A few years ago, I wrote a comparison of Citrix Cloud vs Azure Virtual Desktop, where I concluded Citrix pretty much ran away with it from a feature comparison standpoint. However, we are in very interesting times, so an update was in order.
It was never quite the year of VDI, and we’re quickly moving to Desktop as a Service, but even so, will DaaS ever grow much more than VDI ever did? The jury is out on that. Perhaps we’ll end up in a hybrid world of some DaaS and some remote physical endpoints. We’ll all find out over the next few years.
In the DaaS market, there have been some big movements this year with both VMware and Citrix acquisitions (pending clearance) by Broadcom in the case of VMware and Equity Partners and Evergreen Coast Capital in the case of Citrix.
These acquisitions come at a very interesting time. It is a bit tiresome to keep pointing out the shift in the workforce caused by the pandemic, but it is a reality – cloud adoption and remote access solutions have increased enormously. In 2020, Microsoft claimed AVD grew 3x, and overall cloud services led by Teams as much as 7x. Supply chain issues and increased demand for laptops made cloud desktops more attractive. Citrix, as an example, saw an initial boon early in the pandemic.
Fast forward to the present day, and we saw the dip from the dizzying highs in 2020. To my untrained eyes, I feel as though Microsoft has now set its sights on taking more of the DaaS market for itself. There is a strong argument for saying that they will be successful in this as they have so much leverage in the enterprise. Pretty much everyone uses Windows, Active Directory and Office. Microsoft has been and continues to drive more customers to consume Azure services, and since they already use their core products, they have somewhat of a captive audience.
If I were a betting man, I would put money on Microsoft winning more customers with Azure Virtual Desktop and Windows 365. BUT does that make Azure Virtual Desktop and Windows 365 the best choice from a product and feature perspective?
In 2020 and 2021, my comparisons brought me to the conclusion that Citrix Cloud had the better feature set and offering, but what about in 2022? Let us take another look!
Simple, secure and rapid deployment
Flexibility
It is funny that when I wrote about this last year, I mentioned that Citrix would have been the clear favourite for flexibility because it supported Citrix Virtual Apps and Desktops on various public clouds, but they ended support.
Well, wouldn’t you know it! Citrix did a 180 on that announcement, and from version 2203 and forward, they now support public clouds again with the rebranded Citrix DaaS. What is more, Citrix has a product called Image Portability Service which I believe is built off Citrix App Layering, and of course, there is Citrix App Layering itself. These are pretty unique even when compared to other Layering products like Microsoft App Attach, Liquidware FlexApp and VMware App Volumes.
Citrix App Layering isn’t the best App Layering product because of limitations caused by being tied to the OS Layers, BUT that OS Layer together with the Platform Layers makes for a unique offering to easily enable customers to deploy images across different hypervisors, public clouds and more.
In my last review, I pointed out that some didn’t like that Citrix Virtual Apps and Desktops (in Citrix Cloud), WEM and some of the other features in Citrix Cloud weren’t Cloud native, and they just ported the on-prem products and hosted them in the Cloud. It wasn’t a big issue to me, but some of the purists complained. Current day, most of the management UIs have been cloudified, so if that is a sticking point for you, then Citrix is doing well on that front now too.
For now, Azure Virtual Desktop only runs in Azure. You can run it on-premises with Azure Stack, but as of now, I am not aware of a hybrid configuration. Likewise, Windows 365 is consumed as a Service that is hosted only in Azure, with a rumoured offline mode coming in the future. Obviously, since Microsoft owns its own large cloud platform, it builds to that and drives customers there. So if flexibility is what you are looking for, you should probably look elsewhere.
Image Provisioning and Tooling
To expand on the aspect of the management tools, I would like to cover various layers that make up the management and end-user experience in the next few sections, starting with the management consoles\interfaces including image management and desktop creation and support.
For image provisioning and management, Citrix offers not only MCS but also now PVS in the cloud!
Whoop whoop! Rejoice!
PVS is a favourite for many, but if you haven’t tried MCS in a few years, you really should give it another look. In my opinion, it is the simplest image provisioning tool/feature of any VDI or DaaS product. If you are absolutely sold on PVS and want that scale, then it is there for you.
Citrix WEM continues to offer some great additional management features and now includes a least privilege management solution to provide an additional layer of security on your desktops.
If you want to keep the user load running on-premises and publish some apps or desktops directly from Citrix Cloud, you can do that. At the moment, you require a couple of Citrix Cloud Connector servers or appliances set up on your farm to allow the cross-talk between on-prem and cloud. Publishing applications and desktops are just as simple in the cloud. There isn’t much of a learning curve.
The Azure Resource Manager console was brand new when I blogged about this topic previously. It is now a little more mature but still isn’t all that feature-rich. You can do the basics within this console like power cycle, spin up or remove machines, create new host pools and do some user support. For greater visibility and management features, you may be tempted to enrol your desktops in Intune and avail of Endpoint Analytics for monitoring purposes, deploying some automated remediation actions, and managing modern policy settings, AV, Firewall, compliance and applications. We’ll come back to this a little later.
Citrix has been doing this for a loooooooong time! In my opinion, their tooling is still superior, but of course, when you look at things from a wider view, Intune/Microsoft Endpoint Manager will be more widely used in organisations than WEM or UEM. I feel like this will slide in Microsoft’s favour in future if, for no other reason, more people will be familiar with their tooling. But for right now, Citrix is the winner!
Client-Side
The Remote Desktop Client on the client-side is not as rich of an experience as using Citrix Workspace with the Workspace App. Plenty of great research papers have been published showing that the current RDP protocol is very close to Citrix’s HDX protocol. From a protocol level, they should be neck and neck, but in my experience, the display with Citrix is richer, and it seems to handle disconnects more gracefully when they do occur.
As of writing, there is also support for optimised delivery of Zoom, Skype for Business, Cisco Jabber, WebEx, Avaya One-X and Teams.
When I first worked with Citrix Cloud in 2019, application launches of published apps in Citrix Cloud were noticeably slower than traditional on-prem published app launches, but now there is very little difference in performance. Citrix has its EDT protocol, which provides good performance. Unfortunately, it had a rocky time during the highly publicised security breach early last year. That has been mitigated, but it was concerning that for a while, it was advised to disable it.
Likewise, AVD performance was less than stellar when I first used it in preview and just after it became generally available, but with UDP ShortPath and just general performance enhancements along the way, there has been a noticeable improvement. The great news overall is that both have made improvements.
If you used AVD in preview or its first year and experienced poor performance, I advise you to try again as it seems more stable now.
Interestingly, Citrix seems to be a step behind on Teams feature support now, which you can read into if you like 🙂 I would still give Citrix the nod in this category too. Citrix recently announced HDX Plus for Windows 365 to provide benefits like improved performance, increased authentication options and more. Perhaps that is an indication of greater Citrix integration and support for Microsoft’s products in future too.
Profile Management
This one is getting very interesting. Previously, I gave the nod to Microsoft in this category for FSLogix Profile Containers. WEM and Citrix Profile Management have been improving. Full disclosure, I haven’t worked in a production environment in just over a year. I have continued using and working with Citrix DaaS and AVD in small lab environments. Profile Management is a tough one to gauge if not using them at scale, so I would lean more on what others in the community have been saying.
FSLogix changed to enforce synchronous policy loading when using FSLogix. This may not be a huge issue in simple environments, but this can have a serious impact on logon times. Prior to FSLogix Apps 2.9.7654.46150, you could set it to allow asynchronous processing, which is what others in the community, namely James Rankin, would recommend for best logon performance. This may or may not cause performance problems for you. If it does, and you are unwilling to move away from Group Policy Preferences in your environment, then FSLogix may no longer be for you.
Citrix Profile Management is pretty good too, and once you set it, you can forget it, but in my opinion, FSLogix is so simple that it is hard to look past. Not to mention Office 365 is one of the biggest challenges for profiles, and FSLogix is a Microsoft solution for this, but in steps, the Citrix App Layering User Layer (which you will likely only use if you are using the total App Layering product) and Citrix’s User Personalisation Layer for CVAD (similar to Personal vDisk, does not require the use of Citrix App Layering). These offer the same type of simplicity you get with FSLogix Profile Containers.
All of the reasons above made FSLogix much less of a sure bet to sway this category for AVD. I’m still going to give it to AVD, but it is close!
Application Management Delivery
AVD customers can choose to deploy applications in MSIX App Attach from the console. When Azure Active Directory Join was in preview and first generally available, the use of MSIX App Attach came into question as Azure Files hosted app layers with App Attach required Kerberos authentication. Now Kerberos is possible with Azure Files. Now the only thing holding it back is the requirement to package the apps into MSIX, which has known limitations.
At the moment, it is unclear what limitations, if any, will be removed in future. When Project Centennial was first announced years ago, it was a bold move by Microsoft to try and eliminate some bad programming practices, like overreliance on the registry, abuse of Windows services etc. I’m not sure if that is what influenced some of the limitations of MSIX today and if this is just how it is going to be long-term or not. Whatever the case, as of right now, you won’t be able to deliver all of your apps in that format. You may get 40%-60% working.
Citrix obviously has App Layering, which has a high success rate when deploying the apps as part of your Published Layered Image but less success when deploying as Elastic Layers. Citrix also supports App-V and MSIX. MSIX, as stated, has its limits, even more so than App-V, which at the moment is in keep the lights on mode with no new features, only fixes in its future.
I now work for Numecent, so I am biased, but over a year ago, when I last reviewed these two products, I did not, and my answer was the same then as it has been for close to a decade. Numecent Cloudpaging for apps yields the highest success. In DaaS and VDI, dynamic app delivery is a killer feature. Numecent’s latest product Cloudpager is perfect for DaaS too, as it integrates with Azure Active Directory for assigning to users and groups. Cloudpager also supports deploying App-V, MSIX and Cloudpaging apps, so if you are on the fence thinking MSIX could become a standard, you can use Cloudpager and get modern container orchestration of your MSIX apps with Cloudpager since not every app will work in MSIX today. You could take those apps that won’t work in MSIX and deliver them as Cloudpaging apps.
Since the native tooling for application management is lacking in both, I’m going to say it’s a DRAW.
Monitoring
Quite a lot has changed on the monitoring front since my last review. Microsoft launched Endpoint Analytics as part of Microsoft Endpoint Manager, which supports AVD and Windows 365. Workbooks and Insights are also available, offering another option for some monitoring data in AVD.
Citrix has also been hard at work expanding its Citrix Analytics offering. My buddy Maurice Daly showed me what his team has created using Azure Log Analytics and Monitor, which is another option for Azure workloads like AVD. It appears that configuration requires a lot of customisation, plus it can be expensive and unpredictable, cost-wise, while both Citrix Analytics and Endpoint Analytics have a predictable, steady subscription price. In my opinion, while both of these offerings have improved, they still pale in comparison to monitoring products you may already be familiar with, like Stratusphere UX, eG Enterprise, Lakeside SysTrack and, of course, ControlUp!
Honourable Mention
Another great feature in AVD is the Windows 10 EVD which is a multi-user Windows 10 desktop! Trentent and I covered this in a previous blog post and why that’s awesome. I still hope that someday, Microsoft will expand support for its use on-premises!
Microsoft also announced end of support for Office 365 on Server OS, AND Azure AD Join does not work on Windows Server yet, so it seems like the only modern experience support multi-session is Windows 10 and Windows 11. The Published Desktops running on Server may be all but dead 🙁
Microsoft has the benefit of owning its own cloud platform with Azure. If you look at that and account for the fact you get Azure Active Directory, MFA, Azure Monitor, etc. – it’s pretty good. However, for the sake of comparison, I am only going to consider the features at the management and UX delivery layer rather than the platform layer. So with Citrix Cloud, you get a lot of great tools and features for managing the desktops, apps, and for providing a rich experience on the client side.
Security
When using AVD with NetApp or Nerdio’s products, there are some nice built-in management features that provide security, like managing AppLocker policies. If you throw in some AVD partner, PolicyPak, goodness, you can get that sucker really secure with the Least Privilege Manager feature. You may also want that for general policy management, as the modern policy settings aren’t quite there yet.
With Citrix Cloud, you get:
- Analytics that can highlight bad actors trying to access your environment and behaviour or access anomalies.
- Citrix Policies for granular tweaking to restrict or enable certain features and functions.
- Access criteria and achieve context-based app access with Citrix Cloud.
- Secure Browser for publishing some of those SaaS apps you want your users to access but in a more locked-down browser.
- It’s also worth noting that you could also use AppLocker and even enable it through WEM and use its privilege management features if you like.
Citrix Cloud is pretty stacked when it comes to security features.
As I said, you can also get AppLocker in use with Citrix Cloud, plus get PolicyPak in play here to leverage Least Privilege Manager. That is not something AVD has over Citrix Cloud. Azure provides you with Azure Analytics and Monitoring and the impressive Sentinel product for the depth included with Citrix policies, Secure Browser, and client-side security.
Conclusion
I have already stated it multiple times, but this is a technical feature comparison, and Citrix continues to provide richer, more mature features than Microsoft. BUT as mentioned, Microsoft has advantages given its presence in enterprises. Before the acquisition of Citrix, they were already working closely with Microsoft on partnering around a managed desktop offering. Citrix is also now offering HDX Plus for Windows 365 so that partnership is alive and kickin’.
I have no idea where things go from here. Recently some in the community speculated there could be a future merger of Citrix and VMware to try and join forces against Microsoft as the former CEO of Broadcom, who just acquired VMware, is set to become the CEO of Tibco/Citrix. I think that is wishful thinking personally, and there is absolutely nothing concrete to suggest that will happen.
On a recent Microsoft earning’s call, they reported a 60% year-on-year increase in usage for AVD. That is staggering growth. While this is definitely the case, I continue to see some migrating from Citrix to AVD and even some from AVD back to Citrix. My gut tells me Microsoft will make big gains in the coming years.
Which one is best for you?
As always, it depends. Go out and try both or reach out to us, and we can help provide information specific to your needs and size.