Citrix OpenCloud Access. Enabling seamless delivery of cloud-hosted applications.

Citrix OpenCloud Access White Paper

Citrix OpenCloud Access

Enabling seamless delivery of cloud-hosted applications

competitive are some of the trends and business imperatives that lead to a high degree of diversity in computing environments. CIOs must provide multiple delivery models and technologies to accommodate a growing population of workers who use all types of devices from any location over any network to access a wide variety of applications.

Merely accommodating all of this diversity, however, is not sufficient. CIOs must also find a way to deliver a unified user experience to eliminate the confusion and reduce the complexity that would otherwise erode the usefulness and value of the solutions it provides. This is particularly true as enterprises look to embrace yet another delivery model cloud-hosted applications, which includes both software-as-a-service (SaaS) and applications delivered via hybrid cloud environments enabled by infrastructure-as-a-service (IaaS) offerings.

Citrix^® OpenCloud Access^™ enables enterprises to seamlessly deliver cloud- hosted applications. Tightly integrated with Citrix Receiver^™, Open Cloud Access cost-effectively extends the single pane of glass user experience already provided by Citrix Receiver for desktop and client-server applications to enterprise web, SaaS and IaaS-hosted applications. In addition, a combination of innovative and open techniques for extending the identity of internal users into a service provider’s domain help ensure hassle-free support for the broadest possible set of cloud service offerings. With OpenCloud Access:

• Users obtain a simple and yet powerful way to access all of the applications they require, regardless of type and location, from anywhere

• Business management can choose to take advantage of cloud-hosted applications without concern for the complexity and confusion they might otherwise introduce

• IT gains the flexibility to choose from and easily switch among the plethora of available cloud services, rather than being restricted to a small subset

The problem with diversity

Diversity is unavoidable in computing environments for many reasons:

• Consumerization of IT is leading to more types of client devices

• Geographic expansion means supporting more locations and types of network services and connectivity

• The need to remain competitive often requires fine-tuning both internal and external facing services by embracing new technologies or different methods of delivery to best meet the needs of each specific group of employees, constituents, partners or customers

Citrix OpenCloud Access White Paper

The problem with diversity is that it creates complexity and causes confusion.

For IT, diversity is difficult to support, manage and maintain. Besides the sheer volume of items that need to be accounted for across all phases of their respective lifecycles, there is also the considerable problem of ensuring interoperability and integrating disparate solutions where appropriate.

Another significant challenge is presented by the pockets of identity that are formed—and that must subsequently be managed—since new identities are typically added for every new application or service that is introduced. The all-too-common result of all this complexity is operating costs that grow at an exponential, rather than linear rate.

An even greater concern is that diversity is hard on users. Combined with multiple identities and multiple sets of rights and privileges, numerous options for accessing applications lead to uncertainty and anxiety regarding the best way—or even just how—to accomplish a given task. Having to contend with multiple credentials also leads to unsafe user practices, such as writing passwords down, selecting ones that are weak or using the same one for everything. As a result, user satisfaction, productivity and IT security all degrade.

A similar situation applies to the use of cloud-hosted applications. Although SaaS and IaaS-hosted applications have numerous benefits to offer—includ- ing faster time to value, lower cost of ownership and greater elasticity—they also introduce another layer of diversity, resulting in greater complexity and confusion for users. Both IT and the enterprise’s users need to contend with yet another approach for accessing applications and potentially several additional sets of identities. What organizations need instead is a way to have the choice of using cloud-hosted applications and the diversity that accompanies it without any negative impacts to user satisfaction, productivity or IT security. What they need is a way to provide cloud-hosted applications via a single pane of glass that delivers a unified and greatly simplified user experience, while also reducing the support, management and maintenance effort required by IT.

Bringing cloud-hosted

applications into the single

pane of glass

Operating in conjunction with Citrix^® XenDesktop^® for desktop and application virtualization, Citrix Receiver already provides a single pane of glass user experience for desktop and client-server applications. As a result, it is rapidly becoming the de facto way to deliver these types of applications to any user operating in any location with any device.

Now, with OpenCloud Access, Citrix Receiver can also be used to seamlessly deliver cloud-hosted applications in a completely uniform manner. Users get an even more powerful single pane of glass experience as coverage is extended to another major set of resources that they can access in the same consistent

used to doing for any other desktop application. Moreover, there is no need for multiple sign-ons. Once users are logged in to the domain, OpenCloud Access transparently takes care of entering their credentials for the desired cloud service. No more logon screens and no more frustration trying to juggle numerous passwords and sign-in procedures. A single identity is all that is required to gain access to multiple services, whether working from the office, home or the road, and regardless of the type of device being used (e.g., PC, Mac, iPad, smartphone).

OpenCloud Access also helps reduce complexity for IT staff. By bringing all applications, regardless of type, behind a single interface and having them served by a single, authoritative identity store, identity management is effectively centralized and simplified.

Having a simple and uniform process for users to access applications yields the benefit of dramatically reduced call volume for the IT help desk. As for the common back-end tasks, OpenCloud Access includes powerful provisioning functionality that can be used to automatically set up or revoke individual user accounts on all of the applications it serves. A bulk provisioning capability is also available to help simplify and accelerate the process whenever new cloud services are added to an enterprise’s application portfolio.

The net result is that with OpenCloud Access organizations now have the choice to take advantage of potentially transformative SaaS and IaaS-hosted applications without having to worry about the user confusion and IT complexity typically generated when introducing yet another layer of diversity.

A unique and compelling set of

characteristics and capabilities

A unique set of characteristics and capabilities lies at the heart of OpenCloud Access, making it an unmatched solution for the seamless delivery of cloud-hosted applications.

Network-resident architecture − A key component of the Citrix OpenCloud Framework¹, OpenCloud Access is a product option for the Citrix^® NetScaler^® application delivery controller that works with both MPX hardware and VPX virtual appliances.With OpenCloud Access, identity becomes part of the application delivery network. Instead of remaining locked into individual user systems and application servers, it is effectively moved to a central point within the network and, therefore, becomes a centrally deliverable and manageable service. Benefits of this approach include a high degree of scalability and ubiquitous coverage for the associated services that OpenCloud Access provides, without the need to add agents or in any other way reconfigure the applications

1 Citrix OpenCloud Framework lets enterprises and cloud service providers build and operate private and public clouds by providing the core logic to rapidly provision, manage and control applications deployed as cloud-based services. Additionally, it supports interoperability with

Citrix OpenCloud Access White Paper

or servers it supports—a characteristic that is particularly useful for cloud services offerings where the enterprise has little control, if any, over the associated applications and their supporting infrastructure.

An integrated solution − OpenCloud Access is part of a holistic sign-on methodology. Not only does OpenCloud Access transparently provide identity services for enterprise web and cloud-hosted applications, but it does so from within the framework of Citrix Receiver. Users get a uniform experience for all of the applications they require. The same look and feel and the same set of access processes apply for all types of applications—desktop, client server, enterprise web and cloud-hosted—without having to implement, maintain and interact with an additional separate solution.

Extensive application coverage − An extensible architecture, a regularly updated library of AppConnectors, and integral support for SAML, ADFS and OpenID federated access technologies ensure coverage across the broadest possible set of cloud-hosted applications, both now and in the future. In addition, OpenCloud Access extends coverage to a wide variety of enterprise web applications, such as SAP, Oracle and Microsoft Exchange Server.

Another unique benefit of OpenCloud Access in this regard pertains to testing. Many federated identity providers claim coverage for large numbers of cloud services based on their support for SAML. This is misleading, however, because SAML implementations involve numerous nuances that can lead to incompatibilities, and access to all of the covered applications is rarely, if ever, validated. In comparison, with OpenCloud Access there are no hidden issues. Actual coverage is equivalent to claimed coverage because all OpenCloud Access AppConnectors are thoroughly tested and verified by Citrix engineers prior to delivery.

SSO and solution compatibility − A key strength of OpenCloud Access is that is provides single sign-on (SSO) for enterprise web and cloud-hosted applications. This capability works as follows:

• The request to access an application is redirected to or transparently intercepted by OpenCloud Access based on its position in the network

• The user’s identity is validated and privileges are established using records of preference (typically located in an enterprise directory)

• The corresponding AppConnector signs the user in to the requested application without the user ever seeing the associated logon screen

• For applications using SAML or other federated authentication technologies, all that is required is to configure them to point to OpenCloud Access as the authoritative source for identity information

• Once the logon process is complete, OpenCloud Access allows direct communication between user and application

With this network-based approach, single sign-on is instituted without the need to deploy either client or server-side agents, characteristic of conventional SSO products. For organizations that have already made substantial investments in such products, OpenCloud Access can also be configured to work with them. For example, with an existing web SSO implementation, coverage for new

Powerful user provisioning − As needed, OpenCloud Access can leverage its AppConnectors to transparently create new user accounts within enterprise web, SaaS and IaaS-hosted applications. This accelerates application access and further enhances the user experience by obviating the need for administrator intervention when a user has appropriate entitlements but is not yet set up within corresponding applications, for example, because they are a new employee, a recently hired contractor or an existing user with a new role and responsibilities. A related, bulk provisioning feature is also available to speed the introduction of new applications. In this case, OpenCloud Access

automatically synchronizes with the enterprise directory. Recognizing new privileges and group memberships that have been established there, it transparently establishes all of the required user accounts for the new application. Lastly, single-click de-provisioning provides an efficient way to close a user’s application accounts when they are no longer needed.

Workflow automation and self-service account management − Unlike most competing products, OpenCloud Access includes embedded workflow management capabilities that enable the automation of common tasks and processes. For example, an administrator can create a workflow to have OpenCloud Access automatically provision a base set of applications for all new employees who join the company. Workflows can also be set up to support self-service account management for scenarios where users require access to applications for which they are not yet assigned entitlements. In these cases, workflows can be used to capture the request for new privileges, obtain required approvals, open the corresponding application accounts and then notify the user of completion. Once again, the result is a simplified, unified and superior experience for the user.

Delivering a unified user

experience … and more

OpenCloud Access restores an organization’s freedom to choose a path of greater diversity—to embrace SaaS and transformative, IaaS-based hybrid clouds—by providing a cost effective and powerful means to counteract the user confusion and IT complexity that would otherwise ensue. OpenCloud Access provides benefits to user, business management and IT.

For users, OpenCloud Access:

• Delivers a uniform user experience by providing a single pane of glass for accessing all applications, regardless of type and location, from anywhere and with any device

• Streamlines the access experience by enabling a single identity for all application access—gone are the days of having to juggle multiple passwords and processes to log in to the applications required to perform their jobs

Citrix OpenCloud Access White Paper

• Eliminates the need to wait days, or perhaps even longer, to gain access to essential applications when on-boarding, changing roles or receiving new responsibilities

• Provides workflow automation and self-service account management to accelerate the process of obtaining access to new and additional applications as needed

For business management, OpenCloud Access:

• Accelerates and helps maximize the financial and agility gains due to SaaS and IaaS adoption by efficiently enabling the extension of identity and trust relationships beyond the borders of the enterprise

• Ensures greater user productivity and enterprise agility based on the ability to rapidly activate new users and applications

• Enhances IT security by facilitating the enforcement of password strength and renewal policies, curtailing the practice of writing passwords down and providing single-click de-provisioning

For IT, OpenCloud Access:

• Provides a robust set of SSO and user provisioning capabilities that are straightforward to implement, easy to maintain and uniformly applicable across all of an organization’s web, SaaS and IaaS-hosted applications

• Works with and bridges existing SSO solutions, not only preserving prior identity management investments but actually enhancing them as well

• Reduces call volume to the IT support desk, along with associated expenses

About Citrix

Citrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as an on-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a full portfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizations worldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000 companies in more than 100 countries. Annual revenue in 2009 was $1.61 billion.

©2010 Citrix Systems, Inc. All rights reserved. Citrix^®, OpenCloud Access^™, NetScaler^®, Citrix Receiver^™ and XenDesktop^® are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Americas

Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USA T +1 408 790 8000 Europe

Citrix Systems International GmbH Rheinweg 9

8200 Schaffhausen, Switzerland T +41 52 635 7700

Asia Pacific

Citrix Systems Hong Kong Ltd.

Suite 6301-10, 63rd Floor One Island East 18 Westland Road

Island East, Hong Kong, China T +852 2100 5000

Citrix Online Division 6500 Hollister Avenue Goleta, CA 93117, USA T +1 805 690 6400 www.citrix.com