Organizations are expanding their app portfolio with SaaS and web apps (with or without IT approval). While this may reduce infrastructure costs, it increases the inherent risks of losing control beyond the initial user authentication. Allowing users to log in with a standard browser means no visibility to identify suspect user behavior like excessive downloads, copying and pasting to nonsanctioned apps and devices, suspect URL redirects, and more.

Using a Citrix Virtual App ( XenApp ) published browser is one way to manage this problem, although that also means additional server infrastructure and third-party licenses. The Citrix Access Control service was designed to solve this dilemma by utilizing an embedded browser in the Citrix Workspace app on the desktop and providing SSO, enhanced security policies, web filtering, and analytics — all with no added infrastructure! Up until now that also meant that an organization would need to move to the Gateway service and Workspace service.

At Citrix Synergy 2019, we announced a new hybrid configuration that enables organizations to keep their Citrix StoreFront on-premises with no updates, yet leverage the Access Control service for only the SaaS and Web applications. The SaaS/Web applications show up alongside on-premises Citrix Virtual Apps in the same StoreFront they are using now, including customized StoreFronts. It also means that existing Citrix Virtual Apps traffic stays inside the network with no change required.

StoreFront Sync Utility

Available in Tech Preview, you can get started with a Citrix Cloud account with Citrix Access Control and on-premises StoreFront 7.15 or later. We are providing a new sync utility (right) that runs on the local DDC. From there, the admin logs in to their Cloud account, and the SaaS app list, icons, and security settings are synchronized with the DDC. Users need the latest Workspace app for Windows or Mac, with no new configuration or UI.

The hybrid configuration can also be enhanced with new security capabilities that provide app protection to protect against screen captures and keystroke loggers, keeping HDX, SaaS, and Web sessions secure.

This solution is ideal for organizations that aren’t ready or able to move StoreFront to the Cloud but want to improve their security posture given the risks of unmanaged SaaS app proliferation. It’s also a great solution to allow or improve BYOD policies to add control for SaaS/Web apps beyond traditional Citrix virtualized apps. SaaS apps like Salesforce, Ariba, Workday, and more can now be protected for the entire session from any device. Internal web apps like Outlook Web App (OWA) will be protected, and intranets can now be made safely accessible without a VPN.

Download the Tech Preview Now:

Documentation for Access Control Sync

Download the Utility

Latest version of Citrix StoreFront