In legacy environments, we always had thick and bold lines around the IT perimeter. Everything inside the organization, including data, hardware, and risk, belonged to the organization.

Everything outside?

That was someone else’s problem.

These lines get redefined in the context of cloud computing, where there are differently shared responsibilities and risks for IaaS, PaaS, and SaaS. According to the Cloud Security Alliance and others working on identifying risk-management gaps that come with the adoption of cloud computing, it’s important to keep the responsibility matrix below in mind:

Responsibility boundaries are important to understanding which solutions and technologies align best with an organization’s cloud deployment and the requirements of individual business units and the unique application and data flow requirements of end users.

Is Citrix Cloud IaaS, PaaS, or SaaS?

If you’ve spent any time with the Citrix Cloud architecture diagrams on Citrix Tech Zone, you’ll know that Citrix Cloud is a PaaS offering. This enables Citrix to take advantage of core cloud computing features such as scalability, high availability, multi-tenancy, and resiliency. In the case of Citrix Cloud, Citrix manages the operating systems, development tools, DB tools, and analytics associated with the control layer. Management of the access layer is optional (the image below shows a comparison between the components associated with all layers in a typical Citrix Virtual Apps and Desktops design).

The IaaS provider chosen by Citrix provides management for the servers and storage, networking firewalls/security, DC physical building pertinent to the control layer, while the configuration of these components as they relate to the PaaS offering are still managed by Citrix.

As a result, Citrix customers can view logs associated with the configuration changes, including policies, user authentication, connectivity between Citrix Cloud and customer-owned workloads, deliver groups, machine catalogs, URLs, and more. But it isn’t necessary for them to gather logs or detailed information on operating systems, hypervisor tools, development tools, resource utilization, server, storage, or the firewall associated with the individual components included within the control layer (and/or the access layer).

The status of services Citrix Cloud delivers is indicated on a website and updated on a consistent basis, but a customer-managed SIEM doesn’t traditionally extend to PaaS solutions like Citrix Cloud. In addition to a service status page, Citrix also offers several monitoring and analytics tools and services to better monitor the resiliency of the PaaS environment.

Finally, and most importantly, Citrix Cloud doesn’t require customers to upload their applications, desktops, user login info, data, or other assets that are typically considered proprietary or sensitive. All these components remain within the customer’s control, and the migration of the resources to a cloud of the customer’s choosing can be managed independently of the migration of the access and control layers to Citrix Cloud.

For example, a customer could choose to keep apps, desktops, and data on premises, along with the Citrix Gateway and Citrix StoreFront, but still transition to Citrix Cloud and consume Citrix Virtual Apps and Desktops as a service.

Example of traditional Citrix Virtual Apps and Desktops architecture delivered on-premises.
Example of a multi-cloud Citrix Virtual Apps and Desktops service architecture delivered as PaaS.

Why a PaaS Model Works Best for Delivering Citrix Solutions

Leveraging a PaaS model gives us several advantages around how users consume (and how customers manage) Citrix solutions that have traditionally been deployed on premises:

  • Citrix Cloud allows a common configuration management framework for admins to deploy and manage solutions from a unified management portal.
  • Customers have design options so they can maintain the same level of control over applications, desktops, and data that may contain proprietary and sensitive information that they would get with an on-premises solution.
  • For Citrix Virtual Apps and Desktops, the PaaS model enables the creation of a dotted line between the control layer and the resource layer. That gives customers freedom of choice across hosting locations, makes the overall design cloud agnostic, and makes it easy to transition across resource locations (on premises or cloud) in hybrid designs.
  • Separating the access layer, making it an optional component, and allowing for more flexibility around authentication and access when transitioning to cloud.
  • Decoupling the control and access layers from the resource layer, which provides a good way to design an environment for a geographically distributed workforce.
  • Allows more efficient addition of features and management of the control layer lifecycle (build, test, deploy, manage, update).
  • Makes innovation and issue resolution more efficient.
  • Enables the design of better tools and analytics to find insights and patterns and improve product design decisions

This list isn’t comprehensive, but it reflects what we discuss regularly at customer meetings and help to illustrate the value proposition for migrating to Citrix Cloud.

Benefits of PaaS for Your App Delivery, Release Processes

What are the benefits of incorporating the PaaS model, in the form of Citrix Cloud, into your application delivery and release processes? You’ll get:

  • Faster release cycles. Citrix Virtual Apps and Desktops customers can mix and match LTSR and CR workloads with Citrix Cloud hosted Virtual Apps and Desktops Service, so upgrade the VDAs when possible but keep your control plane current.
  • Better code quality with enhanced security. Upgrades are more frequent, and hotfixes, patches, and bug fixes are faster.
  • Improved administrative and management efficiency. With a single management plane, admins can focus on the apps, desktops, and data, not on the control layer components. They’ll spend more time on identifying use cases than on fixing infrastructure issues.
  • Increased operations productivity, realized during major transitions, upgrades, design changes, and migrations.
  • Simplification of design, including for disaster recovery (and especially for the Citrix Virtual Apps and Desktops service).

These benefits usually aren’t realized in the form of a single-year ROI on a balance sheet. That’s because organizations typically don’t calculate costs associated with things like outdated infrastructure, unpatched systems, loss of opportunity due to break-fix issues, and redesign and architectural updates. Those have a significant negative impact on OpEx (and often also on CapEx). Still, organizations realize significant ROI over time, as initiatives like cloud migrations, data center moves, mergers and acquisitions, digital transformation, and end-user computing transformation become keys to success.

With every cloud computing service model, an element of risk gets introduced to an environment. It’s important to understand these risks and effectively manage them before undertaking a cloud transition. For customers to implement the best solutions for their environments, the first step should be to understand the specifics of the environment that make up Citrix Cloud as a PaaS offering. This is thoroughly documented in the Citrix Trust Center for each service delivered via Citrix Cloud.

Look for more blog posts that will help you to manage risks around your transition to cloud. These posts will document a practical approach for risk management and detail the four tenets of risk management: risk avoidance; risk transference; risk mitigation/attenuation; and risk acceptance.