“It’s not a matter of if, but when” was the sentiment I heard – just a few weeks ago – from a customer discussing their stance on cyberattacks in their environment. But are you really ready to recover from a widespread outage? We collectively learned a lot about IT resiliency over the last few days, and the question on everyone’s mind is: how quickly can you recover your datacenter, cloud, or endpoints from an incident?
In evaluating the impact on Citrix deployments, we’ve examined how Citrix admins have had an edge on mitigating the effects of the outages such as the one experienced by CrowdStrike customers on July 19, 2024, and how Citrix technology helped customers quickly recover. One common theme was the benefit of workload centralization and rigorous image management, with an added benefit to those using non-persistent desktops and less traditional endpoints.
As IT gets back to business as usual this week, now is a great time to evaluate your long-term approach to creating an IT environment that is resistant to outages and attacks.
The advantage of non-persistent desktops and apps
In Citrix deployments, non-persistent desktops and applications are commonly deployed for frontline workers with mission-critical workloads. This approach provides a high level of security, consistency, and control. In this model, IT centralizes Windows (or Linux) images in the data center or cloud, and tightly controls software updates and patches, typically updating a small set of golden images on a weekly or bi-weekly basis. The advantage of maintaining this level of control over updates is that IT has more time to test and vet those updates before pushing them live to the entire environment.
Centralized management also means that if something goes wrong, every individual endpoint doesn’t have to get fixed. IT can simply resolve issues in the data center, or in the golden images themselves, and then push the updated image live to the data center or cloud. This is a faster and simpler solution in the event of an outage. In addition, centralization allows your organization to implement and manage more stringent security controls like firewalls, intrusion detection, and security updates.
Hands-on keyboards? Virtually, please.
In this most recent outage, millions of Windows instances suffered a bluescreen at boot. This is a worst-case scenario for field deployed devices – especially if those are in the hands of a distributed workforce, contractors, or hard to access locations. We saw the photos of techs at work patching systems at airports, banks, and billboards – but there has to be a better way. At Citrix, we have a long history of delivering virtual apps and desktops, and even for persistent desktop use cases, remoting in, mounting disks, or patching via a virtual KVM is a much more efficient way to recover from problems like this at scale. We saw admins scripting repairs that combed through hundreds or even thousands of user desktops, without having to leave their desk.
Avoid catastrophe with tight Image Lifecycle management and rapid rollbacks
Another one of the strengths of Citrix app and desktop virtualization is our sophisticated image management stack. Both Citrix Provisioning Services (PVS), a network-boot staple of many Citrix deployments, and Machine Creation Services (MCS), an image-centric technology, shine in their ability to deploy images at scale, as well as rapidly roll back to a previous known good image. Either of these technologies can boot thousands of on-prem or cloud-hosted workloads in minutes. So in the event of an update or patch that causes an outage, you can easily revert to a previous image and keep your workforce going. In this sort of recovery scenario, restoring to a known good state is point, click, and reboot.
Burst to any cloud
With our hybrid focus, a fundamental advantage of Citrix environments is the ability to burst a set of workloads into the cloud – for capacity planning, disaster recovery, or other unexpected events. Considering recent outages, capacity is key. Especially if your business already uses the cloud, or multiple clouds, creating a cloud-based disaster recovery plan with Citrix is simple. By using known good golden images and provisioning new instances of workloads, Citrix admins can rapidly scale out new capacity – even bursting from a data center into the public cloud, allowing users to connect to mission-critical workloads even when the rest of IT is down.
Expanding your device support for less traditional endpoints
While the biggest battle is waged in the data center or cloud – let’s face it, everyone has endpoints. Relying on one kind of device, such as Windows endpoints, is a common approach for enterprise IT departments. In theory, it makes it easier for IT to control access to corporate data and deliver applications to users. However, if all of those devices fall to an attack or an outage, your business is at a standstill. The ability to deliver secure access to any kind of device is an advantage that will allow you to pivot rapidly.
Citrix deployments have a strong population of less conventional endpoints – including phones, tablets, Chromebooks, and thin/hybrid client solutions from companies like IGEL, Unicon, and others. Our friends at IGEL even released a blog detailing how to recover Blue screened Windows endpoints to IGEl OS, allowing you to quickly restore user connections to a Citrix environment by simply repurposing existing hardware.
If having an emergency endpoint plan for an unexpected outage wasn’t a priority for your IT department before, now is the time to see how Citrix can help you create a more resilient environment that can adapt in the event of unexpected circumstances.
Make the most of Citrix
Non-persistent desktops, unmanaged endpoints, and bursting to the cloud are all possible with your Citrix environment and should be part of your IT resiliency planning. Not only can these solutions help you recover, but they can help you avoid outages in the first place, so your business never has to stop moving. It’s always a good time to reassess your disaster recovery and IT resiliency to see if you need to incorporate any of the above into your plan. For more on how to leverage these solutions, contact your Citrix account team or partner.