Update: Caffeine 1.2 has been posted to include support for receiver 4.2 and above.
In this post I’m announcing a new little tool from my lab for managing power saving and screen saver settings while using the Citrix Receiver for windows. I’ve been using this tool for months, I love it and miss it when I use a workstation without this tool. I’ve also sent this out for feedback to a select few experts in the VDI market space and the feedback was very positive.
That being said, this tool will be welcomed by some (users) and hated by others (admins). I’m a bit torn about whether to publish it or not so if you want to add to the feedback drop me an email on firstname.lastname@example.org.
Caffeine will also be available in the next release of ThinKiosk.
The Mission statement:
Often when using the XenApp, XenDesktop or even Citrix VDI in a Box, double prompting for passwords from windows devices is both common and a pain in the backside. When you’re local workstation locks out you need to re input your workstation password, then re input your password again in the remote session… irritating and unnecessary.
From a security perspective its necessary to configure a secure screensaver on their desktop in the datacenter to ensure any connecting device receives a password prompt when the user is idle a certain amount of time, but it can be a management nightmare to exclude users from receiving double password prompts from managed windows devices.
Removing the double password scenario:
This issue extends from desktops, to laptops and to thin clients too and it often bugged me how often I spent entering my password twice each day.
With Caffeine for receiver, you install a lightweight application that runs in the system tray. This application automatically attaches to Receiver sessions (via the ICA Client Object) and sends a keep alive every minute to ensure the remote screen saver never kicks in. Leaving just the local secure screensaver to lock the users out.
This works really well from Enterprise devices with double screensavers or home devices that are secure by default. This also allows you to keep your secure screensaver policies on the datacenter side and work around them from managed devices.
As a father, I struggle to find alot of time to work while my son is awake. Often I’ll start working on something and get dragged away for hours only to return to my pc asleep and my remote session disconnected and logged off due to policies. This infuriates me and I disable sleep on most of my devices for this reason… Which is costing me a fortune in electricity!
Further to just screensaving, Caffeine can also be configured to stop computers from going to sleep while a remote session is active. This will keep your pc awake when you are running a remote session if you need to step away but allow it to sleep when you don’t have a remote session… Best of both worlds!
If you still wish to use power saving while on battery, this is still available as above.
Well if I’m sending a keep alive from my enterprise device this means the sessions will never reach enough of an idle timeout to satisfy idle timeout policies. Which from an admin perspective mean’s these sessions will never terminate unless the remote machine is restarted.
With Caffeine you can configure these idle time-outs for managed devices via the settings (above) or via GPO meaning you can mirror your idle time-out settings…and dare I say feel confident they’re work reliably for once!
But.. but.. but.. security!!! We can’t have users turning off their secure screensavers!
Well, yes. This is the conflict of interest here, users want it and the admins wont! In order to make Caffeine as secure as possible I’ve included the following options for enterprises:
Caffeine requires administrative permissions to install:
By default only administrators of their local machines will be able to install Caffeine.
Enterprise Kill Pill:
Caffeine has a “Kill Pill” built in, you can download the enterprise GPO to stop Caffeine from working on your devices.
Secure screensaver requirement:
By default caffeine will only work if a secure screensaver is present locally. If the user attempts to remove the screensaver after login, they will be alerted and Caffeine will no longer keep the sessions alive:
Advanced Access Control.
Using Advanced access control with access gateway you can target machines running caffeine and exclude them from using your citrix environment.
The Caffeine for Citrix Receiver beta is now available for download.
- .Net Framework 2.0
- Citrix Receiver 3.2 and upwards.
- Windows 7 x64
- Windows 8.1 x64