Why "reverse seamless" is not as cool as Brian thinks it is

There has been a lot of discussion around Reverse Seamless and its value over the years. Recently RES Software announced a standalone version for $15 per user, which Brian wrote about on SearchVirtualDesktop.

There has been a lot of discussion around Reverse Seamless and its value over the years. Recently RES Software announced a standalone version for $15 per user, which Brian wrote about on SearchVirtualDesktop.com calling it "super cool as a stand alone feature for $15 per user." Well I disagree. It's not a super cool feature at $15. It's an extremely expensive feature that carries a security risk.

I was recently discussing the feature with one of my few security friends. He just gave me a puzzled look and asked, "Are you really going to trust all the URL redirection, launching random apps, and potential remote interaction with your data center from a small third party sitting on top of yet another third party protocol?" He went on to educate me that I would have a very hard time passing an internal security review. He would require a lot of evidence that RES has a supported secure solution with whichever protocol they sit on top of. He went further and talked about existing vendor clients that have security holes despite the expensive efforts that are put into things like penetration testing. So adding something that is quite invasive on top represents a lot of trust that one has to place in two external parties interacting in the right way.

Nothing like a security guy to kill progress :-)

I argued, "Yeah that's all fine, but risk is assumed with any third party that we have on top or under a Microsoft operating system such as VMware ESX and Citrix XenDesktop/XenApp. This is even riskier with the smaller vendors." He agreed that this true and these are assumed risks and we have to patch those, ugh!  He still felt that messing around with remote interaction and arbitrary application launches represented a greater risk, and when it came to security patches for things like Citrix Receiver he remained concerned about how well the various companies would cooperate. He felt it would be less risky if they were just trying to make existing features that are secure from the core vendor better. The example he cited was people doing things to RDP that leverage the core protocol.

I'd never really thought about it form this angle before, but I guess he has a point even though I could argue whatever and go for a risk exemption if the business need is greater. I would not however be willing to do that due to the $15 price. I see this as another virtual channel in the protocol stack. Imagine if I had to pay $15 for every virtual channel inside HDX or RDP! Also, I'd probably only want to use this for a subset of my population at certain times and have great difficulty in predicting who and when. This like many other software purchases likely ends up in buying more licenses than needed.

I tried playing around with the math to see what RES are thinking. At $15 they would need to sell 67,000 licenses to only make a million dollars. The reality is they will have to discount in many cases to let's say $10 which makes it 100,000 licenses for a million bucks. Would I even pay $10? No way, I look at the spend of the entire desktop software stack and this to me would be worth perhaps $0.15 at best compared to the value and use of the all the other crap I have to run. So what does that do the market opportunity of this standalone feature…..?

It doesn't just stop at security and price. Integration into other advanced protocol features such as Aero, etc. is not something RES will be able to do easily, especially if there's next-to-zero revenue for this feature. These are core features that the protocol vendors will build over time. Hence Reverse Seamless must be a native, integrated, secure feature of the base protocol that continues to evolve. It's a requirement to address many desktop virtualization use cases and hence the price is FREE. There is no standalone sustainable business here.

I am not trying to knock RES for having the foresight for filing a patent in this space and will even congratulate them on their innovation. I do not however understand why they think they can make any money out of this. This is a FREE feature to address a desktop virtualization requirement. If RES was smart, why not get paid by the larger players so they can hurry up and make this technology available to the masses so we can all have the feature to help us with implementation. License the darn thing and stop wasting time with this $15 per user nonsense. Until then as far as I am concerned RES is just playing patent troll and holding our industry back and hence I suggest they are boycotted.

Join the conversation

30 comments

Send me notifications when other members comment.

Please create a username to comment.

I never really thought about the security risks.. I would assume you could control what links are going where and stuff?


But more importantly, I don't really agree with your statements about RES being bad for charging for it. Yeah, I agree that it *should* be a core feature of RDP or HDX, but it's not. Soo... I mean this is better than nothing, and $15 standalone is better than forcing people to buy a whole suite if they don't plan on using it.


Also I strongly disagree with your characterization of RES being a patent troll. A pantent troll is someone who buys or files patents without any intention of building or selling a product, or to extort money from others.. But in RES's case, they had this idea, they got a patent, and now they make and sell products based on that patent... how's that bad?


Cancel

Nice article!


As a side note: I wouldn’t want t


o be security conscious by any serious measure on the multiple in-design flaws and attack vectors being an integral part of Terminal Server.


It’s depressing in itself and only gets worse by the various added workloads, management, fix-ups, and so forth.


Onwards, and this is equally for VDI.  We have the problem that the client instance is being executed within the boundaries of the Data Center, thus by its very nature bypassing many of the blockades in its way.


While this can be handled by proper measures, it’s burdensome and most often doesn’t happen.


Then so, to top it, we not only have the possibility to execute foreign code (client back-maps) we even have a product built-on the very concept of executing foreign code with little or no control over it.


Cancel

Before anyone jumps in - Yes, I know that Remote Seamless is about executing code on the local end-point and not within the confines of the remote instance.


While there is a Pandora’s Box of its own thereby and even more so in the context of the concept, my point was an easy one: The inherent security problems associated with SBC and VDI. That is something that needs to be discussed more :)


Cancel

AppDetective and Kimmo bring up a great topic for discussion: VDI security: how is it being done and how should it be done?


In my experience, the more layers you assemble, the more costly the cake. It is certainly silly to assume that the vendors have over 90% of the equation worked out.


RE: Reverse Seamless -- bake it into the product or protocol. This is why Res filed for the patent.


Cancel

So how is this for an angle? RES is not planning to use this feature to make billions. In stead they have priced it to barely make us for the costs maintaining and marketing it as a product. The real goal might be to get people to talk about RES and allow them to be forked into other deals. AFAICS the have achieved that first goal.


For the record: I think reverse seamless is hugely overrated and that it should be free indeed.


Cancel

For the sake of their job security, security folks have always been party spoilers.  I don't see any serious risk presented by a cool product that leverages a virtual channel (built to published Microsoft/Citrix virtual channel specs) to position a locally-running window relative to a remotely-running full desktop.


I actually think $15 is pretty reasonable for many use cases.  Customers seeking to achieve integration between their local and remote stuff can run out-of-the-box RDS and pay $15/user to achieve it.  Why pay hundreds of dollars per user license for a third-party add-on suite like Citrix XenApp or other similar add-ons in cases where out-of-the-box RDS + reverse seamless would do just fine?  How many customer environments has Citrix unjustifiably shoehorned XenApp into, only to find out that all these customers really need is 20% of the 'nutrients' in the Kool-Aid they've been served?


Of course, AppDetective's reaction will be about how RDS and RemoteFX are pieces of cr--, and how ICA is the be-all end-all.


This tune is getting old.  Find something/someone new to pick on.


Cancel

@Michel - I'm sure RES spent money and resources to build such product.  And like all cool ideas, the vendor should be compensated for their innovation. If reverse-seamless is hugely overrated and should be free, then I'm sure you'll agree that copycats should also offer their products for free.  But even on that very point I'll disagree because even copycats spend money and resources doing what they do, and unsurprisingly manage to find a way to innovate somewhat along the way.


Cancel

Brian As you question, can't you just manage it? I'd have to look a little deeper but I doubt RES has any significant management available for the product. That's yet even more risk as they will have to integrate it into a desktop virtualization product, or add complexity externally with their own. To do it right it has to be done by the protocol providers. Those players are not going to invest enough unless there are millions of users with the need in production. If a RES patent hinders them, then all of us are held back as Reverse Seamless will only ever be a niche provided by RES. I've been bitching about the need for years. Citrix has teased us with project Alice, and even showed a working demo at Synergy Berlin. So why haven't they released it? Is it because:


1) They have nothing to release?


2) They are not ready?


3) They and others are being held back by RES?


I also recall reading a long time ago on BM.com that the Flexprofile guys had this technology but gave up because of this patent. I suspect this is the same reason today that other's are not producing solutions. That may be an inaccurate assumption on my part. If that is the case. Let RES answer a question. Why don't they license this so others can use it? Perhaps they have tried. I want to understand their position. To me it seems this is nothing more than RES trying to show differentiation with their technology and tons of marketing with a website and hiring people like Simon Bramfitt to write about it. That's all great and I don't blame them. However what this results in is costs being passed on to customers for a feature that is not going to evolve fast enough because the protocol providers will do nothing if it's not broadly deployed. So RES are "bad" for doing this to customers. They should pass those costs on to the protocol vendors and make some money, I have no issue with that. There is no standalone market for this that will generate sufficient revenue to justify the continued investment that Reverse Seamless will require. If you think otherwise, show me a single scaled customers that pays the outrageous $15 per user price for a virtual channel….


@Brianmadden, I'm willing to concede the point of them being Patent Trolls given your definition. That does not the change my argument. To me RES are just desperately trying show they are relevant since the VC love is going to their competitors. It is delusion for them to think they are going to turn reverse seamless into a standalone business, it's not going to happen. It's not even going to help them much as suite feature for all the reasons I wrote about. So stop screwing customers with $15 per user (I stab myself in the hand every time I read that) for a virtual channel and holding broad industry adoption back which further holds back the investment required to evolve the feature to where it needs to go.


Cancel

@edgeseeker The RES solution is not integrated into the protocol. I don't believe they even use a virtual channel, it's an out of band communication channel.


Also that RDP crack you are smoking with your friends at Quest. SMB perhaps, enterprise not good enough. EOP sure helps to a point if you want to marry unscalable Hyper-V, but nobody in the enterprise in their right mind is betting on Quest who don't even have a dedicated desktop division.


Reality my friend is that there is only one game in town for broad use cases which are requirements in the enterprise. Anyway I digress from the topic of this post.


Again for the record. RES should make money from their patent. Just charge the protocol guys not the customer EOM.


Cancel

I don't believe RES's patent on reverse seamless is hampering other vendors.  There's almost always a way around a patent. Citrix has patented seamless windows years ago, yet that hasn't stopped the other vendors from introducing the same feature into their product.


Cancel

@MichelRoth Reverse Seamless is important because the protocol vendors, all of them are always going to play catch up with respect to delivering remote experience. That means many people will reject desktop virtualization because they can't deliver "some" apps. Those of us experienced in the industry like you know that it just takes that one problem app to stop a rollout dead in it's track. So having this ace available in your back pocket is very powerful. It's also why thinclients are limiting unless you accept that protocol limitations and the occasional "the one app" use cases are not important enough. I say keep Windows on the client in some form for maximum app compat. Don't trust the vendors including Citrix with HDX to deliver 100% of apps remotely. Hence integrated, secure, manageable Reverse Seamless is a requirement for broad enterprise adoption.


Cancel

@edgeseeker If RES would come out and say what you just said then I would believe you. Until them they continue to hold us all back.


Cancel

@appdetective - First, I don't believe the Quest-related comment is relevant. Anyone with a keen intellect such as yourself would have easily surmised that I was referring to honest-to-goodness, out-of-the-box RDS.  Besides, I know for a fact that Quest does have an independednt virtual desktop division comprised of about 100 employees.  Overall, the company employs some 3,499 smart folks.


Anyone who reads this blog knows full well that you've never spared an opportunity to bash out Microsoft for its monopolistic practices and culture of stagnation. Yet, you seem to praise Citrix for being the only game in town.  Let me ask you: when's the last time that Citrix innovated?  Here's a company that's failed to grow organically over the years, and has had to charge a premium for its one-hit wonder product so they could use this constant revenue stream to fuel their growth by buying a boatload of overvalued companies.


I must praise you for your relentless attempts to distance yourself from the herd. The more you try, the more you fail.


Cancel

@appdetective - RES doesn't have to come out and say anything. The burden is on the other vendors.  Of course, they can give RES the nod and look for other areas to innovate.  


Anyways, the article is good food for thought.  Keep innovating.


Cancel

@edgeseeker. I suggest you go and look at the organizational structure of Quest  and see where the desktop group is buried in some management subgroup. Those are the facts.


As for Citrix. HDX is the only game in town for the enterprise. Those are just facts and why they are winning hands down as a result. I agree with you on them not innovating fast enough into new areas, or even doing a good enough job to make desktop virtualization work. But that is no my concern. My concern is make desktop virtualization work, The others have done little here also. Quest innovated by partnering, i.e. bolt of complexity pushing costs up. The Quest is cheaper is complete BS. The startups are the ones that are innovating and it's about time a few of them were acquired.


I have asked the other vendors the question. I get a we're working on it answer that is clearly avoiding the question or a It's not needed answer.  If I press them on how is RES helping you, I get a blank stare. I ask why the blank stare and why haven't your licensed it from RES. I get one of two answers. We don't know, or why don't you ask RES. That's why RES needs to step forward or simply customers should boycott them until they explain their position.


Cancel

@appdetective :


1) They have nothing to release?


2) They are not ready?


3) They and others are being held back by RES?


In my opinion it's only a patent issue ...


That's sad because as you said it should be native.


Cancel

@appdetective - I don't know what your beef is with Quest.  Whatever they do organizationally is their business as long as vWorkspace keeps humming and they continue to come through with their excellent support.  I'm sure other smart folks here share my opinion.  


Let me reiterate that the topic of this conversation is NOT Quest. So if you want to continue being the serial basher, go right ahead.  At least they're not a one-trick pony.


There's never been a company in history that's been able to retain the 'only game in town' status.  The only game in town for what?  A niche industry?  Good for Citrix.


RES has a cool feature and it's available at $15/user for whomever deems it important.  That's that.  


Cancel

@Pierre Marmignon -  You and others are making it sound as if reverse seamless is one of the pillars of desktop virtualization.  It's just a f------ feature.  I don't know whether you understand this concept, but we live in a capitalistic society where innovation has to be rewarded so that it can beget more innovation.


If you think this feature has to be built-in and offered at no charge, then Citrix or anyone else is welcome to step up and spend some of that cash they've been hoarding to acquire RES.


@appdetective - You say it's about time someone stepped up and acquired one of the other desktop virtualization vendors.  Are you sure???  Let me remind you that all of them use RDP.  So, what's your point here?  In my opinion, the rest of the desktop virtualization vendors stand zero chance of being acquired.  After all, who's foolish enough to dare to challenge the 'only game in town'?  Having said that, I hope I'm wrong.


Cancel

@edgeseeker. The startups I am talking about are the ones that add capabilities to the existing suites. Unidesk, Appsense (not a start up) should all be picked up to enable desktop virtualization. Faster than waiting for the main player to do anything. Virtual Bridges being bought by IBM is the only full stack startup that I think stands a chance. Sure one of those options could be RES.


As for org, of course it matter. You are right that Quest can do what they want. I am expressing an option that burying them in some sub group shows me how likely they are to invest in the space I am interested in. This is also reflected in the market. Outside of this blog, nobody really cares about Quest in the DV space. If that doesn't matter to a naive enterprise admin, that is not my problem and wish him/her luck. I have been a Quest customers and their support sucked as they couldn't handle enterprise demands. Their product teams were helpful, but I wasn't going to call them for support on a regular basis. They are just not that good, sorry nothing personal just my opinion that you are free to disagree with.


"Only game in town" for today. I agree, let's not assume it's sustainable. However based on my experience and the market reflects it, HDX is the only enterprise class  game in town. Even MS knows that, and hence the let me be your girlfriend advances are working out too well. Quest desktop does not have the market reach. I wish there was a better competitor for HDX  than PCoIP. That means technology and market reach. If RemoteFX was not married to Hyper-V there may be a glimmer of hope. Perhaps IBM with SPICE will do it. We all know Oracle went nowhere with ALP, and HP with RGS is good as dead. That's why I believe that HDX is the only real option for the enterprise today. Tomorrow fingers crossed.


I guess I'm waiting for the next Quest partnership claim that they now work with RES and are cheaper with yet another bolt on feature :-) @Pierre Marmignon is right, it's a patent issue. Hence RES can go F themselves.


Cancel

@appdetective - My experience with Citrix support in the past is similar to your experience with Quest.  But I assure you my two years' worth of experience with Quest has been nothing but top notch.  I'm sure both Citrix and Quest try their best.  Quest's experience is all in the enterprise.  As far as I can tell, all of their products are enterprise-class products.  They're certainly not an SMB componay like you've been protraying them to be.  Come on, man.


I'm not aware of the Quest DV division being buried under other management layers. I'm surprised you have access to such information.  Can you elaborate?


I'm all for RES protecting their IP and trying to make reasonable money from it.


Cancel

@edgeseeker listen here phx.corporate-ir.net/phoenix.zhtml I did not listen to it, but an investor friend of mine did attend that even that's where the information came from. The part that matter is the interesting is the functional business unit organization. None of them are called desktop BUs. The Quest strategy is to take the traditional management roots and pay in physical, virtual and cloud. Make sense and hence some of the positive analysts coverage. All pubic information and some very well connected friends who tell me what is really going on.


BTW Citrix support is nothing to celebrate. Just more of it available if you are willing to pay a lot for it. That was my point about Quest desktop supporting me at scale, and why I think they are SMB focused. Does not preclude them from enterprise, I just don't see them playing there or getting traction for the most part. That's why MS dos not care about them either in desktop. SMB is a great opportunity for them to continue to grow.


Yes RES should get paid. By vendors, not artificially by customers.


Cancel

@appdetective - None of this means anything to me as long as Quest's products and support meet my expectations. So far so good.  I'm not sure why we're criticizing an experienced company's management decisions on this site.  Let's just stick with the technical aspects of our industry.


Let's give all the vendors the benefit of the doubt until they prove us wrong.


Cancel

Wow some seriously soggie Wheaties this morning eh?  Lighten up Francis!  Let's keep things on topic here.  Reverse Seamless is a critical need unless an organization is willing to pay for every possible future need that would be better client rendered than server rendered.  To those worried about client side security issues, it's no more risky than the other way around.  If you open client drive redirection and allow server side drives to be accessible by the client, that's risky.  The other way around is risky as well.  At the end of the day you're going to need to wrap some policy control / support around his whole thing so if the RES offering isn't adequate you'll need to look for another vendor to produce that.  Should this stop the desire, no?  Should the perceived security threat stop this desire, no.  If there isn't a better way to get business done, then trust me this will be the way for many businesses.


Shawn


Cancel

I’m not sure how this became a Quest discussion, but I feel compelled to throw out a few relevant facts:


1) The Desktop Virtualization Group that produces vWorkspace, VDI Assessment and other goodies is a separate Business Unit within Quest 100% focused on desktop virtualization. Sure, it comes under the Quest Virtualization banner for things like analyst calls, but with 200+ product lines we have to organize it all somehow. The org structure does not reflect a lack of focus on commitment.


2) Quest’s award-winning Technical Support (support.quest.com/ACE-Award.aspx) covers thousands of high-end enterprise customers worldwide, every day. Scan the case studies at www.quest.com/.../list.aspx to get some idea of the size and scale of customers that our Support team serves. @appdetective – if you have an issue with our Support team I would love to investigate further so we can do better.


3) I didn’t understand the comment about how Quest has only innovated with costly third-party bolt-ons. I wrote a short review of the things we delivered in 2010 at communities.quest.com/.../3-product-releases-in-a-week-to-close-out-a-remarkable-year. All of these were developed in-house or acquired and distributed free to the desktop virtualization community, and none have increased the cost of vWorkspace.


If you want to follow the next wave of technologies we’re bringing to desktop virtualization in 2011, please follow join the vWorkspace Community or follow me on Twitter @jonrolls.


Cancel

@appdetective - regarding your comment earlier: "@edgeseeker The RES solution is not integrated into the protocol. I don't believe they even use a virtual channel, it's an out of band communication channel."


You clearly haven't researched the product offering before posting a quick stab in the dark.. just in a quick evaluation with Wireshark and regedit, I can tell that all traffic is within the ICA protocol and using a 3rd party virtual channel called RESVDX.


Check out CTX116890 when you have a moment.


As a Citrix customer, I'm not happy that I need a bolt on product to resolve a critical hurdle in our rollout either.  As well, I would like to see RES sell off the product to Citrix and expand their feature base.


Cancel

For the record RES is not one of my clients.


Any opinions I express are mine and mine alone, and to the best of my ability are not influenced by any contractual agreements I may have with any vendor.


Cancel

@RandyCress Agree they need a client side transport to talk to the server side engine and that that transport is ICA. They leverage the virtual channel there. However that additional VC still has to go through an internal security review in my case because it will be treated as a potential hostile third party and security will want to understand the impact. Additionally, all the management features to control what maps to map will need to be in place. This is a pandora's box if not done by the protocol vendor.


@edgeseeker, Client Hypervisor innovation at Citrix what ever stage of maturity is a big deal.


@jonrolls I love you really :-)


@simonbramfitt fair


Cancel

@edgeseeker, with respects to Citrix' recent innovation.


I don't think people grasp yet what MCS + intelliCache could evolve to, all thanks to Provisioning Server.


I see massive potential when you add XenClient into the mix.


Where baking intellicache into XenServer may seem controversial, they could very well be sitting on a gold mine if they bake intelliCache into XenClient and deliver VMs to it via MCS.


I don't mind vendor lock-in when it comes to having a client hypervisor.


Synchronizer could then be integrated into the entire XD stack to synchronize user personalization.


If they don't severe their technology ties between OS and User separation and take on the User Virtualization space, Citrix will remain a bloated OS virtualization vendor much like everyone else.


@appdective


Also to add to your article. As you and Daniel have helped me realize in the past, the Reverse Seamless technology is to enable the convergance of locally exectuted apps on the client and the server hosted desktop/apps.


Now, I agree of the importance of local + remote execution for best fit scenarios, but isn't the technology as it stands sortof mute because their is no management of the local executed apps?


I really like quoting this: "Management is how IT organizations deliver value to the business, no matter who owns the resources."


community.citrix.com/.../viewpage.action


I know it's taken out of context here, but it just re-iterates that Management is key.


Cancel

@appdetective - When XenClient becomes a standard configuration option on HP's and Dell's sites, and when Microsoft blesses XenClient as supported 'virtual hardware' and allows Citrix to sit in between them and the physical hardware, then I'll take my hat off to them. Having said that, I still don't see where the innovation is here since the type 1 client hypervisor idea certainly wasn't conceived at Citrix.


@Icelus - Intellicache? Please!!! If that's the extent of innovation, then let me stick my head in the sand!!!


Cancel

Desperate RES now suing one man army in their core product set. What a joke these people are. www.shawnbass.com/.../If-you-cant-beat-them-sue-the-pants-off-of-them.aspx


Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close