This ESG Technical Review looks at Google Chrome Browser in enterprise virtual desktop and application virtualization environments powered by Citrix. We looked at how Chrome Browser integrates with Citrix and evaluated the business value provided by the combined solution.
The potential for data breaches and cyber-attacks is rising, driving security as a key priority for businesses across industries. Siloed IT teams possess limited visibility across an organization’s ecosystem due to the legacy and standalone applications that they continue to rely on to provide their end-users with a fast and reliable computing experience. These same IT teams often turn to a mix of physical, virtual, and cloud-based technologies to get the right apps and data to the right users, which makes satisfying the security and compliance needs of the business more challenging. With application virtualization and virtual desktops, IT can centralize this process, and give users more flexibility in how, where, and when apps are accessed. Citrix Virtual Apps and Desktops allow organizations to deliver secure virtual apps and desktops to meet their business needs. These virtual environments are also being impacted by a changing application landscape. ESG research revealed that 88% of organizations are either currently using or planning to use software-as-a-service (SaaS) applications in 2019.1
As enterprise users’ reliance on SaaS and cloud applications increases, the need for a browser that provides seamless, secure access to these apps and services becomes critical. Giving users a reliable and fast browsing experience—whether the browser is virtualized as a streaming application or hosted in a virtual desktop—is key. While working anywhere, anytime, on any device may be great for end-users, “bring your own device” initiatives can wreak havoc among IT organizations—especially when managing endpoints and securing the enterprise. IT must consider the browsing experience across different delivery models that users might experience in a given working day.
The Solution: Google Chrome Browser Enterprise
When it was launched in 2008, Google Chrome Browser was primarily focused on consumers and desktop operating systems. It quickly became the most commonly used browser in enterprises, and today many IT administrators are deploying this browser in their Citrix Virtual Apps and Desktops environments. In 2017, Google released the Google Chrome Browser Enterprise that is optimized for enterprise deployments and intended to address the challenges IT teams face with web browser application and desktop delivery. Google has a strong partnership with Citrix and Google Chrome Browser is the browser included in the downloadable trial of Citrix Virtual Apps and Desktops. Google Chrome Browser Enterprise features are designed to:
- Deliver a consistent and secure user experience to drive increased productivity.
- Meet performance and reliability standards set by virtual desktop providers and deliver an optimized browsing experience for virtualized application and desktop environments like Citrix Virtual Apps and Desktops.
- Enable users to sync browsing sessions quickly across physical and virtual sessions to allow them to carry over bookmarks, settings, and history for a seamless personalized experience.
- Provide consistent security controls that can be applied across physical and virtual environments and different operating systems.
ESG testing began with a look at the user experience of Google Chrome Browser Enterprise in a Citrix Virtual Apps and Desktops environment. We used a Google Pixelbook and connected to a virtual desktop. First, we launched Chrome Browser and signed in as user Jack Doe. Clicking the home icon took us to the ESG website, which had been set in a group policy.
Figure 3 shows the mandatory and recommended Chrome policies set for the user Jack Doe. Mandatory policies are policies that are enforced and can’t be changed by the user, whereas recommended policies are those that are recommended as defaults, but the user can change the setting.
Next, ESG Looked at Legacy Browser Support, a key feature for organizations that run applications that require the use of a specific browser or version. This scenario is common in enterprises and large organizations where there is a need to support a legacy app, and no resources from the business to rewrite it or port it to a new browser. In the example shown in Figure 4, www.espn.com, www.cnn.com, and www.wsj.com were set as URLs that required an alternate browser. When we entered the URLs into Chrome, an Internet Explorer session was started, and the sites were opened there. An important issue to consider when using legacy browsers is security. Should an application require an old version of Internet Explorer that is no longer being patched, organizations don’t want users surfing the web using that browser. If a URL that is not flagged for the alternative browser is entered, Chrome will automatically redirect the request and open the URL in a new tab or window in Chrome.
Next, ESG examined the administrative features available to enterprises using Google Chrome Browser. Google Chrome Browser includes the installers for the Chrome Browser and the Chrome Legacy Browser, as well as the Microsoft Group Policy template (ADMX) files in 32-bit and 64-bit versions. ESG logged in as a Domain administrator and opened the Microsoft Group Policy Management Editor.
As seen in Figure 5, we opened the Use hardware acceleration when available policy. By default, this policy is enabled, which is useful in environments where graphics-intensive applications leverage GPU acceleration.
GPU acceleration can be memory-intensive and in virtual desktop environments, organizations may want to disable it, as we did here. Administrators can also granularly manage extensions through group policies or Chrome Browser Cloud Management—not just allow or deny installations, but access and permissions for individual extensions. Chrome Browser Cloud management allows you to manage extensions across operating systems centrally, making it easier to provide a similar and secure browsing experience across device types. Enterprises can also control auto updates, to ensure that users only update after the updates have been vetted by their security team. In virtual desktop environments, organizations will want to disable automatic updates entirely, placing the gold image desktop in maintenance mode to update, then when users log in, they automatically get the updated version. Other powerful security features of Chrome Browser that can be enabled and managed through group policies include:
- Safe Browsing — Chrome Browser warns users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem so that their visitors stay safer.
- Whitelisting and Blacklisting — IT can designate which site can be visited within the organization’s browser, making restrictions as tight or loose as desired by the business
- Site Isolation, where Chrome loads each website in its own process. Even if a site bypasses the same-origin policy,2 Site Isolation will help stop the site from stealing a user’s data from another website.
Why This Matters
Limited visibility across an organization’s ecosystem persists, due to the legacy and standalone solutions that IT relies on to provide end-users with a fast and reliable computing experience. IT teams are often forced to use a mix of physical, virtual, and cloud-based technologies to get the right apps and data to the right users, which makes security and compliance much more challenging. IT can centralize this process with application virtualization and virtual desktops to give users more flexibility in how, where, and when apps are accessed. Doing so demands a browser that provides seamless and secure accessibility to these apps and services.
Google Chrome Browser Enterprise was designed from the start with productivity and security top of mind and has built on that legacy to provide enterprises with hooks into the management systems they already use to manage users and integration with leading application and desktop virtualization platforms like Citrix Virtual Apps and Desktops.
ESG testing revealed that Google Chrome Browser Enterprise enables organizations to provide a consistent, high performing, and exceptionally reliable browsing experience for users, while enforcing granular controls and offering secure protections for users and the organization.
The Bigger Truth
Application usage via SaaS and the cloud is nearly universal, with 88% of organizations reporting that they either currently use or plan to use software-as-a-service (SaaS) applications.3 Enterprises need a browser that provides fast, secure access to these apps and services with management and control. Giving users a reliable and fast browsing experience—whether the browser is virtualized as a streaming application or hosted in a virtual desktop—is key. Not all environments are completely virtualized, and IT must consider the browsing experience across different delivery models that users might experience. Google Chrome Browser Enterprise is designed to address the challenges IT teams face with application and desktop delivery of web browsers and can be configured by policy for enterprise and highly regulated deployments.
In ESG testing, Google Chrome Browser Enterprise delivered a consistent and trusted user experience; provided an optimized browsing experience for virtualized application and desktop environments like Citrix Virtual Apps and Desktops; provided seamless access to legacy applications; enabled users to sync browsing sessions across physical and virtual sessions for a personalized experience; and provided consistent security controls that can be applied across physical and virtual environments and different operating systems.
If your organization is looking to drive increased productivity and end-user satisfaction in your Citrix Virtual Apps and Desktops environment and provide consistent, high performing access to virtualized and legacy applications while maintaining enterprise compliance and security, it would be smart to consider managing your browser landscape with Google Chrome Browser Enterprise.
1. Source: ESG Master Survey Results, 2019 Technology Spending Intentions Survey, March 2019.↩
2. Under the same-origin policy, a web browser permits scripts in a first web page to access data in a second page, but only if both pages have the same origin, defined as the combination of host name, port number, and URI scheme. This policy prevents a malicious script on one web page from obtaining access to sensitive data on another page through that page's Document Object Model.↩
3. Source: ESG Master Survey Results, 2019 Technology Spending Intentions Survey, March 2019.↩