Citrix Apps and Desktops

Many times I have heard the discussion which remote solution is most secure. Is VPN more secure than a remote desktop solution? Depending on who you ask, you will get a different answer. A network administrator will most likely give you the answer that a VPN is the best solution. A desktop administrator will say to you that a remote desktop solution is better.

Security

When you create a VPN tunnel your company, the traffic flow will be encrypted. This means that it will be very difficult to read your data when it is being sent across the Internet.

The same goes for a remote desktop solution. All the data that are being sent across the Internet is encrypted. If the data flow comes in the hands of hackers, they will not get anything out of it.

The data flow from a VPN solution and a remote desktop are equally secure. so with it does not mean that VPN is more secure than a Remote Desktop.

Firewall rules and Policies

The next step we need to look at is the endpoints. When you open up a VPN tunnel from an endpoint, it will become a device on your internal network. This means that your endpoint can communicate with other hosts and machines on your network. Of course, you can limit this with firewall rules and you can also limit what kind of traffic you want to send through the VPN tunnel. For most VPN solutions, this is a big administrative task.

When it comes to remote desktop, you can set up policies on which features that are available for the user. You can control anything from access to local disks to local USB devices. It gives the administrator an easier way to control access to the local network.

Citrix VDI and ICA/HDX Policies

The most advanced remote desktop protocol is ICA/HDX from Citrix. The ICA/HDX protocol is up by virtual channels. Some of these channels are on the picture below.

The virtual channels can be enabled and disabled. They can also be enabled with certain settings. An example could be that you want to disable USB keys, but you want to allow a certain USB scanner. That can be done through the HDX protocol.

Conclusion

The question of whether VPN more secure than a remote desktop depends on the use case. If you want to create a solution for your end-users, I would recommend a remote desktop solution. You can give access to the company network and company data without any of the data leaves the datacenter. At the same time, you will get a system that is easy to control in terms of giving access from the endpoint to the company network. VPN is a great solution to create a site-to-site connection between two company networks, but I do not think it is ideal for users to connect to the company network through a VPN.

You can find a lot of different keyboards for iPads. But you can not find a mouse for iPads. The reason is, that iOS does not support a mouse. And that makes sense since we are talking about a tablet. You are supposed to use your finger to access apps and information on an iPad.

Why do you need a mouse for iPads?

We are in a constant chase for the one device to fix all tasks. An iPad has the right size and the weight is perfect. An iPad is also great to read and access information. Once you want to create a document or a drawing, it really makes difficult without a pointing device. This is because enterprise applications are not developed for touch screens. Citrix created the X1 mouse for iPads to give users the Windows desktop experience on an iPad with the use of Citrix Apps and Desktops. With this solution, you have your powerful laptop and your mobile device in one device.

What about the stylus for the iPad?

Apps for the iPad will be developed so it will be easier to create content. Companies are still using that are installed on a laptop, so we will see a transition from laptop to tablets and the push will come from the users. But for now, this is a great way to give users access to their company tools. Later on, enterprise apps will be developed so we can use these on tablets and touch screens.

How to get the Citrix X1 Mouse for iPads?

You can buy the Citrix X1 Mouse on the Citrix online store. Click here to get to the store.

This guide will show you how to renew RDS grace period on your hosts. Microsoft gives you 120 days grace period on RDS. I would say that it would be enough to run a pilot or a PoC. I would only encourage everyone to purchase licenses for your environment and only use this article as a last option.

To renew RDS grace period, you need to find the following registry key and delete it.

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Terminal Server\RCM\GracePeriod”

Before you can delete the registry key, you need to change ownership. You can do that by following these steps:

1. Right-Click on the key.
2. Click on “Permissions”.
3. Click on “Advanced”.
4. Click on “Owner”.
5. Select “Administrators”.
6. Click on “Apply”

You can now delete the key. Reboot the server and you now have a new grace period.

Ever since Microsoft introduced Office 365, it has been a challenge to deliver Outlook from a terminal server-based solution. The reason is that you get the best user experience when you cache all your emails in an OST-file, which is created locally on the machine. When the user accesses Outlook the next day, he or she might end up on a different server. This means that the OST-file needs to be created once again and that will take a long time and take up a lot of space. The solution is to enable Outlook cache using Citrix Profile Management.

How do I enable Outlook cache?

If you already have Profile Management configured, the change you need to do is very simple. Edit your profile policy and go to this path in the policy editor:

Computer Configuration\Policies\Administrative Templates\Citrix Components\Profile Management\Advanced Settings\

Find the policy “Enable search index roaming for Outlook” and set to “Enabled”.

Once that is done, a VHD file is created in each user’s profile storage folder, as shown in in the graphics below. This file will contain an offline copy of the user’s mailbox and search index.

All you need to do now is to reboot your VDAs. Do not forget to check if you have the necessary disk space on your file server that hosts your user profiles.