Why out of the box deployments can cause more problems than they solve.
One of the services that we offer customers is our Citrix Health Assessment where we undertake an overall review of their environment, focusing on several key areas to determine what improvements can be made to enhance the user experience, close potential security gaps, and ensure that the customer is getting the best possible ROI from their platform. Each of these areas that I just mentioned can often be impacted by a single common factor, this is when installations are done “out of the box” deployments can cause more problems than they solve.
By default, Citrix Profile Management will capture all the contents of the users’ profile and save this back to the network location where it is being saved. Over time, this will continue to grow and eventually lead to profile bloat. As a result, this will then have the knock-on effect of increasing the user’s logon time as the amount of data to be loaded will increase.
To ensure that the users profile remains streamlined and only contains the data that is required, Citrix Profile Management must be configured with proper exclusions where appropriate and follow the recommend best practices configuration.
The result will be that users continue to experience a fast responsive logon to their resources and have a positive experience. There is also the additional benefit of a reduced storage footprint which can impact infrastructure costs.
Security will always remain one of the biggest challenges that organizations face. When used correctly, EUC platforms are highly secure. However, they are also designed to be very open and integrated, allowing for easy access between the resource being used and the user’s endpoint. Capabilities such as clipboard access, printer mapping and local drives can be enabled by default. This will drastically increase the risk for data exfiltration and increase attack vectors for malicious actors.
It is important to ensure that correct policies are in place that restrict access to these capabilities and should only be granted to those users who have a defined business requirement.
Return of Investment
Organizations can make significant hardware investments in their EUC environments, especially for any underlying hypervisor. For the virtual machines that are subsequently built on this hardware, it is vital to ensure that the best possible density is reached, otherwise the business is not getting the maximum return for their investment.
When a Windows operating system is built, it will have many services and scheduled tasks enabled that may be required on a physical machine, but not on a virtual machine. Optimization tools are available to disable these and reduce the overall CPU and RAM resource utilisation. This then in turn will allow for more machines to be built per hypervisor host and increase the ROI.
It will also improve the user experience as the operating system in use will be more streamline and efficient.
In summary, while the installation of many EUC products is easy and have “quick deploy” options, you will get you up and running very fast, but you may not be as secure as you think. Following best practices and not accepting system defaults is required to make your EUC platform secure. So to avoid these problems in the future and to maximise you EUC technology investment feel free to contact us or to get more information on our Health Check Assessments.
Shane O’Neill is a Citrix CTP/ EUC Architect here at Enterprise Solutions. He loves automation. Shane is constantly coding in C# and PowerShell to create new tools to make his life and that of other Citrix admins easier, and to fill in the gaps in automation and reporting that Citrix doesn’t currently provide. Holding certifications in Citrix, VMware and Hyper-V, Shane was named one of the first Citrix Technology Advocates in 2016 and has recently been awarded the title of Citrix Technology Professional, one of only 60 worldwide in 2019.