During a March webinar, Citrix announced Managed Desktops (aka CMD) Service, its new Desktop-as-a-Service offering. According to Citrix, Managed Desktops is the simplest and fastest way to deliver virtual apps and desktops in Microsoft Azure.
I first talked about CMD Service in a previous blog post following the announcement but no much was available at the time. We learned more details about it at Synergy 2019, and I recently had the opportunity to test the tech preview. Here are my first impressions about Citrix Managed Desktops Service.
What is Citrix Managed Desktops?
Managed Desktops is a new simple turnkey Citrix Cloud service that aims to facilitate Windows (including Applications and Desktops) deployments in Microsoft Azure.
Deploying virtual desktops or apps in the cloud is often associated with complexity — you have to think about the technologies you want to use, the platforms, etc. With the Managed Desktops Service, Citrix aims to eliminate the complexity of cloud management, in order to quickly provide access to the key applications and services to keep users productive. CMD is the third model of Citrix deployments, in addition to customer-managed deployments (DIY in public clouds and on-premises) and dual-managed deployments in Citrix Cloud.
In short, Citrix Managed Desktops Service (CMD) is a simplified version of Citrix Virtual Apps And Desktops (CVAD) based on 1-click actions. And everything is billed directly to Citrix, as opposed to juggling multiple vendors.
With CMD, Citrix has introduced managed templates for the first time. The company supports three OS versions with CMD Service for multi-session, static, or random catalogs:
- Windows 10 Enterprise
- Windows 10 EVD (Enterprise Virtual Desktops) Multi-Session
- Windows Server 2016 (with RDSH).
These three operating systems are managed by Citrix, and delivered with Citrix Virtual Desktop Agent (pre-installed). CMD Service will be the first Citrix solution to support multi-session Windows 10. However, the initial solution offering will be based on a Windows Server desktop in anticipation of Day 1 support of the upcoming Microsoft Windows Virtual Desktop multi-session Windows 10 experience when it releases.
You will be able to have domain-joined or non-domain-joined virtual machines for the first time with CMD. At this time, only Windows 10 Pro is supported in non-domain-joined catalogs. This will be resolved with the release of Virtual Desktop Agent 1906 by the end of the June 2019.
Of course, you can still import your own VHD templates hosted in Azure, and you can even update Citrix-managed templates with your own applications.
At this time, Citrix Managed Desktops is available for early adopters only in four Azure regions: U.S. East, U.S. West, Western Europe and Australia East, and we can expect more regions in the future. You can already buy Citrix Managed Desktops Service today. Let’s take a look at the licensing and pricing.
Citrix Managed Desktops Service Licensing
On top of all that, Citrix is also becoming a Microsoft Cloud Solution Provider, and will bill customers directly for this service. Included in the bundle is the cost of cloud services, software licenses, and Azure compute needed to securely deliver Windows 10 on-demand. You will be billed for the first time directly by Citrix (monthly, pay-as-you-go, and 1-to-5 year options) for all costs associated with this service.
Note: You will have to commit on the number of licenses you need before using the CMD Service.
Customers will also have the option to bring their existing Microsoft licenses such RDS CAL for Windows Server workloads or eligible Windows (E3/E5) licenses for Windows 10 workloads.
CMD is the first subscription based service with seamless upsell/upgrade. Here’s a pricing breakdown:
- $16 per user, per month for Citrix Managed Desktops
- $6.25 per user, per month for RDS CAL (2016)
- Minimum of $5 per user, per month for Azure compute
The service will be available by end of H2 2019 to all customers.
And last but not the least, Citrix is going to make it really easy for customers to move from Managed Desktops to Virtual Apps and Desktops with seamless upsell/upgrade. This can be used for customers that need more features than what is available in the Citrix Managed Desktops Service. Citrix will allow them to move the Citrix Virtual Apps and Desktops without having to migrate catalogs and virtual machines.
What’s included with Citrix Managed Desktops?
With CMD Service entitlement, Citrix includes the following Citrix Cloud services:
- Managed Desktops (enabled by default)
- Gateway HDX Proxy (Azure POPs available in 11 regions and 3 for AWS), included with the CMD Service and no setup is required. Citrix added 2 new POPs in South India and South Africa North recently.
- Citrix Workspace Experience (& App) from any device
- Cloud-hosted Director for monitoring is built in to CMD Service to manage sessions, view machines list, and usage
- Autoscale is built in to CMD Service to manage power schedules and actions. This will help to make sure that customers are only paying for what they are using.
Also included is the optional Citrix-managed Azure Active Directory that is recommended for testing and building a proof of concept. Users can be easily provisioned in this managed AD in less than 1 minute. Then they will receive an email invitation to join the directory. It’s worth noting that Citrix-managed Azure AD will not be manageable by customers, and only supports non-domain-joined virtual machines.
If you are familiar with Citrix Cloud, you probably know that you can connect your own Active Directory (requires Citrix Cloud connectors). It’s still possible with CMD Service, but you will be responsible for maintaining the directory and the connectors.
How can you bridge CMD Service with an infrastructure located on-premises?
There are different options to deploy Citrix Managed Desktop Service:
- Three non-domain-joined options:
- Citrix-managed Azure AD: This option does not require customers to set up Active Directory Domain Service in Azure.
- Customer-managed Azure AD for customers already using Office 365
- Active Directory for on-premises ADDS: Here, you need Cloud connectors installed, and you are responsible to manage this infrastructure.
- Three domain-joined options
- VNET Peering with Azure AADS to bridge Citrix-managed VNET and customer-managed VNET using Azure backbone network. Global peering is supported to bridge between Azure regions.
- VPN / SD-WAN / Express Route
- SD-WAN integration with SD-WAN Service in Citrix Cloud (to be released later this year). No need for Azure Peering, instead, communication will be direct from Citrix SD-WAN Service in Citrix Cloud to your corporate network. This requires an SD-WAN appliance to be shipped to the remote location(s).
Note: At this time, Azure VNET Peering must be configured after the DNS is configured on the virtual network in the Azure subscription. You cannot change it later without removing the Azure VNET Peering item in CMD Service.
As you can see with the options listed above, Citrix Managed Desktops Service can be extremely simple, but it can also be more complicated for advanced use cases.
Authentication mechanisms supported in Citrix Managed Desktop Service
Citrix Managed Desktops Service features the same authentication supported in Citrix Cloud:
- AD + TOTP and Azure MFA authentication
- Active Directory
- Citrix-Managed Azure AD
Citrix announced at Synergy 2019 that Citrix Cloud will support Okta in the near future. We can expect Citrix Managed Desktops to support it, as well.
Also on the Citrix Cloud Identity Platform roadmap are Active Directory + Gateway AAA and Cloud-Enabled Federated Authentication Services (FAS)
Where does Citrix Managed Desktops Service stand in Citrix offering?
Citrix currently has three different offerings:
- Citrix Managed Desktops Service (for Azure) in Citrix Cloud (Desktop-as-a-Service)
- Citrix Virtual Apps And Desktops Service in Citrix Cloud for hybrid deployments
- Citrix Virtual Apps And Desktops located on-premises or public clouds
Each option has been developed by Citrix for a specific use case.
Citrix recommends that customers try out Citrix Managed Desktops Service first to see if it fits their needs. If a more robust configuration with more features is required, customers should look at Citrix Virtual Apps and Desktops (CVAD) Service in Citrix Cloud for hybrid deployments. Finally, if neither of those two options work for them, Citrix recommends that customers deploy the full version of Citrix software either on-premises or in public clouds.
You can take a look at this Synergy 2019 session to gain more insight:
Does Citrix Managed Desktops Service extend Microsoft Windows Virtual Desktops (WVD)?
Windows Virtual Desktop (WVD) is a hot topic of conversation these days. Microsoft and Citrix have introduced Citrix Managed Desktops as deeply integrated with WVD. But the reality is a little less exciting.
The first thing to keep in mind is that Citrix cannot leverage Microsoft WVD infrastructure for the CMD Service. Why? Because by design, WVD infrastructure can only be used by Microsoft (and they have not announced anything to allow partners to leverage it).
At Synergy 2019 in Atlanta, Microsoft and Citrix had a few sessions together about Citrix Managed Desktops Service and Microsoft Windows Virtual Desktop (WVD). They mentioned that Citrix Managed Desktop Service uses WVD in the background, which is confusing for customers. This means that CMD Service is not an integration of WVD (even if it is marketed as such), but an advanced and turnkey replacement provided by Citrix. This solution will include Citrix signature HDX desktop virtualization protocol (instead of RDP for WVD) to provide a high-performance user experience.
Want to learn more about Windows Virtual Desktops? We explored the topic Windows Virtual Desktops in this post: Everything you need to know about WVD, Windows 10 EVD and Citrix.
Limitations in Citrix Managed Desktops Service?
Currently Citrix allows customers to subscribe to Citrix Virtual Apps and Desktops or Citrix Managed Desktops. Therefore at this time, you need to have a separate Citrix Cloud account that does not have the Citrix Virtual Apps and Desktops (CVAD) Service enabled.
You can also decommission the CVAD service you already have, but you may have to contact Citrix to perform this operation. Check out this article to get more information.
It is also required to purchase a minimum of 25 licenses. I don’t think this it is a wise move from Citrix. Desktop-as-a-Service (DaaS) offering should not have such a high number of minimum licenses. As an example, you can start playing with Nutanix Xi Frame with as few as 5 users. While I don’t know why Citrix imposed such restrictions, my guess is that it is driven by the cost associated with the Citrix Managed Desktops infrastructure in Microsoft Azure. Customers who need less than 25 licenses will be redirected to partners.
It seems that Citrix is deploying at least two Cloud Connectors for each CMD catalog.
For the trial I’m currently on, Citrix has limited the number of catalogs and virtual machines that can be provisioned. You can only create three catalogs, each with three virtual machines maximum. The sizing is not limited, and you can create virtual machines with a lot of vCPUs and RAM.
The quick catalog creation feature is currently limited to Windows 10 Pro 1809 with static virtual machines and without corporate network connectivity.
Windows 10 EVD for non-domain-joined is not available yet. We have to wait for Citrix VDA 1906.
Regarding Citrix policies, it is currently not supported in CMD Service, but you can apply settings via GPO in a domain joined deployment.
What’s missing in Citrix Managed Desktops?
Citrix did a great job with Citrix Managed Desktops (CMD) Service. The UI is great and reminds me a lot of Azure Quick deploy, which is how all Citrix Cloud native services should look like. So what’s missing? Well, not much. Here’s a short list of areas of opportunity to consider:
- Citrix Policies
- Faster provisioning with more controls
- Connectivity checker for VNET Peering
- Quick Catalog for domain-joined catalog and multi-session OSes support
- Cancel button during catalog creation
- Support for AWS, GCP, Hybrid, and others
- GPU support
- Option to buy CMD Service for less than 25 users directly from Citrix
Citrix is working hard to resolve these issues before the GA of Citrix Managed Desktops Service.
Citrix Managed Desktops (CMD) Service is a promising all-in-one cloud-hosted service that can scale as needed, and for the first time ever, you can buy Citrix management services and Microsoft Azure compute together. CMD Service is the perfect example on how well-made and easy to use all Citrix Cloud services should be for customers. We can expect more cloud services to embrace the same approach with one keyword: simplicity.
At first it seemed that Citrix was trying to sell to customers directly, but the company wants to allow partners to build on top of CMD Service with the future integration of multi-tenancy. Partners will be able to manage multiple customers from the same CMD management console and build services directly on top of Citrix Managed Desktops, enabling customized services for vertical markets.
The target of this service is temporary workforce, developers,and business continuity for SMB customers. I don’t expect large customers to move to a cloud-hosted Desktop-as-a-Service solution anytime soon,but they could be tempted to explore Citrix Managed Desktops Service for specific use cases that need to be deployed quickly, and do not require advanced configuration.
Currently only available for Microsoft Azure, Citrix might introduce this service to other cloud providers such as AWS or Google Cloud Platform in the future.
The service is currently in tech preview, and only available to limited customers. Citrix plans to expand the tech preview to more customers by the end of Q2 and to release the service by end of H2 2019.
To request a Citrix Managed Desktops trial, go to https://onboarding.cloud.com. After you sign in to Citrix Cloud, click Request Trial on the Citrix Managed Desktops service tile. You may need to contact your Citrix representative to get access at this time.