Technical requirements for deploying Citrix Secure Developer Spaces™
This guide defines the essential platform and operating system prerequisites for running Citrix Secure Developer Spaces™ (SDS).
-
Deployment Options: Choose between a cloud-native, on-premises, or air-gapped Kubernetes deployment. Ensure your account has the necessary infrastructure permissions for your selected environment. Supported Kubernetes platforms include:
- Amazon Elastic Kubernetes Service (EKS)
- Azure Kubernetes Service (AKS)
- Google Kubernetes Engine (GKE)
- Red Hat OpenShift
- VMware Tanzu Kubernetes Grid (TKG)
- Nutanix Kubernetes Platform (NKP)
- Kubernetes Cluster: Use a dedicated Kubernetes cluster running version 1.20 or higher. Do not share the cluster with other applications.
- Kubernetes Node OS (AWS-specific): Use Amazon Linux as the Kubernetes node operating system when deploying on AWS.
- Kubernetes Node Architecture: Ensure all nodes run on the amd64 architecture, as arm64 is not supported.
Networking Requirements
These specifications ensure that the platform can reliably route, secure, and expose services across environments.
- Ingress gateway: Use Citrix NetScaler® as the recommended ingress controller. Nginx and Istio gateways are also supported.
-
Network Policy API: Use the
networking.k8s.io/v1API. If unavailable, install Calico or Cilium to enable network policy support. -
DNS & SSL: Configure two DNS domains and apply valid SSL certificates. For proof-of-concept (PoC) deployments, certificates are optional but strongly recommended. The second domain must be a wildcard subdomain of the first domain. For instance:
example.com*.proxy.example.com
Storage Requirements
These requirements define the persistent data capabilities needed for workspace and service storage.
- Persistent Volume Claims API: Provide persistent storage using the Kubernetes Persistent Volume Claim API.
Deployment Tooling
These specify the tools necessary to install and configure Secure Developer Spaces components in Kubernetes.
- Helm CLI tool: Install the Helm CLI to deploy Secure Developer Spaces using the provided Helm chart.
Enterprise-Grade Service Recommendations
We strongly recommend these configurations for production environments to ensure scalability, reliability, and enterprise-grade security, although they are optional for PoC deployments.
- Database: Use a MongoDB Atlas subscription for database management in production deployments. For PoC environments, the system deploys an internal MongoDB container by default.
- Identity & Access Management: In production, configure an identity provider (SAML or OIDC), such as Okta, for managing user identity and access. The system provides basic email/password authentication by default.
Connectivity for Installation & Licensing
This section outlines the external URLs your environment must access to download the required installation components and validate your license.
During installation, the system connects to the Citrix Secure Developer Spaces license server to validate the license and generate a temporary token for accessing the container image artifactory.
Here is a specific list of the required packages and images, along with their locations:
-
License Server
-
URL:
api.enterprise.strong.network - Purpose: Used for online license verification.
-
URL:
-
Installer Image
- Source: Docker Hub
-
Image:
strongnetwork/strong_installer:2025.10.19
-
Helm Chart Package
- Source: Google Artifact Registry (GCP)
-
Primary URL:
europe-docker.pkg.dev/strong-network-release/charts/ninjahchart:2025.10.19 -
Mirrors: Regional mirrors are available at
us-docker.pkg.devandasia-docker.pkg.dev.
-
Container Images (Artifactory)
- Source: Google Artifact Registry (GCP)
-
Primary URL:
europe-docker.pkg.dev/strong-network-release/images -
Mirrors: For improved performance, regional mirrors are available at
us-docker.pkg.devandasia-docker.pkg.dev. -
Required Service Images:
browser_in_browser:2025.10.19cloud_editor_sidecar_proxy:2025.10.19frontend:2025.10.19sn_enterprise_bundle:2025.10.19
-
Required Workspace Image:
ws-images/cloud_editor_generic:2.3.5
-
Optional Workspace Images (not required for the default installation):
ws-images/android_studio:2.2.6ws-images/goland_go:2.2.6ws-images/gui_debian_linux:2.3.5ws-images/intellij_java:2.2.6ws-images/intellij_ultimate:2.2.6ws-images/phpstorm_php:2.2.6ws-images/pycharm_python:2.2.6ws-images/webstorm_image:2.2.6
Licensing and Online Renewal
Citrix Secure Developer Spaces (SDS) uses an online licensing model to ensure your development environments remain active and secure. This system automates the renewal process to minimize administrative overhead.
License Validity and Renewal Process
- Validity Period: Each online license is valid for 21 days.
- Automatic Renewal: SDS automatically attempts to renew the license by connecting to the online license server multiple times per day.
- Retry Logic: If a renewal attempt fails (e.g., due to temporary network issues), SDS will continue to retry the connection automatically.
Expiration Warnings
To prevent service disruption, the SDS console provides visual alerts if the license cannot be renewed:
- 14-Day Warning: If the license validity drops to 2 weeks (14 days) without a successful renewal, a warning banner appears at the top of the SDS console.
- Countdown: The banner indicates the specific problem and displays a countdown to the license expiration date.
Note:
For deployments in high-security air-gapped environments, you may either configure firewall rules to allow the SDS controller to reach the online license server or, alternatively, request an offline license for fully disconnected operation.