IGEL is a multinational software company based in Germany best known for their “Next Generation edge operating system” (IGEL OS) which is built to secure access to cloud workspaces such as, but not limited to, Citrix Workspace, Amazon Workspaces, Microsoft AVD and VMWare Horizon. 

• COSMOS is an IGEL unified platform that will securely manage and automate the delivery of digital workspaces from any Cloud. 

The key message is that IGEL have completely separated the Base IGEL OS from it’s validated and integrated applications and interfaces. IGEL UMS 12 supports the new IGEL OS 12 but also the legacy IGEL OS 11 enabling simple and seamless migration. They have added a value-add cloud service to manage and deliver the separated applications and interfaces and thus offering a modular architecture, providing end-point control and delivering, what is termed, “End-User Freedom”, allowing users to work freely in the hybrid environments of today. 

The core of the IGEL COSMOS platform is a new IGEL UMS v12.0 management suite and the new v12.0 IGEL OS end point firmware. There are additional cloud based services that include the new App Portal. 

The new IGEL App Portal delivers a full range of validated applications from IGEL’s, IGEL Ready partner community. The App Portal streamlines the process of application qualification, integration and introduction by being separate and independent from the IGEL OS endpoint operating system and removing the dependency on the old highly integrated software release cycle. 

IGEL UMS is a single management solution that supports up to 300,000 end points running the IGEL OS. It is easy to use and purpose built to simplify the management of these devices. UMS supports several operating systems such as Microsoft Windows Server and Linux and also supports multiple databases such as SQL, Oracle and a local embedded database. 

IGEL OS can be referred to as the IGEL firmware, it is a Linuxbased operating system optimised for secure, scalable delivery of virtual desktops and cloud workspaces. The IGEL OS can be used to replace either permanently or temporarily an existing operating system, allowing you to convert any appliance into an IGEL device. 

The main features of IGEL OS 12 are that it is more lightweight and adaptable. It supports the faster delivery of features and applications tuned to specific use cases via the COSMOS App Portal. What this means is that features such as VMWare Horizon Client, or Zoom Client or Webex client etc. can be updated independently from the main IGEL OS thus providing additional flexibility and reducing update times, improving user experience. Other features include deeper insight into endpoint usage, security, status and compliance of the IGEL UMS-Managed endpoints. 

• The IGEL UMS, simple to use platform has been extended to support a mix of the endpoint devices running either IGEL OS 11 or the new IGEL OS 12. With this support of both platforms it enables for the simple and easy migration removing the need for companies to migrate their whole environment at once (big bang type migrations). 

IGEL COSMOS, IGEL UMS 12 and IGEL OS 12 will be available April 1st 2023. 

IGEL OS Licence is based on the MAC address of the IGEL appliance. Licence can be installed manually during installation or through the Licence Management feature within UMS. 

• As of the 1st July 2022 Subscription licences were made available which provided licenced device the full IGEL feature set (Workspace Edition, Maintenance, Enterprise Management Pack and then a choice of Support level) 

From the 31st December 2022 no other licencing options are available. 

Yes. Using the UMS management GUI licences can be easily transferred between devices.

ICG is required to manage and control endpoint devices sitting outside the corporate LAN, where the UMS and those devices are not in the same network. ICG is not a VPN solution, but a highly secure way to set up, manage, and control remote IGEL OS-powered devices.  

Remote IGEL devices are supported via the IGEL Cloud Gateway (ICG). ICG is required to manage and control endpoint devices sitting outside the corporate LAN, where the UMS and those devices are not in the same network. ICG is not a VPN solution, but a highly secure way to set up, manage, and control remote IGEL OS-powered devices. 

Active IGEL software maintenance on a device is required in order to apply firmware updates which occur up to four times a year. 

• An IGEL UD Pocket is a small USB device that allows you to boot the IGEL OS on any compatible endpoint without affecting the base OS on that device. 

To use a UD Pocket simply boot the device into which the UD Pocket is installed from the USB port. 

• IGEL OS 11 will support up to 4 (four) screens. The device has to have Intel, ATI/AMD or NVIDIA display chipset. 

The ILP is the core service for handling IGEL Licences and is the where all purchased IGEL Licences will be found. The ILP is a cloud-based portal working in conjunction with the IGEL UMS it can assign a software licence to the respective endpoint and can also transfer a licence from one endpoint to another. 

• Yes. there are three roles, Administrator, service provider and User. The administrator has, as one would expect, full administration rights to the licence portal, the service provider has most of the administration right except the ability to add, remove or change user roles. The user simply has the ability to view the licences within the portal. 

For more details see Roles and Permissions (igel.com) 

Yes. IGEL firmware and UMS software is available for download from the Gel web site and the IGEL OS 11 firmware download provides the ability to request a 30 evaluation licence. 

Yes. There is an IGEL Academy web site in which you can get basic training and certification on IGEL products. 

Yes. IGEL have a web based “IGEL Community” in which customers and partners can post questions and find answers to problems. The community also hosts How To Video’s to help educate and develop users knowledge and capabilities. 

If you are an IGEL customer, you can simply go to support.igel.com, log in and then log a support ticket for the issue you have. 

IGEL have a knowledgebase “IGE Knowledge Base” available at www.kb.igel.com 

With the IGEL OS Creator you can install the IGEL OS 11 firmware on any device that supports it. The IGEL OS creator can also be used to recover broken installations when devices can no longer boot. 

• The core requirements for an IGEL OS 11 installation is a 64bit CPU, a CPU speed of greater than 1GHz and at least 2GB RAM.  

4GB of RAM or more is recommended if you plan install IGEL OS 11.04 or above and/or plan to use client side multi media , high resolution graphics and 2 or more monitors. 

IGEL Product security information is the web page on which any security advisories are published. This site includes details of the vulnerability and steps on how to fix it or mitigate the vulnerability. 

It is possible to “Subscribe for Updates” if you go to the www.igel.com web page and find the link at the bottom of the page. Once subscribed you will initially be subscribed to ALL the IGEL mailing lists, however, you can then go to the “unsubscribe” link at the bottom of the e-mails and modify what notifications you wish to receive. 

Yes. The option for High Availability can be selected during both the initial installation and post installation should a single node need to be upgraded to support more devices or provide high availability. 

• In theory there is no limit. You can install multiple UMS Servers to support tens of thousands of IGEL clients and load balance using separate UMS Load Balance servers. 

A typical deployment for greater than 50,000 IGEL clients would consist of up to 6 UMS Servers with up to 3 UMS Load balancing servers. 

The UMS Load Balancer Server is a UMS “Subnode” that is created when the user selects High Availability in the initial UMS configuration. This subnode can be created on the UMS server itself when configurations are small, typically less than 50,000 IGEL clients. For larger deployments these UMS Load Balancer servers need to be configured as standalone servers. 

No. UMS HA configurations must use a central database such as SQL, Oracle and PostgreSQL. 

• Yes. It is possible to migrate from single mode to HA. The process very much depends on the single node configuration, whether it has embedded database or external. Details for migration can be found at Switching from a Standard UMS Installation to an HA Installation (igel.com) 

After the initial management network configuration (NSIP, Subnet mask, Default route), the remaining configuration of a Citrix NetScaler appliance can be done via the Browser and GUI (http://NSIP) or Command line via an SSH client like PuTTY (a browser that supports html5 like Firefox will help). Once you have logged on with the nsroot username and password, you can enable Load Balancing, add servers, services and vserver under the Traffic Management > Load Balancing > section in the GUI or add a service from the command line.

Citrix NetScaler deployed in the DMZ can be secured and hardened. There are multiple mechanisms around systems management, authentication, monitoring and logging that can be utilised depending on your specific security requirements. The systems can utilise independent management networks to isolate the admin traffic. Role based access can also be configured and combined with external authentication services like Microsoft Active Directory or TACACS+. Additionally, if a single management pane of glass is required for multiple Citrix NetScaler Appliances (VPX, MPX, SDX , CPX as well as Citrix  NetScaler SD-WAN) then Citrix NetScaler MAS can be deployed to centrally managed the Citrix networking estate.

Citrix NetScaler is a feature rich Layer 4 – 7 Application Delivery Controller (ADC) that support features like Server Load Balancing, SSL offload, GSLB, SSLVPN & Application Firewall. It is available in multiple form factors including virtual (VPX), Physical (MPX) , Hybrid (SDX) and Containerised (CPX).

Citrix NetScaler complements existing network firewall’s by operating a Layer 4-7 to inspect web content requests and responses with its Application Firewall module to prevent Application layer attacks. Citrix NetScaler can can provide PCI DSS compliance reports for audit purposes and both simple and extended ACLs where required.

A Citrix NetScaler Subnet IP or SNIP is an IP address owned by the Citrix NetScaler appliance and used for communications with Firewall’s , Routers or Back-end Application Servers (required in most load balancing deployments). A  SNIP is commonly used instead of the older MIP (mapped IP) as an appliance can operate with multiple Subnets / VLANS.

A Citrix NetScaler virtual IP or VIP is an IP address owned by the appliance and normally associated with a virtual server entity (common in load balancing deployments). The VIP can be any public or private address.

By default all inbound load balanced web applications via Citrix NetScaler are reverse proxied with a separate TCP connection for client and server side (use subnet IP mode), Citrix NetScaler can also be used to provide a redundant outbound forward proxy with link or firewall load balancing configurations.

By default all inbound load balanced web applications via Citrix NetScaler are reverse proxied with a separate TCP connection for client and server side (use subnet IP mode). Citrix NetScaler can also be used to provide a redundant outbound forward proxy with link or firewall load balancing configurations.

Citrix NetScaler has full static and dynamic routing capabilities built in. As part of a Dynamic routing environment, it can support BGP, OSPF and RIP routing protocols and can use Route Health Injection (RHI) functionality to add or remove routes to a web app’s load balanced vservers upstream border routers.

Citrix NetScaler complements existing network firewall’s by operating a Layer 4-7 to inspect web content requests and responses with its Application Firewall module to prevent Application layer attacks. Citrix NetScaler can also provide PCI DSS compliance reports for audit purposes.

Citrix NetScaler’s advanced application protection and AAA TM features can be deployed in front of Microsoft enterprise application suite including  OWA, SharePoint and Lync to provide Secure Authenticated access to these critical business applications.

Yes, Citrix NetScaler is a feature rich Layer 4 – 7 Application Delivery Controller (ADC) with built in Server Load Balancing.

Citrix NetScaler’s ADC functionality can be deployed all physical and virtual form factors including the CPX appliance (in a Docker container) or as an SDN service as part of a Cisco, VMWare or OpenStack SDN deployment. To further enhance these deployments, full Citrix NetScaler application automation can be achieved by additionally deploying the new Citrix NetScaler 11.1 NMAS (NetScaler Management and Analytics Service) appliance.

Citrix NetScaler is a feature rich Layer 4 – 7 Application Delivery Controller (ADC) with built in Server Load Balancing , SSL Offload, Global Server Load Balancing, Application Firewall and SSL VPN, along with many other web application optimisation and protection features such as caching and compression.