Citrix Announces Project Kent, a solution for application access after a major disaster

Written on Sep 25 2006 Filed under: Citrix 11,596 views, 16 comments

by Brian Madden

In a presentation in NYC to analysts last Thursday, Citrix’s CEO Mark Templeton announced “Project Kent,” a set of technologies that Citrix is working on to let users access critical IT applications and facilitate communication after a major disaster.

The Back Story

Disaster recovery has always been challenging for IT. In the early days, the terms “disaster recovery” and “data backup” were often used to mean the same thing, even though they were far from the same. Data backup meant that your data would be safe in the event of a disaster, often with the help of offsite tape storage vaults. The problem with data backup was what happened after a major disaster. If something really bad happened and you lost a datacenter, you could call the tape vault and get all of your tapes back. Great! But then what? Did you have any hardware to restore them to? How long would it take you to rebuild your physical infrastructure to get to a point to where the content on the tapes would actually be useable? What about the users? In the event of a natural disaster or a major fire, it’s possible that the users’ workstations would also have been destroyed. How long would it take to rebuild the workstations and get all of your applications installed?

Obviously this is a perfect scenario for server-based computing and something that Citrix has been playing up for years. If all your applications were running on centralized terminal servers, then you wouldn’t have to worry as much about the end users’ workstations. You could focus on the servers, applications, and data, and then tell your users to connect from home or buy a bunch of thin client devices and have them up in a few hours.

This all sounds great in theory, but there are still some major technical challenges to getting this all working right, even in today’s world. In fact, the disaster recovery module of our training class still ranks as one of the most lively discussion topics because there is no single perfect solution.

The problem is this. For most organizations that are concerned about keeping the doors open during and immediately after a major disaster, the solution has been to build a backup datacenter. This backup datacenter may be just a “cold” location with a bunch of powered off hardware that’s ready to be used when the primary location fails. Or, the backup location may be a full-blown replica of the primary datacenter, complete with continuous data replication and live servers, ready to become the new primary datacenter in a moment’s notice.

In fact, Citrix even added some cool technology into Presentation Server 3 and 4 called “Zone Preference and Failover.” This technology allows you to specify that certain server farm zones should be used for certain groups over others. You can configure your environment so that your users all use Presentation Servers in the primary location, but if for some reason that location is not available, they’ll automatically use servers from another location. Pretty cool!

There’s only one major problem: How do you actually route the users from the primary location to the secondary location?

To understand this problem, think about how Presentation Server actually works. These days, most people use Web Interface (or the Program Neighborhood Agent which in turn uses Web Interface) to access applications and content published via Presentation Server.

Imagine a bunch of users at corporate headquarters. They connect via Web Interface to local Presentation Servers. There is also an off-site datacenter with backup Presentation Servers. What happens in the event of a disaster?

The answer depends on the type of disaster. If there is a major problem in the main datacenter, the backup Presentation Servers should be able to take over, right? Unfortunately, how will the users access those servers? If the Web Interface server is in the main datacenter that’s no longer available, then the users will get HTTP 404 errors when they try to access their applications.

To mitigate this, you can instruct your users to access a backup URL in the event that the primary one is not available, but if this is the case then why bother having the “automatic” failover of your backend Presentation Server environment if your users need to manually fail over anyway?

This anecdote illustrates the unique challenge with “pure” server-side failover plans. If the failover intelligence is purely in the server, and the server is not visible or available to the client, then how can the client receive notice of the failover?

The obvious solution is to put some failover intelligence on the client. One way to do this is to make it so that the first time a client device hits a server, it gets a list of other backup addresses it can use should this current server ever not be available. In fact, this is what Citrix does with their perimeter access device, the Citrix Access Gateway. This makes a lot of sense except for one thing—it means that you have some kind of client software or agent installed on your client device. Uggh!

There are of course other ways to point clients to new servers. A common way to do this is via a DNS change. But this brings its own challenges. DNS updates require time to propagate. And of course you can’t have your DNS servers the same datacenter that you’re trying to protect, because if you lose that datacenter then you’d lose your DNS servers. So this means that you’ll have to use an external DNS server, but doing so introduces another point of failure. In fact, losing those servers could render your primary datacenter inaccessible even if it was fully functional.

So far we’ve only looked at some of the technical problems associated with site-to-site failover in a disaster. Of course the other aspect to this is the human and logistical side of things. In a major disaster, IT staff and users will probably not be able to gain physical access to any of the primary servers, and it’s possible that users would be spread out all over the place. How do people get into their apps? How do they even know whether they should use their apps. How does the IT staff communicate?

This is where Project Kent comes in.

Citrix Project Kent

Even before Project Kent, Citrix has a lot of products that can facilitate application access in a disaster. Presentation Server can ensure that applications can be accessed from random client devices. The Citrix Access Gateway SSL-VPN can ensure that these applications can be accessed securely from outside the firewall. GoToMyPC ensures that users can access their work computers from home.

Project Kent wraps all of these technologies, plus several others, together in a way that really is cool. Phil Winslow, an equities analyst who tracks Citrix for Credit Suisse, attended the briefing last week. (I was not invited.) Here’s his summary of Project Kent:

Enterprises will locate Project Kent technology in all key locations, which will most likely be integrated into the Citrix Access Gateway. The appliance will function as a "Business Continuity Manager," performing the following roles: Emergency Portal, Alert Server, SMS notifications, Roll Call, USB Key Management, Telephony Redirection, Secure Remote Access, Instant Messaging, etc.

The idea is that an enterprise issues its "Emergency Response Team" (ERT) with red USB keys and its users with black USB keys. In the event of a business continuity or disaster recovery scenario, an ERT will find any PC (Cybercafé, home PC, etc.), insert the red key, which will ask a few questions, and initiate a "state of emergency." This will in turn message (via Blackberry, SMS, phone, etc.) other ERTs that an emergency has been declared. The Business Continuity Manager appliance will now assume a role to coordinate all further activities and will become an enterprise's "Emergency Portal." As users and other ERTs connect via their USB keys, the appliance will provide access, priorities, coordinate activities and facilitate communications, send alerts, conduct roll calls, etc.

Personally, I think this Project Kent thing is really cool. This really shows the value of what can be done by combining a bunch of technologies that Citrix already has together in a cool way. Now, if they can only figure out a way to prevent a rogue red-keyed employee from having some fun...

Comments

Guest wrote Nothing to see here.

on Tue, Sep 26 2006 1:09 AM

This is already being done today...  In fact the solution will be showcased at iForum for anyone who wants to see.

To put it simply,  Netscaler.  Why do you think Citrix purchased them?  Not only can it load-balance WI server and prevent the 404 error, it can do GSLB.  Fine so GSLB has a few issue with regards to convergence,  but the Netscaler supports BGP so it can do route health injection.  That way traffic never gets routed to downed site.

As far as the Red USB keys and Black USB keys?   Why bother?   ERTs and Users will lose/misplace them.   It's easiet to go to we web-portal and run what you need there.

Joe

Guest wrote RE: Nothing to see here.

on Tue, Sep 26 2006 3:12 AM

We are utilizing the NetScaler as a front end to a CAG configuration with zone preference and failover in the back and that's providing some excellent high availability and acceleration. Defintely the simplest and in my opinion the best way to go.

Jeff Pitsch wrote RE: Nothing to see here.

on Tue, Sep 26 2006 8:28 AM

As far as the Red USB keys and Black USB keys?   Why bother?   ERTs and Users will lose/misplace them.
 
Just to play devil's advocate, nothing more, nothing less but that's like saying:  As far as passwords?  Why bother?  ERTs and User will lose/misplace them. 
 
 

Guest wrote RE: Nothing to see here.

on Tue, Sep 26 2006 10:25 AM

ORIGINAL: Jeff Pitsch

As far as the Red USB keys and Black USB keys?   Why bother?   ERTs and Users will lose/misplace them.

Just to play devil's advocate, nothing more, nothing less but that's like saying:  As far as passwords?  Why bother?  ERTs and User will lose/misplace them. 

 
Jeff, that doesn't make sense.  Using a password is already part of the user's workflow.  Something they use everyday,  why would they forget/lose it during an emergency?  That's why I think the USB keys are a bad idea.  Now you changed the user's workflow during a time of crisis.  With all of the new distractions,  this is the best time to keep workflow changes to minimum.

Joe

robert nelson wrote RE: Nothing to see here.

on Tue, Sep 26 2006 1:04 PM

ORIGINAL: Guest

ORIGINAL: Jeff Pitsch

As far as the Red USB keys and Black USB keys?   Why bother?   ERTs and Users will lose/misplace them.

Just to play devil's advocate, nothing more, nothing less but that's like saying:  As far as passwords?  Why bother?  ERTs and User will lose/misplace them. 


Jeff, that doesn't make sense.  Using a password is already part of the user's workflow.  Something they use everyday,  why would they forget/lose it during an emergency?  That's why I think the USB keys are a bad idea.  Now you changed the user's workflow during a time of crisis.  With all of the new distractions,  this is the best time to keep workflow changes to minimum.

Joe

 
If you have a user who is responsible for a datacenters disaster recovery project, and he is not competent enough to carry around a usb key, then I think you need to worry about personnel issues more than anything. This isn't a user remembering a password this is an IT administrator, he can put a usb key in his glovebox or on his keychain or something. It's not a big deal as you make it out to be, I had to carry around a RSA keyfob for a year, to login to vpn, and never lost it.

Jeff Pitsch wrote RE: Nothing to see here.

on Tue, Sep 26 2006 1:36 PM

So why not simply make this key part of the workflow?  Have you ever been in a DR situation?  Everything changes....how is this any different?  Why can't you expect them to have this available to them?  In a DR situation, only those critical apps needed to run the business are brought up first, this is a complete diruption fo the workflow.  How is adding this little piece going to make it worse?  IMHO, it's ridiculous to think that users can't be trained to handle this situation.

Dan Murray wrote RE: Nothing to see here.

on Tue, Sep 26 2006 5:54 PM

I must agree with Jeff.  If adding something as simple as a USB key to the mix is going to throw things completely into turmoil, you've got a disaster waiting to happen, regardless of your DR preparation.  And consider the fact that you are likely to have more than one individual carrying these things around, so in the unlikely event someone DID forget or lose theirs, someone else would more than likely have one.  And if you've only got one person walking around with their special little USB key, I guess that means they never take a holiday or get sick or get hit by a bus or win the lotto or... .  Frankly, having something that simple to use would be a huge benefit in a DR situation.  Keeps the emotion and likely human error out of the picture.
 
Dan

Gordon Payne wrote Additional Kent information

on Wed, Sep 27 2006 12:26 AM

Hi Folks, 
This is Gordon Payne, I work for Citrix and I’m responsible for marketing for Project Kent.  It’s great to see your interest and discussion on this topic.  I’ll try to provide some guidance on where we are targeting this solution.   Kent is targeted at helping company response teams and employees manage through an emergency situation involving workforce disruptions.   An example situation is a snowstorm, transit strike, hurricane, etc. where the data center and applications continue to run, but employees may be dispersed and unable to physically get to work.    Examples of what Project Kent will provide are:  i) information alerts, ii) communications and collaboration and iii) access to applications and information from any location.  This is more about Workforce Continuity than data center recovery.
If you are interest in learning more, I'll be talking about Project Kent in more detail at Citrix iForum 06 on Monday, October 23 in Orlando in one of the sub-keynotes, #901 “Get Ready Now to Ensure Workforce Productivity Before Disasters Strike”.  For info on iForum 06, you can visit: http://www.citrixevents.com/English/index.asp?eventID=2161.  I hope to see you there.

Guest wrote Why USB keys

on Wed, Sep 27 2006 4:33 AM

What's the big advantage of those USB keys,
why not setup your environment, so users can login to web-interface
as they were used to, only now they're running on other servers that
contain the backup environment, but should be the same as the original environment ?

Guest wrote RE: Why USB keys

on Wed, Sep 27 2006 8:43 PM

I agree with you from a data access standpoint, but data access is only one of the components of Project Kent. 
 
In a true disaster before worrying about user productivity you need to get infromation out to employees and allow for communication and collaboration to ensure the well being and safety of employees (reference events like Katrina and 9/11).  Project Kent integrates these items to make for a more comprehensive DR solution.

Guest wrote RE: Why USB keys

on Wed, Sep 27 2006 9:42 PM

It appears from the comments and themain article that the majority of this discussion is speculation on Project Kent. I hate to be a commercial but if you really want to learn about this technology and any other up coming technology from Citrix iForum would be the place to be. I would expect some great articles on emerging Citrix technology from Brian Madden after the event. Just my two cents. It is best to hear it first hand. [link=http:  

Guest wrote RE: Nothing to see here.

on Thu, Sep 28 2006 1:16 AM

But again, what the point? Purpose of have the USB key?  It adds a layer of complexity and cost that simply does not need to exist.
 
What are you going to gain by having the USB key vs not having one?
Joe

Guest wrote RE: Nothing to see here.

on Thu, Sep 28 2006 1:18 AM

That's not exactly a fair statement.   Many nurses and doctors do not like added steps/complexity added to already complex solutions.  It add to their time and takes away from patient care.
 
What is this huge advantage that you speak of by having a USB key?
 
Joe

Guest wrote RE: Why USB keys

on Thu, Sep 28 2006 1:43 PM

Great Idea if you have the time and funding to attend.  I believe that Citrix should be pushing more information on this via a Whitepaper and/or technical paper along with a forum for addressment of this.  Not all of us can attend conferences etc.  Smart card, USB Key FOB and/or RSA Key is something that will come about since users have a hard time of maintaining a 15 character or greater pass phrase.  Security issues appear to be taking the forefront and if you want to play we need to forget cost to install and more along the cost if we fail to protect the data and resources we currently have in place.

Guest wrote RE: Why USB keys

on Fri, Sep 29 2006 2:13 PM

Interesting note:  However,  Brian does not mention any of this in his article.

ORIGINAL: Guest

I agree with you from a data access standpoint, but data access is only one of the components of Project Kent. 

In a true disaster before worrying about user productivity you need to get infromation out to employees and allow for communication and collaboration to ensure the well being and safety of employees (reference events like Katrina and 9/11).  Project Kent integrates these items to make for a more comprehensive DR solution.

Guest wrote RE: Why USB keys

on Fri, Sep 29 2006 2:14 PM

Good idea,  perhaps we should send Brian down too since he doesn't seem to have all the facts either. 

(Note: You must be logged in to post a comment.)

If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.