On the 18th of September the second DuCUG event of 2024 was held again. My experiences of this event can be found in this blog post.
Don't change good things, also this time the event was held at the Duikenburg in Echteld. You can see that this is the home of the DuCUG. Also the opening of the event was done by Niek Boevink, another thing that don’t need to be changed.
The first session was Unraveling the User Experience Puzzle by Rayn Ververs-Bijkerk en Eltjo van Gullik. They started with discussing that User Experience is difficult to explain without figures, so they want to quantify it with three metrics (latency, sound quality and display quality). In the rest of the presentation they dived in more detail on those metrics: latency --> datacenters latency, workload latency dependency how to measure, audio à eargym, context, experience, origin, VisQOL (virtual speech quality objective listener), display --> min 24 FPS required, video codecs, SSIM. Key take aways: understand the workload of the user, tweak the protocol based on the workload, reduce latency by selecting the correct datacenter and consider content redirection to improve audio sync.
Next was the first sponsor session by Unicon. Alec was explaining what Unicon is doing --> Operating System for Thin Clients called Elux and what they are focussing on (DEX, substainability, Win 10 EoL re-use hardware, security, easy of configuration). He continued with their offerings (eLux, Scout, Elias, SCG and uPilot) and explaining a few a bit more in detail.
After the Bossche Bollen break the day continued with the session of Mark Calderheid with the title Don't blame the VDI. Mark started explaining who he was involved in the VDI and what him was told what a VDI was, followed by the reality. Mark continued with topics like ensure the correct infrastructure design, uniting as a one platform concept, utilization of monitoring tools, problem management, security and the end-user community within the company.
Next session was Marcel Zunnebeld with the session Citrix Secure Private Access, sharing field experience. Marcel started with explaining the basics (Zero Trust Network Access, integrating Web/SaaS applications in CWA, independent of a VPN solution, device posture). The product is besides as a SaaS service now also available for on-prem infrastructures. Marcel continued with describing the SPA architecture both the service as the on-prem option. The presentation continued with the challenges during the implementation of SPA: Gateway Connector deprecated (while it finally was working as wanted), Workspace Embedded Browser (compatibility issues, sandbox, version management of the browser, user experience), Citrix Secure Access Client ( certificates on BYO devices, client/server apps possible, default browser, SSO improvements), SAML (custom domain names, whr). Next he continued with the Enterprise Browser. First he explained which challenges this browser solves, followed by the characteristics (native [chromium based] browser, will replace the Citrix Workspace App, enhanced security, enhanced management possibilities, SSON via global app configuration. Marcel continued with showing the capabilities in a live demo both the Secure Private Access Management Console as the Enterprise Browser from a user perspective.
The last session of the morning was the sponsor session of Thinscale. As their presenter could not attend, the presentation was replaced with a quiz with questions around Thinscale including a nice price. I found this refreshing and it looked like that the audience liked it as well.
After the wonderful lunch (as always) Thorsten Rood was on stage with his presentation The downsides of modern authentication in HDC. Thorsen directly started with diving in detail of the legacy StoreFront authentication flow, followed by the workspace authentication, The session continued with introducing another Identity Provider (like MS Entra IA, Okta or another SAML solutions) and where SSON does not function by default. Thorsen is discussing the risks (next to the usability question) like login with different user credentials, shutdown (when policies are not configured directly), bypass access policies. Next Thorsen discusses several options to solve this issue. Two workarounds: NetScaler OIDC (travelling passwords) or WsApp SO (by domain joined clients). Citrix FAS is the final solution, where Thorsen shows the flow. Next topic where notes from the field with Citrix FAS (password expiry settings, screensaver activations lead to disconnect, FAS redundancy with the same order in GPOs, Visual SmartCard Lifetime, PKI housekeeping, FAS resilience by certs pre-provisioning). Last topic was a sneak preview for a solution without Citrix FAS using EntraID, but still some limitations and not known when it will be there (really limited TP).
Jeroen Meppelink was next with the session Daily Citrix maintenance automating with Ansible. Jeroen started with explaining the environment, followed by the starting points: each day a desired state configuration, replace certificates monthly, servers in maintenance, health checks, 1 pipeline (excepts software installations) and one server at once. Next Jeroen showed some of the code where he explains how they implemented the starting points like maintenance, checks, certificates, IIS log cleaning and the schedule.
After the afternoon break the day continued with the sponsor session of eG by Erik van Veenendaal with the story to get better observability. He used a kind of questionnaire to show the capabilities of eG.
The last session of the day was State of Profile Containers by Markus Zehnle. Markus started with the history of profile management, the types of profiles and profile solutions like UDP, FSLogix, CPM and more. Next topic was the test environment he used for the performance tests, the tests executed and logically the results of the tests. Summarized FSLogix is a bit quicker during logon process in comparison with Citrix Profile Containers at this moment, but Citrix is still optimizing and getting closer. Also watch your IOPS with FSLogix Cloud Cache and CPM Local Caching enabled. Next topic were the challenges with the new Teams, where he mentions some good articles and nice install scripts. He also shared some tips/tricks. Markus continued with a feature overview of CPM and FSLogix. The last topic Markus touched was the new in-session profile container failover feature in CPM, which became available since version 2407, unfortunate Markus did not have the time to test and verify it.
With the session of Markus the official part ended. The day continued (also a tradition already) with a wonderful dinner, nice drinks and good conversations. In my opinion another wonderful event and already looking forward to the events in 2025.
