OpenCloud Access is Citrix's response to VMware Project Horizon

A few weeks ago at Citrix Synergy in Berlin, Citrix announced OpenCloud Access and OpenCloud Bridge.

A few weeks ago at Citrix Synergy in Berlin, Citrix announced OpenCloud Access and OpenCloud Bridge. Both products will join their OpenCloud line of cloud integration products, but that's just the tip of the iceberg.

The real news is that OpenCloud Access is, in many ways, the same thing as VMware's Project Horizon, which they announced at VMworld in September. I remember talking with Brian about how much VMware was really getting it right with Horizon and what a game-changer it was. It turns out Citrix was way ahead of us!

Both products essentially build SaaS and other web or cloud apps into a user interface so that they appear along side normal applications. There are fundamental differences between the two, but that's for another article altogether! OpenCloud Access (and Project Horizon) go way beyond just publishing a link to a webpage, however (you can see Brian's take on Project Horizon here).

OpenCloud Access, like Horizon, uses federation to automatically provision/de-provision cloud apps to users that don't yet have access to them. Once the apps have been provisioned, OpenCloud Access uses the same federation to automatically log users into the app.

We talked about the importance of this when we talked about Horizon, but the short version is that this makes management easier and gives you tighter security because you can tightly control who has access to which applications outside your organization.

Picture a scenario where you don't have this kind of solution. New users must have their Active Directory account created, and in a separate process have accounts created on, say, SalesForce.com. Users need to log in to both systems separately. Then, when the user leaves the company, their AD account and SalesForce account need to be deleted--both separate processes.

This is both a management nightmare and an information security threat, because if the SalesForce.com account doesn't get terminated, the user could still access that information, even though their AD account is gone. The solution only gets more complicated as more apps and directories are involved.

Using OpenCloud Access, cloud apps (SaaS, IaaS, regular web apps, or whatever) are created automatically based on group membership or Active Directory container. It does this by synchronizing with your enterprise directory (AD, in most cases) at regular intervals and applying its rules and policies to provision/de-provision the proper applications.

There is some flexibility with regards to the application, as well. If the users' IDs can't be federated using SAML, OpenID, or ADFS, for instance, OpenCloud Access can fall back to being more of a SSO solution, storing users' credentials so that they are still logged in automatically in the app's native manner. There is even a "form fill" capability that will automatically fill in the fields if there is no other method available. The good news is that Citrix has a growing list of partners that already support OpenCloud Access, so many apps will be able to fully integrate with it without have to resort to the fallback methods.

OpenCloud Access requires a NetScaler on your end of things because it uses the AAA capabilities of the NetScaler to provide authentication and authorization for the traffic. Essentially, the NetScaler is the middleman between your users and their applications. Since the NetScaler already understands what's happening on the wire with regards to HTTP traffic, authentication requests, and your users, Citrix is leveraging that instead of reinventing the wheel.

I asked Citrix about what happens if a user is remote, or not in the same location as a NetScaler. The response was that you can still direct traffic through the NetScaler from the outside. Instead of browsing to SalesForce.com, which would require them to log in manually, users could be given a link (or through Citrix Receiver, but more on that later) to, for instance, salesforce.yourcompany.com. That link would point to the NetScaler, which would then take over and direct traffic accordingly.

Now, about Citrix Receiver. While OpenCloud Access is available right now, it's only through partners or Citrix Consulting that you can get your hands on it. In the near future (by the end of the year), a new version will be released that is more product-ized. This version will integrate into Citrix Receiver in such a way that your users will see their cloud apps right alongside their desktops and other applications.

The last thing to mention is OpenCloud Bridge, which is not yet available. Most information on Bridge is being kept close to Citrix's chest, but what we do know is that it will use NetScaler technology to create a tunnel between the corporate data center and the cloud data center in order to secure and manage that application's traffic. Specific details have not been released, but when they are, we'll be sure to turn it inside out and see what's going on.

You can see the similarities with Project Horizon run deep, but all that means is that both Citrix and VMware see this as a growing concern in organizations. The requirement of a NetScaler might be a turnoff for smaller environments that don't have such a solution or for large environments that use something else, but that doesn't mean a "lite" solution couldn't come out at some future time. I think it also leaves plenty of room for another company to step in and make the agnostic version of this software that can be plugged in just about anywhere. Time will tell.

Join the conversation

5 comments

Send me notifications when other members comment.

Please create a username to comment.

you forget to mentioned that :


- OpenCloud Access is there NOW even not perfect in V1 (like going through NetScaler)


- Citrix is used to deal with such concept as they already experienced couple of element (Dazzle, Web Interface, Single Sign On, NetScaler Web stuff...).


I know, my point of view is biased, isn't it ?


Cancel

Hi Gabe,


OpenCloud Bridge Whitepaper is available here:


www.citrix.com/.../Citrix_OpenCloud_Bridge.pdf


It doesn't have any NDA or confidential flags in it, so I assume it's ok to publish it here.


OpenCloud Bridge is the combination of Netscaler, Branch Repeater and Vyatta.


Cancel

Gabe,


Your comment :


"I think it also leaves plenty of room for another company to step in and make the agnostic version of this software that can be plugged in just about anywhere."


  ...is something we absolutely agree with and are pursuing with our WorkSpace Universal product.  I hope we can pursuade you to take a look at what we are doing.


Cancel

@Kata - I did mention it's available now (I said: "While OpenCloud Access is available right now, it's only through partners or Citrix Consulting that you can get your hands on it."), but I didn't make a huge deal out of it, because, like you said, it's not perfect.


You're other point is solid - This is a logical thing for Citrix to do given all the technology they have. It's no coincidence this comes from the networking side of the house, and not the desktop side.


@PaulBurke - Just let us know when you have a product and we can sit down for a GTM or something.


@Christoph - When I go to that link, I get a 403 FORBIDDEN! The Citrix police will be at your door in 3. 2. 1... :)


Cancel

Sigh...


Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close