Author Archives: lyndonjonmartin

XenApp 7.6 XenDesktop 7.6 including Feature Pack (FP) 1

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 7.6, XernDesktop 7.6 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENAPP – xa
XENDESKTOP – xd
VIRTUAL DELIVERY AGENT – vda
LIGHT WEIGHT DIRECTORY PROTOCOL – ldap
ACTIVE DIRECTORY – ad
CERTIFICATE SIGNING REQUEST – csr
CONNECTION LEASING – cl
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns
DYNAMIC HOST CONFIGURATION PROTOCOL – dhcp
FEATURE PACK – fp

What’s New now with Feature Pack 1 (FP1)
0: If you are new to XenDesktop 7.x, XenApp & XenDesktop 7.5, 7.6 then I would suggest that you begin by reading and reviewing the Technical Overview of XAD 7.6 – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-architecture-article.html and follow on by understanding the System Requirements for XAD 7.6 at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-system-requirements-76.html.
1: XenApp – http://www.citrix.com/products/xenapp/whats-new.html.

2: XenDesktop – http://www.citrix.com/products/xendesktop/whats-new.html. 3: How to setup and configure session pre-launch and lingers for XAD 7.6 – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-dg-manage-sessions.html#xad-dg-manage-sessions__prelaunch-linger including a video from Citrix TV is embedded below. 4: Connection Leasing (Previously or rather similar to Local Host Cache (LHC) under XenApp 6.x and downwards) provides the ability to allow end-users within your organisation the ability to continue to access Citrix published desktops, applications even if your MS SQL highly available database is offline using the new feature in XAD 7.6. Please note that you should always still have a H/A SQL database environment in-place and connection leasing does require the 7.6 VDA. For more information please read and review – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-connection-leasing.html#xad-connection-leasing. 5: How-to perform a XenApp 6.5 migration – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-xamigrate.html#xad-xamigrate and the general eDocs node that covers off migrations from previous versions of XenApp 6.x and XenDesktop 4.x, 5.x are covered at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-upgrade-existing-environment.html. 6: Overview & Understanding High Definition eXperience (HDX) under XAD 7.6 including Flash and USB/Drive redirection, GPU Sharing and Network traffic priorities – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx-landing.html. 7: For a complete and full list of what’s new in XenApp 7.6 and XenDesktop 7.6 take a look at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-whats-new.html. 8: What’s new in the XAD 7.6 FP1? Check out http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-whats-new-7-6fp1.html for a list of the full details. I’ve provided summary below of what it includes: – Session Recording which/was formerly Smart Auditor. – Updated Citrix Licensing. – Updated Director which includes enable/disable session recording for the detail check out http://support.citrix.com/article/CTX142260. – HDX Real-Time Optimization Pack 1.7 for Microsoft Lync 2013 the details here at – http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-17/lync-realtime-optimization-pack-17.html. Detailed How-to Upgrade to Citrix Receiver 4.2.x.n 1: Learn what is required in order to perform an upgrade of your existing Citrix Receiver 3.4 implementation to to 4.2.100 by download this handy and useful PDF best practises guide at – http://docs.citrix.com/content/dam/en-us/receiver/windows/4-2/downloads/Receiver_for_Windows_4.2_Upgrade_Best_Practice_Guide.pdf. 2: It is also worth mentioning that the current new Citrix Receiver for Windows 4.2.x.n now supports TLS 1.1, 1.2, Start menu integration & shortcut management, USB 3.0 and so much more please check out – http://support.citrix.com/proddocs/topic/receiver-windows-42/receiver-windows-42-about.html#receiver-windows-42-about for more information so upgrading does and will provide numerous useful benefits for CTX SysAdmins and there end-users. Upgrading & Migration
1: XenApp 7.5 Migration Guide – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-75-migration-guide.pdf.
2: Upgrading & Migration Microsite for XenApp 6.x to XenApp 7.5 – http://www.citrix.com/products/xenapp/tech-info/upgrade.html.
3: Introduction to XenApp 7.6 Upgrade Planning recorded GoToWebcast from 07/102014 available at – https://citrix.webcasts.com/viewer/event.jsp?ei=1040823. If you would any overview please read the orginal events web page at – http://www.citrix.com/events/introduction-to-xenapp-76-upgrade-planning.html. Citrix Education
1: CXA-104 Citrix XenApp 7.6: Overview – – http://training.citrix.com/mod/ctxcatalog/course.php?id=925. 2: CXA-105 Getting Started with Citrix XenApp and XenDesktop 7.6 – http://training.citrix.com/mod/ctxcatalog/course.php?id=973 3: CXA-208 Moving to XenApp 7.6 – http://training.citrix.com/mod/ctxcatalog/course.php?id=1096. 4: CXD-105 Citrix XenApp and XenDesktop Help Desk Support – http://training.citrix.com/mod/ctxcatalog/course.php?id=1011. GUI Installation & Overview for XenApp 7.6, XenDesktop 7.6
1: XenApp 7.6 Reviewers Guide provides a simple installation overview which can be downloaded at https://www.citrix.com/content/dam/citrix/en_us/documents/oth/xenapp-reviewers-guide.pdf and the XenDesktop 7.6 equivalent can be found at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xendesktop-reviewers-guide.pdf. Unattended Installation of XAD 7.6 Infrastructure Components & The VDA
1: The installation executable is located at x64\XenDesktop Setup\XenDesktopServerSetup.exe within the installation media path. The below is an example and simply replace x with mounted ISO, CD/DVD drive letter or the UNC path to the XAD7.5-6 installation media. If you do not include the /xenapp switch it will automatically install XenDesktop.

x:\x64\XenDesktop Setup\XenDesktopServerSetup.exe /xenapp /components controller,desktopstudio /configure_firewall

2: Sample installation code to insert into a batch script from Citrix eDocs that will install the VDA on Desktop OS as a master image and it will include Citrix Receiver.


x:\x64\XenDesktop Setup\XenDesktopVdaSetup.exe /quiet /components
vda,plugins /controllers “Contr-Main.mydomain.local” /enable_hdx_ports /optimize
/masterimage /baseimage /enable_remote_assistance

If you are looking for how-to install the VDA for groups of machines in AD the please checkout this eDocs node the batch script that will allow you to install/configure or even remove the VDA – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-install-vda-adscript.html.
3: For more detailed information check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-install-command.html.

High-Definition user eXperience (HDX) 1: So what is HDX? That’s a very good question an introduction whitepaper to your questions can be found at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-hdx-technologies.pdf. 2: Now that you’ve read through the whitepaper you will want to begin configuring and testing some of the HDX policies in Studio to test out HDX capabilities. Start with reading through the HDX eDocs node at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx-landing.html. If your more interested in HDX 3D Pro which leverages GPU cards installed on workstations, servers within the data centre then I would suggest to start by reviewing – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx3dpro-intro.html. For a visual aid surrounding of how GPU technologies with work XenApp & XenDesktop take a look at how GPU pass-through works at – http://www.nvidia.com/object/xenapp.html for with XenApp and for a vGPU works for XenDesktop check out – http://www.nvidia.com/object/virtual-gpus.html. 3: High Definition User Experience template policy in Studio explained and feedback requested – http://blogs.citrix.com/2014/11/13/citrix-studio-templates-help-needed-out-of-the-box-configuration-for-xendesktop-and-xenapp/. Citrix Unveils New Version of Market Leading Third-Generation Unified Platform for Application and Desktop Virtualization
http://www.citrix.com/news/announcements/aug-2014/citrix-unveils-new-version-of-market-leading-third-generation-un.html Citrix Offers Technology Preview of Linux Virtual Apps and Desktops Delivered from XenApp and XenDesktop

http://www.citrix.com/news/announcements/aug-2014/citrix-offers-technology-preview-of-linux-virtual-apps-and-deskt.html Deploying Unified Communications (UC) Lync 2010/2013 1: Lync Feature Matrix is available at – http://support.citrix.com/article/CTX200279 which is very useful for understanding what is and what isn’t supported and whether you need to deploy either the HDX Optimisation Pack of the Microsoft VDI Plug-in. 2: Delivery options for deploying Microsoft Lync for XenApp 7.6 or XenDesktop 7.6 explained in detail at – http://blogs.citrix.com/2014/10/23/delivering-lync-from-xenapp-and-xendesktop/. I’ve summarised your options below: – Generic HDX Realtime * Pure ICA/HDX between two end-points and the infrastructure. – HDX RealTime Optimization Pack for Lync® * Optimised softphone with offloading of the media engine by Citrix Note: 1.6 is for Lync 2010 and 1.7 is for Lync 2013 check out 1.7 – http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-17/hdx-realtime-optimization-pack-about-17.html which is compatible with Lync Server 2013, Lync Server 2010, and Lync Online (Office 365). – Microsoft® Lync® VDI Plug-in * Optimised softphone with offloading of the media engine by Microsoft check out the CTX article for a how-to at – http://support.citrix.com/article/CTX138408. – Local App Access utilises a * XAD policy applied to users to utilise the locally installed Lync app over published Lync app from XenApp. If you want to under more about how-to enable this XAD feature please review – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-laa-intro.html. * Please refer to eDocs or CTX200279 3: UC with XenApp and XenDesktop Solutions Brief – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/unified-communications-with-xendesktop-solutions-overview.pdf.

XenMobile Device Manager 9.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
APPLE PUSH NOTIFICATION SERVICE – apns
ROLE BASED ACCESS CONTROL – rbac
LIGHT WEIGHT DIRECTORY PROTOCOL – ldap
ACTIVE DIRECTORY – ad
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns

Self-paced Online (SPO) XenMobile Device Manager Training
1: Course # CXM-200 entitled “Deploying Citrix XenMobile Device Manager Server” at – http://training.citrix.com/mod/ctxcatalog/course.php?id=834. Note at the time of writing this blog entry Thursday 17/07/2014 this SPO was freely available with a valid Citrix.com account.
2: Course # CXM-201
Administering and Managing Devices with Citrix XenMobile 9.0 – http://training.citrix.com/mod/ctxcatalog/course.php?id=923. Login to view the price at http://training.citrix.com.

XenMobile APNS Signing Portal
This service requires a valid Citrix.com partner access details to sign-in and sign your APNS CSR – https://xenmobiletools.citrix.com/. Please review the documented APNS process for XenMobile Device Manager at – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-config-requesting-apns-con.html.

Handset Security
1: How do you know a handset is secure outside of MDM or EMM providers? Well I typically search for a security Whitepaper or security micro sites that covers off the h/w and or software security hardening of these mobile handsets and I have listed a few below enjoy. Note the resources are not listed in any particular order.

Samsung Knox – https://www.samsungknox.com/en/support/knox/white-paper

Windows Phone 8.1 Security Overview – http://download.microsoft.com/download/B/9/A/B9A00269-28D5-4ACA-9E8E-E2E722B35A7D/Windows-Phone-8-1-Security-Overview.pdf

iOS Security – http://www.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf

Android Security Overview – https://source.android.com/devices/tech/security/

XenMobile AppController 9.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns

New & Existing XenMobile AppController (XAC) Admin & User Consoles
1: The NEWEST console is a troubleshooting one which is accessible at https://XAC-FQDN:4443/ControlPoint/support which allows troubleshooting of NetScaler Gateway, XenMobile Device Manager
2: Control Point Admin console – https://XAC-FQDN:4443/ControlPoint/
3: Hidden Admin console – https://XAC-FQDN:4443/admin.
4: Receiver for Web (RfW) provides user access to SaaS, Web-links – https://XAC-FQDN:4443/Citrix/StoreWeb/ natively. You can integrate XAC with StoreFront to enumerate published Windows apps, Sever and Desktop VDI’s from XenApp, XenDesktop 7.x.

What’s New
0: XenMobile Security PDF document – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf and XenMobile security microsite is also available at – http://www.citrix.com/products/xenmobile/tech-info/mobile-security.html.
1: Support for Windows Phone 8.1 MDX Policy’s for WorxMail and WorxWeb only – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-worx-about-wrapper.html. You can learn how to wrap Worx apps for Windows Phone 8.1 using this useful CTX article entitled “FAQ: Windows Phone 8.1 and XenMobile 9” – http://support.citrix.com/article/CTX200105 and also watching the following video below from Citrix TV.

2: New troubleshooting and support console that can download logs, perform connectivity tests and upload logs to http://taas.citrix.com. The console is available at – https://XAC-FQDN:4443/ControlPoint/support once you have successful authenticated at https://XAC-FQDN:4443/ControlPoint/. You will need to know the admin access details for NSG, XAC and XDM in order to effectively use this console.

3: Wrapping iOS Worx Apps Video.

4: Wrapping Andriod Worx Apps including covering off how-to sign multiple *.APK files using a BASH script. Refer to the XenMobile 9.0 MDX Toolkit Documentation
– http://support.citrix.com/article/CTX140458 for more information once you have watched this video.

5: XenMobile 9.0 MDX Toolkit Documentation – http://support.citrix.com/article/CTX140458

Installing & Deploying XAC 9.0
1: Review and understand the systems & networking pre-requites of the XAC virtual appliance at – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-sysreqs-wrapper-con.html and http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-prepare-xenmobile-checklist-con.html.
2: Deploy the XAC virtual appliance on your chosen hypervisor and boot it and follow the onscreen instructions to apply the IP addr, DNS e.t.c and reboot upon completion connect to the Web Admin UI to compete the initialisation wizard thereafter you can begin to setup and configure your XAC virtual appliance and upload your MDX signed Worx apps and configure the MDX policies as required per app per supported platform. Don’t forget to generate and sign a CSR for the XAC and optionally sign it with your Enterprise CA (PoC/Demo environments) or a Public CA (PROD environments) and apply your own SSL certificate(s) to the XAC refer to – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-deploy-appc-cert-install-con.html or for a video demonstration watch – http://www.citrix.com/tv/#videos/9501.
3: Configuring MDX policies for Windows Phone 8.1 – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-wp81.html, iOS – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-andr-con-1.html. Finally checkout how-to configure encryption policies – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-encryption-con.html.
5: Once you have setup and configured your XAC appliance you can setup high-availability – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-ha-wrapper-con.html.
6: If you are looking for the XenMobile Reference Architecture please refer to http://support.citrix.com/article/CTX140433.

XenMobile Enterprise 9.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE ENTERPRISE – xme
XENMOBILE CLOUD – xc
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE APPCONTROLLER – xac
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns
PUBLIC KEY INFRASTRUCTURE – pki

XenMobile Security
1: Citrix have published a Whitepaper in PDF format covering the security within XenMobile which can be downloaded directly at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf there is also a new security web page within the XenMobile microsite on Citrix.com at – http://www.citrix.com/products/xenmobile/tech-info/mobile-security.html.
2: Security harden your XDM implementation leveraging Microsoft’s leading best practises I have listed below are a few (starter) useful resources. I always believe that you should challenge the way you are manage your infrastructure periodically from the services, ports, packages running on servers to the ACL at the edge of your network to ensure that you are using the latest leading best practises for monitoring, managing and supporting your environment(s) end-2-end and often this will require input from a Server, DBA SysAdmin & network engineer.

Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/gg236605.aspx
http://technet.microsoft.com/en-us/library/dd548350(v=ws.10).aspx

Windows Server 2012
http://technet.microsoft.com/en-us/library/jj898542.aspx
http://technet.microsoft.com/en-us/library/hh831360.aspx.

What’s New & Fixed
1: Support for Windows Phone 8.1 MDM API’s which include but not limited to software inventory, disabling of the camera, encryption e.t.c and for a complete list checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-config-win-81.html.
2: New MDX policies for Windows Phone 8.1 e.g Document exchange (Open In), App restrictions, iOS e.g AirDrop, Social media integration and others.

For a full list of MDX policies for iOS checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-andr-con-1.html and for Windows Phone 8.1 checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-wp81.html.

3: Cloud enabled Enterprise Mobility Management (EMM) powered by with XenMobile Cloud – http://www.citrix.com/products/xenmobile/tech-info/cloud.html.

4: New RBAC options within XDM to optionally ring or disown devices.
5: IPv6 licensing is now supported for XDM 9.0 check out – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-deploy-xenmobile-licenses-con.html in addition checkout this Citrix Blog article for a set by step how-to – http://blogs.citrix.com/2014/07/02/install-license-server-for-xenmobile-device-manager-in-xenmobile-9-0/.
6: XDM clustering for multiple geographic sites so that the device management service is resilient to outages at individual sites – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-ha-wrapper-con.html.
7: FIPS Compliance – http://support.citrix.com/proddocs/topic/xenmobile-90/clg-appwrap-fips-con.html
8: Secret Vault for iOS and Android- http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-secret-vault-ios-andr.html.
9: Penetration tested by Veracode and Gotham who are specialists in digital science and research.
10: Full a complete and full list of Whats new in XenMobile 9.0 please take a look at – http://support.citrix.com/proddocs/topic/xenmobile/xmob-understand-whats-new.html.
11: XenMobile 9.0 – Issues Fixed in This Release – http://support.citrix.com/article/CTX140926.
12: Always check in with the XenMobile data sheet for the most up to date and accurate features and details for XenMobile vs. editions at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf?accessmode=direct.

Citrix Support Forums for XenMobile 9.0
You can access the latest online Citrix Discussions focused on XenMobile 9 at – discussions.citrix.com/forum/1487-xenmobile-9x/ and previous discussions can be found at – discussions.citrix.com/forum/302-xenmobile/, including ZenPrise 7.x.

Wrapping & Deploying Worx Mobile Apps for Windows Phone 8.1
1: This CTX article provides a lot of detailed pre-requites & FAQ – http://support.citrix.com/article/CTX200105.
2: http://blogs.citrix.com/2014/07/11/deploying-worx-home-and-worx-apps-to-windows-phone-8-1-with-xenmobile/.

Xenmobile 9 Basic Upgrade Video Demonstration

XME Supported Mobile OS/Hardware Platforms
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-device-platforms.html

XenMobile 9.0 MDM Policies by OS Platform
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-device-platform-matrix.html

XenMobile 9.0 Compatibility Matrix
Currently the following NetScaler (Gateway) builds are supported for XenMobile 8.6 and 8.7 is 10.1.124.1308.e and for XenMobile 9.0 the following are supported 10.1.126.1203.e, 10.1.124.1308.e and 10.5 reference – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-compatibilitymatrix-con.html.

Worx features by Platform
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-worx-feature-platform-matrix-con.html

XenMobile Public Key Infrastructure (PKI) Integration
Prior to implementing with XME I would suggest that you review and read through the PKI section in eDocs for XenMobile Enterprise 9.0 at – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-security-pki-overview-con.html so that you are aware and familiar with the supported PKI capabilities supported by XenMobile 9.0. The below embedded videos are from Citrix TV and covering the Symantec PKI integration for XenMobile 9.0.


http://www.citrix.com/tv/#videos/10866XenMobile Symantec PKI Integration Part1


http://www.citrix.com/tv/#videos/10867XenMobile Symantec PKI Integration Part2

Deploying & Hardening XenMobile 9.0
1: Here is a really good blog article to help you understand XenMobile Bandwith requirements and considerations – http://blogs.citrix.com/2014/07/10/xenmobile-bandwidth/ .
2. How-to restrict the XDM admin console from the Internet when using SSL Offloading – http://blogs.citrix.com/2014/07/14/mobility-experts-restrict-xenmobile-device-manager-admin-web-console-access-from-internet-when-deployed-in-ssl-offload-mode/.

StoreFront 2.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.5, 2.5.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
XENDESKTOP – xd
XENAPP – xa
CERTIFICATE SIGNING REQUEST – csr
VDI-IN-A-BOX – viab
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
WEB INTERFACE – wif
NETSCALER GATEWAY – nsg
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns

What’s New
1: StoreFront API for an architecture overview and what capabilities are now available check out – http://blogs.citrix.com/2014/06/19/introducing-storefront-web-api/.
2: Update to the HTML5 Receiver Citrix’s agent free method to connected Web, SaaS, Windows Apps and Desktops (Server & Desktop VDI) checkout – http://support.citrix.com/proddocs/topic/receiver-html5-13a/receiver-html5-13-about.html#receiver-html5-13-about and also take a look at – http://blogs.citrix.com/2014/04/02/zero-install-receiver-for-html5-1-3-gives-enhanced-xenapp-and-xendesktop-experience/.
3: Improved customisation via cfg files to adjust the overall look and feel of Receiver for Web.
4: Folder View for Receiver for Web (RfW) checkout – http://blogs.citrix.com/2014/06/23/receiver-for-web-folder-view/. This does require a download from – https://www.citrix.com/downloads/storefront-web-interface/product-software.html with a valid Citrix.com account.

Installing & Deploying StoreFront
1: Review the System Requirements for StoreFront at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements.html and remember to make a note of the required ports for internal SFS communication & the HTML5 Receiver if your going to deploy it. It is also worth ensuring that you have the correct infrastructure requirements in place e.g version of XenApp, XenDestop e.tc that is supported by StoreFront 2.5 ref – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements-server.html, last but no least ensure your endpoint clients are updated accordingly to the lastest supported Citrix Receiver agent, HTML5 support Web Browser ref – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements-client.html.
2: I would recommend that you download and read through the StroreFront Planning Guide available at – http://support.citrix.com/article/CTX136547, which covers off authentication between WiF and StoreFront, single and high-available deployments between two data centres leveraging a NetScaler Gateway which also includes deployment sizing from 500 through to 10000 users, how-to use features such as KEYWORDS:prefer=”application” when configuring SFS and the document contains a lot of useful information. *
3: Next download https://support.citrix.com/article/CTX133185 which will get your through an architectural overview and how-to install and configure SFS with an SSL certificates, NetScaler Gateway & STA for remote access, joining StoreFront servers to form a StoreFront cluster and much more. *
4: Finally howto customise your StoreFront 2.5 implementation end to end – http://blogs.citrix.com/2014/04/04/customizing-receiver-for-web-2-5/ from background re-branding, pre-announcements (pre-login), server side ASPX cfgs, language support and so much more.
5: *This CTX article is based off StoreFront 2.0 however I believe it still contains very useful information and resources.

Enhance The User’s Experience
A simple SRV record entry added to your DNS can make your users experience all that better and easier as all they need to remember essentially is there organisational email addr, password and optionally organisation specific a soft token e.g Symantec VIP or RSA SecureID.

If using the Citrix Receiver agent when logging in with the above access details it will auto configure the Store information for Citrix Receiver and you be able to launch resources delivered from XenApp, XenDesktop, XenMobile AppController and ViaB and if your where connecting using the agent less method i.e the HTML5 Receiver you will be able to the exact same resources launch directly from within any HTML5 web browser.

How do I enable the App tab by default in RfW, add drop down domains at the login web page, displayed user login id/name instead of display name, how do I hide Active, move the Apps and Desktops tab to an alt location and more so checkout – http://blogs.citrix.com/2014/06/20/receiver-for-web-faq/.

Create a StoreFront Cluster
http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-server-group.html & http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-deploy-join.html.

Creating a High-Available & Load Balancing StoreFront Cluster
Firstly take a look at this diagram at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-ha-example.html then follow process documented at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-ha-lb.html.

How to Configure XenApp 6.5 and StoreFront 2.0 for Direct HTML5 1.0/1.1 Receiver Connections
http://support.citrix.com/article/CTX139239.

Heartbleed Security Vulnerability

Some useful links surrounding the recent discovery of the OpenSSL security vulnerability named Heartbleed but its technical official reference is “CVE-2014-0160” related to Citrix.com.

1: The official website – http://heartbleed.com and vulnerability tech overview is available at – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160.
2: Citrix CTX article providing an update regarding any products which potentially require a patch, upgrade – http://support.citrix.com/article/CTX140605.
3: Useful blog article detailing the security advisory for XenMobile deployments – http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/.

XenMobile AppController 2.10

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.10 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
GoToMeeting – gtm
GoToAssist – gta
CERTIFICATE AUTHORITY – ca

Understanding MDX Technologies
1: Citrix MDX technologies provides and enable IT to wrap enhanced security, traffic around mobile apps for Android and iOS. The technologies can be segregated into 3 tiers called MDX ACCESS, MDX INTERAPP & MDX VAULT when determining what policy(s) to enforce. I will not look into the capabilities of each tier at a high level.
2: MDX VAULT enables encryption of the private data storage of MDX wrapped mobile apps. Check out – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-encryption-con.html.
3: MDX INTERAPP allows IT to control the application fabric of MDX wrapped mobile apps e.g restricting what apps it can open in (Document Open In); opening a service of the mobile platform e.g maps when a user clicks on an address in WorxMail.
4: MDX ACCESS enables and allows IT to set a MDX wrapped mobile apps traffic to be tunnelled via a mVPN, blocked or to the internet. The mVPN can be configured with either SecureBrowse (Only internal traffic traverses up the mVPN and anything bound for the internet does not) or FullVPN (All traffic flows up the mVPN).
5: You can find more surrounding the MDX policies at these two links one for iOS at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-policies-andr-con-1.html.

Wrapping native *.APK, *.IPA mobile apps to become MDX enabled
1: Take a look at the following documentation in eDocs at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appwrap-toolkit-wrapper.html then the MDX Toolkit Documentation –http://support.citrix.com/servlet/KbServlet/download/37081-102-709208/MDXToolkit%20Documentation%20v1.0.pdf and video available at showing how to wrap Android mobile apps – http://www.citrix.com/tv/#videos/9465. I have embedded the video below from Citrix.com/TV:

Pre-requisites, Understanding & Installing The XenMobile 8.7 Components End-2-End for a PoC or a Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
Coming soon!

XenMobile Device Manger 8.7

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.7 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
GoToMeeting – gtm
GoToAssist – gta
VOLUME PURCHASE PROGRAM – vpp

APNS CSR Submission to Citrix
1: The APNS submission process has been updated in XenMobile 8.7 please find the updated submission process at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-submit-csr-citrix-signing-tsk.html.
2: To learn how-to generate and create a APNS certificate navigate to – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-config-requesting-apns-con.html.

Installing XDM 8.7 (DRAFT & MAY CONTAIN ERROR(S))
1: Review the system requirements at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-device-manager-sys-reqs-con.html also and decide what type(s) of OSes and or devices that you would like to support within your organisation e.g iOS (iPhone), Android (Samsung) or Windows (Surface). The current supported device list is available at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-device-platforms.html.
2: Once your have reviewed the system requirements complete the ports – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-component-port-reqs-n-con.htmland pre-requisites – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-prepare-xenmobile-checklist-con.html. Start with the XDM installation and decide what components to install take a look at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-install-select-components-con.htmlthen proceed to begin with the XDM installation – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-device-manager-install-steps-tsk.html.
3: Post the XDM installation you can setup and configure your (s)LDAP / AD binding by following this eDocs article at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-authentication-device-mgr-con.html. NOTE: Remember post successful configuring the binding remember to select it and click “ENABLE” then click Save to close the options window and to save the configuration.
4: Configure your XDM by following the eDocs articles located under – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-manage-server-admin-wrapper-con.html.
5: If you are going to setup and configure a XDM cluster I would suggest reading through the XDM cluster piece I have written below and also read through – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-ha-wrapper-con.html prior to installing your XDM 8.7 cluster.
6: You can now also watch this video below re how-to install the XDM from http://www.citrix.com/tv:

Creating a XDM Cluster & Load Balancing
1: I would suggest reading through How-to setup and configure a XDM cluster – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-ha-wrapper-con.html thereafter prior to you setting up and configuring a XDM cluster prepare by creating a script that can handle and manage the process of preparing e,g backing up the original files and then committing the required files to the secondary, third XDM servers. I created a prepare and a commit script to easily achieve creating my own XDM cluster when setting a PoC or a training lab for a XenMobile PoC workshop. The first time you use or test your scripts you will need to manually create your modified files to enable XDM clustering. I would also suggest checking eDocs between different XenMobile versions if anything has changed in the cfg files for the XDM re Clustering.
2: You should have two script files the 1st script is used to copy the files from the primary XDM server to a dest folder. The 2nd script is used to commit the files from the primary XDM server to the secondary XDM at the point prior to configuring the database connection (You must complete the database connection exactly the same as the primary XDM server) during the XDM installation on the secondary XDM server you will only need to enter in a password during the CA stage and many steps thereafter will be different as well as you have already copied over cfgs files.
3: Please differ to the eDoc’s link above for full details and instructions.
4: Learn how-to load balancing your XDM cluster check – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-ha-wrapper-con.html or watch this video re how-to configure load-balancing from http://www.citrix.com/tv:

Configuring an External Certificate Authority by Using an SSL *.p12. *.pfx Certificate
1: Modify the follow server.xml, pki.xml files accordingly as mentioned in eDocs – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-configcert-ssl-tsk.html. Alternatively you can also follow this CTX article entitled “How to Configure an External SSL Certificate for Device Manager” at – http://support.citrix.com/article/CTX136952.
2: I would suggest review the above documentation and create a script that can create a folder for your external SSL cert, backup and then replace the server.xml and pki.xml files and finally restart the XDM services in order for the External SSL cert to be bound to the https FQDN of the XDM.

XenMobile Device Manager SSL Offload using Netscaler Configuration Step by Step
http://blogs.citrix.com/2014/03/20/xenmobile-device-manager-ssl-offload-netscler-configuration-step-by-step/.

Shared Devices
1: If you are looking to enable and allow the Shared Devices feature of XenMobile take a look at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-shared-devices.html. It’s only supported with the XDM.

Enable & Configure Shared Devices for the XDM
1: http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-shared-devices.html.

XenMobile Enterprise 8.7

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 8.7 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
SHAREFILE STORAGEZONE CONNECTOR – szc
XENMOBILE APPCONTROLLER – xac
RECEIVER FOR WEB – RfW
OUT OF OFFICE – ooo
GoToMeeting – gtm
GoToAssist – gta
VOLUME PURCHASE PROGRAM – vpp

What’s New The Highlights
0: XenMobile Datasheet by edition – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf.
1: Enrol and manage Windows 8.1 including support for Windows 8.1 RT devices – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-device-platforms.html.
2: Worx Home supports pin history & pin cycle checking.
3: Configure and deploy VPN cfgs to Amazon devices.
4: Shared Device Management support allows for multiple individuals to leverage MDM capabilities once the device has been enrolled.
5: ShareFile Single Sign-On (SSO) support from Worx apps to ShareFile.
6: Samsung SAFE devices support with the ability to now install Worx Home on Samsung SAFE devices running Android 4.3 and later from Google Play Store.
7: Support for Android 4.4.
8: Battery retention has improved by approximately 15% please see point 11 below for further details re the Tests performed.
9: IBM notes support for iOS in WorxMail.
10: Geo-fencing on Android.
11: A full and complete list of what’s new check out – http://support.citrix.com/proddocs/topic/xenmobile/xmob-understand-whats-new.html.
12: For a list of the new features in NetScaler Gateway 10.1 and NetScaler Gateway 10.1, Build 120.1316.e check out – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-whats-new-con.html.

XenMobile Compatibility Matrix
1: http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-compatibilitymatrix-con.html

Supported Device Platforms
1: http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-device-platforms.html

Pre-requisites, Understanding & Installing The XenMobile 8.7 Components End-2-End for a PoC or a Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
1: I would suggest starting with this really good XenMobile Architectural XenMobile Diagram to help you understand where the individual components are placed between the DMZ and TRUSTED network, so check out – http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png.
2: Understanding how-to deploy the components of XenMobile Enterprise – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-deploy-architecture-wrapper-n-con.html and I would also recommend reading and understanding what ports are required to be enabled at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-component-port-reqs-n-con.html and the review the XenMobile and NetScaler Gateway checklists which are available at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-prepare-xenmobile-checklist-con.html & http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-checklist-10-1-con.html#ng-checklist-10-1-con followed understanding the Server & SAML certificate types/ requirements of XenMobile at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-certificates-con.html.
3: Sizing & System requirements for XenMobile 8.7 – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-netscaler-gateway-reqs-con.html.
4: How-to Install XenMobile 8.7 – . If your looking to install XDM at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-device-manager-install-steps-tsk.html for a basic visual overview and instructions. To deploy the XAC use the following to pre-configure the XenMobile AppControllers IP addr, DNS e.t.c at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-change-ipaddress-tsk.html followed by configuring the XAC using the initial web UI wizard at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-setup-wizard-tsk.html. To configure your NetScaler Gateway for the first time use – http://support.citrix.com/proddocs/topic/access-gateway-hig-appliances/ag-vpx-configure-basic-settings-wrapper-con.html, http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-config-ng-with-wizards-con.html followed by the initial NSG wizard accessible via the Web UI upon your initial login – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-config-first-time-new-install-con.html thereafter you can use the built-in NSG wizard to setup and configure remote access to the XAC for XenMobile Enterprise 8.7 at – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-install-simplified-config-tsk.html.

Enrolling by OS Platform
0: Prior to enrolling any devices you may want to consider configuring enrolment options – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-config-enroll-mode-con.html.
1: iOS – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-ios-user-enroll-device-tsk.html.
2: Android – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-android-user-enroll-device-tsk.html.
3: Windows – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-enroll-users-devices-wrapper-con.html.
4: Symbian – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-symbian-user-enroll-device-tsk.html.

Performing In-place Upgrades from XenMobile 8.6 to 8.7
I performed in-place upgrade within my XenMobile Enterprise demo environment running Hyper-v on Microsoft Windows Server 2012 from 8.6 to 8.7 without any issues or errors.
2: Note: As I focus on PoC’s and Training the upgrade methods used below will be different for production environments and you should follow – http://support.citrix.com/article/CTX140444 for steps and guidance.
3: My current setup consisted of a XDM cluster on 8.6 l/b by NetScaler using a MS SQL database. I first performed a snapshot of both XDM servers and the SQL database then proceeded to shutdown the second XDM server and executed the XDM 8.7 software package on the primary XDM server which detected a XDM installation and performed a in-place upgrade following the onscreen steps. Once the software update completed I rebooted the VM and then proceeded to connect to XDM mgmt. Web UI locally via https://localhost/zdm on the primary XDM server desktop (Note: SSL error is normal as the FQDN your connected to is not for localhost but your organisations FQDN) and then logged in as a XDM admin then as domain user to verify that the SHP works as expected. Next shutdown the primary XDM server and boot the secondary XDM server and repeat the process above and once verified shutdown the secondary XDM server and boot the primary XDM server wait a few minute then boot the secondary XDM server and what a few minutes and then login to https://XDM-FQDN/Instance/helper.jsp e.g https://mdm.citrix.lab/zdm/helper.jsp and verify that the XDM cluster is active and working, next login to https://XDM-FQDN/Instance/ as a domain user and then a XDM admin to verify that everything works as expected e.g send a notification to an iOS device or enrol a new device using a custom deployment policies to verify your XDM is functioning as expected.

Security
1: XenMobile FIPS 140-2 Compliance – http://support.citrix.com/proddocs/topic/xenmobile-87/clg-appwrap-fips-con.html.
2: XDM supports internal and external PKI’s – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-security-pki-overview-con.html; SAML – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-saml-con.html.
3: Network Access Control (NAC) – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-configurenac-con.html.
4: Client certificate based authentication using Configuring Device Manager with Microsoft Active Directory Certificate Services – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-configdm-mscertificatesvs-con.html.

Synergy SYN308: Citrix Mobility & Desktop Integration

XenMobile Enterprise 8.5, 8.6, 8.7, 9.0 PoC Considerations

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 8.5, 8.6, 8.7 and 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE APPCONTROLLER – xac
NETSCALER GATEWAY – nsg
FIREWALL – f/w
CERTIFICATE – cert
ACTIVE DIRECTORY – ad
INFRASTRUCTURE-AS-A-SERVICE – IaaS
ENTERPRISE MOBILITY MANAGEMENT – emm

Preparation & Pre-requisites (DRAFT & MAY CONTAIN ERROR(S))
0: Never use a production NetScaler or NetScaler Gateway for PoC why? When you upload the trial licenses it will require a reboot which cannot be completed in a production environment without a planned maintenance window. Also you may want to use the latest NS(G) during the PoC for best results & optimal performance likewise some versions require a e release of NS(G) which will mean a firmware upgrade to your production NS(G) eventually.
1: If you don’t understand all the components of XenMobile Enterprise then I would suggest researching and reading (Data sheets of each) to understand what the XenMobile Device Manager, XenMobile AppController, XenMobile NetScaler Connector, XenMobile Mail Manager, NetScaler (Gateway) and finally what ShareFile StorageZone Connectors are all capable of individually as integrated as part of a Mobility Solution. XenMobile Enterprise can also include the delivery of hosted shared and VDI desktops, hosted published Windows apps delivered from XenApp, XenDesktop as part of the overall EMM Solution.
2: XenMobile Enterprise is an integration of a number of the Citrix products mentioned above deployed together to form a complete EMM solution.
3: Identify and visually understand where potentially all the components/products sit within the whole overall mobility solution. Here is a great visual reference that is clean and clear to understand – http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png?accessmode=direct.
4: Review the pre-requites and checklists if available for each product that you wish to deploy within XenMobile. I have listed a few here for you starting with all the required ports – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html, for the checklist – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-prepare-xenmobile-checklist-con-.html, for or XDM – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-device-manager-sys-reqs-con.html, for XAC – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html, for NSG – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-netscaler-gateway-reqs-con.html, for SF – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storage-center-sys-reqs.html and for XD – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-system-requirements-71.html.
5: Now that you have an understanding of the requirements for each and you should by now know and understand each product a little more read through the XenMobile 8.6 Reference Architecture – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.
6: Deploying the XenMobile Solution – http://support.citrix.com/article/CTX139235 as well as download a copy of the XenMobile MDXToolKit Documentation v1.0 – http://support.citrix.com/article/CTX140458.

Pre & Post Discovery Meeting (DRAFT & MAY CONTAIN ERROR(S))
1: Ensure that you educate the organisation as to what XenMobile is and is capable of doing re MDM, MAM and MIM.
2: Setup 2-3 GoToMeeting sessions. The first is to answer any Q&A that the organisation has for you re the pre-requites and ensure that they have started to prepare any external dependencies e.g iOS Enterprise Developer Account. The second is to ensure that all the pre-requites have been completed prior to the installation onsite for the PoC and to answer any further Q&A the organisation has. If the organisation has not completed the pre-requites then proceed with the third GoToMeeting and if the pre-requites have not being completed I would strongly advise escalating to managers on both that your PoC will more than likely be unsuccessful as your need ports opened, servers build, software downloaded, certificates e.t.c and you will need to focus on installing and then configuring the products to be integrated together and into mgmt infrastructure e.g (s)LDAP and finally configure policies and if applicable wrapping Worx, ShareFile *.ipa and *.apk files to become *.mdx to provide secure sandboxed, internet and intranet browsing (WorxWeb) + e-mail (WorxMail) and data sharing (ShareFile).
3: Decide on a database platform note that Postgres SQL is built-in to the XDM software package and is great for PoC’s or alternatively you can use MS SQL.
4: Decide upon the XDM management addr for mobile devices you can use either an IP Addr 10.10.100.200 for FQDN e.g mdm.axendatacentre.com, however I would recommend a FQDN. Why? When you install and configure the XDM your creating and configuring a CA if use used an IP addr and you decided to move the XDM server from one subnet to another and could not provide the exact IP or you move from one ISP to another you’ll get a new IP addr range you will break the CA and all enrolled devices will become unmanaged so install using an FQDN and you can always adjust the underlying IP addr of the XDM’s serves FQDN this not compromising/breaking the XDM’s CA and all devices will remain managed and connected to the XDM. Remember changing an IP addr of an external FQDN does and will require 24 hours for DNS to propagate through out the internet.
5: Login to your Citrix My Account at – http://www.citrix.com/ locate and click Partner Central (Opens a new tab) then once the web page loads click Sales in the navigation menu bar and click on SalesIQ (Opens a new tab) then once loaded click on PoC Central scroll down and download the XenMobile PoC kit. Note only valid Citrix Partners may download content from Citrix SalesIQ.

PoC Notes & Tips
1: Deploy your first few XenMobile 8.7 PoC’s using single NIC’s.
2: Stick with 2-3 devices during a PoC to maximise your PoC success and remember a PoC is designed to prove a concept or a technology.
3: If your deploying ShareFile On-Prem SZ remember to back SZKeys.txt in the root of your ShareFile data CIFS share.
4: Your PoC should run smoothly provided that you can confirm that all the perquisites for XenMobile Enterprise are successfully completed prior to arriving onsite and this should also potentially include having a basic customer defined MDM, MDX policy agreement so that you can setup and configure these policies post successfully deploying the XenMobile components so that you can begin your initial testing to check that everything is operating as expected thereafter you demonstrate that the deployment is active and working as expected. At this stage you can either define what MDM, MDX policies you wish to trial or test during the PoC however hopefully this has too also been previously agreed and you can begin defining the policies by platform and for any Worx or 3rd party signed MDX mobiles apps.
5: XDM clustering for high-availability in XenMobile 9.0 has changed so please refer to this blog article – which will help your understand what Tomcat configuration changes are required prior to performing an in place upgrade from XenMobile Device Manager 8.7 to 9.0. This changes also means that your XDM cluster can now reside in alternatively data centres ref – .

Support NetScaler Gateway (Builds + Versions) for XM 9.0
1: 10.5.53.9; 10.5.52.11; 10.5.52.1115.e; 10.5.51.1017.e; 10.5.51.10; 10.1.129.1105.e; 10.1.128.8003.e; 10.1.127.1007.e; 10.1.126.1203.e; 10.1.124.1308.e ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html.