National lab trades in two MDM services for Citrix
- By Stephanie Kanowitz
- Jul 30, 2015
Mobile managers at the Oak Ridge National Laboratory were managing lab-owned devices and a bring-your-own-device program with two different systems. It wasn’t long before running a mobile device management environment using two discrete services became too cumbersome, so they looked for a remedy.
“We had gotten into this model where we had multiple management systems to maintain for our mobile environment,” said Tina Snyder, mobile device team lead at ORNL. The team chose a Citrix solution because it gave them the opportunity to not only move to a central platform, but also to provide different capabilities for different mobile user segments. Plus, she said, “it also allowed us to reduce some costs [and] become more integrated with our other Citrix applications and services that we have.”
With Citrix, 1,400 employees and contractors are now using their own devices to remotely access lab data – more than ever were able to before. Suzanne Willoughby, ORNL’s client computing operations lead, said that previously, cost forced officials to limit not only the number of users with mobile access, but also to allow only one device per user. Now, Citrix access is automatically enabled for all salaried lab employees.
Other capabilities that Citrix brought to the lab include creating internal applications for specific user groups, delivering virtual apps via Citrix XenApp access and implementing a single sign-on using user-based certificates.
“When we set up our BYOD program, we made the decision to use user certificates… [which] are stored in the Citrix bin-level container when an end user enrolls,” Snyder said. When users enroll, they create a personal identification number to access the Citrix environment. That PIN, along with their [Active Directory] credentials and their user certificate, provide the credentials for security, Snyder explained. The resulting system complies with Federal Information Processing Standard 140-2.
Once workers have access, they open the Citrix Worx Home app, log in with the PIN and start using apps. If they need an app, they can download it from the Worx Store, the lab’s app marketplace. “It really is that simple,” Snyder said.
Through Active Directory groups, Snyder and her team manage the apps that enable access to e-mail, calendars, contacts, remote desktop and a workflow browser that provides access to internal websites. Other apps designed for this system include:
- TimeTracker, through which salaried staff can enter their hours and managers can approve them.
- Finder, which lets users look up people and locations. For instance, a search for a conference room results in a map pinpointing its location.
- RESolution, a research enterprise resource planning system.
A Citrix customer since the 1990s, ORNL released this particular implementation in October. It currently works with iOS and Android devices.
So far, no connection problems have been reported because of slower home bandwidth rates or computing power. The initial deployment did have “its ups and downs,” Snyder said, but ORNL worked with Citrix to address the problems, and “in the last two to three months, things have calmed down quite a bit, and it’s pretty stable at this point.”
Overall, lab officials expect the improved and widened remote access to aid in recruitment and retention of skilled workers. It puts the lab’s mobile environment more on par with what’s found in private industry.
“As the person that was managing the BlackBerrys before, the BYOD program has been a great success,” Snyder said. “People have really liked it and loved being able to use their own devices instead of having to carry two. I think as we go forward and we see more capabilities for the tablets and more applications – especially built for internal access – you’ll see a lot of people getting excited about what they can do with it.”
Looking ahead, Snyder said the next step is upgrading the mobile device management servers to the latest release. She also plans to take advantage of Citrix’s new dynamic wrapping capability, which means the lab doesn’t have to get an unsigned copy of an app from a vendor to make it available in its Worx Store. Instead, ORNL can wrap apps from large resources such as iTunes.
Stephanie Kanowitz is a freelance writer based in northern Virginia.