579
Andy Whiteside: so your ears are probably burning. I met a several people, several health care customers last week, and you know they’re working with Itel, and some of them know you slightly, and some of them don’t know you at all. And I was like, Well, that’s the guy we need to get you hooked up with if you’re talking about it. And some of these health care workflows So hopefully, my team is doing that. And you should

6
00:01:07.640 –> 00:01:20.450
Chris Feeney: get a couple more customers wanting to just chat with you and us occasionally. Yeah, I, the area that you cover at least the original area. I I spent a lot of time developing that territory. and

7
00:01:20.630 –> 00:01:24.889
Chris Feeney: and there are some people still around that I know and a few that I don’t. But

8
00:01:25.090 –> 00:01:26.840
Chris Feeney: yeah, it. It’s

9
00:01:27.020 –> 00:01:45.419
Chris Feeney: starting to get engaged more in those conversations, and the exciting thing is we we are bringing something to market. We are not talking about today. But we’re we’re weeks away from launching a new integration within provider that I’ve been very excited about. So more to come on that we’ll, we’ll definitely highlight on a podcast in the in the coming weeks.

10
00:01:45.900 –> 00:02:12.300
Andy Whiteside: Well, this is actually well, okay, so this is off the suit. The blog we’re talking about today is enhanced endpoint security with citrix endpoint analysis. EPA for I, Jo OS, and it’s from a guest. So the guess is actually Catherine, what looks like Gallagher Yup marketing. And I gel so it’s technically is an id blog just happens to be hosted on the the Citrix blog site.

11
00:02:12.400 –> 00:02:41.410
Andy Whiteside: The longstanding partnership we’ve had with Citrix over the decades now. and this is yet another integration that we can talk about today.

12
00:02:41.810 –> 00:02:56.240
Andy Whiteside: 0 trust as integral. We eliminated the idea by the the only way you could use VoIP is to log into our workspace and get a mitigated, a mitigated experience, where you only have access to say like a virtual desktop.

13
00:02:56.380 –> 00:03:22.639
Andy Whiteside: at the same time, if you have a byod device, but you move from a U d pocket, then all of a sudden you can have it, and then you can have access to everything again. So that’s a that’s the future design here. It’s integrated somewhat in place now. But you know, using citrix input analysis to determine. Okay, is this an igl unit or not? That’s that’s what we’re going to be doing. And one things I love about our company is we use the technology. Therefore we can stand behind things that we believe we’re

14
00:03:22.640 –> 00:03:30.840
Andy Whiteside: and you don’t have to, Mr. Customer. Guess at what works or try to figure it out. You can follow our blueprint, or you can talk to us about, you know, deviations from

15
00:03:31.630 –> 00:03:33.959
Chris Feeney: yeah, no doubt. I think that’s

16
00:03:34.080 –> 00:03:47.260
Chris Feeney:  using it. Certainly getting a feel for it. I I’ve been heavily testing this this new integration. We’ve had, you know, on on different platforms and trying different things, and and getting a sense of.

17
00:03:47.390 –> 00:03:55.259
Chris Feeney: you know, do we feel like it’s, you know, ready to go, but but using it, certainly it gives you that confidence. And like, I said, when I’m on the road

18
00:03:55.350 –> 00:04:00.730
Chris Feeney: I carry my agile laptop, and it’d be pockets and swap them back and forth. So

19
00:04:00.790 –> 00:04:16.889
Chris Feeney: And with this. This is this really this idea, that store? This is remind me of my first year at Ijo and one of the Federal accounts they I wouldn’t call endpoint analysis, but their users needed to. In order to access their rise and desktop. They needed to

20
00:04:17.140 –> 00:04:25.549
Chris Feeney: have a VPN client that they were using. But it wasn’t enough just to have that. They wanted to be able to know that it was an ideal device coming in.

21
00:04:25.600 –> 00:04:28.109
Chris Feeney: And so we did something to try to make that

22
00:04:28.160 –> 00:04:36.139
Chris Feeney: acceptable when they were connecting in. And then once they passed that checkmark essentially, then they could, you know, proceed forward. So this is

23
00:04:36.290 –> 00:04:40.790
Chris Feeney: that similar kind of idea here, I’m sure it’s way better.

24
00:04:41.000 –> 00:04:50.459
Andy Whiteside: Yeah, he, Chris, your audio, maybe a little low, so maybe turn it up a little bit, or just speak up a little bit, but no part. Let me just check my microphone.

25
00:04:50.920 –> 00:04:52.840
Chris Feeney: Yeah, I know exactly what the prominent.

26
00:04:53.160 –> 00:04:54.820
Andy Whiteside: So I think we’ve covered.

27
00:04:54.930 –> 00:05:14.310
Andy Whiteside: you know, the general idea here. the the first real topic, once you get past the introduction is granular control enables direct access to analyze and check device posture. first paragraph, just talking about grants the it it administrators such in point out to how run health check

28
00:05:14.370 –> 00:05:17.529
Andy Whiteside: to to the targeted device.

29
00:05:17.750 –> 00:05:31.160
Andy Whiteside: and then really goes into this section here where it talks about the detect. What I think is most important here. When it comes to Ig because some of this other stuff doesn’t matter. And that is what is the actual operating system. Do you do you know, if there’s a specific

30
00:05:31.520 –> 00:05:36.350
Andy Whiteside: check that it checks specifically, for I gel when it’s looking at the endpoint.

31
00:05:36.440 –> 00:05:47.260
Chris Feeney: Yeah, I was just looking at. I need to check, because it’s obviously it’s it’s And, by the way, it is my audio better, it is alright. This is just a live demonstration of using a much better

32
00:05:47.260 –> 00:06:10.910
Andy Whiteside: audio like this. Epo headset little side we should have them as a sponsor. By the way, anyway, I think we’re caring about them all done my webcam wasn’t getting the job done. So we’re we’re working much better. Audio now, simple put if if you use virtual apps and virtual desktops and use, and you don’t use at least something similar to epo. You’re using the wrong thing. Correct?

33
00:06:10.910 –> 00:06:20.190
Chris Feeney: but yes, I believe there is. you know some level of checking there. I was checking to see, since it is part of the workspace app more specifically 2302

34
00:06:20.300 –> 00:06:29.180
Chris Feeney: That’s where I was looking to see if there’s a I see if it’s not on our side on their side where you say make sure it’s an igl, or you could specify it

35
00:06:29.300 –> 00:06:31.010
Chris Feeney: as such. So.

36
00:06:31.810 –> 00:07:01.430
Andy Whiteside: and you get checked. And it’s determined that your OS is Ij or some supported operating system, or, better yet not some not supported operating system or your your updates, your OS updates, your antivirus updates or antivirus period, your firewall, your web browser. Certain software is are up to date. you know. Do you? Can you explain what happens next? Yeah, this is a great question. So obviously, one of the benefits of I gel is.

37
00:07:01.450 –> 00:07:09.959
Chris Feeney: is it read on the OS. We don’t need a lot of that stuff like the end of our software or various things, but other things that might make sense to check our

38
00:07:10.140 –> 00:07:40.040
Chris Feeney: if the OS version does need to be updated, and on version 11 that but obviously include whatever the citrix workspace app is, or maybe the chromium browser. For, for, for example, what versions of those are out there? If, for example, there is a need to go to a higher version. I guess, as of 2302, anything higher than that. would they check for that? And And then, before proceeding, make sure that the OS gets an update. Now

39
00:07:40.380 –> 00:07:52.260
Chris Feeney: for those that administer idol, they know that as soon as the device comes online, whether it’s on the in the office talking to the Ums server directly or remotely managed, you can push out an update rather quickly.

40
00:07:52.330 –> 00:08:05.560
Chris Feeney: so that it is up to speed before it tries to connect into resources. So there are ways to handle that. But assuming that had not occurred this. This would basically do that check and say, hang on, you gotta you gotta update before you can connect.

41
00:08:06.430 –> 00:08:10.030
Andy Whiteside: Yeah. And I guess what I would highlight. In addition to that is.

42
00:08:10.060 –> 00:08:25.599
Andy Whiteside: you can grant access to some resources. but not others. So you can pick and choose. Do you give them a virtual desktop. Maybe. Probably I don’t know. You give them a virtual desktop. But turn off. You know, file redirection. Yeah. Maybe printings turned off. All kinds of things can happen.

43
00:08:26.330 –> 00:08:30.910
Chris Feeney: Yeah, the power of of those policy driven decisions.

44
00:08:31.050 –> 00:08:40.330
Chris Feeney: that is, I think, where you guys definitely excel on the Citrix knowledge mine. not so much. I could make a educated guess as to what those options might be. It could be.

45
00:08:44.540 –> 00:09:04.839
Andy Whiteside: and and part of that, too is, and this is, I struggle. I I meet people every week, and even though it’s 2023 people still either see Citrix as published apps, or some type of virtual server desktop or Vdi desktop. And if I were to long and it log into my workspace today, you would see just, you know, 50 different things that I can go and do

46
00:09:05.060 –> 00:09:08.060
Andy Whiteside: most of them. I don’t have to launch a virtual app or desktop to do.

47
00:09:08.270 –> 00:09:13.090
Chris Feeney: Yeah. And it’s really we talked about a lot. I mean, windows is just a

48
00:09:13.200 –> 00:09:22.389
Chris Feeney: a platform to access apps, you know, and there’s just a lot of apps that still need that type of platform, but a lot of them have migrated over

49
00:09:22.630 –> 00:09:25.870
Chris Feeney:  and are easier to get into.

50
00:09:25.930 –> 00:09:34.750
Chris Feeney: let alone some of the, you know. authentication scenarios where you can authenticate once, and then it kind of gives you access seamlessly across your

51
00:09:34.760 –> 00:09:36.109
your resources.

52
00:09:36.210 –> 00:09:44.030
Chris Feeney: And I’ve tried. I know, for example, we talked about it before I I I’ve tried to work out of just the edge browser, for example, for a day

53
00:09:44.290 –> 00:09:47.719
Chris Feeney: and everything I need out of there, and honestly.

54
00:09:47.890 –> 00:09:49.410
Chris Feeney: a terrible experience.

55
00:09:49.560 –> 00:09:56.730
Chris Feeney: You know. I’m sorry it didn’t come through. Did you say? A terrible experience or not? No, not a terrible, I mean.

56
00:09:56.820 –> 00:10:05.660
Chris Feeney: Remember, when you guys had your kick off in Nashville, I forced myself to present from. We’re doing it through teams, but from the browser.

57
00:10:05.950 –> 00:10:11.379
Chris Feeney: in this case, edge on my device. I think it was my igl device. And it worked great.

58
00:10:11.530 –> 00:10:12.250
Andy Whiteside: Yeah.

59
00:10:12.900 –> 00:10:25.539
Andy Whiteside: yeah, the only real real wild part of your environment set up is network latency, and I did it last week at a Ruth Chris, and you know it 5 years ago. I’ve been really scared these days. I was less scared, and it worked worked really? Well.

60
00:10:27.200 –> 00:10:34.549
Chris Feeney: Yeah, I’m less scared about the the latency pieces, I mean, especially when you’re running a virtual desktop these days. It just seems to have

61
00:10:35.790 –> 00:10:58.279
Andy Whiteside: the experience. Factors go on on way way up, even if it’s just on for G. Lt, or whatever. It’s not terrible. Yeah. Well, yeah, it’s the. It’s the latency that’s the key. And I’m I’m using it this morning on my all in one back here and working. And you know a little bit of typing latency which I could talk to my team about, but other than that, it’s been a phenomenal experience, and very secure all at the same time.

62
00:11:00.000 –> 00:11:23.369
Andy Whiteside: Nice. Well, I think, you guys, you mentioned earlier, you’re going to try to implement some of this EPA stuff or already, are is that correct? Well, we’ve gone from, you know, being a Citrix partner, that was all about byod to being a partner who understands that boid be. Oh, bring your own device, Byod is a is a good thing, but needs to be mitigated and controlled.

63
00:11:23.370 –> 00:11:30.240
Andy Whiteside: you know, between single identity sign on a multi-factor challenge.

64
00:11:30.240 –> 00:11:42.770
Andy Whiteside: you know, good identity provider scenario between all that, plus plus controlling the devices with either a tanium agent, or, you know, limiting devices to something that we send out.

65
00:11:42.830 –> 00:11:57.159
Andy Whiteside: If you do. If you have all that, then you get, see everything. If you don’t have one of those, and you get, see a small subset of things. But for the most part it’s what the people need to do their job. So we’re you know, we’re implementing a user experience, a 0 trust.

66
00:11:57.270 –> 00:12:05.999
Andy Whiteside: High definition, user experience is probably the best way to say that I think not enough. People say those 2 things in conjunction. and it really needs to be both at the same time.

67
00:12:06.660 –> 00:12:17.790
Andy Whiteside: Yeah, the the 0 trust, the high definition experience. Is that what you said? High definition, user experience, 0 trust or 0 trust with a high definition user experience. That’s actually your goal.

68
00:12:17.910 –> 00:12:18.710
Chris Feeney: Yeah.

69
00:12:19.310 –> 00:12:23.139
Chris Feeney: no, I like that. It it. It’s it’s, you know, it goes back to

70
00:12:23.400 –> 00:12:33.119
Chris Feeney: what I learned years ago. trying to implement. you know, new technology or enhance technology and health care. You gotta find the right mix between security and convenience.

71
00:12:33.290 –> 00:12:41.129
Andy Whiteside: And if you get that blended together and the user doesn’t really know that behind the scenes there’s a bunch of security in place to make that a great experience.

72
00:12:41.270 –> 00:12:42.320
Chris Feeney: That’s

73
00:12:42.650 –> 00:12:52.250
Andy Whiteside: once, they say the Holy Grail, if you will. But that’s that’s what you’re aiming for. The the restaurant in town with the best food, but without a good customer. Experience is not going to be a great restaurant.

74
00:12:52.800 –> 00:12:53.770
indeed.

75
00:12:54.270 –> 00:13:02.870
Chris Feeney: that we yeah, we went to one we this weekend we been there years and years, but admin in a while we went back, and

76
00:13:03.750 –> 00:13:07.849
Chris Feeney: they they could have made it a much better experience if they even just had.

77
00:13:08.290 –> 00:13:14.740
Chris Feeney: like music playing lightly above. Right? It was just it was dead quiet, if you will, and you can kind of hear whether you were

78
00:13:14.750 –> 00:13:16.360
Chris Feeney: talking about it, and

79
00:13:16.630 –> 00:13:38.209
Chris Feeney: you know just all. You always use a little bit of ambience, and it would have made it a little bit better. It could actually have bad food. But good omni and people would actually maybe likely like it come back. Yeah. So just that little thing we’re like, you know what? I probably will come back here for a while, if at all. So it’s all about understanding that crazy thing that matters the most, and that is the human being.

80
00:13:38.610 –> 00:13:42.320
Chris Feeney: I guess, to look at it this way. If if the end user knows that

81
00:13:43.050 –> 00:13:53.789
Chris Feeney: it’s Citrix or I jail, or whatever. And they start using those words. Then you realize you’re kind of in a bad situation. Generally speaking, you know, if if they’re having problems and they’re like, oh, it’s this.

82
00:13:53.920 –> 00:14:00.100
Chris Feeney: you know you you want to try to make that invisible if you will. and

83
00:14:00.120 –> 00:14:06.859
Chris Feeney: you know, you can do a lot. Obviously with these combination of technologies. But if they are already starting to put those words in a bad context, you

84
00:14:06.900 –> 00:14:08.670
Chris Feeney: you’re fighting an uphill battle.

85
00:14:08.840 –> 00:14:31.770
Andy Whiteside: Well, and what I dislike the most, and I’ve done it with people. Multiple times in my career is when you make that support call and the tier one guy starts specifically telling the end user what it is they’re dealing with and potentially blaming the part that isn’t even the problem. But they don’t know any different. They just think they sound smart by by throwing out the the different technologies under the covers that will get me red up in a heartbeat.

86
00:14:32.070 –> 00:14:34.590
Chris Feeney: Yeah, I’m very much

87
00:14:35.170 –> 00:14:37.210
Chris Feeney: my approach is is

88
00:14:37.250 –> 00:14:42.450
Chris Feeney: obviously understanding. What is the the use case we’re trying to achieve? Has that been

89
00:14:42.470 –> 00:14:45.289
Chris Feeney: correctly set up? And if so

90
00:14:46.320 –> 00:14:51.449
Chris Feeney: are we dealing with? Okay, something’s not quite working. We got to fix that, or is it? You know.

91
00:14:51.960 –> 00:15:03.710
Chris Feeney: it’s something they want to do that we have never done before or whatever right? Or maybe it’s a true bug, whatever. Yeah, so and there are true bugs. But more than not as configuration issues.

92
00:15:03.770 –> 00:15:07.309
Chris Feeney: I just. I can’t live driving into the weeds right out of the gate.

93
00:15:07.680 –> 00:15:14.090
Chris Feeney: My I do a trust, but verify I love that. That was my Ronald Reagan’s kind of approach when they were

94
00:15:14.300 –> 00:15:26.380
Chris Feeney: keeping the Russians at bay. Right? You know they had this and that really, honestly, from my days in the Federal that really referred to the verify was our spy satellites checking on them, making sure they were.

95
00:15:26.490 –> 00:15:28.949
Chris Feeney: you know, staying through to the

96
00:15:29.230 –> 00:15:35.539
Chris Feeney: negotiations, and and whatever. But but yeah, trust the verify. I I use that.

97
00:15:35.810 –> 00:15:41.100
Chris Feeney:  yeah, I understand what your problem is. But let me just take a look at a couple of things first. So.

98
00:15:42.460 –> 00:15:53.210
Chris Feeney: we actually can do that today with one of your teams customers trying it out. And something’s not quite going right. I don’t know exactly what the problem is. We’re gonna take a look. And my, I suspect it’s just configuration, and should be

99
00:15:53.310 –> 00:15:55.660
Chris Feeney: in and out in 10 min hopefully.

100
00:15:56.000 –> 00:15:56.800
Chris Feeney: So

101
00:16:00.340 –> 00:16:01.659
Chris Feeney: I can hear you.

102
00:16:01.710 –> 00:16:03.360
Chris Feeney: Not really, I think.

103
00:16:03.580 –> 00:16:05.309
Chris Feeney: check your audio, my friend.

104
00:16:08.980 –> 00:16:10.170
Chris Feeney: Nope.

105
00:16:22.910 –> 00:16:25.740
Andy Whiteside: okay, how about now?

106
00:16:26.020 –> 00:16:31.269
Andy Whiteside: A microphone would die on me or something. Anyway, I’ll tell you. I’ll get excited because

107
00:16:31.400 –> 00:16:39.609
Andy Whiteside: Max from E post. Just let me know kind of the headset for me. So I’m excited about that.

108
00:16:39.980 –> 00:16:46.849
Chris Feeney: I whether it’s the Speaker phone or this one that I use, and I’m walking around the house or something or the adapt ones that I carry on the road with me.

109
00:16:47.130 –> 00:16:50.200
Chris Feeney: this stuff’s awesome. So

110
00:16:50.750 –> 00:16:52.210
Chris Feeney: makes a difference.

111
00:16:52.420 –> 00:17:00.109
Andy Whiteside: Yeah, it’s over to one, my Yeti Mike whatever, however, quit working on me, and now I’m on the device for right sound and

112
00:17:00.280 –> 00:17:10.139
Andy Whiteside: save the day again. All right. Well, Chris, thank you for the time. I know you got a lot to do coming off a holiday weekend. I know I got a ton to do but appreciate it, and we’ll do it again a couple of weeks.