Back in June, Microsoft’s Jeff Mitchell and I highlighted the benefits of using the Microsoft Cloud Adoption Framework (CAF) to deliver new use cases using Citrix Cloud and Microsoft Azure. You can watch the video here. Since this update to our Citrix on Azure series, Microsoft has released the Ready guide for Cloud Adoption Framework enterprise-scale landing zones.
In this four-part blog series, I wanted to walk through the critical design areas of an enterprise-scale landing zone and translate these Azure constructs to Citrix considerations. The impact of decisions made within an Azure architecture directly influence Citrix design decisions.
What is “enterprise-scale”? Why should I take a similar approach to Citrix on Azure?
Microsoft’s definition of an enterprise-scale is taking a modular design approach to ensure the foundational Azure deployment can scale with changes in a portfolio or demand. It follows a series of design principles across the critical design areas for an organization’s Azure environment. To learn more about Microsoft’s Enterprise-Scale methodology, I recommend the following references:
- Microsoft Learning Path for Enterprise Scale Azure Landing Zones: Create an enterprise-scale architecture in Azure
- Microsoft Azure Architecture Blog: Enterprise-Scale for Azure landing zones
- Microsoft Documentation: Start with Cloud Adoption Framework enterprise-scale landing zones
From a Citrix perspective, we want to take a similar approach by aligning our “portfolio” in a way that can be flexible, enable growth, and adapt to evolving business needs. In this first part of the series we will cover the enterprise-scale Azure design principles and how they align to Citrix, where Citrix deviates, and how it will reverberate through the critical design areas. We will cover the critical design areas in part two and three of this series.
The CAF key design principles are as follows:
- Subscription democratization
- Policy-driven governance
- Single control and management plane
- Application-centric and archetype neutral
- Align Azure-native design and roadmap
Subscription Democratization
CAF Design principle: “Subscriptions should be used as a unit of management and scale aligned with business needs and priorities.”
Azure Subscriptions create agility for business units through a mechanism to centralize policy, audit, and configuration requirements. This is one of the primary reasons we recommend a dedicated subscription for Citrix workloads on Azure as a starting point. However, Azure Subscription and Citrix Cloud service limits drive the maximum recommended machines per subscription. We are seeing that a growing number of organizations require thousands of machines. To support this, enterprise-scale Citrix architectures require a multi-subscription approach using Azure Management Groups.
A multi-subscription architecture can be accommodated with multiple Citrix Virtual Apps and Desktops host connections and their accompanying Machine Catalogs, aggregated into a consolidated Delivery Group. An example of this is illustrated in the below diagram created by my colleague, Igor van der Burgh. Thank you Igor! (Click the image to view larger.)
Policy-Driven Governance
CAF Design principle: “Azure Policy should be used to provide guardrails and ensure continued compliance with your organization’s platform.”
The Management Group structure described above can aggregate policy, and initiative assignments via Azure Policy. Management group hierarchy should represent the types of workloads (archetypes) that you’ll host and ones based on their security, compliance, connectivity, and feature needs.
Azure policy can be an effective tool to audit or deny differentiations from established Citrix service standards. A good example of effective policy usage would be denying F-Series instances for VDI Resource Groups after the business has purchased reserved instances in D-Series. Another common example is enforcing the appropriate Azure tags on Citrix MCS machines to identify a cost center or department to facilitate charge back or define ownership.
Citrix policy via the Citrix Virtual Apps and Desktops service or Citrix Workspace Environment Management service can also be used to establish a baseline for the employee experience. For example, blocking all peripheral redirection in a Citrix baseline policy to default to a higher security posture, with exceptions then based off true employee workflow requirements.
Single Control and Management Plane
CAF Design principle: “Enterprise-scale architecture…should provide a consistent experience for both AppOps (centrally managed operation teams) and DevOps (dedicated application operation teams).”
From the perspective of the CAF, Citrix Administrators would be defined as AppOps, consuming an Azure Landing Zone from the PlatformOps team. The setup of this landing zone is a key focus for the critical design area Platform automation and DevOps. This principle is predominately about providing a performant and secure foundation for the Citrix platform. Collaboration between the Citrix and Platform teams is essential to provide the required subscriptions, identity and access management, and other landing zone requirements.
With the latest Azure integration enhancements and hybrid-cloud management, all new or ongoing Azure projects are recommended to use Citrix Cloud as the management plane of a Citrix Landing Zone. With a centralized control plane, migration of an employees’ workspace to the Azure Landing Zone from on-prem can be controlled. This can help cloud teams accommodate the five R’s of rationalization when assessing an organization’s digital application estate for migration to Azure. For more information, I recommend reviewing the Plan phase of the CAF. This is summarized in the below table with high-level descriptions.
Description | Citrix strategy | |
Rehost | Lift and shift migration | Deploy app in on-prem and Azure Resource Locations. Spin down on-prem when migration complete. |
Refactor | Transition to PaaS | Deploy app in on-prem Resource Location during transition.
Deploy front-end thick client using Azure Resource Location and Virtual App and Desktop Service or, if web-based, deploy with Citrix Access Control. |
Rearchitect | Rearchitecting cloud-compatible app into a cloud-native application. | Deploy app in on-prem Resource Location during transition.
Deploy front-end thick client using Azure Resource Location and Virtual Apps and Desktops Service or, if web-based, deploy with Citrix Access Control. |
Rebuild | Create new code base to align with cloud-native | Deploy app in on-prem Resource Location during transition.
Deploy front-end thick client using Azure Resource Location and Virtual Apps and Desktops service or, if web-based, deploy with Citrix Access Control. |
Replace | Transition to SaaS | Deploy app in on-prem Resource Location during transition.
Secure new SaaS app using Citrix Access Control or streamline employee actions with microapps. |
Application-Centric and Archetype-Neutral
CAF Design principle: “Enterprise-scale architecture should…provide a safe and secure foundation for all application types to be deployed onto your Azure platform.”
As described above, Citrix can provide integrations across Microsoft 365 and varying application requirements across IaaS, PaaS, and SaaS to create one holistic employee experience delivered by Citrix “AppOps” owners.
Often when moving to Azure, organizations will use the shift to a standardized infrastructure to establish a tiered-service model with varied performance types and associated charge back costs. A tiered service model enables an organization to control costs by right-sizing performance based on a use cases needs vs creating inefficiencies with a “one-size-fits-all approach”.
An example of this would be the following:
Service Model | Compute | Storage | Use Cases |
Basic VDI | B4ms (Burstable, 4 vCPU, 16 GB) | Standard SSD | Task workers |
Standard VDI | D4s v3 (4 vCPU, 16 GB) | Standard SSD | Knowledge workers |
Premium VDI | NV4as v4 (4 vCPU, 14 GB, GPU) | Premium SSD | 3D graphics enabled workloads |
A tiered service model doesn’t have to be in place overnight. Start with general purpose D-Series or compute-optimized F-Series and establish a regular cadence (monthly, quarterly) to evaluate performance data. Primary cost drivers can also be analyzed at the subscription and Resource Group level using Azure Cost Management. These activities can identify opportunities to create new models and add cost efficiencies. Remember to enforce a tiered-service model with policy!
Align Azure-Native Design and Roadmaps
CAF Design principle: “Align with Azure platform roadmaps to ensure that new capabilities are available within your environments.”
This principle is about aligning the PlatformOps and Citrix teams to the native cloud operating model and new feature integrations between Azure and Citrix. With the multi-year strategic partnership between Citrix and Microsoft, there has been a rapid uptick in the pace of innovation from our engineering team for Azure enhancement. At the time of this writing, this includes items like provisioning performance improvement, single Resource Group management for catalog organization, and >50 percent reduction in boot times through system disk retention.
The growth of Citrix Cloud has also led to innovation across all Citrix services. To support this innovation, Citrix has increased the volume of technology previews to capture direct customer and partner feedback prior to bringing a new solution to general availability. Every enterprise-scale Citrix environment should be paired with an isolated development environment to enable low-risk innovation.
Work with your Citrix Customer Success Services team to understand which tech previews are available and how they can factor into your success plan for your Citrix Cloud. Following the Citrix blog is also another great way to hear about new and upcoming capabilities.
What’s Next?
Citrix Cloud and Microsoft Azure allow for modularity and flexibility when approaching an enterprise-scale project. Planning for growth is planning for success. In the next three parts of the series we will dig deeper into the critical design areas of the Microsoft Cloud Adoption Framework and outline their influence on Citrix Cloud architecture and execution. A big thank you to Microsoft’s Jeff Mitchell for the help with this content, the continued collaboration, and sharing his perspective.