On the 11th of October the second DuCUG event of 2023 took place. At the traditional location De Duikenburg again around 150 people came together for this event. In this blog I will share my experiences.
After the opening by Niek the first session was by Sven Huisman with the session Optimizing VDI Performance: Unveiling the Latest Insights and Strategies. Sven started with explaining the setup used for benchmarking the performance, followed by the test phases and the metrics being monitored in the different stages. Next Sven continued with the results of the different tests: W10 non-optimized versus optimized, Less wait time between logon and activities, Windows 10 with 2/3/4/5 CPUs, Windows 10 versus Windows 11, Windows 11 versus Server 2022, Windows 2019 versus Windows 2022, RDSH different CPU configurations, RDSH vSockets - vCores, Office 2019 vs 2021 vs O365 and Citrix Visual Quality impact.
After Sven Bas van Goor from ThinScale was on stage with his session Securing the Edge. Bas started with Security Threats for VDI/DaaS environments, the threads always ended at a comprised endpoint. From that point Bas was explaining what ThinScale is doing to protect access to a Virtual Environment (access rules, secure the endpoint with continuous posture checking, control and prevention).
After the traditional Bossche Bollen break Sietze van de Schoor with the customer case of Kuehne Nagel was on stage. He started explaining the company, followed by the historical usage of Citrix within KN, the challenges within large companies and the team Sietze is part of (Virtual Desktop Services). Sietze talked about the road they went to come to the current solution (challenges, 'internal sales', thin clients, zero trust). Sietze continued with the current challenges (ready for AWS, TPM, Microsoft MFA, Zero Clients, Workspace Management).
Next session was HDX Innovations Tips and Tricks by Rody Kossen and Eltjo van Gulik. After a fun introduction they started explaining what HDX actual is, followed my more in-depth information about HDX (like adaptive transport, connectivity). Rody continued with the different enhancements made to HDX: Turbo Chargin EDT (Tech Preview) --> new congestion control algorithm including a demo, The Reducer and HDX Direct. Eltjo continued with the video codecs (H.264, H.265 and AV1 --> Tech Preview), followed by Chroma Subsampling (H.265 4:4:4) and Enhanced Built-to-Losless. Next were some best practices about the Citrix graphics policies --> Use the default policies as starting point: For Actively Changing Regions, change only when High FP requirements and certain use cased like 3D Cad Modeling. They ended the session with HDX audio diagnostics tool: EDT Lossy for Audio on Citrix Gateway Service (Tech Preview) and the Volume synchronization.
After the lunch Thorsten Rood was on stage with the session Citrix DaaS: Access and Transport Layer. Thorsten explained the starting point which is Core CVAD is migrated (Delivery Controller) to Citrix Cloud but where StoreFront and NetScaler Gateway are still on-prem. The main goal is although SaaS resides in untrust environment, it has become part of your trusted asset. Therefore you need to understand edge security constraints and application traffic definitions (namespaces, API automation resource). Thorsten was explaining WEM service application traffic definition as an example to explain the challenges. Thorsten discussed a broad range of topics like Workspace instead of StoreFront (required for the Gateway Service), IdP Entra ID/MEHJ, Rendez Vous protocol, HDX Routing Optimization, HDX Direct, Multi-Store tenant discussing the application traffic definitions and the challenges they bring. Thorsten also touched a bonus track: FAS without FAS. Thorsen was ending the presentation with a possibility to use a NetScaler as an 'EUC Proxy/wPad as a proxy for the Cloud Connector, FAS and more. Lots of technical information, difficult to keep on pace within this blog.
Next session was Why is WEM the next step by Jeroen Meppelink. Jeroen started with the unclear message Ivanti is bringing about Ivanti Workspace Control, which is heavily used in the Netherlands (also within the audience of the event). Next question was what could replace Ivanti. Jeroen started with the attention points/wishes of a new product. Possible solution Jeroen looked at were Ivanti User Workspace Manager (AppSense), Ivanti Neurons, Liquidware, Microsoft GPOs and Citrix WEM. Jeroen continued with describing WEM architecture, followed by new functionalities (GPO editing, enhanced triggers, scripted tasks, API, WEM Delay Start, WEM Applocker, WEM App Access Control). The last topic were the attention points according to Jeroen: no delegation of control, machine only connected to 1 site, no network/website filtering, reporting capabilities of Applocker, API development).
After the second break it was time for Peter Nap from ControlUp. Peter 'just' showed the latest enhancements/features in their solution. He started with the DEX functionality (between the client and the gateway), followed by FSLogix monitoring and Citrix/Azure enhancements. He ialso provided a sneak preview in the Security Analysis Report. Also a new browser plug-in is available which can be connected to for example to Intune, TopDesk and similar websites. Last topic was synthetic monitoring for SLA agreements.
Next was the presentation Citrix Cloud Modern Technologies to enable pure Azure Active Directory deployments by Javier Lopez Santacruz. To get to the end goal a pure Azure Activity Directory Citrix environment Javier is stating that Rendezvous (V2) is required (causing that a Citrix Cloud Connector is not required anymore). This is only supported with MCS technology. Javier touched that the Citrix technology is available for both Azure Virtual Desktop as Windows 365. Next topic was Azure Active Directory device identity (Azure AD registered, Azure AD Joined, Hybrid Azure AD Joined), followed by the VDI Machine Identity types ( AD Joined VDI, AAD Joined VDA, Hybrid Joined VDA, Non-Domain Joined). Next Javier showed the steps to build a PoC with an Azure Active Directory joined VDA. Last Topic was AAD Native SSO (No FAS) were Javier explained the way this is working.
The last session was provided by Leon Wijnhoven and Seth Daemen with the session - IaC framework voor MSP’s. Leon started with the challenges of a MSP, where they came from with automation (Altiris - Ivanti Automation Manager) and Ansible for back-ends (NetScaler, Palo Alto, Aruba). Next Seth took over with explaining the challenges, fears and doubts in their road to going IaC (adoption is essential, encourage discussions, Azure Lighthouse). Next Seth discussed their technologies choices (Terraform, GitHub Actions, Ansible), followed by the technical challenges for standardization --> Guidelines (code and review guidelines), conventional commits (clear description of commit messages), drift detection, semantic release and branch protection. Seth discussed their way of working with commits, building blocks and compliance testing. The session ended with an important lesson that adaption and coaching is key.
After the last session it was time for some drinks and snacks, followed by the famous BBQ style dinner. Unfortunate I could not attend this part this time, but understood that again many people stayed and enjoyed the food and the nice atmosphere. From my perspective it was again a wonderful event again, let’s start prepping for the next one on the 3rd of April 2024.