Jump to content
Welcome to our new Citrix community!

Tech Brief: Global App Configuration Service

  • Contributed By: Debangshu Roy, Manju Annie Oommen, Gerhard Krenn Special Thanks To: Steve Beals

Overview

This Tech Brief provides insights into Citrix’s client app service called Global App Configuration service.
The document explains the use cases of the services, the features, and capabilities enabling IT organizations to manage their end user’s app management.
The app management capabilities comprise Citrix Workspace app end-user settings, agent management (across Citrix and third party agents), and app version update management.
The service manages access to the Citrix Workspace app by users across employees, third party contractors, or consultants across managed or unmanaged devices.

While this Tech Brief covers the service's capabilities, it will also clearly define what it is not and how to use it to manage a wide range of settings across on-premises and cloud stores through APIs or the user interface introduced with the Citrix Cloud portal.

What is the Global App Configuration Service?

Citrix Global App Configuration service (GACS) is a Citrix IP solution and service used to configure, manage, and distribute Citrix Workspace app (CWA) or Client App-specific end-user settings across all device OS.
The solution can auto-update the Workspace app and manage client app versions. As of this writing, GACS supports Windows, macOS, Android, iOS, and Chrome OS.

The end user settings can be configured and managed, including experience when a user accesses Citrix Workspace via a browser and launches virtual apps and desktops over HTML5 experience. Settings are configured and mapped to a Citrix Workspace application at the store URL level today. As part of the GACS roadmap, this scope is expanded to map configured client settings to user groups within a store.

GACS is a cloud service that can be used to configure and distribute settings across cloud and on-premises environments. You don’t need to claim the domain or establish the Workspace store URL to distribute the settings for cloud deployments. In an on-premises environment, Citrix GACS uses the AutoDiscovery services to establish the URL claim and connection to the cloud for StoreFront URL or NetScaler Gateway.
This service establishes a secure connection to your domain and all the store URLs based on the company configuration. Further, all the stores (on-premises and cloud) are reflected in the app configuration user interface, and settings can be configured and distributed per store from the same interface.

tech-briefs_global-app-configuration-service_gacs1.png

Three essential services are used within the Global App Configuration service. All three services are used independently based on the requirements.

AutoDiscovery services

Organizations can use this service to map domains to store URLs, making it easier for your end users to log in using their email ID rather than needing to remember the store URL. This service is also used at the back-end to distribute the settings and validate the domain. Since the Global App Configuration service is a cloud service, to use this service to configure and distribute settings for on-premises stores, you need to claim the Store URL to establish a secure connection.

Auto-update service and Agent management

Today multiple client app agents are available for endpoint analysis or device posture services, ZTNA agents, and so on. In addition to Workspace App agents, there are third-party agents you can manage through GACS, like Zoom, Webex.

tech-briefs_global-app-configuration-service_gacs2.png

The Auto update service with GACS provides the capability to ensure that your users are on the app versions which you configured and can be different versions on different OS' if necessary. This service is used to push the agent's requirements and updates.

Client app settings

All end-user settings on the Citrix Workspace app can be configured and set centrally through GACS. This includes settings from the login experience, security, and authentication options, virtual app, desktop settings, peripherals, data collection, and monitoring policies. All the settings include:

  • Virtual Apps and Desktop settings
  • Device and keyboard settings
  • Display and Audio settings
  • Data collection and monitoring
  • Security and Authentication settings
  • End user login and launch experience
  • Citrix Enterprise Browser settings
  • App protection settings

App protection and enterprise browser are two offerings on the Citrix Workspace app, and these products' settings can be managed from the Global App Configuration service itself.
The cadence of applying or reflecting setting changes to end users can depend on the Client OS the user is on. The general behavior today is that polling for settings apply to the end user app every six-hours. This can also get triggered with an event like when restarting the app occurs.

What challenges are addressed using the service?

The Global App Configuration service provides a central user interface to configure, manage, and distribute client app settings across all devices and users – both managed and unmanaged devices. As IT Administrators, there was no centralized way to configure and distribute app settings.

  1. Several tools are being used to configure and manage user settings across various device OS:

    tech-briefs_global-app-configuration-service_gacs3.png

  2. No central way to update and manage both Client App agents like EPA (endpoint analysis), ZTNA, and third-party agents like Zoom, Webex

  3. There is no central way to handle Workspace App versions, version update cadence, and roll back if necessary across the OS or specific to a particular OS.

  4. No easy mechanism to manage settings, agent, and version updates on unmanaged devices and further track and apply any potential security settings on BYOD (bring your own device scenarios)

Today Citrix Workspace app settings configuration is managed differently in every platform. There are a few out-of-the-box solutions available with the OS:

Windows IT administrators can use the Windows Group Policy Object (GPO) administrative template for CWA to configure the Citrix Workspace app.
However, it is challenging to configure non-domain joined devices using this approach. One key aspect to note is that GPO is distributed at the OS level. Hence, this only applies to managed devices, such as those distributed by your IT team.
In CWA Mac, if the device is managed with Mobile Device Management (MDM), the admin can push the mobileprov profile to the user's device. macOS can read app-specific settings and save them in the app’s preferences from where CWA Mac can read. For BYOD Mac devices, this mechanism will not work.

In addition to out-of-the-box solutions, IT administrators purchase Endpoint Management solution (MDM/MAM) licenses to manage end-user devices and settings on those devices.

How is GACS different from Endpoint Management services in the market?

Due to the similarities in name, there often needs to be a better understanding between Citrix Global App Configuration services and the app config community. Let’s address this first.

The app config community is a group where device management vendors(UEM/MDM) came together to primarily enable organizations to manage mobile devices and apps to ensure secure access to work-related resources.
This is achieved by UEM/MDM vendors and client app vendors publishing key-value pairs for device settings and app settings, making it more straightforward for organizations to manage apps irrespective of the vendor-specific MDM solution they have purchased. These key-value pairs can be used with a purchased MDM/UEM license.

Citrix Global App Configuration service is a tool provided to administrators by Citrix to configure, distribute, and manage Citrix Workspace app end-user settings across all devices and OS.
Since it applies against a store and users mapped to it, it applies to managed and unmanaged or BYOD devices, ensuring secure access to apps and desktops hosted on-premises or in the cloud. GACS is also used to auto-update CWA across all devices, ensuring users are on the latest version.
If you like to control the version, Citrix provides a version control option. In other words, GACS allows you to configure, distribute, and manage CWA-specific settings across all devices without any additional license requirement or the need to purchase device management software. There are increasing use cases of BYOD devices in enterprises that cannot be managed using any Endpoint Management solution. IT administrators can use GACS to manage Workspace settings for all devices, including unmanaged ones.

There are multiple Endpoint Management solutions in the market. Clients will likely use numerous mechanisms to push settings to their managed devices based on the device type, OS type, and so on GACS provides a seamless, consistent way for administrators to manage Workspace App settings for all platforms from a single console.

Prerequisites to use GACS

  1. Today, GACS can be used by any Citrix Virtual App and Desktops/Citrix DaaS customers with a Citrix Cloud entitlement. On the future roadmap, the intent is to remove any entitlement requirements. IT Administrators with a Citrix Cloud account can use GACS.
  2. Administrators can configure settings for Citrix Workspace and Citrix StoreFront stores. For StoreFront stores, Admins must take extra steps to claim the URL.
  3. Since Citrix Workspace apps fetch the settings from a CDN, it is expected that all end users using Citrix Workspace apps have access to the internet. For users who do not have internet access, the application setting's default values are applied.
  4. GACS settings are configured for a store. If the customer has multiple stores, then each store's settings can be configured independently.
  5. GACS settings are fetched by the Citrix Workspace app for Native app installed or by the HTML5 engine in a browser-based launch.
  6. GACS allows administrators to test the settings before rolling it out to all users. This feature allows resolving any issues before applying the global app configurations to the entire user base.

Future roadmap for Global App Configuration service

Currently, GACS settings are fetched by the CWA client for the added store from an endpoint URL. Users can download the settings. To enable organizations with the capability to pass settings securely, that is to allow settings to be applied on the end point, only when the user is authenticated.

These settings are currently applied across the store level. If different user groups are accessing the same store and if organizations need to manage settings based on user groups over and above store-level settings, we do not currently support this use case.

Further to supporting authenticated microservices, GACS knows the user and the AD group the user belongs to and can deliver group-specific settings to the user. This feature is planned for a future release.

Both of these critical features will be part of future releases.


User Feedback


There are no comments to display.



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...