Author Archives: lyndonjonmartin

Web Interface 5.4

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test Web Interface 5.4 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT SERVICES – SFS
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER ACCESS GATEWAY – nsag
NETSCALER GATEWAY – nsg
WEB INTERFACE – wif

What is happening to Citrix Web Interface?
StoreFront is the replacement for Web Interface which will go End of Life (EoL) 2015 reference the Citrix Product matrix – https://www.citrix.co.uk/support/product-lifecycle/milestones/xendesktop.html. If you have not already looked into StoreFront I would strongly recommend downloading it at – https://www.citrix.com/downloads/storefront-web-interface.html (Requires Citrix.com access details) and reading through the eDocs StoreFront 2.0 node – http://support.citrix.com/proddocs/topic/dws-storefront-20/dws-version-wrapper.html and this CTX implmentation guide for StoreFront 2.0 – http://support.citrix.com/article/CTX133185.

If You Want Know More About WIF 5.4
http://support.citrix.com/proddocs/topic/web-interface-impington/wi-library-wrapper-impington.html

XenDesktop 7

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenDesktop 7 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
REMOTE DESKTOP SERVICES – rds
VIRTUAL DESKTOP INFRASTRUCTURE – vdi
VIRTUAL DELIVERY CONTROLLER – vda
VIRTUAL GRAPHICS PROCESSING UNIT – vgpu
SERVICE LOCATION – srv

What is and does it do?
Citrix XenDesktop 7 allows you to deliver Remote Desktop Services (RDS), Virtual Desktop Infrastructure (VDI) workloads and secure remote access to an existing PC estate by installing the Virtual Delivery Agent (VDA) into those existing PC’s. All this capability is enabled from one single common architecture – FlexCast Management Architecture (FMA). If you are a Citrix XenApp 5.0, 6.5 Administrator I would encourage you to read through the following Citrix eDoc article – http://support.citrix.com/proddocs/topic/xendesktop-7/cds-overview-info-previous-xa-customers.html and follow on with this free Citrix 2 hour long course covering XenDesktop 7 weather your sales, pre-sales, sysadmin or engineer its useful in getting your mindset ready for XenDesktop 7 – http://training.citrix.com/mod/ctxcatalog/course.php?id=595.

Citrix TV & YouTube Videos To Watch
SYN320: XenDesktop 7: What You Should Know About FlexCast Management and XenApp Migration
http://www.citrix.com/tv/#videos/8493.
Citrix XenDesktop 7 3D Pro Demonstration – http://www.citrix.com/tv/#videos/9008.
XenDesktop 7 Masterclass – http://www.youtube.com/watch?v=XSFJ0xx7ztY.

XenDesktop 7 Handbook
Check out the blog article announcement – http://blogs.citrix.com/2013/10/10/new-xendesktop-7-handbook-published. You download the XenDesktop 7 Handbook directly at – http://support.citrix.com/article/CTX139331 and the XenDesktop 5.x Handbook at – http://support.citrix.com/article/CTX136546.

Components of XenDesktop 7 Explained
1: Studio is allows you to design and build your RDS, VDI workloads.
2: Director allows you to support and monitor your organisations XenDesktop 7 virtual machines, user sessions via MS RemoteAssistance, historical trending & metrics, network analytic’s if you have a NetScaler.
3: Delivery Controller is responsible for brokering the connections to your servers (ICA/RDS), virtual machines (VDI) or existing workstation PC’s.
4: Citrix Licensing Server is responsible for checking in/out of your FlexCast licenses. XenDesktop 7 requires CLS 11.11.
5: StoreFront provides users with a self-serve AppStore to tab to click to add your Windows hosted apps, hosted shared desktops (Windows Server 2008 R2) or VDI desktops (Windows 7,8).
6: Machine Creation Services (MCS) is built into XenDesktop 7 which enables as allows you to provision virtual machines from your master VM images. All you need to do to configure it is to input either XenServer, Hyper-V (Requires SCVMM) or ESX (Remember to trust the root certificate) hypervisor FQDN and the access details.
7: Provisioning Services (PVS)
8: User Profile Manager 5 (UPM) is built into XenDesktop 7 and provide Citrix’s profile management solution.
9: MS SQL is required to store configuration information and details about your XenDesktop 7 site. MS SQL express, standard, enterprise and data center* editions are supported and for H/A configuration options please visit this eDocs article at – *http://support.citrix.com/proddocs/topic/xendesktop-7/cds-sys-requirements.html.
10: Virtual Delivery Agent (VDA) is responsible for delivering a hosted shared desktop, windows hosted app and VDI desktop to users brokered via the Delivery Controller.

What Editions Are Available? VDI, App (XenApp capabilities e.g delivery of RDS workloads) , Enterprise and Platinum. To compare the feature sets of edition please check out – http://www.citrix.com/go/products/xendesktop/feature-matrix.html. At the time of writing this post you are required to login to Citrix.com with your access details.

Setup & Configure nVidia GRID VIRTUAL GPU (vGPU) on Citrix XenDesktop 7.1
To learn how-to setup and configure a test demo or PoC environment to leverage the vGPU capabilities of XenServer 6.2 and XenDesktop 7.1 Tech Preview check out – http://www.nvidia.co.uk/object/grid-virtual-gpus-uk.html. You can download the XenDesktop 7.1 Tech Preview at – and the system requirements can be found at – http://support.citrix.com/proddocs/topic/xendesktop/cds-xendesktop-71-landing-page.htm and the HDX system requirements please check out – http://support.citrix.com/proddocs/topic/xendesktop-71/hdx-enhance-ux-xd.html.

NVidia Resources
XenApp 6.5 GPU Sharing – http://www.nvidia.co.uk/object/grid-xenapp-uk.html.
XenDesktop vGPU – http://www.nvidia.co.uk/object/grid-xen-desktop-uk.html.

Multi-Site Configurations & High Availability
Coming soon! I will cover multiple data centres and sites and how-to enable and ensure H/A access to your published resources if you lost/lose communication with your XenDesktop 7 delivery controller(s) and the pitfalls. I would strongly recommend your environment is N+1 and with VM’s common these days setting and configuring an N+1 environment should be best practise for H/A, business continuity and DR.

How-to Enable Local App Access
Coming soon! However in the mean time please refer to http://support.citrix.com/proddocs/topic/xendesktop-7/laa-configure-enable.html#laa-enable.dita.

XenDesktop Introduction Training Course CXD-102
Citrix training offers a 2 hour introduction course to XenDesktop 7 for free. The course is available at – http://training.citrix.com/mod/ctxcatalog/course.php?id=595.

Howto Configure Email Based Discovery& Why It’s Important
Configuration of email based discovery using SRV records is simple and greatly enhances the users login experiences as they all know there email addr and domain password much like logging into Facebook, Twitter e.t.c so offering the same login user experience weather users are in or outside or the organisation means they don’t need to remember logging in with the following format domain\username and domain password they can simple use there corporate email addr and domain password.

There is a great Citrix blog article that covers covers configuration of e-mail based discovery in and outside of your organisation leveraging a NetScaler Gateway check out – http://blogs.citrix.com/2013/04/01/configuring-email-based-account-discovery-for-citrix-receiver/.

The process below is for configuration of SRV records within a trusted corporate environment. If you would like to know more about what else you can configure in terms of SRV records check out – http://en.wikipedia.org/wiki/SRV_record, http://technet.microsoft.com/en-us/library/cc961719.aspx (A Windows 2000 article but will get you thinking if your new to SRV records) and howto add other resources records into your organisations DNS – http://technet.microsoft.com/en-us/library/cc772362.aspx.

1: Launch your Microsoft DNS management console
2: Right click on your organisations Forward Lookup Zone that contains the StoreFront FQDN
3: Click “Other New Records”
4: Scroll down and select “Service Locaiton (SRV)” and click “Create Record”
5: Your organisations domain should already be pre-populated e.g citrix.lab or axendatacentre.com
6: Type in “_citrixreceiver” in the Service feild
7: Type in “_tcp” in the Protocol field
8: Type in “443” in the Port number field or 80 if you don’t use 443 internally
9: Type in “storefront.domain” in the Hosting offering this service e.g storefront.axendatacentre.com or storefront.axendc.local
10: Save/Commit the changes and close the current active window in DNS
11: Navigate to physical or virtual machine install and launch Citrix Receiver when prompted enter in your email addr and password when prompted.

Troubleshooting
Open up a Windows Command prompt and execute these two commands below and for more information in validating your SRV records check out – http://support.microsoft.com/kb/816587.

1: Type in “ipconfig /flushdns”
2: Type in “nslookup”
3: Type in “set type=srv”
4: Type in “_citrixreceiver._tcp.domain” e.g _citrixreceiver._tcp.axendatacentre.com

Microsoft Windows Server 2012 R2 & Windows 8 Support
http://blogs.citrix.com/2013/10/08/citrix-xendesktop-with-flexcast-management-architecture-adds-support-for-windows-server-2012-r2-and-windows-8-1/.

More coming soon!
In the mean time check out https://www.citrix.com/products/xendesktop/overview.html and Design Guide: Mobilising Windows Apps (Requires Form Input From Citrix)

XenMobile Device Manager 8.5

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – ldap
CERTIFICATE – cert
STORAGEZONE CONNECTOR – szc
XENMOBILE APPCONTROLLER – xac

Apple iOS 7 Support
You will need to apply Citrix’s iOS7 patch for XenMobile Device Manager 8.5 otherwise users attempting to enroll there BYO or Corporate iOS devices will receive the following Server ErrorCould Not Connect 500 reference – http://support.citrix.com/article/CTX139106. The patch and how-to apply it can be downloaded at – http://support.citrix.com/article/CTX139052.

Apple APNS
1: If you do not have a Apple ID for your organisation click here to create one – Apple ID https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/createAppleId?localang=en_US. I would suggest creating an external e-mail addr that is bound to the XenMobile or XDM domain service so that multiple SysAdmins within your organisation have access to the APNS portal to issue and or renew your APNS certificates which expire annually upon the date that they where issued. I would also suggest that if your ticketing system support auto generation of a support ticket annually to utilise this feature to generate a new ticket annually to notify support and have the ticket assigned to be actioned to eventually be renewed and uploaded to the XDM web ui console at http://FQDN/zdm.
2: Once you have created your Apple ID generate a CSR on the intended XDM server via IIS
3: Submit to Citrix to sign and they will return a *.plist file as a response.
3: Login with your newly created Apple ID to Apple APNS Portal – https://identity.apple.com/pushcert/.
4: Upload your signed CSR from Citrix (*.plist response) which then generate a *.pem certificate file.
5: Import the *.pem certificate response from APNS into IIS using complete certificate request then export from IIS filling in the password fields.
6: Delete the certificate in IIS.
7: Remove the IIS role and restart your XDM. The XDM installation installs Tomcat which clashes with IIS which is why we uninstall the IIS role prior to the XDM installation.

TCP Ports
1: The following TCP ports are required to enable the XDM to achieve device enrollment, retrieve mobile apps from external App Stores e.g Apple iTunes – https://itunes.apple.com/gb/genre/ios/id36?mt=8, Google Play Store – https://play.google.com/store?hl=en_GB and Samsung Apps – http://apps.samsung.com/venus/main/getMain.as?COUNTRY_CODE=GBR and much more.

80 – HTTP
443 – HTTPS
8443 – Secure
2159 – Apple APNS
2156 – Apple APNS
5223 – Apple Over the air WiFi enrollment
2: Troubleshooting Apple APNS – http://support.apple.com/kb/TS4264, http://support.apple.com/kb/HT3576

FQDN or Public Static IP Address
1: When installing the XDM which is the better option to use? A FQDN e.g http://axendatacentre.com/zdm or an IP addr: http://127.0.0.1/zdm? A FQDN provides the flexibility to move the XDM server between ISP’s as you always lose your IP addr range when moving from one ISP to another as all you need to do is adjust the DNS records to point to the new IP addr provided by your new ISP and the Tomcat CA remains unaffected and can still issue device certificates during enrollment.
2: If you did choose an IP addr over an FQDN and you moved the XDM to another static IP addr you would need to reinstall the XDM as the Tomcat CA would no longer be valid and able to issue device certificates.

Adding An iOS Public App
1: Search for iTunes WordPress as an example
2: Click on the first link in your search results which will typically direct you to the iTunes web page preview of the iOS mobile app e.g – https://itunes.apple.com/gb/app/wordpress/id335703880?mt=8.
3: Now make sure it’s that mobile app that you wish to add to the XDM software repository and copy the link.
TIP: You know the URL is valid as it always ends in ?mt=8
4: Login to the XDM admin console e.g https://FQDN/zdm and click the Applications tab.
5: Click new External iOS app
6: Copy and paste the URL and click GO thereafter it will contact the iTunes web page and collect an image, product name and description.
7: Select or Deselect any of the available check boxes , then click Create.
8: Navigate to the Deployment tab
9: Click the iOS base package or create an apps package for external apps give it a name, select the users then under resources select push apps and select WordPress now click finish.
10: You can click to deploy that updated deployment package or wait for iOS devices to connect back to the XDM whereby they will be notified of an update to external app package and imitate the trigger to prompt the user to download the WordPress iOS mobile app from iTunes (Remember the user will put in there iTunes password prior to it downloading).

Configuring An External Enterprise CA
Coming soon! In the meantime check out – http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-manage-securityid-configcert-ssl-tsk.html

XenMobile 8.5 Support Articles
General Support – http://support.citrix.com/product/xm/v8.5/
XenMobile Device Manager 8.5 Release Notes – http://support.citrix.com/article/CTX138116
XenMobile Device Manager 8.5.0 Patch for iOS 7 Compatibility – http://support.citrix.com/article/CTX139052
FAQ – Worx Home for Mobile Devices and MicroVPN Technology – http://support.citrix.com/article/CTX136914
Device Manager Web Services – http://support.citrix.com/article/CTX138803
XenMobile Enterprise Reference Architecture for XDM8.5, XAC2.8, SCZ 2.0 – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

More coming soon!
In the mean time check out the Admin Guide at – http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-intro-wrapper-con-85.html and download the software package at – http://www.citrix.com/downloads/xenmobile/product-software/xenmobile-85-mdm-edition.html

StoreFront 2.0

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT SERVICES – SFS
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER ACCESS GATEWAY – nsag
NETSCALER GATEWAY – nsg
CERTIFICATE – cert

Certificates
1: What type of certificate do you require for your SFS deployment depends upon weather the server is (a) internal only (b) deployed in-line with the AppController internally (c) deployed in the DMZ (d) deployed in-line with the AppController fronted by a nsg.
2:Another important consideration re what certificate to use includes weather you have an Enterprise CA with in your organisation to sign your CSRs or do you use self-signed certificates or do you generate and publicly sign your certificates (standalone or wildcard) externally?

StoreFront 2.0 Overview
1: StoreFront is replacing Web Interface 2015 ref Bitly link to Citrix EOL web page indicating WIF EoL. Why? StoreFront is the next generation platform which provides a great and seamless user experience across any type device supporting Citrix Receiver. StoreFront aggregates Windows & Mobile Apps*, Desktop, Web-links, SaaS and can with a single click can propagate configurations changes between all the StoreFront servers within your environment.
2: No more MS SQL database requirements with the SFS 2.0 release.
3: Improved login performance.
4: Bind your SSL certificate within IIS prior to installing or configuring SFS 2.0 and remove HTTP unless required to OS harden your SFS server. By binding the SSL cert prior to configuration of SFS it will ensure that the configuration wizard uses HTTPS over HTTP. In addition where possible use your organisations Enterprise CA to sign your StoreFront servers CSR instead of using the self-assigned SSL certificate option to generate a SSL cert in IIS as this will causes secure (SSL) communication issues between SFS and the delivery controller(s) if using HTTPS and when you attempt to access published resources from the configured delivery controller the resources will not be available as the servers cannot successful communicate with one another over HTTPS.
5: Beacons enable Citrix Receiver to understand intelligently wether a user is connecting to your organisations Citrix resources is internally or externally, by attempting to access the internal or external SFS FQDN’s within the StoreFront MMC snap in e.g storefront.axendatacentre.local (Internal) or sfs.axendatacentre.com (External and resolvable).
###
* Worx Home is now responsible for the delivery or mobile apps delivered via the XenMobile AppController 2.8
###
6: This Citrix blog article sums up the Receiver for HTML 5 – http://blogs.citrix.com/2012/08/31/receiver-for-html5-is-now-available/ and you can learn how-to install and configure it at – http://support.citrix.com/proddocs/topic/receiver-html5-11/receiver-html5-install.html.

Subscription Database Where Is It?
The release of Citrix StoreFront 2.0 from 1.2 brought with it a change in where and how follow-me apps subscription data is stored. Historically this was stored in an MS SQL database in 1.2 now this data is actually stored in a EDB file check out. – http://support.citrix.com/article/CTX139037 which is automatically replicated if a SFS cluster. You can also adjust the subscription synchronising period by following this eDocs article which requires some PoSH cmdlets – http://support.citrix.com/proddocs/topic/dws-storefront-20/dws-configure-ha-sync.html.

Customising Receiver for Web
This blog article goes into great detail about to customise Receiver for Web from the logos, background image, connecting from IP addr of the user to adding in additional elements e.g click here to contact your IT Helpdesk. Check it out at – http://blogs.citrix.com/2013/06/26/customizing-receiver-for-web-in-storefront-2-0/.

HTML 5 Receiver Configuration & Support
Coming Soon!

Citrix StoreFront 2.0 – Implementation Guide
http://support.citrix.com/article/CTX133185

XenServer 6.2

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenServer 6.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Is My Server Hardware Supported?
1: Navigate to http://hcl.xensource.com/ to verify if your server hardware is compatible of supporting XenServer.
2: Check to see if your CPU supports either Intel VT or AMD-V for more information about these hypervisor enabled CPU’s please visit – http://en.m.wikipedia.org/wiki/X86_virtualization.

XenServer Is Now OpenSource
http://xenserver.org.

How-to setup and configure GPU Virtualisation (vGPU) & GPU Pass-Through (DRAFT & MAY CONTAIN ERROR(S))
This is a collection of great CTX, Blog articles to aid you in further understanding the GPU differences, jargon and how-to get started today.

1: Start by downloading and upgrading your XS host(s) to 6.2 SP1 by following this CTX article at – http://support.citrix.com/article/CTX139788.
2: While you review the documentation and start planning an upgrade window(s) for your Demo/PoC XS host environment (Always do a PoC before attempting to put anything into Production) you’ll need to read some more valuable documentation at – http://www.citrix.com/go/xendesktop/3d/materials.html and download and read through the relevant Reviewers guide, to get started ASAP for vGPU read “Part 3: XenServer GPU Virtualization (vGPU)”. I would also recommend navigating this nVidia link to learn more about the GRID technology and cards – http://www.nvidia.co.uk/object/grid-virtual-gpus-uk.html with your next stop being – http://www.citrix.com/go/private/vgpu.html, then – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-get-started-new-prepare-master.html followed by optionally either for Desktop OS – http://support.citrix.com/proddocs/topic/xendesktop-71/hd-3d-plan.html and Server OS – http://support.citrix.com/proddocs/topic/xendesktop-71/hd-3d-gpu-acceleration-win-server-os.html depending on weather you want to delivery rich graphics to users on a hosted shared desktop (RDS Workload) or VDI.
4: I would also recommend that if you do have compatible hardware on the HCL to check that you have sufficient power (Amps) to your rack/cabinets and sufficient number of PSU’s in the server or blade chassis to support the extra power draw.

vGPU Monitoring
http://blogs.citrix.com/2014/01/22/xenserverxendesktop-vgpu-new-metrics-available-to-monitor-nvidia-grid-gpus/

GPU Sharing Technology Tech Preview
. These features are now available in XenServer 6.2 SP1 check out – .

Coming soon!
In the mean time check out – Citrix XenServer .

XenMobile AppController 2.8

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.8 ( Previously Cloud Gateway) part of Citrix XenMobile Enterprise prior to deploying in a PoC, Pilot or Production environment by the author of this entry.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN – fqdn
CLOUD GATEWAY – cg

XenMobile Is Federal Information Processing Standard (FIPS) 140 Compliant
Check out – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-fips-con.html.

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Self Assigned Certificate
1: To create a self assigned certificate directly on XenMobile AppController login to the admin console at – https://FQDN:4443 using your access details and once authenticated
2: Click Settings
3: Click Certificates
4: Click New and complete onscreen input fields the primary fields are to select certificate cipher encryption strength to be 2048 nothing less, then enter in the common name for cert e.g appcontroller.yourorganisation.net or xac.natal-sharks.local and select the correct country.
5: Click Save
6: Next the Certificate Signing Request will appear click Close
7: Click to highlight the certificate with common name entered in above
8: Click Self-Signed
9: Enter in a value for which the certificate will be valid in number of days e.g 365 for a full calendar year and click Save.
10: Your CSR has now been self assigned.
11: Click to highlight it again and click Make Active
12: Click Yes and the newly self-assigned certificate will be bound to HTTPS and log you out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.
14: For further information please read the following – eDocs Certificate Signing Request for the XenMobile AppController 2.8 .

Enterprise CA signed Certificate
1: Complete steps 1 through 5 under the self-assigned certificates.
2: When the Certificate Signing Request box appear’s copy the CSR response generated into a text file and save to your desktop and click Close.
3: Navigate to your Enterprise CA’s FQDN and follow the onscreen instructions and complete the CSR and ensure that you download the certificate response in Base64 format.
4: Navigate back to the XAC Click Import and select Server (.pem) and select your certificate and Click import.
5: If your certificate has a public and private key (*.pfx12) enter in the password in the password fields or leave blank and the Click Ok.
6: Your signed certificate is now imported successfully.
7: Click to highlight your newly import server certificates and click Make Active.
12: Click Yes and the newly signed certificate will be bound to HTTPS and you be logged out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.

XenMobile AppController 2.8
1: Download the virtual appliance for your platform at – https://www.citrix.com/downloads/xenmobile.html .The supported hypervisors include XenServer, Hyper-V, ESXi
2: Designate and document a FQDN (Optionally create either an Internal or External), IP address, subnet netmask, default gateway, DNS, NTP, AD including a domain services account + e-mail address and strong admin password.
3: Deploy the xac virtual appliance and access the xac console and login using the default access details which are username: admin and password: password.
4: Click 0 and press return/enter to enter the Express Setup mode and complete the required configuration steps onscreen and then Click 5 and press return/enter to reboot the xac.
6: Once the xac reboots open up your internet browser and navigate to the designated https://FQDN:4443 and login using default access details mentioned above.
7: Upon login complete the onscreen wizard. Please note that some of the configuration options will already be prep-populated from your entries entered in at the xac console in Step 4 above. Once completed you will be logged out which is normal.
8: Relogin to the xac and complete either the self-assigned or Enterprise CA signed certificate process.

Multi-Domain Support
Currently the XenMobile AppController 2.8 doesn’t support multi-domain domains e.g multiple LDAP(S) bindings to more than one domain. The following Citrix Blog article is however quiet a useful when leveraging a NetScaler Gateway “Implementing cascading LDAP policies along with universal domain groups” Text in brackets credit of the author of the Citrix Blog Entry –

XenMobile Enterprise (XAC 2.8, XDM 8.5, SCZ 2.0) Reference Architecture
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

Coming soon!
In the mean time check out the eDocs supporting documentation re XenMobile
AppController 2.8 edocs.citrix.com, WorxMail and WorxWeb.

XenMobile NetScaler Connector 8.5

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile NetScaler Connector 8.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
FULLY QUALIFIED DOMAIN NAME – fqdn
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE MANAGED GATEWAY – smg
XENMOBILE APPCONTROLLER – xac
OUTLOOK WEB ACCESS – owa

XenMobile NetScaler Connector 8.5
0: Requires a Citrix NetScaler, Microsoft Exchange and XDm
1: The XNC installation is very straight forward simply download the software package from the download area of www.citrix.com using your www.citrix.com access details and execute the software package and follow the onscreen instructions. The XNC system requirements can be at – http://support.citrix.com/proddocs/topic/xmob-xnc-85/xmob-xnc-system-reqs-con.html.
2: The XNC can be optionally installed on separate Windows Server 2008 R2 VM or installed on the same VM in-which you have installed and configured the XenMobile Device Manager 8.5.
3: If you install the XNC within the same VM as the XDM make sure that you configure the XNC web service port(s) to not conflict with your XDM configuration.
4: If you intend to keep the logs generated for a lengthly period even 7 days with a 100 users generates a fair amount of logs then I would suggest storing the logs on an alternative drive to that of the XDM installation as the logs can become quiet larger fairly quickly (1-20+GB) and if you have a fair number or users 100+ within your organisation it will cause increased IOPS activity of the VHD and the HDD storing the XNC logs will grow rapidly with all the ActiveSync requests.

Deployment Methods
1: Download the latest NetScaler 10.1 release as they now include the following wizards (a) XenMobile MDM for setting up the XDM using SSL_Bridge (b) NetScaler Gateway for R/A when using the XAC.
2: Review the architecture deployment and components diagram in eDocs at – http://support.citrix.com/proddocs/topic/xmob-xnc-85/xmob-xnc-deploy-wrapper-con.html.

Monitoring the XNC Service
http://support.citrix.com/proddocs/topic/xmob-xnc-85/xmob-xnc-monitor-wrapper-con.html.

More coming soon!
In the mean time check out the eDocs supporting documentation at edocs.citrix.com.

Citrix MDX Technologies

Leave a Reply

The following content is a brief and unofficial article about Citrix’s MDX Technology. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN NAME – fqdn
XENMOBILE DEVICE MANAGER – xdm

What is and does Citrix MDX mean for wrapped iOS, Android mobile apps

Digital Signing (Wrapping) *.IPA, *.APK App Binaries To Become MDX Enabled
Coming soon! In the mean time check out Signing Android mobile apps – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-android-wrap-app-tsk.html, iOS mobile apps – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-ios-wrap-app-tsk.html.

MDX Vault
The MDX Vault technology essential provides a logical safe and secure sandboxed container within an iOS, Android platform on a device.

MDX InterApp
The MDX InterApp technology essential allows or denies other public delivered mobile apps (iTunes, Google Play) on a device access to communicate with a MDX digitally signed mobile only if allowed e.g communication for the signed MDX mobile app is set to unrestricted. How if the MDX mobile
app delivered from the XenMobile AppController is set to restricted the SysAdmin or MobilityAdmin would need to specific what mobile apps the MDX mobile app is able to communicate and share information with on the mobile device.

MDX Access
The MDX Access technology essential provides safe, secure access to internal intranet resources within your trusted network from any where in the world connected via optionally 3G, 4G & Edge mobile or wired/wireless public and untrusted networks. The technology requires a Citrix NetScaler Gateway if want to know how it works check out – http://www.citrix.com/products/netscaler-gateway/how-it-works.html. You can easily deploy a NetScaler Gateway solution utilising release 10.1+ which includes wizards – http://blogs.citrix.com/2013/07/03/citrix-netscaler-gateway-10-1-118-7-quick-configuration-wizard/.

XenMobile FIPS 140 Compliance
http://support.citrix.com/proddocs/topic/apppreptool/nl/ru/clg-appwrap-fips-con.html?locale=en

StoreFront 1.2

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 1.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT SERVICES- SFS
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER ACCESS GATEWAY – nsag
NETSCALER GATEWAY – nsg

Certificates
1: What type of certificate do you require for your SFS deployment depends upon weather the server is (a) internal only (b) deployed in-line with the AppController internally (c) deployed in the DMZ (d) deployed in-line with the AppController fronted by a nsg.
2:Another important consideration re what certificate to use includes weather you have an Enterprise CA with in your organisation to sign your CSRs or do you use self-signed certificates or do you generate and publicly sign your certificates (standalone or wildcard) externally?

What is StoreFront 1.2
StoreFront is replacing Web Interface 2015 ref Bitly link to Citrix EOL web page indicating WIF EoL. Why? StoreFront is the next generation platform which provides a great and seamless user experience across any type device supporting Citrix Receiver. StoreFront aggregates Windows & Mobile Apps, Desktop, Web-links, SaaS and can with a single click can propagate configurations changes between all the StoreFront servers within your environment.

Troubleshooting Tips
1: Generate and complete your CSR within IIS and bound the certificate to HTTPS on the intended sfs prior to installing StoreFront.
2: Where possible use your organisations Enterprise CA to sign your CSR’s over self-assigned SSL certificates generated in IIS.

ShareFile Storage Center 1.1

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setting up Citrix ShareFile Storage Center (On-Prem StorageZone, StorageZone Connector) by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
SHAREFILE – sf
STORAGEZONE – sz
STORAGEZONECONNECTOR – szc
FULLY QUALIFIED DOMAIN NAME – fqdn
ON-PREMISE – on-prem

Certificates
1: You’ll need a publicly signed SSL certificate DO NOT use an Enterprise CA as the ShareFile storage center server connects externally to the ShareFile control plane via HTTPS and ShareFile checks to ensure that your SSL certificate is publiclly signed otherwise communicates between the Control Plane and SZ will fail.
2: Remember the higher the certificate encryption strength means you may need to consider adjusting the computing power resources applied to the VM hosted and delivering the ShareFile On-Prem service.

ShareFile Storage Center 1.1
1: Ensure that you have a ShareFile Enterprise account with StorageZones enabled.
2: You need to create and test your external FQDN records and open up port 443 in/out over TCP for your FQDN e.g sharefile.yourcompany.co.uk and once you’ve installed the IIS role + ASP.NET + .NET Framework 4.0 and bound the publicly SSL cert to your Windows Server 2008 R2 you should be able to navigate to the FQDN on HTTPS and see the default IIS landing page . NOTE: The SSL cert should match the FQDN otherwise your receive mismatch errors.
3: Navigate to http://www.sharefile.com with your super-admin credentials once your logged in select the “Admin” tab and select the “” option from the menu on the right hand-side and create a sub-domain. ShareFile offers a maximum of 3 per organisation.
4: Install the ShareFile storage center 1.1 software and follow the on-screen instructions.
5: Open up IIS Manager under the server’s ISAPI and CGI Restrictions, set the ASP.NET 4.0 Restrictionsh value to Allow.
6: Provision a CIFS share either locally on the ShareFile storage center on the C drive or attach another drive e.g and apply the appropriate permissions or ensure access over the necessary VLAN’s+ports to your organisations CIFS share on a NAS or SAN.
7: Launch the configuration page on the server locally and sign in with the ShareFile super-admin credentials now follow the on-screen instructions to complete the ShareFile storage center configuration.

Users
1: You can manually create users in control plane or upload a *.csv file to provision users
2: Download the ShareFile UMT Bit.ly link to http://www.sharefile.com and follow the on-screen installation instructions.
3: You can provide users with SAML based access via ADFS 2.0 for the Citrix XenMobile AppController Bit.ly link to http://axendatacentre.com/blog/?p=7

Troubleshooting Tips
1: The control plane www.sharefile.com will NOT accept SSL certificates that ARE NOT signed by a public CA installed on the Storage Center server offering up your On-Prem SZ to the Control Plane.