As of this writing, in May 2020, many schools are wrapping up the spring semester. IT staffs who have “made it” to the finish line are likely enjoying a sigh of relief and are looking forward to (somewhat of a little) break in the action provided by the summer months. You all deserve the breather. COVID-19 required a scramble never seen before in order to get students, faculty, and staff functional, in some fashion, remotely, quickly, effectively, en masse … oh, and make sure everything is also secure and monitored. How did your experience go?
If you were in fact breathing heavy at the finish line, there’s no rest for the weary, and now it is likely you’re already starting to prepare for the next race: creating an optimal, but hybrid experience (some percentage of work being performed remotely/work from home) for your user base, for both faculty and students. In speaking with my contacts in education, they’ve always stated the “break” period provided by the summer months are the best time to introduce new technology and ways of doing things. With that in mind, we’ve already provided the way for students to access all the applications (Windows and SaaS (Software as a Service) web applications from a centralized portal, available anywhere, and as if they were on-campus. Let’s now focus on a quick and easy way to enable your staff and faculty to work remotely, securely, and with little, if any, capital expenditure, making use of Citrix’s Remote PC technology.
What is Remote PC (and why is it right for my campus)?
Remote PC is a deployment option of Citrix’s Virtual Apps and Desktops solution. In a nutshell, it allows for secure, easy access to an office networked workstation (Windows or Linux) allowing the assigned user account to work remotely, from any location with internet connectivity, as if they were in the office.
So for faculty and staff, from a personally owned computer (or tablet or even phone) they can log in to their office computer and use every application just as they would typically. The method of access is incredibly simple, just type in a URL into a web browser and boom, the office PC is there for connection:
For IT: you may be asking, is this desktop virtualization? Not exactly. This is a connection to a physical desktop using the ICA/HDX protocol. This is not VDI (Virtual Desktop Infrastructure). There’s very little required from your server room to make this connectivity possible. The benefits over similar alternatives are numerous, but bandwidth compression. high performance, manageability and session reliability make it a preferable choice over any other option. In my next article, we’ll dig deeper into that feature set.
Why is Remote PC better than a VPN?
You may be familiar with a Virtual Private Network (VPN) for use in connecting remotely. The Citrix Remote PC solution differs, advantageously, in how it works.
With a VPN, you in effect establish a “tunnel” from your computer (well, more accurately, your campus supplied laptop, and I’ll get to why later) back to your networked servers, over the internet. In effect, this mirrors the configuration when the same computer is on campus and on the internal network, we have just “stretched” the network boundary to now reach your home’s network.
There are several considerations in this model that make it less desirable than the Citrix Remote PC solution. Here we’ll mention two, which are more than enough to prefer Remote PC to a VPN.
First and foremost is performance. A VPN tunnel established over the internet is at the mercy of the internet connection to function properly and at an acceptable speed. I am based in Alabama and cover Mississippi, Tennessee and Georgia. Needless to say, in some rural areas, good, fast internet is hard to find! If you think your campus network is slow, wait until you try to use Outlook, Excel, or other applications to work on files stored on network file shares while connected over a low speed satellite or DSL connection.
The Citrix solution works differently. In it, we connect directly to our campus based, office located PC and work from it to connect back to campus based resources (exactly as if you were sitting at your campus office desk). The result is presented back to us at the presentation layer. What this means is that network requirements are much lower, as the Citrix solution virtualizes the activity and only sends you back graphic and audio updates on an as needed basis. This is a much better experience than a VPN scenario, in which the multiple applications on the home network connected office laptop constantly communicate back and forth to your campus network and servers (the bandwidth requirements can be 100x less with Remote PC)!
Second is flexibility. With a VPN, unless your campus has no concern for the security of your institution’s data (think student records, financials, intellectual property), you must use a campus supplied laptop to work from home. That means making room for a new device in addition to your current home office setup, keeping it compliant while off campus with anti-virus and OS updates, making sure you surf the web appropriately, etc. The reason for this is by using a VPN from home, you are in effect placing the device on your campus network as if you had plugged it into the wall of your office. No security policy of any effectiveness would or should allow placing a personal device on the campus production/staff network, thus you are forced to use/take home a campus supplied laptop.
With Citrix Remote PC, we have a level of separation between the endpoint and the campus office based workstation. All traffic is again at the presentation layer, thus activity like copying and pasting and malicious traffic, which operates at the application layer, can be restricted and prevented entirely. Thus, using your own equipment is perfectly acceptable.
How do we set Remote PC up for our faculty and staff?
Providing Remote PC capability to your campus workstations can happen with just a handful of steps.
If you’re an existing Citrix customer, you can add Remote PC catalogs to your current site. If you are not a Citrix customer, you can quickly stand up a Remote PC environment via Citrix’s Virtual Desktop Service.
Here are the steps required, and links to complete walkthroughs and documentation:
- Once your Citrix site is up and running, deploy the Citrix Virtual Delivery Agent to all workstations to which you want to supply remote access. Hint: make sure and select the option for a “Remote PC” deployment.
Here are links to assist in VDA installation and large deployments: https://docs.citrix.com/en-us/tech-zone/design/design-decisions/remote-pc-access.html#virtual-delivery-agent and https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/install-configure/remote-pc-access.html.
- After installation of the VDA, create a machine catalog within your Citrix Virtual Apps and Desktops site.
- Create a Delivery Group in which you specify a group of user accounts who are allowed to connect remotely.
See: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/delivery-groups-manage.html#manage-remote-pc-access-delivery-groups and Carl Stalhood’s always excellent walkthrough: https://www.carlstalhood.com/remote-pc/#deliverygroup
- Set policy to allow for monitoring and reporting
From: https://docs.citrix.com/en-us/tech-zone/design/design-decisions/remote-pc-access.html#virtual-delivery-agent: In a Remote PC Access deployment, most implementations do not require profile management. However, Citrix User Profile Manager also captures performance metrics, which are useful for administrators to identify and fix performance-related issues. User Profile Manager does not have to be configured, it just needs to be deployed to capture metrics. When installed, Citrix User Profile Manager allows administrators to run reports on the user experience, session responsiveness, and insights into logon performance within Citrix Director and Citrix Analytics for Performance.
- Point your faculty and staff to your public Citrix Gateway address. For Citrix Virtual Desktops Service customers, the gateway service is included as a part of the package. Thus no additional setup is needed in order to get your users connected back to their office workstation.
In just 4 steps, you can have your faculty and staff up and working remotely come fall, or even for the summer term!
** NOTE: As an alternative to setting up on your own, consider Citrix now offers a promotional engagement from our Professional Services in which a Remote PC deployment is completely turn key and available in rapid fashion: https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/remote-pc-access-quick-start-package-overview.pdf.
Thoughts or questions? Shoot me a comment or contact me with the form below. I wish you well in getting your campus enabled remotely, and I am here to help should you need me.