Traditionally, employees working from remote locations used on-demand VPN to access corporate resources. But IT admins faced challenges managing these assets and ensuring consistent security updates for remote workers’ devices, which do not connect to the network on a regular basis.

Managing Remote Access Today

With Citrix AlwaysON VPN, users log in to the VPN once, after they log in to their Windows machine. The VPN can remain active even if a user switches networks. That means admins can manage the device, and policies can be pushed once the VPN is connected.

But what about when a new employee joins the company from a remote location? IT will configure a device for this user and send it along with administrator credentials because a user cannot login to the machine with their domain credentials. It’s not ideal because organizations would rather not give administrator rights to users.

How Can AlwaysON VPN Help?

Citrix AlwaysON VPN provides a seamless user experience by establishing a VPN automatically before a user logs in to a Windows system. This enables even first-time users to use their domain credentials to log in to the device. The VPN is established once the device boots up without any user intervention and remains active until the device is shut down.

IT admins can manage the device, even if the user isn’t logged in, and the device stays compliant with all the latest regulatory and security updates. This offers protection to the user/device on untrusted networks like airport wi-fi because the device is always connected through a VPN.

There are several benefits of using AlwaysON VPN before Windows logon:

  • Password Management: Users can now directly change their password from their Windows machines, and admins can force a user to change their password on next logon based on compliance and security policies, even for remote users.
  • Remote Device Management: IT admins can remotely manage/enforce AD policies on the device, even when the user is not logged in to the device.
  • Whitelist URLs: Users can access a few websites even when AlwaysON is down and the network is locked. Admins can use the AlwaysOnWhitelist registry to add the websites that you want to enable access to when AlwaysON is down.

From version 13.0.41.20 onward, we’ve also added the capability to form a user level VPN after the user logs in to the device, which provides additional benefits:

  • Granular Policy Control: IT admins can restrict or provide access for a resource to defined user groups once the user is logged in to their machine.
  • User Management: The same device can be used by multiple users. Access to selective resources are provided based on the user profile.

Learn more about AlwaysON VPN configuration on the Citrix Docs page, and check out the demo below.