Monthly Archives: June 2010

You are browsing the site archives by month.

Citrix Wins (Again)

Congratulations to Citrix for, once again, being awarded the Microsoft Global ISV Partner of the Year award! For those of you keeping score, that’s four times in the last eight years that the award has gone to Citrix:

  • 2003 - Citrix wins Global ISV Partner of the Year.
  • 2005 - Citrix wins Global ISV Partner of the Year.
  • 2006 - Citrix is awarded a Microsoft Information Worker Solutions Specialization award.
  • 2008 - Citrix wins Global ISV Partner of the Year.
  • 2009 - Citrix is a finalist for the Global ISV Partner of the Year.
  • 2010 - Citrix wins Global ISV Partner of the Year.

This is an outstanding record of achievement, and all our friends at Citrix deserve hearty congratulations for it - but it’s important for another reason, too. It should send a clear message to Citrix customers and prospective customers that the Citrix/Microsoft relationship is as strong as it’s ever been. In fact, you could build a case that it’s stronger, because there are more touch points in that partnership than ever before. In addition to the value XenApp brings to Remote Desktop Services, you now have:

  • Citrix Essentials for Hyper-V, which brings significant enhancements such as Site Recovery Manager to Hyper-V.
  • Branch Repeater with Windows Server - the WANscaler WAN optimization technology running on a Windows Server-based appliance, thereby giving you a single branch office appliance that can function as a local Domain Controller, a provider of important services such as DNS and DHCP, local file and print services, and provide WAN acceleration and optimization.
  • Citrix XenDesktop, which has been endorsed by Microsoft as their preferred solution for VDI.

Those of you who were around the industry in the mid-90s may recall that, during the transition from NT v3.51 to NT v4.0, there were serious doubts as to whether Citrix would even survive. But against all odds, and thanks to some intensive negotiations, Citrix and Microsoft signed the deal that led to the introduction by Microsoft of NT4, Terminal Server Edition, and Citrix MetaFrame, which added value to NT4, TSE - and set the pattern for the relationship that has continued to this day.

Nevertheless, in the late 90s, even some of the folks at Microsoft didn’t know quite what to think about Citrix. Shortly after the release of NT4, TSE, a Microsoft employee who will remain nameless (partly because I don’t remember his name, but I wouldn’t reveal it even if I did) commented to me that he didn’t understand why anyone would spend money on Citrix, because once Windows 2000 was released, no one would need it anymore. I’m happy to say that you’re unlikely to find that attitude at Microsoft today - and part of the reason is that all of those Global ISV Partner of the Year awards also sent a clear message throughout Microsoft that this was an important, strategic partnership. A large part of the credit also goes to the outstanding liaison team Citrix has placed in Redmond. And I speak from experience: since we’re also here in Microsoft’s back yard, I’ve had the privilege to get to know some of the folks on that team. They’re great people, and the state of the Citrix/Microsoft partnership today is also a reflection of the hard work they’ve put in.

The last decade has been nothing if not interesting for us Citrix partners. I’ve lost count of the number of times the rumor has resurfaced that Microsoft (or someone else) was going to buy Citrix. (I think the most recent rumor had Oracle as the buyer.) And, invariably, every time Microsoft releases another version of Windows Server, there are still those who predict that, with this version, people won’t need Citrix anymore. Yet Citrix continues to find ways to add value, grow their customer base, and continue to grow their business - and that’s also a remarkable achievement.

So here’s a big shout-out to Mark Templeton and his entire team. I’m not going to try to list names, because there are way too many to list, and I know I’d leave out someone important. Besides, you know who you are. It’s been one heck of a ride (and it’s not over yet). Thanks for letting us share it with you!

Seven Days and Counting

Just in case you haven’t heard, there’s one week to go on the Citrix XenDesktop 4 Trade-Up Promotion. Here’s a quick recap:

  • The XenDesktop 4 Enterprise and Platinum Editions include all of the functionality of the corresponding XenApp edition. In other words, if you buy XenApp licenses today, you get XenApp. If you buy XenDesktop licenses, you get XenDesktop and XenApp.
  • however, the license model changes: XenApp licenses have always been - and continue to be - based on concurrent use. If you own 100 XenApp licenses, it doesn’t make any difference how many users hit your XenApp farm, you’re just limited to a maximum of 100 at any given time. XenDesktop Enterprise and Platinum licenses are non-concurrent - they are either per user or per device (your choice).
  • on the other hand, XenDesktop licenses are only about half the price per license as XenApp licenses. That means if your concurrency ratio (the ratio of total users to concurrent users) is less than 2-to-1, you’re better off buying XenDesktop licenses even if all you plan to use today is XenApp! You’ll pay less money, and you’ll have all that XenDesktop functionality in your back pocket ready to be deployed when you’re ready.
  • The current trade-up promotion allows you to convert your existing XenApp licenses to XenDesktop licenses at a price that you will probably never see again. This promotion is ending June 30.
  • If your Citrix Subscription Advantage is current, and you trade up all of your XenApp licenses, Citrix will give you two XenDesktop licenses for every XenApp license you trade up. E.g., if you have 100 XenApp licenses, your Subscription Advantage is current, and you trade up all 100 of them, you’ll end up with 200 XenDesktop licenses.
  • If your Subscription Advantage has been expired for a while, you may find that it’s less expensive to trade up to XenDesktop (which will come with a year of Subscription Advantage) than to pay the fee to get Subscription Advantage reinstated on your XenApp licenses. You won’t get the 2-for-1 deal, so you’ll have to look closely at whether the new license model will mean you have to buy additional licenses, which will obviously affect whether or not the total cost is advantageous to you, but it’s worth running the numbers to find out.
  • If the Subscription Advantage renewal on your XenApp licenses is coming due soon, consider the benefits of redirecting those renewal dollars to help pay for the trade-up. That can make an already-sweet deal even sweeter.

Citrix has a helpful on-line trade-up calculator that you can use to help you compare costs. You’ll need to enter (1) how many XenApp licenses you own, (2) how many of them you want to trade up, (3) what version of XenApp you own, (4) what version of XenDesktop you want to trade up to, and (5) whether or not your Subscription Advantage is current.

I suppose it’s possible that, come July 1, Citrix will announce that they’re extending the promotion…but I doubt it. So far, everyone I’ve talked to at Citrix has assured me that it will not be extended. I’m sure that there will still be an upgrade path after July 1, but it will cost you more money than the current promotion.

One more thing - if you’re going to do this, please don’t wait until the afternoon of June 30 to issue your purchase order! June 30 is like the “triple witching hour” - it’s end-of-month, end-of-quarter, and end-of-promotion. So it’s bound to be crazy busy in the Citrix order entry department. We’ve been requesting that all of our customers get their orders to us by end of business on the 29th, just to make sure that we can get the order placed through distribution and into Citrix’s hands before end of business in Fort Lauderdale on the 30th.

P.S.: We’re frequently asked why Citrix is making the change to non-concurrent licensing for XenDesktop. The main rationale is that if you’re looking at a serious desktop virtualization initiative, your concurrency ratio is probably going to be close to 1-to-1 anyway, so you won’t get much benefit from a concurrent license model. It also aligns more closely with the Microsoft VDI licensing model.

The important thing to remember is that if you are in that situation, you’ll actually spend less money and get more functionality for it, because the XenDesktop licenses will cost you roughly half of what it would cost to buy an equivalent number of XenApp licenses.

And if your use case is primarily to support a large pool of remote users, but you will never have more than half of them logged on at any given time, you can still purchase XenApp licenses to support those users, and they will still be concurrent use licenses.

Will There Be a Tablet Revolution?

I read an interesting post over on ZDnet today that cites a Forrester Research report that predicts that tablets will begin to outsell netbooks in 2012. by 2014, they predict, more people will be using tablets than netbooks, and by 2015, tablets will constitute 23% of PC unit sales.

We can probably thank the iPad for most of the buzz that’s building around the tablet format lately, although tablets have been around for several years now. I’m on my second Motion Computing tablet, and had one of the original Compaq tablets before that, so I’ve used a tablet as my primary business computing device for the last seven or eight years, and I love them…although the way I use them has changed over the years.

When I first started using the tablet format, I thought it was very cool to carry it into a client meeting, fire up OneNote, and use the stylus to take my meeting notes. Over time, though, the “coolness” factor has worn off, and I’ve gone back to using pen and paper - mostly because I don’t have to wait for my pen and paper to boot up, and I never have to worry about battery life.

These days, I love it just for its portability. I’ve got a docking station in my office, and one at home, with external monitors in the two locations. It’s a snap moving back and forth between the two locations, and Win7 does a beautiful job of remembering the monitor settings. For several complicated reasons, the docking station is to the right of my external monitor in my office, and to the left of my monitor at home. I, of course, want to spread my desktop across both the external monitor and the tablet screen, and I also want, in both cases, to have the external monitor set as my primary monitor (because it’s bigger). When I was running Vista, I always had to open the display settings and drag the monitors back and forth when I moved between the two locations - Windows 7 always remembers.

When I travel, I snap on the removable keyboard, fire the tablet up in my hotel room, and just keep it there for the duration of my stay. I no longer need it for email when I’m out and about, because I have my AT&T Tilt (Windows Mobile) phone, and my Celio “REDFLY,” which connects to my Windows Mobile phone via bluetooth, for those times when I need a larger screen and/or keyboard to make reading and replying to email a bit easier. [NOTE: the Celio REDFLY is no longer made]

Side note: Battery life is better as well. With a full charge, I can use my REDFLY and Windows Mobile phone to take notes all day in a training class using the version of Word that came with my phone. My tablet battery won’t last that long. The REDFLY has a substantial battery, plus it extends my phone’s run-time because it doesn’t have to power the phone’s display screen when I’m using the REDFLY. In fact, I can even hook it to the REDFLY with a USB cable instead of using bluetooth, and recharge it from the REDFLY…but I digress.

Personally, I’m intrigued by the iPad, and think it would make a great plaything, but don’t see enough business value compared to my Motion Tablet to make it a compelling purchase. I’m more interested in getting one just so I can demonstrate the Citrix Receiver for iPad to clients.

How about you? Have you ever used a tablet? Do you have one now? Is it an iPad? Have you ever used (or are you now using) one as your primary computing device? Do you have plans to acquire one and/or to support them on your business network? Inquiring minds want to know.

More Facebook Phishing

We’ve talked before about how the Internet threat landscape has changed over the past few years. Increasingly, malware is being distributed, not by sending you an infected email attachment, but by trying to entice you to visit a Web site that will drop the malware onto your computer. It should be no surprise to anyone that, given the explosive growth of Facebook, and given the fact that the fastest growing segments of Facebook users are people who are not “power users,” and who probably don’t know a lot about Internet security, these people are obvious targets for the bad guys.

Here’s a classic “phishing” example - one that recently showed up in my email. Let’s break it down and look at the things that are not quite right about it, and perhaps it will help you spot similar attempts in the future. As you read through this post, you may want to open the images in separate windows, so you can easily see what we’ll be discussing here.

If you’ve got a presence on Facebook, you’ve no doubt received one or more email messages that look like this (I’ve blanked out stuff that might identify the specific Facebook friend who sent me the message):

Legitimate Facebook Notification

There are some things that are consistent across all of the legitimate notification messages that I’ve received:

  • The subject line contains the name of the person who sent me the message (“so-and-so sent you a message on Facebook”).
  • The first line in the message itself also contains the name (“so-and-so sent you a message”).
  • The name is repeated yet a third time next to the sender’s profile pic, along with the time stamp of when the message was sent.
  • The text of the message is included in the email.
  • The hyperlink that’s provided (“To reply to this message, follow the link below”) contains the email address that’s associated with my Facebook account.
  • The footer repeats my email address (“This message was intended for…”), and the big, long, cryptic number that’s provided in the unsubscribe link is the same big, long, cryptic number that was in the reply link.

Now, let’s look at the phishing message:

Phishing Message

First of all, although this isn’t obvious by looking at the message, this email was sent to my personal email address, which is not the address that’s associated with my Facebook account. That was my first clue that something wasn’t right. But let’s look at all the other discrepancies:

  • The subject line just says “You have 1 unread message(s)…” with no indication of who may have sent the message to me.
  • In the body of the message, instead of the sender’s name, it just says “Facebook” sent you a message.
  • There is no time stamp provided.
  • The text of the message itself is not included - because, of course, the sender wants me to click on the link provided to see what it is.
  • The hyperlink provided does not include my email address.
  • The hyperlink is “cloaked,” that is, it doesn’t go to the location it claims to go to. As you can see, when I hovered my mouse over the link, the pop-up window showed that the hyperlink actually went to a totally different destination that had nothing to do with Facebook.
  • The footer does not contain the “This message was intended for” text with my email address
  • The unsubscribe link simply says “click here” rather than being specifically associated with the message ID.

Now that I’ve pointed out all of the differences, it’s probably pretty obvious that this isn’t a legitimate message - but taken one by one, the differences are all pretty subtle. Would you have spotted them if I hadn’t pointed them out? All in all, this is a relatively well-crafted phishing email, and I have no doubt that lots of recipients would click on the link provided without even thinking about it. And here’s what would have happened:

Malware Site

According to Google’s “Safe Browsing” diagnostics, 10 different pages within this domain were designed to drop malware on the visitor’s PC without their knowledge or consent: five scripting exploits, two other exploits, and one trojan.

The moral of the story is that you should always be suspicious of links that are sent to you by email. I used to own a motorcycle, and I always tried to drum into my kids the concept that, in order to survive as a biker, you have to ride with a certain amount of paranoia: you must assume that you’re invisible, and the other motorists can’t see you…and those who can see you are out to get you. Unfortunately, we’re at the point where the same kind of paranoia is required to stay safe on the Internet. Yes, in most cases, there are subtle clues that you can spot if you know what to look for. But you’re probably better off to simply assume that any message you receive is a phishing attempt unless/until you can determine otherwise.

And if there’s ever any question in your mind, don’t click on the link. You can always open a browser, type in Facebook’s URL manually, and check to see if you actually do have any messages instead of clicking on a link in an email. Same with email messages that purport to come from your bank.

Remember: just because you’re paranoid doesn’t mean that they aren’t out to get you!

A First Look At XenClient

If you’ve following our blog for a while, you know that XenClient is the new client-side hypervisor from Citrix. It’s purpose is to allow you to take your virtual desktop with you and still have an elegant way to keep it up to date and to synch your important documents. We’ve been testing the “Release Candidate” that Citrix recently made available as a public beta.

Even though it is obviously not finished code, it’s pretty impressive!

Our Dell Latitude demo system is configured with two VMs – one Windows 7 and the other Windows XP. Further I have Access 2003 installed on the XP image and Access 2007 installed on the Win7 image and I’m “passing through” Access 2003 from the XP VM to the Win7 VM. In other words, I can “publish” an application from one desktop – in this case, I’m publishing Access 2003 from the XP desktop – and “subscribe” to it from the other desktop. In practice, this is similar in appearance to how a XenApp published application looks when it runs on the client device.

There are a couple of advantages to this. The obvious one is that an application that won’t run on Win7 can be installed on the XP desktop and made available to the Win7 desktop. A more subtle advantage is in the area of security. For example, let’s assume that the XP desktop is your “business desktop,” and is locked down such that the user has no administrative rights. Let’s further assume that the Win7 desktop is your “personal desktop,” and you have the rights to do whatever you want with it – which could include getting infected with malware. But the applications running on the business desktop cannot be affected by malware on the personal desktop – even if they’re being passed through.

In an earlier blog post, we linked to a Citrix TV video that demonstrated this “secure application sharing.” In that video, they’ve deliberately infected one desktop with a keylogger. You can see that any interaction with a browser running on that desktop is being logged by the keylogger. However, a browser session that is running on the other desktop, but being passed through to the infected desktop, is immune to the keylogger. Pretty cool.

With regards to functionality, I’m very hopeful that Citrix will fix some of the issues we’ve seen in the RC. Here are some of the things we’ve seen reported on the Citrix on-line forums, some of which we’ve seen ourselves:

  • Many people are finding hardware problems with simple devices such as mice even for hardware on the Hardware Compatibility List. Smart cards are also an issue.
  • XenClient requires that a few different Virtualization technologies be present in order to function correctly, so today the HCL is pretty limited. This should be improving each day but it is still something to watch out for so be sure to check the HCL carefully. There is an HCL included with the XenClient 1.0 RC User Guide.
  • HDX (High Definition) video/audio:
    • If you run both a corporate Desktop and a Personal desktop at the same time, only one VM can have HDX running at a time – and to switch HDX functionality between VMs you have to shut them down…it cannot be done on the fly. This is unfortunate because without HDX, video is really choppy and difficult to watch. Citrix has already said this will not change before RTM (Release to Manufacturing).
    • If you are taking advantage of the feature we described earlier where you publish an application from one desktop and subscribe to it from the other, you can have HDX running in the subscribing desktop, but not in the publishing desktop.
  • We’ve not yet been able to do a successful physical-to-virtual (“P2V”) migration of a desktop OS into the XenClient environment. Citrix has said it will release a version of XenConvert that will be able to do this, but they say it probably won’t be until after RTM.
  • Integrated video cams do not work. This could be a significant issue, since the product is aimed at “road warriors” and many of them will want to use a cam for meeting. It supposedly supports USB video cams, but we have not yet tested this. However, I’m concerned that many users will push back on having to carry an extra peripheral with them. We’ve been told by Citrix that this should be working by RTM.
  • OS Snapshots are not available yet but should be in a future release.
  • No support for 64 bit guests yet.
  • Graphic support for non-Intel graphic chip sets is limited.

Still, this is shaping up to be a great product that will make life easier for many a desktop administrator. If you’ve ever had to manage desktops, you’ve had to deal with this “Catch-22:”

  1. My users are breaking their desktops…I need to lock them down.
  2. When I lock them down, I end up with managers in my face because they can’t install their favorite (fill in the blank).
  3. I back off and give them local admin rights so they can install (fill in the blank).
  4. Return to Step 1, repeat ad nauseum.

XenClient gives us a glimmer of hope that we may be able, sometime soon, to break out of this cycle!