Monthly Archives: June 2013

XenMobile AppController 2.8

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.8 ( Previously Cloud Gateway) part of Citrix XenMobile Enterprise prior to deploying in a PoC, Pilot or Production environment by the author of this entry.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN – fqdn
CLOUD GATEWAY – cg

XenMobile Is Federal Information Processing Standard (FIPS) 140 Compliant
Check out – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-fips-con.html.

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Self Assigned Certificate
1: To create a self assigned certificate directly on XenMobile AppController login to the admin console at – https://FQDN:4443 using your access details and once authenticated
2: Click Settings
3: Click Certificates
4: Click New and complete onscreen input fields the primary fields are to select certificate cipher encryption strength to be 2048 nothing less, then enter in the common name for cert e.g appcontroller.yourorganisation.net or xac.natal-sharks.local and select the correct country.
5: Click Save
6: Next the Certificate Signing Request will appear click Close
7: Click to highlight the certificate with common name entered in above
8: Click Self-Signed
9: Enter in a value for which the certificate will be valid in number of days e.g 365 for a full calendar year and click Save.
10: Your CSR has now been self assigned.
11: Click to highlight it again and click Make Active
12: Click Yes and the newly self-assigned certificate will be bound to HTTPS and log you out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.
14: For further information please read the following – eDocs Certificate Signing Request for the XenMobile AppController 2.8 .

Enterprise CA signed Certificate
1: Complete steps 1 through 5 under the self-assigned certificates.
2: When the Certificate Signing Request box appear’s copy the CSR response generated into a text file and save to your desktop and click Close.
3: Navigate to your Enterprise CA’s FQDN and follow the onscreen instructions and complete the CSR and ensure that you download the certificate response in Base64 format.
4: Navigate back to the XAC Click Import and select Server (.pem) and select your certificate and Click import.
5: If your certificate has a public and private key (*.pfx12) enter in the password in the password fields or leave blank and the Click Ok.
6: Your signed certificate is now imported successfully.
7: Click to highlight your newly import server certificates and click Make Active.
12: Click Yes and the newly signed certificate will be bound to HTTPS and you be logged out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.

XenMobile AppController 2.8
1: Download the virtual appliance for your platform at – https://www.citrix.com/downloads/xenmobile.html .The supported hypervisors include XenServer, Hyper-V, ESXi
2: Designate and document a FQDN (Optionally create either an Internal or External), IP address, subnet netmask, default gateway, DNS, NTP, AD including a domain services account + e-mail address and strong admin password.
3: Deploy the xac virtual appliance and access the xac console and login using the default access details which are username: admin and password: password.
4: Click 0 and press return/enter to enter the Express Setup mode and complete the required configuration steps onscreen and then Click 5 and press return/enter to reboot the xac.
6: Once the xac reboots open up your internet browser and navigate to the designated https://FQDN:4443 and login using default access details mentioned above.
7: Upon login complete the onscreen wizard. Please note that some of the configuration options will already be prep-populated from your entries entered in at the xac console in Step 4 above. Once completed you will be logged out which is normal.
8: Relogin to the xac and complete either the self-assigned or Enterprise CA signed certificate process.

Multi-Domain Support
Currently the XenMobile AppController 2.8 doesn’t support multi-domain domains e.g multiple LDAP(S) bindings to more than one domain. The following Citrix Blog article is however quiet a useful when leveraging a NetScaler Gateway “Implementing cascading LDAP policies along with universal domain groups” Text in brackets credit of the author of the Citrix Blog Entry –

XenMobile Enterprise (XAC 2.8, XDM 8.5, SCZ 2.0) Reference Architecture
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

Coming soon!
In the mean time check out the eDocs supporting documentation re XenMobile
AppController 2.8 edocs.citrix.com, WorxMail and WorxWeb.

XenMobile NetScaler Connector 8.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile NetScaler Connector 8.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
FULLY QUALIFIED DOMAIN NAME – fqdn
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE MANAGED GATEWAY – smg
XENMOBILE APPCONTROLLER – xac
OUTLOOK WEB ACCESS – owa

XenMobile NetScaler Connector 8.5
0: Requires a Citrix NetScaler, Microsoft Exchange and XDm
1: The XNC installation is very straight forward simply download the software package from the download area of www.citrix.com using your www.citrix.com access details and execute the software package and follow the onscreen instructions. The XNC system requirements can be at – http://support.citrix.com/proddocs/topic/xmob-xnc-85/xmob-xnc-system-reqs-con.html.
2: The XNC can be optionally installed on separate Windows Server 2008 R2 VM or installed on the same VM in-which you have installed and configured the XenMobile Device Manager 8.5.
3: If you install the XNC within the same VM as the XDM make sure that you configure the XNC web service port(s) to not conflict with your XDM configuration.
4: If you intend to keep the logs generated for a lengthly period even 7 days with a 100 users generates a fair amount of logs then I would suggest storing the logs on an alternative drive to that of the XDM installation as the logs can become quiet larger fairly quickly (1-20+GB) and if you have a fair number or users 100+ within your organisation it will cause increased IOPS activity of the VHD and the HDD storing the XNC logs will grow rapidly with all the ActiveSync requests.

Deployment Methods
1: Download the latest NetScaler 10.1 release as they now include the following wizards (a) XenMobile MDM for setting up the XDM using SSL_Bridge (b) NetScaler Gateway for R/A when using the XAC.
2: Review the architecture deployment and components diagram in eDocs at – http://support.citrix.com/proddocs/topic/xmob-xnc-85/xmob-xnc-deploy-wrapper-con.html.

Monitoring the XNC Service
http://support.citrix.com/proddocs/topic/xmob-xnc-85/xmob-xnc-monitor-wrapper-con.html.

More coming soon!
In the mean time check out the eDocs supporting documentation at edocs.citrix.com.

Citrix MDX Technologies

The following content is a brief and unofficial article about Citrix’s MDX Technology. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN NAME – fqdn
XENMOBILE DEVICE MANAGER – xdm

What is and does Citrix MDX mean for wrapped iOS, Android mobile apps

Digital Signing (Wrapping) *.IPA, *.APK App Binaries To Become MDX Enabled
Coming soon! In the mean time check out Signing Android mobile apps – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-android-wrap-app-tsk.html, iOS mobile apps – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-ios-wrap-app-tsk.html.

MDX Vault
The MDX Vault technology essential provides a logical safe and secure sandboxed container within an iOS, Android platform on a device.

MDX InterApp
The MDX InterApp technology essential allows or denies other public delivered mobile apps (iTunes, Google Play) on a device access to communicate with a MDX digitally signed mobile only if allowed e.g communication for the signed MDX mobile app is set to unrestricted. How if the MDX mobile
app delivered from the XenMobile AppController is set to restricted the SysAdmin or MobilityAdmin would need to specific what mobile apps the MDX mobile app is able to communicate and share information with on the mobile device.

MDX Access
The MDX Access technology essential provides safe, secure access to internal intranet resources within your trusted network from any where in the world connected via optionally 3G, 4G & Edge mobile or wired/wireless public and untrusted networks. The technology requires a Citrix NetScaler Gateway if want to know how it works check out – http://www.citrix.com/products/netscaler-gateway/how-it-works.html. You can easily deploy a NetScaler Gateway solution utilising release 10.1+ which includes wizards – http://blogs.citrix.com/2013/07/03/citrix-netscaler-gateway-10-1-118-7-quick-configuration-wizard/.

XenMobile FIPS 140 Compliance
http://support.citrix.com/proddocs/topic/apppreptool/nl/ru/clg-appwrap-fips-con.html?locale=en

StoreFront 1.2

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 1.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT SERVICES- SFS
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER ACCESS GATEWAY – nsag
NETSCALER GATEWAY – nsg

Certificates
1: What type of certificate do you require for your SFS deployment depends upon weather the server is (a) internal only (b) deployed in-line with the AppController internally (c) deployed in the DMZ (d) deployed in-line with the AppController fronted by a nsg.
2:Another important consideration re what certificate to use includes weather you have an Enterprise CA with in your organisation to sign your CSRs or do you use self-signed certificates or do you generate and publicly sign your certificates (standalone or wildcard) externally?

What is StoreFront 1.2
StoreFront is replacing Web Interface 2015 ref Bitly link to Citrix EOL web page indicating WIF EoL. Why? StoreFront is the next generation platform which provides a great and seamless user experience across any type device supporting Citrix Receiver. StoreFront aggregates Windows & Mobile Apps, Desktop, Web-links, SaaS and can with a single click can propagate configurations changes between all the StoreFront servers within your environment.

Troubleshooting Tips
1: Generate and complete your CSR within IIS and bound the certificate to HTTPS on the intended sfs prior to installing StoreFront.
2: Where possible use your organisations Enterprise CA to sign your CSR’s over self-assigned SSL certificates generated in IIS.