Monthly Archives: July 2013

XenMobile Device Manager 8.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names

Apple iOS 7 Support
You will need to apply Citrix’s iOS7 patch for XenMobile Device Manager 8.5 otherwise users attempting to enroll there BYO or Corporate iOS devices will receive the following Server ErrorCould Not Connect 500 reference – The patch and how-to apply it can be downloaded at –

Apple APNS
1: If you do not have a Apple ID for your organisation click here to create one – Apple ID I would suggest creating an external e-mail addr that is bound to the XenMobile or XDM domain service so that multiple SysAdmins within your organisation have access to the APNS portal to issue and or renew your APNS certificates which expire annually upon the date that they where issued. I would also suggest that if your ticketing system support auto generation of a support ticket annually to utilise this feature to generate a new ticket annually to notify support and have the ticket assigned to be actioned to eventually be renewed and uploaded to the XDM web ui console at http://FQDN/zdm.
2: Once you have created your Apple ID generate a CSR on the intended XDM server via IIS
3: Submit to Citrix to sign and they will return a *.plist file as a response.
3: Login with your newly created Apple ID to Apple APNS Portal –
4: Upload your signed CSR from Citrix (*.plist response) which then generate a *.pem certificate file.
5: Import the *.pem certificate response from APNS into IIS using complete certificate request then export from IIS filling in the password fields.
6: Delete the certificate in IIS.
7: Remove the IIS role and restart your XDM. The XDM installation installs Tomcat which clashes with IIS which is why we uninstall the IIS role prior to the XDM installation.

TCP Ports
1: The following TCP ports are required to enable the XDM to achieve device enrollment, retrieve mobile apps from external App Stores e.g Apple iTunes –, Google Play Store – and Samsung Apps – and much more.

80 – HTTP
443 – HTTPS
8443 – Secure
2159 – Apple APNS
2156 – Apple APNS
5223 – Apple Over the air WiFi enrollment
2: Troubleshooting Apple APNS –,

FQDN or Public Static IP Address
1: When installing the XDM which is the better option to use? A FQDN e.g or an IP addr: A FQDN provides the flexibility to move the XDM server between ISP’s as you always lose your IP addr range when moving from one ISP to another as all you need to do is adjust the DNS records to point to the new IP addr provided by your new ISP and the Tomcat CA remains unaffected and can still issue device certificates during enrollment.
2: If you did choose an IP addr over an FQDN and you moved the XDM to another static IP addr you would need to reinstall the XDM as the Tomcat CA would no longer be valid and able to issue device certificates.

Adding An iOS Public App
1: Search for iTunes WordPress as an example
2: Click on the first link in your search results which will typically direct you to the iTunes web page preview of the iOS mobile app e.g –
3: Now make sure it’s that mobile app that you wish to add to the XDM software repository and copy the link.
TIP: You know the URL is valid as it always ends in ?mt=8
4: Login to the XDM admin console e.g https://FQDN/zdm and click the Applications tab.
5: Click new External iOS app
6: Copy and paste the URL and click GO thereafter it will contact the iTunes web page and collect an image, product name and description.
7: Select or Deselect any of the available check boxes , then click Create.
8: Navigate to the Deployment tab
9: Click the iOS base package or create an apps package for external apps give it a name, select the users then under resources select push apps and select WordPress now click finish.
10: You can click to deploy that updated deployment package or wait for iOS devices to connect back to the XDM whereby they will be notified of an update to external app package and imitate the trigger to prompt the user to download the WordPress iOS mobile app from iTunes (Remember the user will put in there iTunes password prior to it downloading).

Configuring An External Enterprise CA
Coming soon! In the meantime check out –

XenMobile 8.5 Support Articles
General Support –
XenMobile Device Manager 8.5 Release Notes –
XenMobile Device Manager 8.5.0 Patch for iOS 7 Compatibility –
FAQ – Worx Home for Mobile Devices and MicroVPN Technology –
Device Manager Web Services –
XenMobile Enterprise Reference Architecture for XDM8.5, XAC2.8, SCZ 2.0 –

More coming soon!
In the mean time check out the Admin Guide at – and download the software package at –

StoreFront 2.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names

1: What type of certificate do you require for your SFS deployment depends upon weather the server is (a) internal only (b) deployed in-line with the AppController internally (c) deployed in the DMZ (d) deployed in-line with the AppController fronted by a nsg.
2:Another important consideration re what certificate to use includes weather you have an Enterprise CA with in your organisation to sign your CSRs or do you use self-signed certificates or do you generate and publicly sign your certificates (standalone or wildcard) externally?

StoreFront 2.0 Overview
1: StoreFront is replacing Web Interface 2015 ref Bitly link to Citrix EOL web page indicating WIF EoL. Why? StoreFront is the next generation platform which provides a great and seamless user experience across any type device supporting Citrix Receiver. StoreFront aggregates Windows & Mobile Apps*, Desktop, Web-links, SaaS and can with a single click can propagate configurations changes between all the StoreFront servers within your environment.
2: No more MS SQL database requirements with the SFS 2.0 release.
3: Improved login performance.
4: Bind your SSL certificate within IIS prior to installing or configuring SFS 2.0 and remove HTTP unless required to OS harden your SFS server. By binding the SSL cert prior to configuration of SFS it will ensure that the configuration wizard uses HTTPS over HTTP. In addition where possible use your organisations Enterprise CA to sign your StoreFront servers CSR instead of using the self-assigned SSL certificate option to generate a SSL cert in IIS as this will causes secure (SSL) communication issues between SFS and the delivery controller(s) if using HTTPS and when you attempt to access published resources from the configured delivery controller the resources will not be available as the servers cannot successful communicate with one another over HTTPS.
5: Beacons enable Citrix Receiver to understand intelligently wether a user is connecting to your organisations Citrix resources is internally or externally, by attempting to access the internal or external SFS FQDN’s within the StoreFront MMC snap in e.g storefront.axendatacentre.local (Internal) or (External and resolvable).
* Worx Home is now responsible for the delivery or mobile apps delivered via the XenMobile AppController 2.8
6: This Citrix blog article sums up the Receiver for HTML 5 – and you can learn how-to install and configure it at –

Subscription Database Where Is It?
The release of Citrix StoreFront 2.0 from 1.2 brought with it a change in where and how follow-me apps subscription data is stored. Historically this was stored in an MS SQL database in 1.2 now this data is actually stored in a EDB file check out. – which is automatically replicated if a SFS cluster. You can also adjust the subscription synchronising period by following this eDocs article which requires some PoSH cmdlets –

Customising Receiver for Web
This blog article goes into great detail about to customise Receiver for Web from the logos, background image, connecting from IP addr of the user to adding in additional elements e.g click here to contact your IT Helpdesk. Check it out at –

HTML 5 Receiver Configuration & Support
Coming Soon!

Citrix StoreFront 2.0 – Implementation Guide

XenServer 6.2

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenServer 6.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Is My Server Hardware Supported?
1: Navigate to to verify if your server hardware is compatible of supporting XenServer.
2: Check to see if your CPU supports either Intel VT or AMD-V for more information about these hypervisor enabled CPU’s please visit –

XenServer Is Now OpenSource

How-to setup and configure GPU Virtualisation (vGPU) & GPU Pass-Through (DRAFT & MAY CONTAIN ERROR(S))
This is a collection of great CTX, Blog articles to aid you in further understanding the GPU differences, jargon and how-to get started today.

1: Start by downloading and upgrading your XS host(s) to 6.2 SP1 by following this CTX article at –
2: While you review the documentation and start planning an upgrade window(s) for your Demo/PoC XS host environment (Always do a PoC before attempting to put anything into Production) you’ll need to read some more valuable documentation at – and download and read through the relevant Reviewers guide, to get started ASAP for vGPU read “Part 3: XenServer GPU Virtualization (vGPU)”. I would also recommend navigating this nVidia link to learn more about the GRID technology and cards – with your next stop being –, then – followed by optionally either for Desktop OS – and Server OS – depending on weather you want to delivery rich graphics to users on a hosted shared desktop (RDS Workload) or VDI.
4: I would also recommend that if you do have compatible hardware on the HCL to check that you have sufficient power (Amps) to your rack/cabinets and sufficient number of PSU’s in the server or blade chassis to support the extra power draw.

vGPU Monitoring

GPU Sharing Technology Tech Preview
. These features are now available in XenServer 6.2 SP1 check out – .

Coming soon!
In the mean time check out – Citrix XenServer .