Secure applications for mobile workstations and pharmaceutical processes

The pharmaceutical service provider, Vetter, must meet the highest IT security requirements. Application virtualization with Citrix XenApp has helped the company for several years to make applications in laboratory and production environments safely accessible and therefore compliant with the industry's validation rules. Now the company is also using Citrix technology for the management of mobile apps, devices and data.

In the pharmaceutical and biotech industry success today depends on careful production processes and fast reactions to changes in market conditions. The pharmaceutical service provider, Vetter, supports its customers in both challenges. Headquartered in Ravensburg, it has over 35 years of experience in the production of pharmaceutical and biotech ingredients and offers its customers comprehensive services - from development through clinical trials to commercial manufacturing and Life Cycle Management.

Vetter has achieved international success with its range of solutions and is now one of the world's leading service providers for the aseptic filling of injection systems such as syringes, cartridges and vials. Since 2000, the number of employees has more than tripled: Currently around 3,300 employees operate at sites in Ravensburg, Langenargen and Chicago.

Validation rules also apply to IT

The demands on the pharmaceutical company's IT service provider have become increasingly sophisticated in recent years - not only because of the rapid growth of the company, but also due to the industry's increasingly stringent legal regulations and quality standards. To meet the Current Good Manufacturing Practice (cGMP) guidelines, all IT systems involved in the production process need to be validated. "In practice, this can cause considerable expense," says Christian Hegele, Head of IT Infrastructure at Vetter. "For example, it is stipulated that the control computer for analyzing systems in the laboratory is required to pass a revalidation after each software update."

In order to reduce the effort to update and review these devices, the IT organization built - with the support of the consultancy and systems house ADLON - a Citrix XenApp infrastructure. The control and management software can thus be provided centrally via the data center for all terminals. Updates need only be set up once on the XenApp servers and then left. "The application virtualization simplifies the management of the computer considerably and guarantees that the applications are always on a unified, secure footing," says Christian Hegele. "The software is protected on the server and can not be changed even by careless users or by tampering with the device."

The IT department therefore soon took advantage of the Citrix technology for the safe management of further control computers in the lab environment. So the software for weighing systems, for example, is now centrally operated and validated on the XenApp environment. The advice of the ADLON consultants on the opportunities and possibilities of application virtualization introduced the IT department to many other usage scenarios. Home working, for example, can also be supported on the XenApp environment. Employees can access their virtual applications via secure internet connections and all communications will be encrypted by Citrix NetScaler appliances in the data center. Vetter's training facility is also now fully virtualized: "We are using thin clients instead of PCs so that we do not have to re-establish individual user desktops like we have in the past," said the Head of IT infrastructure.

Virtual IT jobs for 1,000 employees in production

Meanwhile, the Citrix technology has also been introduced in the production environment. About two years ago, Vetter started an 'employee on the Net' initiative to enable all employees in production to access email, intranet and e-learning offerings. This presented the IT department with a challenge to install thin clients throughout the entire production area. Employees can use the XenApp environment to very quickly access the most important applications and, for example, view online training or retrieve electronic work instructions. "The virtual infrastructure has helped us to connect around 1,000 additional users to the IT with very little effort," says Christian Hegele. "The robust and low-maintenance thin clients are ideal for the production environment - Citrix XenApp also enables very fast user switching at shared computers."

The working environment at Vetter is now in transition in many areas. In the production area there is a rapidly growing number of mobile devices: The IT department now manages approximately 250 company-owned iPhones and iPads and is responsible for ensuring the highest security standards for these devices. Christian Hegele stresses that this should, however, not be at the expense of user acceptance: "We wanted to give users the freedom to install private applications on their devices. However we had to ensure, among other things, that apps like WhatsApp and Facebook can not access the company contacts."

Vetter relies on Enterprise Mobility from XenMobile

Those responsible evaluated a number of different enterprise mobility solutions and finally opted for Citrix XenMobile. "The decisive factor in our decision to use XenMobile was that the solution met all of our requirements for Enterprise Mobility under one roof," explains Christian Hegele. "Citrix is impressive not only for the safe management of mobile devices, but also in the management of mobile apps and data."

Along with the technical specialists from ADLON, Vetter implemented the individual components of XenMobile. A central component is the Mobile Device Management: In order to register a new device, the user only needs to load the free Citrix App Worx Home from the App Store and log in with their user data. XenMobile then loads all required security settings and configurations to the terminal - according to the respective role of the user. The IT department can oversee all devices using Mobile Device Management and check that the correct iOS version has been installed. Operating system updates are only released when they work with all apps.

The Enterprise App Store of XenMobile is the central access point for the mobile user. Here staff can find all the necessary apps and resources at a glance. Business apps run completely isolated in secure containers on the terminal. A data exchange with private apps - for example by copy & paste - is ruled out. For secure communication with the internal data center business apps use an application-specific VPN tunnel - called Micro-VPNs. So mobile users can securely access the company's intranet, among other things, with the built-in browser app WorxWeb. Also, smartphones and tablets can access Windows applications in the XenApp environment via the Enterprise App Store. In addition, the IT department will shortly integrate mobile business apps from SAP into the environment.

Secure data exchange with Citrix Share File

Citrix Share File is already available through the Enterprise App Store. "Many of our users wanted a solution for mobile data exchange and synchronization of documents between different mobile devices," says Christian Hegele "Our goal was to offer them a convenient solution that can be operated easily and intuitively. But also within our high security standards."

Specifically, this meant the user's documents should not be stored in the cloud, but in its own data center. In addition, they wanted to link up the solution to the existing authorization structures in the company. With the information contained in XenMobile Enterprise file-sharing solution Citrix Share File both requirements were implemented. The Business Consultants of IT Partners ADLON had advised the customer in advance and recommended the Share File solution. The System Engineers at ADLON then built an internal storage environment and established the connection to the existing Active Directory.

"Our users can share large documents securely with colleagues or external partners using Share File," says Christian Hegele. "At the same time they can access all the files in their File Share directory on any device." The IT department maintains full control over the security of sensitive documents in any situation: For example, if an employee leaves the company, mobile access is centrally locked and all documents stored locally can be deleted remotely.

Citrix Share File is only enabled for the exchange of non-pharmaceutical data at Vetter. But according to Christian Hegele it is only a matter of time until mobile technologies reach the service and production processes. "One of the first application scenarios for mobile data access in the pharmaceutical environment could be maintenance. We have to meet even higher security and compliance requirements. With XenMobile we are capable of doing it."

About Citrix

Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at

Copyright © 2015 Citrix Systems Inc. All rights reserved. Citrix, XenDesktop, XenServer, HDX and FlexCast are trademarks of Citrix Systems Inc., or a subsidiary thereof, and are or may be registered in the U.S. Patent and Trademark Office and other countries. All other trademarks are the property of their respective owners.

Citrix is not only convincing in the safe management of mobile devices, but also in the management of mobile apps and data.
- Christian Hegele

Head of IT Infrastructure

Vetter Pharma-Fertigung GmbH & Co. KG


  • Pharmeceutical

Citrix Products