When we think about how a company can adapt to the latest digital transformation trends, cloud technologies have been key. You can’t deny that business strategies have been impacted by this phenomenon. Leading industries have been able to scale according to fluctuating product demands. Employees can work from anywhere securely. And teams can collaborate digitally, improving effectiveness and reducing cost.
Citrix Cloud has set the tone for how to provision a workspace from a cloud platform full of benefits for administrators and improvements for subscribers, without neglecting safety, accessibility, and flexibility.
One of the advantages that most catches my attention is that it was designed to integrate with many other technologies in this industry. Let’s define integration: It’s the act of unifying everything that was ever separated. Therefore, the question we might be asking is, “Which technologies can Citrix be integrated with?” Citrix can integrate with most public cloud vendors, hypervisors, SaaS applications, operating systems, and more.
The advantage? Companies today can choose how and where to host their information, applications, desktops, and users. Citrix incorporates its own products with each other and with other vendors, which results in users making the most of their effectiveness and efficiency in terms of time, production, performance, and cost.
This blog is the first in a series on the integration between Citrix Cloud and Amazon Web Services (AWS), including leading practices, alternatives, and recommendations when deciding to have your infrastructure hosted on AWS. Beyond the technical fundamentals, I write based on my experience with the Citrix Cloud Success team. We’re dedicated to guiding clients who are looking to adopt Citrix Cloud in their digital transformation experience.
What Is a VPC?
Let’s get started with the fundamentals behind one of the most useful and important services in AWS: virtual private cloud (VPC). A VPC is the scalable and regional isolated network service representation capable of supporting AWS resources. In other words, a dedicated virtual private cloud. In this blog post, I’ll cover three of the top recommendations we share with customers. For more information, please read our Citrix Cloud on AWS Checklist – Virtual Private Cloud (VPC) whitepaper. You’ll find it in the Citrix Cloud Success Center. On the Build milestone within your Success Plan, click on the Citrix Virtual Apps and Desktops page, then scroll down to the Public cloud providers integration documentation section.
Default VPC vs. Custom VPC
From the Citrix Cloud perspective, any VPC modality will not interfere with its functionalities, access, or performance. There are different pre-requisites for all Citrix Cloud products that we need to consider, whichever host and/or IaaS we choose.
A default VPC is initially created by AWS and allows internet access and public subnets with their own route table. (The caveat? Only 1 default VPC per region.) On the other hand, custom VPC requires enabling internet access, specifying an IPv4 range (or AWS provided IPv6 block) as CIDR, route tables, DHCP options, security groups, and more.
Cloud Success Experience: A custom VPC it is a better approach when considering using AWS as the host for your Citrix Cloud infrastructure, including services like Citrix Virtual Apps and Desktops, Citrix Endpoint Management and Citrix Content Collaboration. This way, you can adjust the VPC to your business needs and easily configure it for Citrix Cloud in terms of networking.
Subnets: Private, Public or Both?
When talking about subnets in AWS, you could say that it is simpler than it seems or, rather, it isn’t difficult to couple with Citrix requirements to support security and management.
The main difference between the two is that the public option has access to the internet. The public network tends to host components such as an internet gateway, NAT Gateway, Citrix ADC, and a bastion server, among others. Furthermore, what characterizes all these components is the tendency to have a public IP for external access.
On the other hand, the private subnet hosts components such as Citrix Cloud Connectors, applications, desktops, and other objects that have options to be used as instances or services (Active Directory, File Server, Storage Zone Controller, etc.).
Cloud Success Experience: The best way to design your Citrix environment in AWS is to create at least 2 subnets (private and public), preferably in different Availability Zones and with the function of “Auto-Assign Public IP” disabled. You could also consider segmenting the private network into 2 different availability zones, to distribute Cloud Connectors and VDAs.
Security Groups
This is perhaps the topic that, in my experience, generates the most questions. Security groups allow us to control the traffic associated with our instances as a virtual firewall. Likewise, security groups work at the instance level (EC2), not at the subnet level. Through rules, we allow the different Citrix channels to open depending on the type, ports, protocols, and source/destination.
Cloud Success Experience: There are several ports that should be considered during your implementation. Our recommendation is to create security groups dedicated to Citrix for better management and create the relevant rules according to the service that we are deploying from Citrix Cloud. For example, create a security group associated to the private subnet that includes an outbound rule that opens port 443 to the public subnet for Cloud Connectors.
The Takeaways
- AWS offers numerous functions through the VCP service to protect the network, where we associate the infrastructure of instances dedicated to Citrix Cloud.
- Network segregation in different subnets allow us to have traffic control, in addition to the power that security groups have at the instance level.
- The Citrix Customer Success Management team is available to accelerate, guide, and promote your adoption of the solutions offered by Citrix Cloud.
All customers with Citrix Cloud licenses have access to the Citrix Cloud Success Center to create success plans and access documentation about prerequisites, guides, and leading practices. Be sure to take advantage of all of these resources so you can get the most out of your investment!
Thanks for reading. Keep an eye out for Part 2!
— Faubricio Gutierrez Barboza, Customer Success Engineer
