Pretty much everybody in the IT space is familiar with FUD. For those that are not it is fear, uncertainty, and doubt. These are statements and claims made by people, typically without any information backing it up, to attack another solution or product. The hope is that most people will not look into the claims or ask them to explain the statements. In the public sector space we have been hearing some FUD around Citrix and the new SIPR token. I intend to break down this FUD.
First what is the SIPR token? It is another smart card solution, meaning it is third party smart card authentication. In that respect it is the same as a CAC when it comes to Citrix. You can find smart card, certificate based authentication support in many of our core products, e.g. Web Interface, Access Gateway, Xen App, and XenDesktop. So if it is just smart card authentication, why all this sudden FUD around lack of support?
There are some key differences between a CAC and SIPR token. There is a change in the middleware used to interface with the card and the SIPR token itself runs at a different voltage. Well middleware is not much of a big deal when it comes to Citrix. XenApp and the virtual desktops served up by the XenDesktop DDC just need to have the proper middleware installed. So again, why all this sudden FUD around lack of support? Well there are these pesky endpoints out there that ultimately connect to our products. Those endpoints not only have to either run the proper middleware, or have a custom solution that takes its place, but they must also have card readers that support running the new voltage and be capable of using the reader at that voltage. While Citrix supports the use of the certificates on the SIPR tokens, if the end point cannot read the certificate in the first place it cannot be passed to the Citrix environment for authentication.
So there you have it. Citrix does support the use of the SIPR token. There are endpoints that may not be able to read the certificates to pass to Citrix. While Citrix does not maintain a matrix of end point solutions that are compatible with different smart cards, one can always contact their Citrix sales representative or pre-sales engineer to help track down that information. From the work I have already done I can confirm that Windows endpoints work but sometimes require a registry edit to enable the 3.3V required for the SIPR token. More recently my peers in the US Public Sector space have used the Wyse Xenith zero clients to log in with the new token. Bottom line, if you have a question about the claims somebody else is making about Citrix, just ask us.