The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – ldap
CERTIFICATE – cert
STORAGEZONE CONNECTOR – szc
XENMOBILE APPCONTROLLER – xac
Apple iOS 7 Support
You will need to apply Citrix’s iOS7 patch for XenMobile Device Manager 8.5 otherwise users attempting to enroll there BYO or Corporate iOS devices will receive the following Server ErrorCould Not Connect 500 reference – http://support.citrix.com/article/CTX139106. The patch and how-to apply it can be downloaded at – http://support.citrix.com/article/CTX139052.
1: If you do not have a Apple ID for your organisation click here to create one – Apple ID https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/createAppleId?localang=en_US. I would suggest creating an external e-mail addr that is bound to the XenMobile or XDM domain service so that multiple SysAdmins within your organisation have access to the APNS portal to issue and or renew your APNS certificates which expire annually upon the date that they where issued. I would also suggest that if your ticketing system support auto generation of a support ticket annually to utilise this feature to generate a new ticket annually to notify support and have the ticket assigned to be actioned to eventually be renewed and uploaded to the XDM web ui console at http://FQDN/zdm.
2: Once you have created your Apple ID generate a CSR on the intended XDM server via IIS
3: Submit to Citrix to sign and they will return a *.plist file as a response.
3: Login with your newly created Apple ID to Apple APNS Portal – https://identity.apple.com/pushcert/.
4: Upload your signed CSR from Citrix (*.plist response) which then generate a *.pem certificate file.
5: Import the *.pem certificate response from APNS into IIS using complete certificate request then export from IIS filling in the password fields.
6: Delete the certificate in IIS.
7: Remove the IIS role and restart your XDM. The XDM installation installs Tomcat which clashes with IIS which is why we uninstall the IIS role prior to the XDM installation.
1: The following TCP ports are required to enable the XDM to achieve device enrollment, retrieve mobile apps from external App Stores e.g Apple iTunes – https://itunes.apple.com/gb/genre/ios/id36?mt=8, Google Play Store – https://play.google.com/store?hl=en_GB and Samsung Apps – http://apps.samsung.com/venus/main/getMain.as?COUNTRY_CODE=GBR and much more.
80 – HTTP
443 – HTTPS
8443 – Secure
2159 – Apple APNS
2156 – Apple APNS
5223 – Apple Over the air WiFi enrollment
2: Troubleshooting Apple APNS – http://support.apple.com/kb/TS4264, http://support.apple.com/kb/HT3576
FQDN or Public Static IP Address
1: When installing the XDM which is the better option to use? A FQDN e.g http://axendatacentre.com/zdm or an IP addr: http://127.0.0.1/zdm? A FQDN provides the flexibility to move the XDM server between ISP’s as you always lose your IP addr range when moving from one ISP to another as all you need to do is adjust the DNS records to point to the new IP addr provided by your new ISP and the Tomcat CA remains unaffected and can still issue device certificates during enrollment.
2: If you did choose an IP addr over an FQDN and you moved the XDM to another static IP addr you would need to reinstall the XDM as the Tomcat CA would no longer be valid and able to issue device certificates.
Adding An iOS Public App
1: Search for iTunes WordPress as an example
2: Click on the first link in your search results which will typically direct you to the iTunes web page preview of the iOS mobile app e.g – https://itunes.apple.com/gb/app/wordpress/id335703880?mt=8.
3: Now make sure it’s that mobile app that you wish to add to the XDM software repository and copy the link.
TIP: You know the URL is valid as it always ends in ?mt=8
4: Login to the XDM admin console e.g https://FQDN/zdm and click the Applications tab.
5: Click new External iOS app
6: Copy and paste the URL and click GO thereafter it will contact the iTunes web page and collect an image, product name and description.
7: Select or Deselect any of the available check boxes , then click Create.
8: Navigate to the Deployment tab
9: Click the iOS base package or create an apps package for external apps give it a name, select the users then under resources select push apps and select WordPress now click finish.
10: You can click to deploy that updated deployment package or wait for iOS devices to connect back to the XDM whereby they will be notified of an update to external app package and imitate the trigger to prompt the user to download the WordPress iOS mobile app from iTunes (Remember the user will put in there iTunes password prior to it downloading).
Configuring An External Enterprise CA
Coming soon! In the meantime check out – http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-manage-securityid-configcert-ssl-tsk.html
XenMobile 8.5 Support Articles
General Support – http://support.citrix.com/product/xm/v8.5/
XenMobile Device Manager 8.5 Release Notes – http://support.citrix.com/article/CTX138116
XenMobile Device Manager 8.5.0 Patch for iOS 7 Compatibility – http://support.citrix.com/article/CTX139052
FAQ – Worx Home for Mobile Devices and MicroVPN Technology – http://support.citrix.com/article/CTX136914
Device Manager Web Services – http://support.citrix.com/article/CTX138803
XenMobile Enterprise Reference Architecture for XDM8.5, XAC2.8, SCZ 2.0 – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf
More coming soon!
In the mean time check out the Admin Guide at – http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-intro-wrapper-con-85.html and download the software package at – http://www.citrix.com/downloads/xenmobile/product-software/xenmobile-85-mdm-edition.html