By Fredrik Brattstig @virtualbrat
Have you ever been in a situation where you have a user with brand new endpoints out in the field, at home, or elsewhere, and you need to guide them to be able to access your Citrix published Desktops and/or Apps environment? Has there at any time been any problems when onboarding users, making them install the right components and configure their machines in the correct way?
IGEL has been working hard to make onboarding IGEL OS users in the field very easy. With the release of the IGEL Cloud Gateway (ICG), this has already been a reality for many years. Let me explain to you what is needed to make a very smooth onboarding of remote users and actually get them productive within minutes from the first power on of their IGEL OS endpoint.
The goal is to have a brand new IGEL OS endpoint be onboarded by a non-technical user and have that user not have to understand the technology or install any software – just follow a simple guide, fill out the information that the user knows, and get going!
The minimum requirement will be to have the user select the language of the operating system, set what keyboard layout to use, then connect to a wireless network if that is needed, and finally use their email address to tie the IGEL OS endpoint to the secured IGEL OS management infrastructure. This is almost what is needed, but there is actually a technical thing necessary, that is to fulfill the security aspect, so you will need to have a deployment key distributed to the user, to ensure that only authorized users can enroll devices. The deployment key can be issued in either Single Use mode or Mass deployment
– Single Use = you will send a unique key to each user. When the key is used, it can’t be used again
– Mass Deployment = You will send a generic key to your users that can be used over and over again (until you disable that key)
- IGEL Universal Management Suite – Installation instructions: UMS Installation and Update (igel.com)
- IGEL Cloud Gateway – Installation instrucktions: Installation and Setup (igel.com)
- Brand new IGEL OS endpoint, or an IGEL UD Pocket
As a baseline for this article, I’m currently using a IGEL UMS and IGEL ICG that’s running in my Azure Tenant at the Sweden Central location. I have my Citrix Cloud hosted in European Union (I assume that is located in the Azure WestEU datacenter), and I have my Citrix Desktop delivered from virtual machines in Sweden Central. My IGEL OS endpoint that you see in the video at the end of the article is in my home office on the west coast of Sweden.
Here is how you do it, let’s get started!
I will assume that you already have an IGEL Universal Management Suite (UMS) installed together with an externally (from the internet) reachable ICG Cloud Gateway (ICG). The further below steps are what is needed to be done to get the simple onboarding to be a reality.
Add the DNS TXT record
IGEL UMS and ICG leverage the DNS TXT records to find the correct ICG server to connect to, when you have set up the TXT record in your public DNS, the ICG agent on IGEL OS will be able to resolve the ICG address based on the email address that the user provides, which makes the onboarding. An example could be that the ICG is having a DNS name that is icg.azure.virtualbrat.com while the user email address will be firstname.lastname@example.org, the DNS TXT record resolves @virtualbrat.com part (domain name) of the email address to icg.azure.virtualbrat.com.
If you have a running UMS + ICG environment already, but don’t use the TXT record resolving yet, you simply need to login to your DNS provider and add the TXT record.
Set the TXT ‘Node Name’ to igel-cloud-gateway and value to https://your.icg.fqdn:yourport/usg/endpoint like in the below screenshot:
Set up your Default Directory rules
The whole idea of Fast onboarding is to make the process super easy for a user in the field to gain access to the corporate desktop or published resources, so be it in the cloud or on-premises. The IGEL Universal Management Suite (UMS) has a nice feature called Default Directory rules, giving the opportunity to push distinguished configurations based on the container (or folder) that the IGEL OS endpoint belongs to. IGEL UMS can automatically place an IGEL OS endpoint in a specific container based on certain criteria. This complete ruleset can be extended in very advanced ways, it is all about thinking of what use case you want to fulfill, finding the correct criteria to apply the default directory rules to and the rest will be handled by the IGEL UMS! As a matter of fact, there is a default directory rule that I will use that is very simple –
- Create a new Default Directory Rule
- Select the “IGEL Cloud Gateway” criterion, click Next
- Select “Last Boot via ICG”, click Next
- Select “Choose target directory”, click Next
- Select your appointed target directory in the tree view, and check “Overrides existing directory membership” plus “Apply when device boots”
- Click “Finish”
You have now created a Default Directory Rule that will place ALL IGEL OS endpoints connecting from remote through the IGEL Cloud Gateway to be placed in the selected directory.
Automatic IGEL OS license deployment of brand new IGEL OS endpoints in the field
The IGEL UMS can automatically assign licenses to the newly configured IGEL OS endpoint no matter if they are on-premises or out in the field. First off you will of course need to have new IGEL OS licenses available. When this prerequisite is met, you can assign a license deployment rule to the container of your field IGEL OS endpoints.
Create the set of profiles and assign them to your IGEL OS remote endpoints
I will do this very simple, and just create one IGEL UMS profile pointing the Citrix Workspace App to my Citrix Cloud Workspace connection address (This could be the Citrix ADC gateway address for on-premise scenarios) and some administrative settings, like setting an NTP time server sync, etc. Plus I will create an IGEL OS Firmware Customization to set a specific wallpaper and some other customizations to modify the user interface on IGEL OS. I will then assign the profile and firmware customization to my container of remote IGEL OS endpoints. The ultimate goal when I configure my IGEL UMS profiles in my scenario will be an auto-launching Citrix Workspace App connecting to my Citrix cloud environment and asking for user credentials, this will be the default behavior every time all my IGEL OS endpoints start’s up to provide a simple and consistent user experience.
That’s it! By following this guide from start to end you will enable simple enrollment of IGEL OS endpoints in the field, leaving your Users to have a very simple onboarding experience. What’s extra nice about this is that the time it took for you to read this article, actually in practice is only a few minutes of configuration to be done when you know what to configure, and how. In the video below you have the end result, showing the user experience of onboarding an IGEL OS 11 endpoint and enabling the user to be productive within minutes.
That’s it for now, stay well and enjoy the relaxed onboarding experience!