Monthly Archives: April 2014

StoreFront 2.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.5, 2.5.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
XENDESKTOP – xd
XENAPP – xa
CERTIFICATE SIGNING REQUEST – csr
VDI-IN-A-BOX – viab
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
WEB INTERFACE – wif
NETSCALER GATEWAY – nsg
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns

What’s New
1: StoreFront API for an architecture overview and what capabilities are now available check out – http://blogs.citrix.com/2014/06/19/introducing-storefront-web-api/.
2: Update to the HTML5 Receiver Citrix’s agent free method to connected Web, SaaS, Windows Apps and Desktops (Server & Desktop VDI) checkout – http://support.citrix.com/proddocs/topic/receiver-html5-13a/receiver-html5-13-about.html#receiver-html5-13-about and also take a look at – http://blogs.citrix.com/2014/04/02/zero-install-receiver-for-html5-1-3-gives-enhanced-xenapp-and-xendesktop-experience/.
3: Improved customisation via cfg files to adjust the overall look and feel of Receiver for Web.
4: Folder View for Receiver for Web (RfW) checkout – http://blogs.citrix.com/2014/06/23/receiver-for-web-folder-view/. This does require a download from – https://www.citrix.com/downloads/storefront-web-interface/product-software.html with a valid Citrix.com account.

Installing & Deploying StoreFront
1: Review the System Requirements for StoreFront at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements.html and remember to make a note of the required ports for internal SFS communication & the HTML5 Receiver if your going to deploy it. It is also worth ensuring that you have the correct infrastructure requirements in place e.g version of XenApp, XenDestop e.tc that is supported by StoreFront 2.5 ref – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements-server.html, last but no least ensure your endpoint clients are updated accordingly to the lastest supported Citrix Receiver agent, HTML5 support Web Browser ref – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements-client.html.
2: I would recommend that you download and read through the StroreFront Planning Guide available at – http://support.citrix.com/article/CTX136547, which covers off authentication between WiF and StoreFront, single and high-available deployments between two data centres leveraging a NetScaler Gateway which also includes deployment sizing from 500 through to 10000 users, how-to use features such as KEYWORDS:prefer=”application” when configuring SFS and the document contains a lot of useful information. *
3: Next download https://support.citrix.com/article/CTX133185 which will get your through an architectural overview and how-to install and configure SFS with an SSL certificates, NetScaler Gateway & STA for remote access, joining StoreFront servers to form a StoreFront cluster and much more. *
4: Finally howto customise your StoreFront 2.5 implementation end to end – http://blogs.citrix.com/2014/04/04/customizing-receiver-for-web-2-5/ from background re-branding, pre-announcements (pre-login), server side ASPX cfgs, language support and so much more.
5: *This CTX article is based off StoreFront 2.0 however I believe it still contains very useful information and resources.

Enhance The User’s Experience
A simple SRV record entry added to your DNS can make your users experience all that better and easier as all they need to remember essentially is there organisational email addr, password and optionally organisation specific a soft token e.g Symantec VIP or RSA SecureID.

If using the Citrix Receiver agent when logging in with the above access details it will auto configure the Store information for Citrix Receiver and you be able to launch resources delivered from XenApp, XenDesktop, XenMobile AppController and ViaB and if your where connecting using the agent less method i.e the HTML5 Receiver you will be able to the exact same resources launch directly from within any HTML5 web browser.

How do I enable the App tab by default in RfW, add drop down domains at the login web page, displayed user login id/name instead of display name, how do I hide Active, move the Apps and Desktops tab to an alt location and more so checkout – http://blogs.citrix.com/2014/06/20/receiver-for-web-faq/.

Create a StoreFront Cluster
http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-server-group.html & http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-deploy-join.html.

Creating a High-Available & Load Balancing StoreFront Cluster
Firstly take a look at this diagram at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-ha-example.html then follow process documented at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-ha-lb.html.

How to Configure XenApp 6.5 and StoreFront 2.0 for Direct HTML5 1.0/1.1 Receiver Connections
http://support.citrix.com/article/CTX139239.

Heartbleed Security Vulnerability

Some useful links surrounding the recent discovery of the OpenSSL security vulnerability named Heartbleed but its technical official reference is “CVE-2014-0160” related to Citrix.com.

1: The official website – http://heartbleed.com and vulnerability tech overview is available at – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160.
2: Citrix CTX article providing an update regarding any products which potentially require a patch, upgrade – http://support.citrix.com/article/CTX140605.
3: Useful blog article detailing the security advisory for XenMobile deployments – http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/.

XenMobile AppController 2.10

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.10 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
GoToMeeting – gtm
GoToAssist – gta
CERTIFICATE AUTHORITY – ca

Understanding MDX Technologies
1: Citrix MDX technologies provides and enable IT to wrap enhanced security, traffic around mobile apps for Android and iOS. The technologies can be segregated into 3 tiers called MDX ACCESS, MDX INTERAPP & MDX VAULT when determining what policy(s) to enforce. I will not look into the capabilities of each tier at a high level.
2: MDX VAULT enables encryption of the private data storage of MDX wrapped mobile apps. Check out – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-encryption-con.html.
3: MDX INTERAPP allows IT to control the application fabric of MDX wrapped mobile apps e.g restricting what apps it can open in (Document Open In); opening a service of the mobile platform e.g maps when a user clicks on an address in WorxMail.
4: MDX ACCESS enables and allows IT to set a MDX wrapped mobile apps traffic to be tunnelled via a mVPN, blocked or to the internet. The mVPN can be configured with either SecureBrowse (Only internal traffic traverses up the mVPN and anything bound for the internet does not) or FullVPN (All traffic flows up the mVPN).
5: You can find more surrounding the MDX policies at these two links one for iOS at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-policies-andr-con-1.html.

Wrapping native *.APK, *.IPA mobile apps to become MDX enabled
1: Take a look at the following documentation in eDocs at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appwrap-toolkit-wrapper.html then the MDX Toolkit Documentation –http://support.citrix.com/servlet/KbServlet/download/37081-102-709208/MDXToolkit%20Documentation%20v1.0.pdf and video available at showing how to wrap Android mobile apps – http://www.citrix.com/tv/#videos/9465. I have embedded the video below from Citrix.com/TV:

Pre-requisites, Understanding & Installing The XenMobile 8.7 Components End-2-End for a PoC or a Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
Coming soon!

XenMobile Device Manger 8.7

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.7 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
GoToMeeting – gtm
GoToAssist – gta
VOLUME PURCHASE PROGRAM – vpp

APNS CSR Submission to Citrix
1: The APNS submission process has been updated in XenMobile 8.7 please find the updated submission process at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-submit-csr-citrix-signing-tsk.html.
2: To learn how-to generate and create a APNS certificate navigate to – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-config-requesting-apns-con.html.

Installing XDM 8.7 (DRAFT & MAY CONTAIN ERROR(S))
1: Review the system requirements at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-device-manager-sys-reqs-con.html also and decide what type(s) of OSes and or devices that you would like to support within your organisation e.g iOS (iPhone), Android (Samsung) or Windows (Surface). The current supported device list is available at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-device-platforms.html.
2: Once your have reviewed the system requirements complete the ports – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-component-port-reqs-n-con.htmland pre-requisites – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-prepare-xenmobile-checklist-con.html. Start with the XDM installation and decide what components to install take a look at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-install-select-components-con.htmlthen proceed to begin with the XDM installation – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-device-manager-install-steps-tsk.html.
3: Post the XDM installation you can setup and configure your (s)LDAP / AD binding by following this eDocs article at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-authentication-device-mgr-con.html. NOTE: Remember post successful configuring the binding remember to select it and click “ENABLE” then click Save to close the options window and to save the configuration.
4: Configure your XDM by following the eDocs articles located under – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-manage-server-admin-wrapper-con.html.
5: If you are going to setup and configure a XDM cluster I would suggest reading through the XDM cluster piece I have written below and also read through – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-ha-wrapper-con.html prior to installing your XDM 8.7 cluster.
6: You can now also watch this video below re how-to install the XDM from http://www.citrix.com/tv:

Creating a XDM Cluster & Load Balancing
1: I would suggest reading through How-to setup and configure a XDM cluster – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-ha-wrapper-con.html thereafter prior to you setting up and configuring a XDM cluster prepare by creating a script that can handle and manage the process of preparing e,g backing up the original files and then committing the required files to the secondary, third XDM servers. I created a prepare and a commit script to easily achieve creating my own XDM cluster when setting a PoC or a training lab for a XenMobile PoC workshop. The first time you use or test your scripts you will need to manually create your modified files to enable XDM clustering. I would also suggest checking eDocs between different XenMobile versions if anything has changed in the cfg files for the XDM re Clustering.
2: You should have two script files the 1st script is used to copy the files from the primary XDM server to a dest folder. The 2nd script is used to commit the files from the primary XDM server to the secondary XDM at the point prior to configuring the database connection (You must complete the database connection exactly the same as the primary XDM server) during the XDM installation on the secondary XDM server you will only need to enter in a password during the CA stage and many steps thereafter will be different as well as you have already copied over cfgs files.
3: Please differ to the eDoc’s link above for full details and instructions.
4: Learn how-to load balancing your XDM cluster check – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-ha-wrapper-con.html or watch this video re how-to configure load-balancing from http://www.citrix.com/tv:

Configuring an External Certificate Authority by Using an SSL *.p12. *.pfx Certificate
1: Modify the follow server.xml, pki.xml files accordingly as mentioned in eDocs – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-configcert-ssl-tsk.html. Alternatively you can also follow this CTX article entitled “How to Configure an External SSL Certificate for Device Manager” at – http://support.citrix.com/article/CTX136952.
2: I would suggest review the above documentation and create a script that can create a folder for your external SSL cert, backup and then replace the server.xml and pki.xml files and finally restart the XDM services in order for the External SSL cert to be bound to the https FQDN of the XDM.

XenMobile Device Manager SSL Offload using Netscaler Configuration Step by Step
http://blogs.citrix.com/2014/03/20/xenmobile-device-manager-ssl-offload-netscler-configuration-step-by-step/.

Shared Devices
1: If you are looking to enable and allow the Shared Devices feature of XenMobile take a look at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-shared-devices.html. It’s only supported with the XDM.

Enable & Configure Shared Devices for the XDM
1: http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-shared-devices.html.