Service Continuity is now generally available. A complete re-design of the way Citrix Virtual Apps and Desktops service brokers sessions to users, Service Continuity helps to ensure users have connectivity to their critical apps and desktops in the event of disruption. I covered Service Continuity in depth in an earlier blog post. Check out that post and the following resources for a refresher on key Service Continuity concepts.
https://www.youtube.com/watch?v=844-fR_A14k
Our preview had more than 100 customers and thousands of devices syncing Connection Leases, the new set of files that are securely stored (and refreshed) on the user’s device after a successful logon to Citrix Workspace and posteriorly used to connect to a virtual desktop during offline/outage mode.
We even saw the first users launching sessions during a recent outage — the best testament to the power of this new feature. In fact, when we contacted those customers for feedback, the IT admins said they weren’t aware of any issues or user reports during those days!
Some IT admins from the Citrix Service Providers program called Service Continuity a “clever way to fix a complex issue” and one from the manufacturing vertical called it “a lifesaver.”
In this blog post, we’d like to share some frequently asked questions and key findings from the preview phase so you are better equipped to deploy this in production or QA and to have broader discussions with your own teams and leadership around the Citrix Virtual Apps and Desktops service.
Frequently Asked Questions about Service Continuity
How do I take advantage of the newly available Service Continuity capabilities within my existing deployment?
From a Citrix Virtual Apps and Desktops service configuration perspective, you only need to click one button within the Citrix Cloud Admin console, under Workspace Configuration. I call this the most powerful button in Citrix Virtual Apps and Desktops service!
You can use any VDA version with any type of workload (Dedicated, Pooled, Remote PC Access, Apps or Desktops).
You do need Citrix Workspace app for Windows/Mac 2106 or higher, and currently Service Continuity works only when accessing Citrix Workspace stores from the Citrix Workspace app client UI itself (i.e. you need to add the Account/Store to Citrix Workspace app).
We know that most users prefer the Citrix Workspace app web-based UI to access the Citrix Virtual Apps and Desktops service stores, so we are working on this diligently. Support for Citrix Workspace app for Web in Chrome/Edge is currently in preview (when used in combination with Citrix Workspace app for Windows 2106).
We’ve also developed a browser extension to make all the Connection Lease magic happen. Learn more here.
How does Service Continuity work if my users have direct network connectivity to the Resource Location (i.e. internal users)?
It’s easy! Citrix Workspace app opens a connection to the Citrix Cloud Connector directly, and the connector will then resolve which VDA can host the session. If the Citrix Virtual Apps and Desktops service cloud broker is online, the connector will rely on it. Otherwise, the connector leverages the same HA service/secondary broker used for Local Host Cache, but without requiring any on-prem Citrix StoreFront.
Overall, users can still launch sessions when Citrix Virtual Apps and Desktops service is inaccessible or even if your ISP or IdP is down!
How does Service Continuity work if my users are external and depend on Citrix Gateway Service (CGS) for access to their resources?
We have great news! The Connection Leases are long-lived authorization tokens, allowing Citrix to achieve client-side/stateless sessions with CGS. Any CGS PoP (e.g. East or West) on any cloud (e.g. AWS or Azure) can decrypt and validate the signatures in the Connection Leases without requiring any access to any further outbound authorization or ticketing service.
(For the keen-eyed among you, this means STA tickets are not used with Connection Leases.)
Unhealthy PoPs are taken out of rotation in the DNS resolutions; hence, we always broker connections to healthy CGS PoPs.
What type of outages/incidents can Citrix Workspace app detect?
The main mechanisms used are service timeouts, authentication protocol errors and .ica file errors. In some cases, the outage could be on a third-party service, like an IdP. That’s why we introduced a cancellable button in the Citrix Workspace app UI that allows the user to work in offline mode directly.
In some cases, Citrix Workspace app will detect the outage automatically and perform the necessary actions silently. But sometimes the action is user driven. We are working hard now to perfect these mechanisms and will release improvements continuously.
If I turn this on, is there any change to the user experience? My users are set in their ways and, as an IT admin, I prefer to avoid any new behavior.
Connection Leases are long-lived authorization tokens (so they allow a connection to traverse Gateway Service or Connector), but they are not authentication tokens. Because of this, SSO to a VDA cannot be achieved. The VDA will eventually present the Windows Logon UI to the user for his/her AD credentials, before launching the app/desktop. This occurs only when the user is working on outage/offline mode in Citrix Workspace app.
This is a small price to pay when you consider what is being offered in return: your mission critical apps are still accessible.
Key Findings from the Service Continuity Preview
The top reason session connections fail to launch in offline/outage mode is because there were no VDAs available.
This means that proper power management must be in place to guarantee enough VDAs are available.
We currently have a new feature on the Connectors in preview so customers on compatible hypervisors (Citrix Hypervisor or VMware) will be able to perform power actions (user-driven, Autoscale or reboot scheduled) when operating in outage mode (i.e. Cloud DDC is down).
Other than this, the Connection Leases are intelligent enough to include a “Plan B” if no connectors can be found on the preferred zone/resource location, so Citrix Workspace app will recursively exhaust every resource location where the app is published (even zone-failover on a DR datacenter!), until it can launch the session.
Communication is key — and admins like to control the message displayed in Citrix Workspace app UI when in outage/offline mode.
Today the default banner is hardcoded, but we know you would like custom banners. Stay tuned because we are working on it!
You can’t improve what you can’t measure
Here in Citrix Product Management, we worked hard with the Citrix Engineering team to have a powerful telemetry and monitoring mechanism in place, so we can assess, correct and fine tune Service Continuity’s performance constantly. We are planning to make this information available via Citrix Analytics for Performance shortly.
What’s Next?
We are expanding to other Citrix Workspace app platforms — Linux is currently in Preview (version 2106) — and will add support for Browsers (a.k.a Workspace app for Web) when used in combination with native Citrix Workspace app for Windows 2106.
Service Continuity will transform how organizations provide digital workspaces, and how they handle outages, helping them to maintain the best possible availability for their end users. This is a Citrix-exclusive feature, unique within the industry, and we are incredibly excited about its potential.
Learn more about service continuity today, and if you have any questions, contact the product team at servicecontinuity@citrix.com
Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.