Citrix remote access alternative
Posted by Desperate-Pirate-971@reddit | sysadmin | View on Reddit | 16 comments
We have been a Citrix shop for years. During covid we moved away from VDI and now only use it for remote access into physical desktops in the office. We are an engineering firm with pretty heavy workstations, and honestly it always been better for us to just buy good hardware per user rather than deal with VDI performance/cost. The problem is we have moved almost entirely to Entra ony joined devices except for our desktops, because of Citrix. Since Remote PC Access still relies on domain join and AD connectivity. We are/are trying to do Autopilot hybrid join (which has been super unreliable for us), but mostly just getting manually imaged via ISO / SCCM task sequence and then co-managed
Our laptops are pure Autopilot Intune and it has been great. We would really like to get desktops to that same place, but Citrix is basically the last blocker. From a user perspective, Citrix has been awesome(ish) easy access and good experience no complaints there. But from an admin side it is starting to make things more complicated. All desktops stay in the office and users physically work on them day to day (triple monitors, etc). Remote access is just for WFH / hybrid days. Any suggestion? Way to make Citrix work? Other soultions?
mat-ferland@reddit
If the users already have beefy local machines, I’d stop trying to preserve Citrix-shaped complexity. For WFH on office workstations, the simpler win is usually fixing secure access cleanly instead of rebuilding a whole VDI story around it.
AdamScot_t@reddit
For pure remote access into physical desktops theres a few directions worth looking at, microsoft remote desktop with azure ad joined devices is the obvious one if you're already deep in intune/entra.. For the wfh/hybrid piece specificaly if the goal is securing work on users own machines rather than remoting into office hardware, tools like venn take a different approach, endpoint isolation on the users own device, no citrix dependency involved
JeroenPot@reddit
Azure virtual desktop is a no-brainer. The license is included in business premium and higher, costs are manageable with auto scaling, and the hosts can be Entra ID joined managed with intune. Feel free to reach out if you want more details.
cyr0nk0r@reddit
You can look at trugrid's SecureRDP.
HanSolo71@reddit
The KASM project seems like possibly a good fit. I use it for containers and remote access at my house
The_Koplin@reddit
Slow as molasses in winter, and target market is Linux VDI and app virtualization. With RDP it takes a double hop and is non performant. I tested this recently. I am replacing a VMware/Omnissa Horizon VDI that is setup a lot like OP’s Citrix. Along with needing all the infrastructure for RDP hosted sessions. So I am now just testing Server 2025 as hyper-v hosting windows 11 VDI via rdp
DiabolicalDong@reddit
Many remote access tools now support non domain devices, provided connectivity to devices exist. We use Securden. It works for all our devices, domain and non domain.
1z1z2x2x3c3c4v4v@reddit
I am confused. RDP does not require domain-joined machines. Why not just use RDP?
gratuitous-arp@reddit
Someone else has already suggest Parsec for this, and I'd agree with that.
If your goal is "get users onto their office desktops from home" and given them a good experience (without dragging along AD, VPN infrastructure and Citrix complexity) a really nice clean starting point might be https://parsec.app/
AFAIK it handles NAT traversal and encryption out of the box and does a better job of multi-monitor and graphics-heavy workloads than RDP. If you've got engineering users on beefy hardware, it tends to map closely to the local experience without the overhead of VDI & should also allow you to untangle Citrix mess too.
Disclosure, I work for https://enclave.io (which is ZTNA for MSPs) and most customers just use RDP directly, but I do know of some engineering customers who use Parsec instead, but also wrap that traffic to flow over a mesh overlay network for more granular, network-level control (which other networks can originate a connection to the machine, checking whether device posture is aligned to InTune, controlling whether hosts are discoverable outside the environment, enforcement of “only this device can talk to this device”) but similar wraps could probably be achieved with other ZTNA tooling like Tailscale and Zerotier too.
pnutjam@reddit
For a super simple solution, just put a Linux box on the network with ssh open. Set it to only allow ssh-keys for login, then configure their laptops with the key and use mobaxterm to easilty setup a tunnel through ssh to the desktop RDP session.
pnutjam@reddit
also https://www.nomachine.com/ is a good solution.
Landscape4737@reddit
I used to use Parallels, excellent until they changed their pricing model from a price list to negotiable, cant stand that. Then of course it’s Russian.
DevDude2025@reddit
Take a look at https://www.parallels.com/products/ras/remote-application-server/
Beefcrustycurtains@reddit
Parsec is used by a kid of engineering firms and can be sso'd with autoprovisioning from Entra.
brainstormer77@reddit
We use BeyondTrust Secure Remote Access. It offers multiple remote access options like agent based, or RDP using a proxy.
Another option is to use the Entra Global access VPN client + RDP. Haven't used it that way but might work.
lrosa@reddit
I am dismantling Citrix in favor of Netskope, both steering and "Any App", basically the Netskope implementation of Apache Guacamole.
I HATE Citrix.