Last year at Synergy, when Citrix and Microsoft renewed their commitment to each other, we heard about a host of ways that Citrix XenMobile and NetScaler would be integrated with Microsoft Intune and EMS (Enterprise Mobility + Security). Last week at Summit, Citrix began delivering on these plans with a round of announcements and unveilings. To fill in more details, I spoke to Manoj Raisinghani, Vice President for Mobility Platforms at Citrix. Now we can finally put together a clearer picture of how all the Citrix and Microsoft mobility plans are going to work.
Here’s a quick refresher of what Citrix and Microsoft promised back at Synergy. Overall, they planned to align their road maps, and more specifically, we were told:
- Citrix XenMobile apps would incorporate the Intune mobile app management SDK;
- Microsoft would embed NetScaler micro-VPN capabilities into the Intune SDK, and NetScaler would be able to use compliance information from Intune/EMS for conditional access policies;
- Citrix would leverage Azure Active Directory for new identity capabilities;
- Citrix would build a new version of XenMobile in Azure, and it would have back-end integration with Intune.
Let’s take a look at where we are now, after the Summit announcements.
Citrix apps and the Intune SDK
Per Citrix’s blog post, this is coming later this year; Citrix PR added that it will be in Tech Preview in Q1.
NetScaler and EMS
In another blog post, Citrix detailed how NetScaler would pull compliance data from Intune/EMS to make conditional access decisions for devices that are using the Citrix VPN app. This is complete and generally available.
As I’ve written, there’s a lot to like about modern conditional access, as well as many advantages to using a single cloud-based system to connect users to both cloud and on-premises apps.
While Citrix didn’t talk about it very much last week, Manoj said that as promised, NetScaler micro-VPN capabilities will soon be coming to Intune-enabled apps (i.e. Office Mobile, among others). This will be in Tech Preview in Q1, and available as part of a new SKU that was announced at Summit. (I’ll get to the SKU in a bit.)
Again, the network effect makes this interoperability desirable for all parties.
Citrix Cloud and Azure AD
One identity milestone came last week when Citrix announced that Citrix Cloud can now use Azure AD to handle administrator sign-ins.
Overall, Manoj said that Citrix Cloud is getting enabled with Azure AD right now, and there will be out of the box integration for Citrix Cloud offerings, such as XenMobile
I’ve been wondering what else Citrix has planned for ID—there’s been a bit of unofficial buzz coming from a few employees on Twitter, which leads me to speculate and hope that they’ll do a lot with Azure AD. Azure AD Premium does many interesting things for authentication and cloud app federation; while NetScaler has the ability to act as an identity provider, Citrix doesn’t seem to have any plans to compete in the cloud-based identity management space on its own. Leveraging Azure AD for this would be an excellent and logical step.
New version of XenMobile on Azure, integrated with Intune
Back at Synergy, it sounded like the new version of XenMobile on Azure would be a brand new offering, built from scratch. The reality is more pragmatic, but at least we know how it’s happening now.
Last week Citrix announced that XenMobile Cloud has been integrated into Citrix Cloud, and will now be known as XenMobile Service. There are various new SKUs and license transfer programs, including Microsoft EMS-oriented SKUs.
I learned from Manoj that the existing XenMobile Cloud components, which are currently hosted in AWS, will simply now also be available from Citrix Cloud, on Azure. For now, all of the functionality will be exactly the same. Citrix will begin lighting up new XenMobile Service customers in Citrix Cloud on Azure in a few months. They don’t have any plans for migrations yet, and in fact Manoj emphasized that they’re not phasing out the AWS version and that customers can stay on it.
Other changes announced at Synergy—such as making XenMobile into a true multi-tenant cloud service—are still on the road map.
One big question from Synergy was how Citrix planned to integrate XenMobile with Intune, but now a path has opened up for that, too: Coincidentally, last week we learned that the Microsoft Graph API, which allows partners to integrate with Azure-based products, will be enabled for the Intune management console. There haven’t been any official announcements yet (the APIs for Intune simply appeared in the Microsoft Graph beta documentation) but just yesterday Manoj confirmed that XenMobile will indeed be leveraging the Graph API to interoperate with Intune. In addition, Citrix is building a new mobile management administration experience.
To sell all of these new integrations, Citrix has announced a SKU called Citrix XenMobile Essentials for EMS, which will be in Tech Preview this quarter. They were very clear that this is a Citrix product, not a Microsoft product. It’s intended for customers that already have Office 365, EMS, and Intune, and it includes three main components:
- The ability to connect Microsoft Intune apps to NetScaler via a micro-VPN.
- Use of Citrix Secure Mail and Secure Web mobile apps. Manoj said customers can choose to manage them either through XenMobile or through Intune.
- Use of XenMobile MDM Service on Azure to complement Intune. This is intended for companies in regulated industries. (There are a lot of features that XenMobile has that Intune does not, so we’ll have to do a comparison soon.)
In Q2, we’ll get a preview of another SKU, Citrix Workspace Essentials Service for EMS; which will include everything from the about SKU, plus XenApp/XenDesktop delivered from Citrix Cloud via Azure.
A lot has already been said about the macro-relationship between Citrix and Microsoft; on a closer level it’s now clear how the classic “embrace and extend” strategy will work for their enterprise mobility relationship, too.
It remains to be seen how customers will like combining XenMobile and Intune in practice, but for what it’s worth, a lot of enterprises already use multiple EMM providers together. Since the Microsoft Graph API provides a clear route to integration, and the new Citrix SKUs are designed to complement EMS, they have a good starting point for making it work.
We’ll also be watching how Citrix delivers on improvements to XenMobile Service itself, as well as what else they do with the Azure AD integration.
Citrix still has a lot of engineering work to do, and more details to iron out, but at least in the meantime we have learned a lot more about how everything is going to work, and that’s good news. Next stop: Synergy.