As with others that we tested, Citrix XenApp provisioned us with a Windows 2008R2 "terminal" session, and it was extraordinarily fast, due to a short four-hop connection between our facilities in Bloomington and from nFrame, our hosting facility in Carmel, Ind., and their sites in Atlanta and eastern Kentucky. Other may have our experience depending on their connectivity. The XenApp software is available for a variety of Windows and Mac hosts, and we found all of them -- MacOS, Linux, Windows, and Android, via Citrix Receiver, equally featured in terms of resource sharing and speed.
After an initial provisioning exchange, we were given a URL, logon, and initial passwords. From there, all was lightning fast, and the plain-vanilla Windows-over-Citrix experience. ICCGH was otherwise fastidious regarding building up the provisioned desktops quickly, and has experience in multi-tenant, ISV environments.
ICCGH also has experience in putting together a variety of Active Directory environment extensions, or isolated, server-based authentication mechanisms through the use of VPNs. A number of VPN configurations are supported, including IPSec, GRE, and PPTP that allow "islands" of resources to be connected (or not) for extension, isolation, or application-specific off-premises pools of resources.
Like other DaaS provider services tested, ICCGH can make available local resources such as disk storage, USB, printers, etc., or otherwise control them through either customer-supplied policies or those imposed by Active Directory connections. Microsoft-savvy admins will feel at home.
The Applications2u (A2U) environment is also underpinned by Citrix infrastructure, and downloads Citrix Receiver on initial access for users. There are a wide variety of compatible Citrix Receiver clients available -- meaning Windows machines, Macs, iOS and Android; some of the clients are more difficult to install than others, but Windows and Apple users shouldn't have much problem.
Applications2u with Citrix Receiver allows a fully virtualized desktop experience, and/or allows only Windows-compatible applications to be accessed. The apps-only experience is A2U's secret sauce (a version of XenApp is also offered by ICCGH that provides a similar service), and it's done well. Using the Receiver, remote applications can be launched on a Receiver-launched device, rather than an entire Windows 7-ish desktop. This permits "foreign" applications to run wherever communications and security mandates permit.
Receiver-launched applications could be a simple Excel spreadsheet, an SAP application, something .NET, or whatever might run on the hosted virtual session, in isolation from most of what happens on the client-side environment. The DaaS is in the cloud, or just a cloud-hosted application within A2U construct.
While Applications2u stresses Managed Service Provider (MSP) services, we confined our use and testing to application and hosted virtual desktop use. A2U uses SunGard as its hosting facility. The customer intake process was poised towards setting up extensions of existing resources, but also duplication of internal infrastructure for use as disaster recovery "hot site" use, or other alternate use.
Like other Citrix infrastructure tested, A2U allows resource sharing, local, or A2U-hosted. Like Nivio, the A2U-based storage can be group-shared, we found, as well as policy-enforced (optional) local resource sharing, drives, printers, and the like. In testing, configuration and deployment was fast, and responsiveness was very good. The A2U cloud-hosted sessions were quick, and we were reminded of our Desktone experience.
We did not extensively test hosted applications, and we did not try to pen-test applications hosted via the virtualization provided by the Citrix Receiver application. Apps hosted by A2U have moderate isolation from whatever's going on in the client's hardware and OS environment, but application sessions may be subject to client-side keyloggers or other entrapments that might make them insecure. However, we could find no current CVE notes that portend that Microsoft Office applications are remotely exploitable when hosted elsewhere from a virtualized access. Only the client host, via Citrix Receiver, receives an infection vector. Applications virtualized by A2U aren't necessarily immune from BYOD connection malware. Communications to A2U hosted components were fast, and logon to A2U resources was equally fast.
Applications can be placed in user desktop menus like other applications, and only possible latencies betray the remote execution of the application.
We found Applications2u both resourceful and responsive. Like ICCGH, A2U seems targeted towards larger organizations and vertically-integrated Windows applications and the experience was both efficient and drama-free. We like that.
While it seemed as though we were reviewing Citrix Desktop-as-a-Service, we found much differentiation among the vendors. Desktone and dinCloud were easily provisioned and fast. Applications2u had a bit of useful option shock, but also the secret sauces of application virtualization specialties, as well as ready-made options for alternate/hot-site capabilities (if Windows 7 is your favorite). Nivio had HTML-5 access going for it, despite Firefox 11 oddities, and had our vote for something that was actually "fun". ICCGH, like Applications2u, performed well.
A Final Word of Caution
Three of the five service providers we tested had issues with TLS/SSL certificates. All the issues that we ran into were corrected quickly. Administrators are cautioned to initially, then randomly check for TLS/SSL certificate validity (and correct chain of certificate authority) when accessing through browsers.
Henderson is managing director for ExtremeLabs, of Bloomington, Ind. Henderson can be reached at email@example.com.
This story, "Consider desktops in the cloud for BYOD" was originally published by Network World.