2. WE BELIEVE…
• End users will win the battle of choice
• BYO will fundamentally transform IT
• Mobile = Heterogeneity
• Managing heterogeneity will create huge value
2
3. User choice is driving heterogeneity of devices & apps
User
Choice
Corporate
Devices
2000 2012
3
4. Problems Solved by CloudGateway
Enable BYO by provisioning IT services without
managing/controlling devices
Mobilize and deliver all apps SaaS,
Intranet, HTML 5, native mobile and
Windows
Secure corporate data by separating
business from personal content
4
9. File editing, sync, and share from
any mobile device
Follow-Me Data Seamless experience for apps
and documents
Role-based access control
Remote wipe & lock
9
10. @WorkMail
Native mobile mail, calendar, and contacts
Attach and save docs to ShareFile
One touch access to internal sites with @WorkWeb
Calendar invites with GoToMeeting using free/busy
Works with ActiveSync and Exchange
Encrypted email, attachments, contacts
Available on iPhone, iPad, Android Phone & Tablet
10
11. @WorkWeb
Full-featured consumer-like mobile browser
Simple access to internal sites such as SharePoint
Encrypted cache, bookmarks, cookies, and history
Accessible from any MDX-enabled app
Available on iPhone, iPad, Android Phone & Tablet
11
12. Me@Work
mobile app family
@WorkWeb @WorkMail ShareFile GoToMeeting Podio
Secure Email, calendar Follow-me Integrated Social Team
Browsing & contacts Data Collaboration Collaboration
12
13. Management, security, and control over native mobile and web apps
MDX Vault MDX Access MDX Interapp
Secure container that Micro-VPN tunnel to corporate Control app communications
enables app and data resources from mobile apps with external apps, cloud,
containment, wipe and lock along with access control policies clipboard & devices
13
20. Provisioning
a New Hire
For IT
Adds employee to
Active Directory
Automatically assigns
new hire to job role
Apps are provisioned
based on identity
20
21. Provisioning
a New Hire
For the end user
Logs into Receiver’s self-
serve app store
Subscribes to apps
Enterprise cloud storage
immediately provisioned
21
22. On-the-go
Access all apps and docs on
any device
Follow-Me Data with ShareFile
Mobile security and control
with MDX technologies
22
25. Benefits for IT
• Enable BYO for productivity on any device
• Provide instant access to all business apps
• Deliver secure mobile email
• Mobilize any corporate app securely
25
29. Building an enterprise mobility strategy with Citrix
Assess Design Deploy
Assess your unified Architect enterprise mobility Start by delivering
storefront requirements: strategy to easily extend existing virtual desktops
•Apps to deliver? your existing Citrix and apps, then easily
•Devices used to access? infrastructure to securely extend it to include web
•Ability to share and sync deliver all apps and data to apps, SaaS apps, native
enterprise data? any device mobile apps and
•Security requirements? enterprise data.
29
30. Citrix Strategies for Mobilizing Enterprise Line of Business Apps
Existing LoB App
Existing LoB App
Citrix Mobility Pack Citrix Mobile App SDK Mobilize C/S App Pure HTML5 //
Pure HTML5
Native Mobile Apps
Citrix Mobility Pack Citrix Mobile App SDK Mobilize C/S App Secure Browser Native Mobile Apps
Secure Browser
Virtualized Windows apps Virtualized Windows apps New HTML5 mobile web UI Mobilize existing web apps or Rewrite app to native iOS
mobilized ‘out-of-the-box’. modified with mobile UI leveraging core Windows or rewrite app to HTML5 with full (Objective-C) or Android (Java)
through .NET code Client/Server backend code mobile web experience and UI.
Secure mobile browser container.
Virtualization Mobile Web Native
30
Welcome! My name is <name>, and I’m pleased that you have taken the time to be here today. The Bring Your Own (BYO) movement, the proliferation of cloud services and the increase in workshifting have made mobility the #2 priority among CIOs. But first, we should all understand the forces which have led organizations to adapt to a new reality…
These are Citrix ’s core beliefs related to enterprise mobility, and we are receiving tremendous positive feedback from customers and analysts that we are on the right track with our thinking. We believe end users have pretty much won the battle over choosing their own devices, and IT must now adjust and transform their skills and processes to support an increasingly mobile BYO world. By definition mobility brings forward a great deal of heterogeneity in devices and apps. Heterogeneity drives complexity, and managing that complexity will create huge value for the organization. Let’s take a closer look at how we’ve gotten to this state…
Let ’s start with a quick review of enterprise mobility. If you go back, we’ve been using mobile devices for awhile. First we used them for secure mobile e-mail – many of us were provided Blackberries for e-mail on the go, and that was great. Then came the new wave of smartphones – devices with huge capabilities far beyond mobile e-mail. And what did we do? We tried to apply the same rules to these rich, powerful devices – we literally chained them down with the same techniques we used in the Blackberry world rather than treating them as full-function work devices. The reality is those methods will not work in the new world of BYO. Today we know 70% of tablets will be owned and brought into the workplace by employees – old management methods will not work and will not be accepted by employees on their personal devices. Now it’s all about diversity of devices – a world in which BYO has to be planned in by design, NOT as an exception. While all this is happening with consumerization of devices, there is another trend that is making IT even more complex. That trend is around diversity of apps. The world used to just include Windows and browser-based apps with easy, predictable use case scenarios. That is no longer the case. We are now seeing more and more app heterogeneity. Apps are being written for mobile, for web, for HTML5, and of course still for Windows – and all of them need to be mobilized.
With all that in mind, we designed and built CloudGateway to solve several core mobility issues relevant to IT teams in all industries: *Mobilize and deliver all apps, beyond just MS Windows (which Citrix has been king of providing for 20 years) to web, HTML5 and native mobile apps *Enable BYO by provisioning IT services without being concerned over managing the devices – IT can effectively be device agnostic, enabling users to be as productive on the go as they are in the office while maintaining security and control over their corporate content, which brings us to the final problem solved: *CloudGateway fully segregates the business content our customers care about from users ’ personal content – thus enabling customers to manage and control just the business content and not worry about anything else on the user’s chosen device.
Customers achieve complete enterprise mobility management by deploying 2 Citrix products: Citrix Receiver is our universal end user computing client that allows us to deliver a beautiful, consistent user experience across all platforms – laptops, tablets, smartphones, etc. and all of the common operating systems such as iOS, Android, Windows and Mac. CloudGateway is Citrix ’s enterprise mobility management solution that securely delivers mobile, Web and Windows® apps and data to any device. It delivers enterprise mobility by empowering employees with a self-service enterprise app store that provides access to business apps and data, leveraging the consistent, rich user experience of Citrix Receiver™. CloudGateway also provides identity-based provisioning and control for all apps, data and devices, including employee-owned devices. These capabilities enable IT to protect enterprise apps and data with policy-based controls, such as restriction of application access to authorized users, automatic account de-provisioning for terminated employees and remote wipe for data and apps stored on lost devices.
Here is the CloudGateway infrastructure we ’ve developed to deliver all of these core features. It ’s interesting to note that CloudGateway fully leverages the investments our customers have already made in XenDesktop and XenApp, which in CloudGateway language represent the ‘Windows’ content controller. Our customers leverage Receiver on any device to access XD/XA via an Enterprise App Store for XD/XA published resources, which today is likely Web Interface. Most of these customers are also using NetScaler Access Gateway as the ‘gateway’ service to allow secure remote access to the XD/XA app store. CloudGateway now adds many other content controllers to the existing infrastructure such as web, SaaS, native mobile, HTML5 and ShareFile data controllers. It ’s hard to guess what other types of apps/content will be developed in the future, but we’ve build CloudGateway as a fully extensible platform that can be easily enhanced/expanded with additional content controllers as needed. Finally, on the endpoint devices we have expanded Receiver ’s capabilities to include a secure mobile container for all apps and data – allowing full control including remote lock and wipe on demand in case users lose their devices or leave the organization. These capabilities even apply to locally installed native mobile apps – while the user sees them on their springboard alongside all their personal mobile apps, the business apps delivered via CloudGateway remain hooked into and fully controlled by Receiver.
Self-serve app store. The CloudGateway enterprise app store gives users instant productivity from any device. User can easily self-select their mobile, web and Windows® apps from the corporate approved list and access these apps as they roam between devices. This app store provides IT with a single place to provision, manage and update apps so they no longer have to worry about manual application installations and updates for users . Follow-me data with ShareFile. CloudGateway with ShareFile Enterprise delivers the ultimate productivity for mobile users by providing access to the corporate data they need to get their job done. With this integration, users now have the ability to sync and share files securely from any device and can use their native mobile and virtualized apps to edit documents while they are on the go. Secure mobile productivity. CloudGateway includes two new native mobile productivity apps that leverage MDX security controls to better support mobile workers. @WorkMail is an email, calendar and contacts solution that enables users to attach documents to emails and save attachments back using ShareFile, open attachments and web links with a secure browser, and send calendar invites using the free/busy information of attendees, all while staying inside the MDX Vault where IT has full control. @WorkWeb is a full-featured browser that leverages MDX technologies, such as MDX Access to create a dedicated VPN tunnel for accessing a company ’s internal network and encryption for the browser cache, bookmarks, cookies and history to ensure that users can access all of their websites, including those with sensitive information. Mobile security and control with MDX . CloudGateway powered by MDX enables the management, security and control over web and native mobile applications, including iOS Android , and HTML5. With MDX, corporate apps reside in a secure container, completely separated from personal apps on the user ’s mobile device IT has comprehensive policy-based controls over the usage of corporate apps within the secure container, including the ability to remote lock and wipe. MDX also provides a secure mobile browser and application-specific VPN access to ensure that users have simple, one click access to their internal web, external SaaS and HTML5 mobile web applications. Scenario-based access. With CloudGateway, IT defines comprehensive access and control policies that use endpoint analysis and each user ’s defined ‘role’ to determine which apps and data to deliver and what level of access to content should be provided. By ensuring that the appropriate level of access to apps and data is granted for each scenario, these granular security controls support enforcement of corporate security policies and standards. Identity-based provisioning. CloudGateway leverages Microsoft® Active Directory® and other directory systems to provision, deliver and control how mobile, web and Windows® apps are used based on user identity and role. IT can instantly provision all of a user ’s applications, including ShareFile, as soon as the person is added to Active Directory. Conversely, when users leave the organization access is instantly eliminated and accounts are locked once their Active Directory account is disabled.
Intro: CloudGateway allows employees to access all their corporate resources on any device, from anywhere. Key Points: Receiver is a client that can be installed on all major platforms and can also be accessed from any web browser on your mobile device.
Citrix ShareFile is an enterprise follow-me-data solution that enables IT to deliver a secure and robust service that meets the mobility and collaboration needs of all users. ShareFile empowers users to securely share files with anyone, and sync files across all of their devices. ShareFile also enables IT to deliver a managed service that meets corporate data policies and compliance requirements. With the integration between CloudGateway and ShareFile, users can easily access both apps and docs from the same unified workspace. IT can automatically provision and de-provision ShareFile accounts based on Active Directory identities and roles. Once accounts are created, IT can manage user access to corporate files in the same console as they manage their apps while allowing users to easily view, edit, sync and share files from any mobile device. Only Citrix ’s enterprise mobility management solution allows full editing capabilities on mobile devices by integrating virtualized apps with ShareFile – users can go beyond simple viewing and actually edit Microsoft docs on iPads or any other mobile device. If users lose devices or leave the organization IT has a single control point to remotely wipe all apps and data.- ensuring security and compliance.
@WorkMail is a beautiful new native iOS and Android email, calendar and contacts app. Citrix @WorkMail integrates with other Me@Work apps and leverages the mobile app security features in CloudGateway through MDX technologies to offer secure productivity on the go. Users can attach docs to emails and save attachments back using ShareFile, open web links, including internal sites, with @WorkWeb, and send calendar invites with GoToMeeting using the free/busy information of attendees provided by @WorkMail all while staying inside the secure container on the mobile device. @WorkMail supports ActiveSync and Exchange and offers security features, such as encryption, for email, attachments and contacts.
@WorkWeb is a full-featured consumer-like mobile browser for iOS and Android devices that enables simple, secure access to internal corporate web, external SaaS, and HTML5 web applications. @WorkWeb leverages MDX technologies, such as the MDX Access to create a dedicated VPN tunnel for accessing a company ’s internal network and encryption for the browser cache, bookmarks, cookies and history to ensure that users can access all of their websites, including those with sensitive information. @WorkWeb offers a seamless user experience in its integration with the Me@Work apps and other MDX-enabled apps to allow users to click on links, such as ‘mailto’ or GoToMeeting, and have the native apps open inside the secure container on the mobile device.
People want and expect to be able to work when and where they need – and on the device of their choice. And it ’s up to IT teams to manage these increasingly unique and diverse work preferences. Businesses that enable mobile workstyles by embracing consumer devices, apps and computing experiences are Mobile Enterprises. These businesses are better places to work, more resilient to planned or unplanned changes, and run at lower cost and grow at higher velocity. The Citrix Me@Work mobile app family addresses the key functions required to build a mobile enterprise, combining all the simplicity and user experience employees expect, with the security and control the business requires. In addition to @WorkWeb and @WorkMail, Citrix ’s mobile app family includes ShareFile for secure data management as well as GoToMeeting and Podio for effective collaboration. All of these native mobile apps can easily be delivered to all types of mobile devices with CloudGateway.
Citrix CloudGateway with MDX technologies enable the management, security and control over web and native mobile applications, including iOS, Android, and HTML5. New encryption and mobile DLP technologies have been added to fully secure web and native mobile apps and data. These technologies deliver new levels of security through policies that can encrypt native mobile applications and their associated data as well as provide granular data leak prevention policies that can disable camera, the “open-in” function, iCloud use, copy and paste commands, the sending of emails or SMS, and printing on an app by app basis. The three MDX technologies are Vault, Access, and Interapp. MDX Vault MDX Vault separates corporate mobile apps and data from personal apps on mobile devices in a secure business container. Using MDX Vault, IT is able to manage and control native mobile business apps and data instead of managing an employee’s device. The business apps in MDX Vault can be secured with encryption and mobile DLP technologies and can be remotely locked and wiped by IT. MDX Interapp MDX Interapp ensures that all MDX-enabled apps can interact with each other for a seamless experience. With MDX Interapp, MDX-enabled apps are integrated so that these apps only open other MDX-enabled apps, for example a link clicked in @WorkMail automatically opens @WorkWeb, not Safari. In addition, MDX Interapp controls the communications between apps so that IT can enforce policies around activities such as cut-and-paste between apps, for example allowing cut-and-paste between MDX-enabled apps but not to apps not protected by MDX, or by preventing use of a camera when using a specific MDX-enabled app. MDX Access MDX Access provides granular policy-based management and access controls over all native and HTML5 mobile apps. IT can centrally control and configure policies specific to mobile apps such as the type of device or network that is being used, the device passcode, or upon detection of a jail-broken device. MDX Access also provides the industry’s first application-specific VPN access into a company’s internal network. Using a micro VPN allows businesses to not require a device-wide VPN that can compromise security. Instead, an app-specific VPN tunnel gets created for the mobile and web apps accessing a company’s internal network remotely.
Here is how MDX works. Users who leverage their personal mobile devices to do work end up with two ‘sides’ of their device if you will: the Life side and the Work side. The objective is to allow them to do whatever they want on the Life part of their device while completely securing and isolating the work side. It’s absolutely fine for the Work apps to share data and interact with each other, but you don’t want any communication between the Work apps and the Life apps.
CloudGateway allows IT to manage and secure corporate/work apps while the employee still gets to use personal ones that are not affected or controlled, a separation of work and life. So the employee can still play Angry Birds while also having access to SalesForce on the phone. Apps secured with MDX can only talk with each other, outside or personal apps that aren ’t under IT’s control are completely separate from the work apps and data that is delivered via CloudGateway.
Apps secured with MDX can only talk with each other, outside or personal apps that aren ’t under IT’s control are completely separate from the work apps and data that is delivered via CloudGateway.
CloudGateway wraps each individual app with its own set of security and usage policies. Work apps are of course allowed to use Micro VPN to reach needed resource within the datacenter in a highly secure manner, and IT retains the right to lock and/or wipe Work apps and data if a security risk arises (e.g. the user left their smartphone in a taxi).
Here are some of the MDX Vault settings that can be applied to MDX-enabled apps that have been wrapped with our App Preparation Tool and are delivered by corporate IT. Depending on the sensitivity level you can disable and restrict many different functions to prevent data from leaving the secure work container.
Intro : Let ’s take a look at how CloudGateway really impacts the lives of both IT and end-users by reviewing some common everyday scenarios . The 3 scenarios we will review are frequent across all organizations in every industry. Key Points: A new hire begins work and needs to be provisioned by IT The new-hire goes on the road but still needs to do their job Employees change status, which then needs to propagate across the IT infrastructure and content (e.g. apps and data) Supporting Data and/or Stories: Transition: Let ’s start with what happens when a new-hire is provisioned with CloudGateway in place…
Intro: Here is a common story of a new hire… Let ’s say Mark has just been hired as an account manager covering the East Coast. Gordon the IT admin is responsible for getting Mark setup with his laptop and needs to give him access to all his apps and data that he’ll need. Key Points: Gordon: Adds Mark to the corporate directory (e.g. Active Directory) and based on his directory group Mark is automatically assigned to the sales role for the East Coast in CloudGateway. As a member of the sales ‘role’ in CloudGateway, Mark automatically gets his account access provisioned to about a dozen apps, including Salesforce, AMEX for travel, GoToMeeting, Office, an internal expense reporting app connected to SAP, a sales tracking web app, ShareFile and a host of other apps available to the company. Supporting Data and/or Stories: Transition: So from an IT perspective it ’s easy – just add Mark to Active Directory and everything happens automatically. What does it feel like from Mark’s perspective?
Intro: The new hire ’s experience is a great one… Key Points: On Mark ’s first day he simply logs into Receiver using the credentials provided by his manager, and he immediately sees the set of apps appropriate for him in his job role. Mark can then select the specific apps he wants on his screen whenever he logs in, and also has immediate access to the correct cloud-based data that pertains to his team. Compare this to what may happen without CloudGateway – users may search for hours trying to find apps that haven ’t been installed on their PC or laptop as part of the ‘standard corporate image’ and probably end up calling the help desk after experiencing immense frustration about not being productive at all in ramping up. It may take several days of frustration and multiple help desk calls before they get access to all of their apps and data to be fully productive. Supporting Data and/or Stories: Transition: Now let ’s see how CloudGateway benefits both IT and users when faced with mobile scenarios.
Intro: On Day 7 our new hire is on the road. Mark is traveling with just his iPad and iPhone – the laptop is too cumbersome. Key Points: Before he leaves, he downloads Citrix receiver for both devices. IT already told Mark that he could download Receiver on any of his personal devices and still have access to his apps and data. At the same time, IT has the ability to limit Mark ’s access from personal, untrusted devices if desired to protect sensitive corporate data.
Intro: With Citrix CloudGateway IT can easily enforce corporate-defined security policies. Key Points: When Mark is in the office on his corporate laptop he has full access to all of his apps and data. When he goes outside the secure corporate network and uses his personal devices he still sees the app store but: He notices that his sales reporting app has restricted access to data while he ’s out in the field and that his ShareFile account doesn’t have access to large files while he’s out. So both users and IT are able to do their jobs regardless of the device, location and network with SmartAccess Policy Controls are in place. Supporting Data and/or Stories: Transition: Now let ’s take a look at how CloudGateway makes employee status changes much easier to manage and reduces risk when employees leave.
Intro: If an employee leaves CloudGateway automates and expedites much of this typically manual process. Key Points: IT immediately disables Active Directory account, and when that happens CloudGateway automatically disables his access to corporate apps and data – even to 3 rd party hosted SaaS services. Supporting Data and/or Stories: We ’ve spoken with several clients in financial and healthcare organizations who have had issues in the past when nobody remembered to disable accounts with 3 rd party SaaS apps such as Salesforce.com – the terminated employee in one case leveraged their administrator-level account to create accounts for his entire new organization – costing the former employer hundreds of thousands of dollars before somebody noticed the rogue charges. Transition: With CloudGateway there is no direct access from the internet – users must authenticate into the corporate directory before they can access any app – whether virtual, web, mobile or SaaS.
Intro: The benefits of CloudGateway for IT are compelling… Key Points: Four of the top benefits that IT managers tell us they want today are simplicity, flexibility, control and agility. With CloudGateway, IT is simpler because there is a single point of delivery and control across all apps, data and devices. Apps and data are protected, with security controls that take into account key context areas such as role, device, location and network. And, because IT can instantly provision and de-provision apps and data, you can stay ahead of changes in people, roles and responsibilities. Supporting Data and/or Stories: Transition:
Citrix CloudGateway is our enterprise mobility solution that allows for a seamless integration between work and life. Letting employees work from anywhere, using the device of their choice.
The growth of mobile devices and cloud apps is leading IT to build siloed solutions that are expensive and complex. We've created Citrix CloudGateway with the industry leading enterprise app store to give end users the mobility and flexibility they crave while providing IT with the security and control they need.
To summarize the business rationale—we’ve found that it is best to embrace consumerization rather than fight it. By empowering employees, providing security and simplifying IT, organizations are able to achieve several important business goals simultaneously.
Which devices will you support? Which users will have access? Who are your key stakeholders? How will you get buy-in? What will your policies/guidelines be? What technologies will you use?
This is an optional slide to be used when customers are looking for direction on how to mobilize their infrastructure. The goal is to show that with Citrix, there are several options for ‘going mobile’ with existing applications.