Author Archives: lyndonjonmartin

XenApp 7.5 XenDesktop 7.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 7.5, XenDesktop 7.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENAPPP – xac
FLEXCAST MANAGEMENT ARCHITECTURE – fma
INFRASTRUCTURE-AS-A-SERVICE – IaaS
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
INDEPENDENT MANAGEMENT ARCHITECTURE – ima
STOREFRONT – sf
HOSTED SHARED DESKTOPS – hsd
VIRTUAL DESKTOP INFRASTRUCTURE – vdi
HOSTED SHARED PUBLISHED WINDOWS APPS – hspwa
RECEIVER FOR WEB – rfw
REMOTE ACCESS – r/a

XenApp 7.5 XenDesktop 7.5 Announcement
Citrix have recently announced XenApp 7.5 which is built upon Flexcast Management Architecture (FMA) and has been available within XenDesktop 7.0, 7.1 within the App Edition license tier. The least releases also brings with it XA hybrid cloud provisioning meaning that SysAdmins now are able to extend there private cloud to IaaS hosted cloud providers (ISP’s) provided they leverage Citrix CloudPlatform which will enable quick scalability and elasticity and without having to learn the ISP’s chosen design, build, provision and management consoles to provision your environment as it’s all integrated into Studio. The announcement can be found at – http://www.citrix.com/news/announcements/jan-2014/citrix-xenapp-7-5-simplifies-windows-app-delivery-for-the-mobile.html and it’s also worth reading up on about the benefits and features of Flexcast technology for XA at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-datasheet.pdf?accessmode=direct.

What’s New & Different in XenApp 7.5 from XenApp 6.5?
0: Check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-previous-xa-admins.html#previous-xa-admins.

What’s New & Highlights of XenApp/XenDesktop (XAD) 7.5
1: The platform architecture is now powered by FMA and not Independent Management Architecture (IMA) anymore thus providing enhanced scalability and ease of management through two consoles Studio which is used for deign, building, assigning polices and resources to users and Director which is used for management of user support & troubleshooting.
2: StoreFront 2.5 is included within XenApp and XenDesktop 7.5 app binaries and includes a number of new enhancements including an updated HTML5 Receiver, SDK to apply organisational logic if required and much more.
3: Support for Web Interface (WiF) 5.4 on supported Windows Server OSes.
4: AppDNA is included in Platinum edition.
5: Virtual Graphical Processing Unit (vGPU) and GPU support for supported Windows Desktop & Server OSes.
6: Support for Windows Server 2012 R2 and Windows 8.1 in addition to current supported OSes in XenDesktop 7.0, 7.1.
7: The Citrix Profile management 5.0 is installed silently by default on master images when the Virtual Delivery Agent is installed (Note: You do not have to use Citrix profile management solution).
8: Support for IPv4, IPv6 or dual-stack (IPv4/IPv6) environments from clients to core components.
9: MCS support for Microsoft Key Management System (KMS) activation.
10: For a complete list please check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-75-about-whats-new.html and also review the XA 7.5 data sheet at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-datasheet.pdf.

Synergy SYN405: Best Practices for Implementing Administering and Troubleshooting Xendesktop 7.5

Pre-requisites, Understanding & How-to Install XenApp 7.5 and enable R/A for your PoC or Custer Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
Coming soon!

ShareFile StorageZone Controller 2.2

The following content is a brief and unofficial prerequisites guide to setup, configure and test ShareFile StorageZone Controller 2.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STORAGEZONE CONTROLLER – szc
CERTIFICATE SIGNING REQUEST – csr
SHAREFILE – sf
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
COMMON INTERNET FILE SYSTEM – cifs
XENMOBILE APPCONTROLLER – xac

What’s New
1:This release coupled with prior versions now integrates both the Storage Center and Controller server software packages into one unified software package now called the “ShareFile StorageZone Controller 2.2”.
2: Access your organisations trusted existing or new network CIFS shares and SharePoint sites via a ShareFile On-Prem SZC which always users to securely connect via a FQDN over 443 (HTTPS) this ensuring secure and encrypted communication between the users device and the On-Prem SZC. It is worth mentioning that your organisations datasets do not traverse the ShareFile Control Plane in any way ref – http://support.citrixonline.com/en_US/ShareFile/all_files/SF090015.
3: ShareFile also introduced an EMEA Control Plane for organisations to meet local, regional and geo requirements and or restrictions one basic example could be Safe Harbor – http://export.gov/safeharbor/ as well as preferring to have localised data centre’s within the EU to manage and handle user requests and more. Note this feature was already widely available prior to this WordPress post/blog entry.
4: For information regarding what else is new please check out – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storagezones-about-22.html.

ShareFile Security Whitepaper PDF
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/sharefile-enterprise-security-whitepaper.pdf

Synergy SYN310: Deep Dive into ShareFile Enterprise Functionality

Deploying an On-Prem SZC (DRAFT & MAY CONTAIN ERROR(S))
1: Initially would suggest that your read/review the following CTX Article – http://support.citrix.com/article/CTX138041 and http://blogs.citrix.com/2012/03/19/saml-authentication-with-sharefile-using-ad-fs-2-0/ which covers numerous technical FAQ and may answer a number of your questions.
2: Setup a ShareFile Enterprise Account and request that On-Prem SZC be enabled against your account when setting up your account or if you already have one request that SZC be enabled by sending a email to ShareFile support – http://www.sharefile.com/company/contact-us.aspx and online help & support including videos is available at – http://support.citrixonline.com/sharefile. Verify that StorageZones are available under the Admin tab when you sign into your ShareFile sub-domain e.g xendc.sharefile.eu or axendatacentre.sharefile.com prior to continuing with the installation and configuration.
3: Prepare a Windows Server 2008 R2 and install IIS (include dependencies ASP, Basic Authentication if you want to connect to existing network shares for a PoC).
4: Setup and configure your external DNS A record e.g sharefile.axendacentre.com or sf.thedurbannatal-sharks.co.za and ensure that you can successful connect to the default IIS page on TCP Port 80.
5: Generate a CSR on the intended ShareFile On-Prem SZC for your FQDN and sign it with an external CA e.g http://www.verisign.co.uk or http://www.thawte.com e.t.c. Your are required to use an external CA as IIS self-signed or Enterprise CA certificates are not permitted and will not work with the ShareFile Control Plane. Download and install the cert response from your chosen external CA and Complete The Certificate Response in IIS.
6: Once the cert is successfully imported bind it to HTTPS (443) and the restart IIS and navigate to the FQDN via HTTPS externally to ensure that you can connect to it without any SSL cert mismatches, errors e.t.c
7: * Create a ShareFile service account within and assign full r/w access it to the intended On-Prem SZ folder located either on the local disk or secondary disk of the VM or remotely. Please do the same for your PoC Shared Area that you intend to access as an existing network share.
8: *Install the ShareFile Storage Zone Controller 2.2 software package and leave the checkbox to launch the Configuration Web Page. Once the page launches sign in with your Super Admin ShareFile Admin access details.
9: Follow the onscreen instructions which are fairly self explanatory however should you require any further help & support re the exact requirements please navigate to – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-install-storagezones.html and http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-connectors.html.
10: Please stop and ensure that you safely backup the SCKeys.txt file within the root of On-Prem SZ CIFS share to a alternative and secure location that is also backed up.
11: Provision a test user that resides within your domain and has also been created within the ShareFile Control Plane. For help with setting up users please take a look at – .
12: Ensure that your test user has permission to your intended CIFS Shared Area e.g your SZC that you setup and configured within the ShareFile Control Plane.
13: Now that you have successfully setup and configured your On-Prem SZ and SZC proceed to download a ShareFile mobile app from e.g iTunes – iPad https://itunes.apple.com/gb/app/sharefile-for-ipad-by-citrix/id440596621?mt=8, iPhone https://itunes.apple.com/gb/app/sharefile-mobile-by-citrix/id434391375?mt=8 or Google Play – https://play.google.com/store/apps/developer?id=ShareFile+by+Citrix&hl=en_GB. Once downloaded enter in your test users account details and test uploading and downloading a picture taken from within the ShareFile iOS app as an example.
14: Once you test that your On-Prem SZ

SZ Controller Management
This eDocs node will help you to proactively manage your On-Prem SZ Controller environment covering on to add/remove controllers for H/A as well as how-to promote, demote and disable SZ Controller – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-storagezone-controller.html. These eDoc articles are essential for the ongoing management and routine scheduled maintenance task(s).

Two-Step Verification = Stronger Security
http://support.citrixonline.com/en_US/sharefile/help_files/SF060010?title=Two-Step+Verification

NetScaler Gateway 10.1.120.1316.e

The following content is a brief and unofficial prerequisites guide to setup, configure and test NetScaler Gateway 10.1.120.1316.e to support a XenMobile Enterprise 8.6 deployment prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
NETSCALER GATEWAY – nsg
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
REMOTE ACCESS – r/a
XENAPP – xa
XENDESKTOP – xd
XENMOBILE ENTERPRISE – xm
XENMOBILE APPCONTROLLER – xac
XENMOBILE DEVICE MANAGER – xdm

What Is A NetScaler Gateway
It allows you to safely, securely expose your organisations trusted network and resources to an end-point either via a MicroVPN (CVPN) – http://support.citrix.com/article/CTX136914 or a FULL VPN. The NSG provides and supports a simple yet secure R/A solution for Citrix XenDesktop, XenApp, XenMobile solutions. There have been recent updates to the NSG to incorporate setup wizards to enable organisations to more rapidly setup, configure and deploy a R/A solution without having to request a NetScaler Gateway expert to setup and configure the policies to enable R/A. What is a e release of a NSG check out – http://blogs.citrix.com/2013/03/29/citrix-access-gateway-demystifying-the-e-releases/.

Deploying & Configuring The NetScaler Gateway 10.1.120.1316.e For A XenMobile Enterprise 8.6 Solution
1: Physical or Virtual System requirements – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-netscaler-gateway-reqs-con.html, VPX – http://support.citrix.com/proddocs/topic/access-gateway-hig-appliances/ag-vpx-introduce-wrapper-con.html#ag-vpx-introduce-wrapper-con and MPX – http://support.citrix.com/proddocs/topic/access-gateway-hig-appliances/ag-model-MPX-spec-ref.html.
2: Pre-requites and checklist – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-checklist-10-1-con.html, http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-deploy-xenmobile-con.html
3: Deploying the NSG and performing the initial configuration – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-ng-network-con.html.
4: Creating a certificate for NSG – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-create-csr-ng-tsk.html also watch the NSG certificate video at – http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-product-videos-con.html.
5: Uploading a license to the NSG – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-license-on-ng-tsk.html.
6: Configuring the NSG for XenMobile – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-config-ng-wizards-con.html.
7: Configure DNS suffixes – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-connect-mobile-devices-android-split-dns-tsk.html#ng-connect-mobile-devices-android-split-dns-tsk or http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-mobile-device-dns-suffix-tsk.html and if you will be supporting Android handsets within your organisation remember to configure DNS for Android devices – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-mobile-devices-android-split-dns-tsk.html.
8: Configuring the STA for WorxMail – http://www.citrix.com/tv/#videos/9210.
9: Testing your NSG – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-test-ag-configuration-tsk.html.

Worx Mobile App Suite NSG Support Table Matrix
http://support.citrix.com/proddocs/topic/xenmobile-connect-users/xmob-worx-supported-platforms-con.html.

Coming Soon!
More coming soon in the inter in check out – http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-deploy-architect-netscaler-gateway-con.html.

XenMobile Device Manager 8.6

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.6 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
VOLUME PURCHASE PROGRAM – vpp
XENMOBILE APPCONTROLLER – xac

APNS IIS Chaining Error
If your experiencing a chaining error when completing your APNS cert response in IIS then please navigate to http://www.apple.com/certificateauthority/ and download the Apple Root Certificate + CRL and the Apple Integration Certificate + CRL and install these appropriately into trusted root ca authority, intermediate stores of the IIS server that you are intended to complete the APNS certificate response on.

You can register/create an Apple ID at – http://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/createAppleId?localang=en_US and the APNS portal is available at – http://identity.apple.com/ to submit your signed APNS CSR to be signed.

Installing XDM 8.6 (DRAFT & MAY CONTAIN ERROR(S))
0: I would recommend downloading and reading through the current Citrix Reference Architecture for XenMobile 8.6 at –
http://support.citrix.com/article/CTX13981
1: Review the system requirements –
http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-device-manager-sys-reqs-con.html and remember to consider if you are ever going to intend managing your mobile, smart devices inside and outside of your organisations trusted network. I use split DNS so the same FQDN is accessible both in/outside of my demo environment. I FQDN is typically best over a IP addr as you can always adjust the underlying IP Address of the XDM FQDN in DNS (Internal and Externally) to move it (a) from one subnet to another with different IP addressing (b) from ISP to ISP (You will always get a new allocated IP range as ISP are allocated IPv4, IPv6 address blocks) without having to reinstall the XDM. Your probably asking your why would I need to reinstall the XDM? When you install the XDM you will also configure a CA as the XDM will push certs to the devices being enrolled to restrict the devices capabilities based upon the MDM policies that you have applied within the XDM web UI so if the IP addr changes you need to reinstall and re-enrol every device so using a FQDN means that your adjust your DNS records both internally and externally with the new IP addr for your FQDN and there is no need to reinstall the XDM as the FQDN has not changed and devices will still be managed.
2: Network TCP Ports Source vs. Destination – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html.
3: Generate an APNS certificate or use your existing APNS certificate – http://support.citrix.com/proddocs/topic/xenmobile-connect-users/xmob-dm-config-requesting-apns-con.html. If you have any chaining error(s) please refer to the APNS process in the beginning of this WordPress blog article/entry.
4: Download and install the latest STABLE versions of the Oracle Java JDK and JCE files at – http://www.oracle.com/technetwork/java/javase/downloads/index.html. You should never use BETA or builds known to be unstable or insecure. Remember to extract and copy the *.jar files to the following paths – once the Java JDK has been installed on the XDM 8.6 server.
5: Liaise with networking team(s) to ensure that your internal and external firewalls ACL are correctly configured for your XDM deployment. Take a look at the Architecture Diagram – http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png and the read through the latest Reference Architecture documentation for XM8.6 – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.
6: I would once again recommended downloading and reading through the Deploying the XenMobile Solution ( Currently based off 8.5 at the time of writing this blog entry) – http://support.citrix.com/article/CTX139235, alternatively continue.
7: Navigate to this eDoc’s link to begin the installation of the XDM 8.6 – http://support.citrix.com/proddocs/topic/xmob-install-dm-86/xmob-deploy-device-manager-install-steps-tsk.html

Creating A Valid Chained Certificate For Your XDM’s FQDN
There are various different methods for achieving or generating a *.pfx12 certificate you can always choose to disagree with my approach and use your own method(s) and or approach(s).

Microsoft Enterprise CA ( WaRniNg – (DRAFT & MAY CONTAIN ERROR(S)) )
1: Create a CSR for your XDM FQDN on your Enterprise CA or another server that is domain joined and has the Enterprise CA root certificate installed and valid. Please also be sure to ensure your select 2048Bit encryption when competing the wizard and save the CSR request to your desktop for convenience.
2: Open up the text document to retrieve CSR code by selecting all and copying.
3: Navigate to your Microsoft Enterprise CA CSR signing website e.g http://FQDN/certsrv
4: Request a certificate
5: Click Or, submit an advanced certificate request
6: Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
7: Enter in the CSR generated code from the XAC or XDM into the Saved Request input box then change the “Certificate Template” to Web Server
8: Click Submit
9: Download the certificate response in Base 64 format and save as certname-base64.* and then prior to closing the web page save the cert in DER format if required in the following format certname-DER.*. Tip download the *.p7b formats for each aswell. NOTE: Upon completion of importing and activating your cert on the XDM server(s) you should delete any unsecured or unused XDM certs on your file servers and desktop for security purposes.
10: Now complete the SSL signing request certificate in IIS on the Enterprise CA using the Base64 format signed SSL certificate and then export the cert and enter in a strong password and please do not forget the password. Save the exported cert on your desktop and copy onto a file share or to your file server and then copy the *.pfx12 cert you’ve just generated on your XDM’s desktop for simplicity as the next steps will require you to edit two files in notepad and create directory to put the the SSL certificate in.
10: Follow the steps in the following CTX article at – http://support.citrix.com/article/CTX136952 or http://support.citrix.com/proddocs/topic/xmob-dm-8/xmob-dm-manage-securityid-configcert-ssl-tsk.html to apply your Enterprise CA signed *.pfx12 SSL certificate to your XDM’s FQDN.

Checkout these Microsoft certificates resources for further help and guidance.

1: http://support.microsoft.com/kb/295281 – How To Renew or Create New Certificate Signing Request While Another Certificate Is Currently Installed
2: http://technet.microsoft.com/en-us/library/cc754490.aspx – Request Certificates by Using the Certificate Request Wizard
3: http://technet.microsoft.com/en-us/library/bb727098.aspx – Chapter 6 – Managing Microsoft Certificate Services and SSL

OpenSSL
1: You will require a clean, fresh installation of XDM without any devices enrolled as I have not tested this process POST devices being enrolled.
2: Download OpenSSL for Windows at – http://www.openssl.org/related/binaries.html, alternatively if the link is dead or moved locate the download at – http://www.openssl.org/.
3: Install OpenSSL by following the onscreen instructions and remember to check the pre-requites prior to installation of OpenSSL.
4: Now that you have installed OpenSSL following the steps in this Citrix blog article at – http://blogs.citrix.com/2013/11/05/creating-a-private-key-and-csr-for-xdm/.

Deploying and Load Balancing a XDM cluster
1: These two videos available on the Citrix Blog available at – http://blogs.citrix.com/2014/03/05/configuring-xenmobile-device-manager-ha-clustering-in-less-than-15-minutes-part-1/, http://blogs.citrix.com/2014/03/05/configuring-xenmobile-device-manager-ha-clustering-in-less-than-15-minutes-part-2/ that show you how to implement a XDM cluster for high availability referenced from the following eDocs node – http://support.citrix.com/proddocs/topic/xmob-dm-config-86/xmob-dm-manage-ha-wrapper-con.html.
2: Once your NetScaler (Gateway) has been deployed and the initial configuration completed and the appropriate NS(G) licenses uploaded then please watch this video on Citrix TV – http://www.citrix.com/tv/#videos/9294 which shows you how-to L/B the XDM using the XenMobile wizard in the NS(G).

Deploying Strong Authentication
1: Client Certificate Authentication in XenMobile 8.6 – http://support.citrix.com/article/CTX139857.

XenMobile Enterprise 8.6

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 8.6 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
SHAREFILE STORAGEZONE CONNECTOR – szc
XENMOBILE APPCONTROLLER – xac
RECEIVER FOR WEB – RfW
OUT OF OFFICE – ooo
GoToMeeting – gtm
VOLUME PURCHASE PROGRAM – vpp

What’s New The Highlights
0: XenMobile Datasheet by edition – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf.
1: Single Agent for enrolment and MDM, MDX policy control.
2: WorxMail supports OOO, GoToMeeting Fast join with telephone number and pin auto-dialled from your calendar, Office 365 Exchange.
3: Additional support for Amazon KindleFire MDM API, Samsung KNOX API and iOS 7 MDM API’s.
4: Support for Kerberos authentication along with secure pin-based authentication to validate a user’s access to a organisation delivered, signed and secured MDX mobile app.
5: Support for Apples new VPP.
6: XenMobile Cloud based offering is available.
7: Uploading of native unsigned IPA, APK files to the XAC 2.9 along with Multi-domain support,
8: Redirection of HTTP, HTTPS network traffic from WorxWeb via a NSG to proxy servers within your organisation.
9: Auto-based discovery to enrol now supports email based discovery and UPN.
10: A full and complete list is available at http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-understand-whats-new-n-con.html, http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/whats-new-in-xenmobile-86.pdf.
11: NetScaler Gateway 10.1.120.1316.e is required – http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-understand-whats-new-n-con.html. You can find out more about this new enhanced release at – http://blogs.citrix.com/2013/11/28/whats-new-with-the-citrix-netscaler-gateway-release-10-1-120-1316-e/.

Single Agent for Enrolment, Self-serve Store and MDM, MDX Policy Enforcement
The latest release of Worx Home now provides organisations with much simplified approach to enrol and to manages employee BYO, Corporate smart phones and tablets. When users launch the app the either enter in the XDM server addr or enter in there organisations email addr which is simpler for the user and automatically resolves the organisations XDM servers addr either a IP addr or FQDN. Next they input there user credentials typically AD as there are alternative enrolment options check out – .

Once there access credentials are validated it will open up Safari (iOS) or Chrome (Andriod) and create a secure session back to the XDM server to download the company/organisational and MDM certificates. This process historically required the user to take steps 1 through 3 in the browser now it will automatically take the user between the Settings area and the browser to install the company/organisational and MDM certificates (NOTE: Above is based of an iOS device).

Once the user has completed the certificate installation on their smart phone, tablet is successfully. The final step will see the browser automatically re-directing the user to Worx Home to validate the enrolment and allow for any signed MDX or public apps to be prompted to the user to install.

The users device(s) have now been enrolled successfully and are being safely and securely managed by the organisations IT, Infrastructure or IS department.

Worx Home now manages the MDM certificates which can restrict the users ability to use Siri, Safari and it also managed MDX policies enforced against *.MDX files pushed from the XAC which can restrict the MDX mobile app from leveraging the iCloud API and restrict the copy and pasting of text outside of the MDX mobile app(s) to public delivered mobile apps e.g Facebook, LinkedIn, Twitter from iTunes.

How-to Deploy
MORE coming soon but take a look at these initial resources below in the coming soon section. There will more in-depth content for XDM 8.6, XAC 2.9 in separate blog articles. This entry will cover XenMobile Enterprise as a MDM, MAM and MIM solution for your organisation.

Coming Soon!
The mean time check out these links.
1: Getting started with XenMobile eDocs – http://support.citrix.com/proddocs/topic/cloudgateway/xmob-landing-con.html
2: What’s new with XenMobile Enterprise 8.6 Video and PDFed slide deck – http://www.citrix.com/products/xenmobile/whats-new.html
3: XenMobile Enterprise 8.6 Product Videos – http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-product-videos-con.html

Mobile Device, Application and Information Management

The following content is a brief and unofficial article about Mobile Device, Application and Information Management. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
MOBILE DEVICE MANAGEMENT – mdm
MOBILE APPLICATION MANAGEMENT – mam
MOBILE INFORMATION MANAGEMENT – mim
MOBILE APPLICATION PERFORMANCE MANAGEMENT – mapn
ACTIVE DIRECTORY – ad

What is MDM?
It’s the capability to restrict the services and mobile applications provided by a mobile platform only e.g disabling of Siri on iOS, Chrome on Android via MDM API’s provided by the mobile OS. To achieve these capabilities and many more a MDM server e.g XenMobile Device Manager will request a mobile device to securely authenticate via a agent installed on the mobile OS e.g Citrix Enrol with a users organisational access details which will then present or rather enable the user to proceed with the MDM enrolment process i.e securely
downloading (HTTPS) and installing a secure organisation profile and MDM policies enforced by IT which effectively will restrict the devices capabilities to access mobile applications of the mobile OS or disable services e.g Disable Siri from been available when a iPhone or iPad is locked but when the user of the iOS device safely unlocks the iPhone or iPad with a pin code they can use Siri.

What is MAM?
It allows and enables your organisation to deliver safe and secure applications from your organisations data centre. This applications can be native mobile apps (iOS, Android), SaaS and Windows published applications which can now be repurposed with the Windows Mobile SDK – https://www.citrix.com/go/mobile-sdk-for-windows-apps.html and http://www.citrix.com/mobilitysdk/docs/videos/RapidStarts.htm to improve the users experience on a mobile device (iOS). As these are logical resources published or delivered and installed on an mobile device you can only lock the resources, perform a selective wipe or perform an erase of the data within the mobile apps (Published apps you simple disable that surest access via AD).

What is MApM?
It’s an acronym for essentially describing the ability to provide intelligent reporting against mobile apps via an agent on smart devices.

What is MIM?
It provides organisations the ability to take their trusted data held within internally only accessed Shared Areas, SharePoint sites e.t.c and allows organisational employees or 3rd parties i.e contractors the ability to download and potential edit office based documents, watch videos on corporate issued or BYO devices on or offline in a safe and secured environment with the ability to perform a wipe, lock or configure a poison pill against the organisational trusted data that is stored on the users device(s).

StoreFront 2.1

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.1 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT – SF
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER GATEWAY – nsg
CERTIFICATE – cert
RECEIVER FOR WEB – rfw

Considerations For Enabling A Consistent User Experience When DR Is Invoked
To ensure that users subscribed to resources in StoreFront are available in DR scenario remember to replicate the subscription database which is now a *.ebd file stored at the following path located on your StoreFront server “C:\Program Files\Citrix\Receiver StoreFront\Services\SubscriptionsStoreService\1__Citrix_Store” and the file name is “PersistentDictionary.edb” with references from – “FAQ: Subscribed Applications Saved on StoreFront 2.0” – http://support.citrix.com/article/CTX139037.

If you have customised your RfW interface with your own organisation logo, colours e.t.c it is worth ensuring that you backup and or replicate the changes made to “C:\inetpub\wwwroot\sites\Citrix\StoreWeb\contrib)” so that in the unlikely event your DR is invoked users will still have the exact same look and feel and exact website addr when they login without actually being aware that your DR data centre or site has being automatically invoked due to infrastructure, communication, network failure or major disruption with references from – http://blogs.citrix.com/2013/06/26/customizing-receiver-for-web-in-storefront-2-0/.

Coming Soon!
The mean time check out these links – http://blogs.citrix.com/2013/10/24/storefront-2-1-windows-server-2012-r2-support-and-more/, http://support.citrix.com/proddocs/topic/dws-storefront-21/dws-about.html.

XenDesktop 7.1

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenDesktop 7.1 prior to deploying in a PoC, Pilot or Production environment by the author of this entry.

Shortened Names
ACTIVE DIRECTORY – ad
STOREFRONT – sf
REMOTE DESKTOP SERVICES – rds
VIRTUAL DESKTOP INFRASTRUCTURE – vdi
VIRTUAL DELIVERY CONTROLLER – vda
VIRTUAL GRAPHICS PROCESSING UNIT – vgpu
HIGH AVAILABILITY- h/a
VIRTUAL SHARED GRAPHICS ACCESS – vsga

Coming Soon!
In the interim I have selected a few links from Citrix eDocs which you may find to be useful relating to this new version of XenDesktop 7.1.

Deploy XenDesktop in a multiple forest Active Directory environment
http://support.citrix.com/proddocs/topic/xendesktop-71/cds-plan-multiple-forest.html

XenDesktop 7.1 VDA, Controller Platform Supportability
http://support.citrix.com/proddocs/topic/xendesktop-71/cds-xd71-support-platforms.html

Enable High Availability If Delivery Controller Fails
Firstly you need to adjust two registry entries within either the Windows Server or Desktop OSes to enable the VDA to be in high availability mode – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-plan-high-avail-vda-rho.html thereafter you will need to create custom *.ica file – http://support.citrix.com/article/CTX127392 to connect to VDA(s) installed on a Windows Server or Desktop OS to access your resources e.g Hosted Shared Desktop.

nVidia & Citrix Announcement at Synergy 2013
If you did not watch the LiVE announcement here is the 20 minute discussion and demonstration on stage streamed LiVE across the internet of the very latest in virtual Graphics Processing Unit (vGPU) technology delivered using a nVidia GRID K2 card, XenServer 6.2 + hot-fixes on XenDesktop 7.1 < a href="http://www.youtube.com/watch?v=mwuPXT8jrv4">http://www.youtube.com/watch?v=mwuPXT8jrv4.

How to setup and configure nVidia Virtual GPU (vGPU) in XenDesktop 7.1 DRAFT & MAY CONTAIN ERROR(S)
1: Check out – http://www.nvidia.co.uk/object/grid-virtual-gpus-uk.html which explains the technology and provides a table of the maximum capable screen resolution, virtual GPU profile, number of supported monitors and users per nVidia GRID K1 or K2 card.
2: It is also worth reading this newly published HDX Technology white paper – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-hdx-technologies.pdf if your new to delivering hosted shared desktops (XenApp 6.5, XenDesktop 7.x), VDI desktops (XenDesktop 7.x) or just a generalised refresh surrounding HDX which is built on the strength of Independent Computing Architecture (ICA) protocol – http://en.wikipedia.org/wiki/Independent_Computing_Architecture.
3: What server hardware is supported for nVidia GRID K1, K2 cards – http://www.nvidia.co.uk/object/buy-nvidia-grid-uk.html and here is where you can find the current specifications for the card themselves – http://www.nvidia.co.uk/object/grid-vdi-graphics-cards-uk.html.
4: Review and understand the system requirements for HDX 3D Pro which is required in order to deliver the whole solution – http://support.citrix.com/proddocs/topic/xendesktop-71/hdx-sys-reqs.html.
5: Explore, understand and review the GPU Acceleration for Windows Desktop OS’s in eDocs – http://support.citrix.com/proddocs/topic/xendesktop-71/hd-3d-plan.html and it is also worth reading through GPU Acceleration for Windows Server OS’s as well at – http://support.citrix.com/proddocs/topic/xendesktop-71/hd-3d-gpu-acceleration-win-server-os.html.
6:Assuming you have not acquired a nVidia GRID K1, K2 card you should ensure that you download the latest possible and stable driver(s) – http://www.nvidia.com/Download/index.aspx?lang=en-us and if you require assistance also make use of nVidia’s support – http://www.nvidia.co.uk/page/support.html. I would also recommend reviewing or contacting manufacture to ensure that you have the latest and or best supported BIOS to support the whole solution end to end.
7: Download print out the following Reviewers guide to getting started – http://www.citrix.com/content/dam/citrix/en_us/documents/go/reviewers-guide-remote-3d-graphics-apps-part-3-xenserver-vgpu.pdf. If your new to Citrix XenDesktop 7.1 and what to get started quickly follow on with this great Reviewers guide – http://www.citrix.com/wsdm/restServe/skb/attachments/RDY8316/XenDesktop%207.1%20Reviewer%27s%20Guide.pdf which is referenced from – http://www.citrix.com/skb/articles/RDY8316.
8: Install the K1 or K2 GPU cards into your chooses server h/w platform, download the XenServer 6.2 ISO burn it to CD and also download the required hot-fixes and service packs (SP) if required to enable vGPU. Insert the CD into the host and power and install XenServer 6.2 and install the latest version of XenCenter on your desktop and connect it to your successful installed XenServer 6.2 host. Note you should always ensure when setting a PoC or pilot that you keep in-line with your organisations best practises and polices.
9: Complete hot-fixes packing process and also install the nVidia GRID Manager into Domain0 (Dom0) as instructed in the reviewers guide.
10: Create your VM in XS and remember to add the vGPU, then power on the VM to install and configure the OS -> once the installation is completed install and enable the nVidia GRID drivers – http://support.citrix.com/proddocs/topic/xendesktop-71/hd-3d-manage.html and then reboot the VM -> install Xen tools and reboot -> login install and configure as required your intensive 3D, graphical intensive applications -> join to your organisations domain and change the host name if required and reboot -> mount the XenDesktop 7.1 ISO to the VM and install the VDA (Decisions make a master images or enable R/A) and reboot -> Open Studio for XenDesktop 7.1 on your desktop and create machine catalogue and delivery group following the best practises of the reviewers guides mentioned above -> Open Citrix Receiver which can be downloaded at – and login and search for your newly created VDI desktop with vGPU and launch the resource and access one of your installed 3D or graphical intensive applications and begin testing and playing with different policies in XenDesktop 7.1 and tweaking your h/w as required to gain the maximin possible performance.
11: You can/could also test and try using – http://www.ozone3d.net/gpushark/#techdata although I have not tested this utility with a VDI desktop which is vGPU ready and enabled.

nVidia GRID Technologies
Shared GPU for bare metal Windows Server running XenApp 6.5 for delivering RDS Workloads – http://www.nvidia.co.uk/object/grid-xenapp-uk.html
Dedicated GPU for Virtual Machines on either a VMWare ESXi or XenServer 6.2 (hotfixes) hosts – http://www.nvidia.co.uk/object/dedicated-grid-gpus-uk.html.
vGPU for Virtual Machines on a XenServer 6.2 (hotfixes) host – http://www.nvidia.co.uk/object/grid-virtual-gpus-uk.htm

Infrastructure Considerations & Planning
Often individuals ask themselves how do I use my current or planned network, h/w infrastructure requirements to ensure support XenDesktop 7.0, 7.1 for VDI, RDS workloads?

1: Always refer to eDocs, CTX articles or white papers published by Citrix for the correct system requirements and best practises.
2: Citrix’s Project Accelerator http://project.citrix.com
3: Sizing XenDesktop 7 App Edition VMs – http://blogs.citrix.com/2013/10/31/sizing-xendesktop-7-app-edition-vms/
4: Go SuperSonic with XenDesktop 7.x Bandwidth SuperCodecs – http://blogs.citrix.com/2013/11/06/go-supersonic-with-xendesktop-7-x-bandwidth-supercodecs/
5: Storage and IOPS guidance for App delivery with XenDesktop 7 – http://blogs.citrix.com/2013/11/14/storage-and-iops-guidance-for-app-delivery-with-xendesktop-7/

XenApp 6.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 6.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
WEB INTERFACE – xml
STOREFRONT – sf
REMOTE DESKTOP SERVICES – rds
TERMINAL SERVICES – ts
VIRTUAL DELIVERY CONTROLLER – vda

nVidia Shared GPU
http://www.nvidia.co.uk/object/grid-xenapp-uk.html