Category Archives: Remote Access

Deploying a PoC with the Citrix Workspace Cloud (CWC) Apps & Desktop Service now Citrix Cloud XenApp and XenDesktop Service (Draft)

The following content is a brief and unofficial prerequisites guide to setup, configure and test delivering virtual apps and desktops powered by Citrix Workspace Cloud (CWC) – App’s & Desktop Service with a AWS EC2 resource location prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
AMAZON WEB SERVICES – aws
SECURITY GROUPS – sg
ELASTIC COMPUTE CLOUD – ec2
HYBRID CLOUD PROVISIONING – hcp
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
INDEPENDENT COMPUTING ARCHITECTURE – ica
CITRIX WORKSPACE CLOUD CONNECTOR – cwc connector/agent
EXPERIENCE 1st – x1
VIRTUAL DESKTOP – vd
VIRTUAL APPS – va
INFRASTRUCTURE AS A SERVICE – iaas
CITRIX WORKSPACE CLOUD – cwc
CITRIX LIFECYCLE MANAGE

Video Citrix Workspace Cloud: How It Works

PoC Introduction & Overview (This is a Public Draft Blog Article & May Contain Some Errors)
In this particular instance I will be deploying a Citrix Workspace Cloud (CWC) PoC using the Apps & Desktop service which is Citrix online service and is essentially made up of five compoments in my personal view these are people (Users, Consultants & SysAdmins), the Control Plane which is hosted by Citrix and is high available and accessible at – https://workspace.cloud.com/, Resource Locations which could be private, public (IaaS) or hybrid clouds which host and run your actual CItrix workloads e.g servers or desktops OSes with the VDA’s installed and optionally StoreFront and or NetScaler Unified Gateway, Receiver for access to your published virtual apps & desktops and finally the CWC connector which makes everything just work safe & securely.

Please note that I will update this blog post with a how-to re deploying NS for remote access from AWS EC2.

Datasheet for Citrix Workspace Cloud
https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/explore-workspace-cloud-take-a-test-drive-or-trial.pdf

What you need
For this PoC I may refer to AWS and XenServer concepts as my home lab is deployed in a Hybrid Cloud model e.g some of my Citrix workloads are in hosted in AWS EC2 (N.Virgina) while others are running on a XenServer 6.5 SP1+ host at my house in London. You don’t have to use AWS like I am for your PoC you could use any IaaS provider e.g Azure, Rackspace, Peer1 or even on-prem with your own host(s) running XenServer, Hyper-V and of course vSphere :-).

1 – CWC trial account entitling you to the CWC Apps & Desktop Service and Identity & Access Management e.g for adding users from your domain and to download the CWC Connector.
2 – Your resource location of choice mine is AWS from here on in through-out this blog article.
3 – 1x Windows Server 2012 R2 I’ll call this VM WDC01 running AD, DNS at a minimum and the Citrix Receiver (http://receiver.citrix.com), CWC Connector downloaded on the desktop (explained later).
4 – 1x Windows Server 2012 R2 domain joined and I’ll call this VM CXA01 with the latest XA 7.8+ Server VDA (https://www.citrix.com/downloads.html which requires a valid Citrix.com customer/partner account with access details ) downloaded.
5 – AWS security groups (on-prem f/w ACL) to allow outbound traffic on TCP 443 (HTTPS) to the Internet, allow HTTPS/ICA/HDX/RDS traffic including HDX RealTime ports for audio and video between all VM’s within your chosen network.
6 – Some suggested test application examples could be Microsoft’s Office 2016 or OpenOffice, Notepad ++, The Gimp, Autodesk Viewer. WaRnInG!!! Disclaimer – Please refer to the ISV’s EULA for terms of usage prior to downloading, installing, configuring and publishing virtual apps to test and play with!.
7 – *Create friendly DNS entries to be used later for WDC01 e.g DNS entry of cwccontroller.axendatacentre.com or your could stick with host name.domainname format it’s your choice. Note: Be sure to setup and configure not just fwd. but also reverse DNS within resolution/look-up!

Setting up your Resource Location
1 – Login as the Domain Admin on WDC01 and navigate to https://workspace.cloud.com and sign in with your trial access details provided by Citrix.
2 – Select from the list on the very TOP left-hand corner Identity & Access Management next click the plus/+ sign and follow the onscreen prompts to download the CWC Connector/agent.
3 – Before installing the CWC Connector/Agent please be sure to read the following documenation – http://docs.citrix.com/en-us/workspace-cloud/workspace-cloud/what-is-a-workspace-cloud-connector-/workspace-cloud-connector-technical-details.html. Once downloaded double click on the CWC Connector/agent and when prompted enter in your CWC trial access details and the installation will complete successfully if the access details provided are correct and if 443 HTTPS is enable outbound to the Internet from WDC01 to https://workspace.cloud.com.
4 – Take a short 1-3 min comfort break then refresh your web page for https://workspace.cloud.com and navigate back to Identity & Access Management and you should see your domain appear within the list, then you may proceed. If you don’t check your firewall ACL’s locally on the Windows server or virtual f/w at the edge of your VPC network and also check your AWS Security Groups are setup correctly to allow in/outbound access on HTTPS/443.

Note: If you turn off WDC01 you’ll receive and error at this page and manage & monitor tabs within the Apps & Desktop Service are NOT accessible until access is restored! Likewise if you only have 1x CWC Connector/agent then you may see an amber warning under domain within Identity & Access Management as you only have 1x CWC Connector/agent and it suggested even for a PoC to install 2x instead of 1x.

5 – Login as a Domain Admin on CXA01 and mount the XA 7.8+ VDA media by right clicking and left clicking on Mount then navigate to Windows Explorer and double click on D drive that has recently mounted with the XA 7.8 installation media and then proceed to select to install the Server VDA from the splash screen or if your downloaded the Server VDA *.exe (suggested & recommended) from Citrix.com then double click to install the VDA. In each case you’ll require 2x reboots as per normal like on-prem installations however now on CXA01 there is one exception at the controller step type in cwccontroller.axendatacente.com* or the hostname.domainname for WDC01 (Point to the CWC Connector/agent that you previously installed) and then continue with installation and once the installation is completed on CXA01, then verify that the VDA has registered and is communicating with WDC01 e.g cwccontroller.axendatacentre.com by reviewing CWC service or the event logs within Computer Management. Tip: Install to enabling remote connections initially to get your head around how the CWC Apps & Desktop Service actually works.
6 – You’ve now successfully completed setting up your XenApp worker for your chosen resource location in my case it’s an AWS EC2 located out of N.Virginia. If your curious about the CWC connector there is a tech overview avaiable at – http://docs.citrix.com/en-us/workspace-cloud/workspace-cloud/what-is-a-workspace-cloud-connector-/workspace-cloud-connector-technical-details.html be sure to review it.
7 – Now we need to continue with creating a machine catalog, delivery group in the hosted Studio and obviously publishing your virtual apps & desktop (server based).

Create a Machine Catalogue and Delivery Groups to publish Virtual apps & desktops
1 – Now go back to the homepage at https://workspace.cloud.com and to the right of the Apps & Desktop Service click “Manage” to launch the management interface which provides you with an Overview page (Scroll to the bottom to find out your cloud hosted StoreFront address. Tip: If you get an red bar with an error message check that your CWC Connector/agent at your resource location is up and available and showing as green for your domain at the Identity & Access Management tab!.
2 – Scroll to bottom of the overview web page to find out exactly what your cloud hosted StoreFront addr is. It should follow the following format https://{TENANT NAME}.xendesktop.net/Citrix/StoreWeb/. Right click on it to open a new tab and to remain at https://apps.cloud.com/. You should be able to login using your test AD security group. Tip: You won’t see any published virtual apps or desktops currently as you have not created a machine catalogue or delivery group.
3 – Go back to the Manage Apps & Desktops Service web page and click Manage or Monitor this will embed a custom, hardened published app version of Studio or Director using the HTML5 Receiver so please ensure that you are utilising an HTML5 compliant internet browser that supports the HTML5 Receiver.
4 – Assuming you’ve clicked on Manage firstly navigate to Hosting Connections create a connection to your chosen resource location either on-prem or cloud (Private or Public) details for setting up hosting connections are available at – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/manage-deployment/connections.html. Once setup wait 1-2 min before proceeding you don’t have to by the way! I do.
5 – Click Machine Catalogue and create as per normal for detailed on how-to please refer to – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/machine-catalogs-create.html. Tip: I’d suggest as its your first time using the CWC Apps and Desktop service create your machine catalogue with a single VM with the VDA installed to allow remote connections as described earlier to allow you to get around how the CWC Apps and Desktops Service actually works. You don’t have to either it’s your choice.
6 – Click Delivery Groups and create as per normal aswell and please refer to – http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-8/install-configure/delivery-groups-create.html for guidance delivering virtual apps (Skype for Business 2015 also implment the HDX Optimisation Pack 2.0 check out – https://www.citrix.com/blogs/2016/01/12/citrix-and-microsoft-unveil-v2-solution-for-skype-for-business/ for more information) & desktops (Windows Server 2012 R2). TIP: The name you provide your Delivery Group filters through to the Workspaces at – https://workspace.cloud.com/workspaces and becomes the default name of your published virtual & desktops services that you will assign to your subscribers (users) workspace.
7 – You’ve now successfully setup a Machine Catalog and Delivery Group using the CWC Apps & Desktop Service to published a virtual apps & desktop, however prior to accessing your virtual apps & desktops you’ll need to create a Workspace and add subscribers (users) including which published resources your subscribers (users) are able to access otherwise they wont be able to login nor access any published resources.

You should have the Server VDA and CWC Connector now installed see the below example image below.

Create a Workspace to Delivery published virtual apps & desktops
1 – A workspace consists of a collection of services from CWC e.g Secure Documents (ShareFile), Apps & Desktop Service (XenApp/XenDesktop) and so forth that SysAdmins can combine together to form e.g a Pre-Sales workspace that may consist of a virtual apps e.g Skype for Business 2015 that is also offloaded with the HDX Optimisation Pack 2.0 – https://docs.citrix.com/en-us/hdx-optimization/2-0/hdx-realtime-optimization-pack-about.html and a virtual desktop e.g a dedicated Windows 10 or 2012 R2 desktop. A workspace also consists of subscribers (users) who access the workspace which contains published resources created by Citrix SysAdmins. Please ref to http://docs.citrix.com/en-us/workspace-cloud/workspace-cloud/get-started/creating-and-publishing-a-workspace.html which explains how-to create a workspace, define subscribers and published resources.
2 – Once you have created a Workspace and assigned subscribers, resources then users can login at https://{TENANT}.xendesktop.net/Citrix/StoreWeb/ from there resource location and gain access to there virtual apps & desktops.
3 – Managing your newly created Workspace is easy following this useful online document from eDocs – http://docs.citrix.com/en-us/workspace-cloud/workspace-cloud/get-started/manage-a-workspace.html.

Example of my virtual desktop (Server based) delivered by CWC using the XenApp 7.8 VDA. I also use the same theme for my complete XenApp 7.8 deployment in AWS yes I have both deployed and configured 🙂

A first for me
This is the first time I’ve written a blog post (primarily) completed in the air traveling from somewhere between London – England, Oslo – Norway and Stockholm – Sweden.

Disclaimer
This blog article should be considered to be a draft still and therefore may contain errors and I will be updating and adjusting it time permitting and adding in how-to front this CWC Apps & Desktop service deployment in my AWS EC2 resource location with NetScaler Unified Gateway – https://www.youtube.com/watch?v=qT739UoR8d0.

Delivering a Virtual Desktop with the Linux VDA 1.0-1

The following content is a brief and unofficial prerequisites guide to setup, configure and test Linux VDA 1.1 (NOTE: The HDX 3D Pro video is a preview only from the Citrix YouTube channel) with XAD 7.3 FP3+ prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENAPP – xa
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
VIRTUAL DELIVERY AGENT – vda
HIGH DEFINITION EXPERIENCE – hdx
INDEPENDENT COMPUTING ARCHITECTURE – ica
FEATURE PACK – fp
EXPERIENCE 1st – x1
DISTRUBUTIONS – distro’s
VIRTUAL DESKTOP – vd

Preview of HDX 3D Pro with a Linux VDA
Please note that the following YouTUBE video represents a preview only of HDX 3D Pro with the Citrix Linux VDA.

An Introduction & Overview
Citrix released the Linux VDA 1.0 which enables and allows for the safe, secure delivery of Linux based virtual desktops that are controlled by Citrix Studio however VM provisioning and on-going image management is maintained by traditional Linux tools these include but are by no means limited to Puppet or Chef.

Currently only the SuSE Linux and Redhat Enterprise Linux distro’s are supported however numerous Citrix professionals around the global have successfully setup and delivered a Linux VD utilise CentOS following the steps based in the “Installation Guide for Red Hat Enterprise Linux Version 1.1” which is available at – http://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/xenapp-xendesktop-7-6/downloads/Linux%20Virtual%20Desktop%20Installation%20Guide%20for%20Redhat%20Enterprise%20Linux.pdf or for CentOS focused approach check out – https://www.citrix.com/blogs/2015/08/25/installing-the-linux-vda-on-red-hat-or-centos-6/ written by Adrian Taylor – https://www.citrix.com/blogs/author/adriant2/.

As this is my first time writing about Citrix’s Linux support its worth noting and mentioning that Citrix provided a tech preview (TP) ref – https://www.citrix.com/news/announcements/aug-2014/citrix-offers-technology-preview-of-linux-virtual-apps-and-deskt.html prior to the official GA launch of the Linux VDA 1.0 which in my view received very positive feedback and comments in particular from with the UK/Ire Citrix partner community.

What’s New
1. Obviously my fav is “Support for Thinwire Compatible Mode” 🙂
2. The Linux VDA supports dual monitor out-of-the box with maximum resolution of 2560×1600 per monitor and can be configured to support up to 9 monitors.
3. Improved Active Directory and Centrify support*
4. Further extended OS support for Redhat and SuSE Linux enterprise editions. Please read the following for CTX blog article re support issues for other Linux OS disto’s at – https://www.citrix.com/blogs/2015/10/16/supporting-linux-distributions.
5. Linux XDPing which is available at –
http://support.citrix.com/article/CTX202015.
6. Support for Linux Dedicated VDI Desktops which in the initial Linux VDA 1.0 released targeted a hosted shared VD approach as Linux is a multi-user OS.
7: * For a comprehensive overview of all the features in the Linux VDA 1.1 please check out – https://www.citrix.com/blogs/2015/10/23/whats-new-in-linux-virtual-desktop-v1-1/.

Use Case(s)
Its essentially about providing customers with the choice and flexibility to delivery either a VD that is based upon Windows OS with Microsoft Office 20xn, 3rd party apps OR a supported Linux OS with OpenOffice/Libra Office, 3rd party apps.

Pre-requisites & System Requirements for Deploying the Linux VDA 1.1 (Draft + The Basic’s Only)
1: Download one or both Linux VDA’s for there Redhat or SuSE along with the script which is available at the Linux VDA download area – http://www.citrix.com/downloads/xenapp/components/linux-virtual-desktop-11.html.
2: The following Citrix Receivers are currently supported: Windows Receiver version v4.2+, Linux Receiver version v13.0+, Mac OSX Receiver v12+, Android Receiver v3.4+, iOS Receiver 5.9.4+, HTML5 Receiver 1.6 (via Access Gateway).
3:…..

More coming….

Fronting XenMobile 10.x.n with NetScaler 10.5.x.n – 11.x.n

The following content is a brief and unofficial prerequisites guide to setup, configure and test a NetScaler Gateway 10.5.x.n or NetScaler Unified Gateway 11.x.n fronting a XenMobile 10.x.n XMS virtual appliance prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views expressed here are my own and do not necessarily reflect the views of Citrix.

Shortened Names
XENMOBILE – xm
XENMOBILE SERVER – xms
VIRTUAL APPLIANCE – v/a
FEDERAL INFORMATION PROCESSING STANDARDs – fips
NETSCALER GATEWAY – nsg
NETSCALER UNIFIED GATEWAY – nug
VIRTUAL IP ADDRESS – vip
MOBILE APPLICATION MANAGEMENT – mam
MOBILE DEVICE MANAGEMENT -mdm
CERTIFICATE AUTHORITY – ca

Deployment Preparation Overview (DRAFT & MAY CONTAIN ERROR(S))
0. The section also contain the pre-requite, system requirements for each virtual appliance (V/A) for NetScaler and the XenMobile Server (XMS).
1. Review the XenMobile comparability matrix at – http://docs.citrix.com/en-us/xenmobile/10-1/xmob-system-requirements/xmob-10-understand-compatibilitymatrix-con.html to choose the correct NS build vs. XMS build.
2. Download the V/A’s for each at signing in with your Citrix partner access details.
3. You need an SSL certificate a wildcard is recommend for simplicity and this should be using at min a 2048-bit key for your CSR that you submit to your CA. If you are experiencing the following issue enrolment issue Profile Installation Failed “The server certificate for ‘https://’ is invalid“ the please review http://axendatacentre.com/blog/2015/03/29/xenmobile-10-0-poc-considerations/ to help resolve this issue.
4. Generate an APNS certificate following this process at http://docs.citrix.com/en-us/xenmobile/9/xmob-dm-config-requesting-apns-con.html and sign your APNS certificate with Citrix at – https://xenmobiletools.citrix.com/.
5. You need to be aware that the port communication between the different components has changed and also the placement of the XMS V/A in XenMobile 10. A network diagram can be viewed at – http://docs.citrix.com/en-us/xenmobile/10-1/xmob-arch-overview-con.html I would recommended that you please refer to the figure 4. MDM and MAM modes and also figure 5. Cluster deployments.
6. XenMobile 10 today as of writing this blog post requires the following FQDN and IP ADDR reservations to be made available when fronting a XMS V/A with NS appliance either virtual or physical 10.5.x.n and 11.x.n. Please note that for simplicity I will refer to a NetScaler Virtual Appliance V/A from here on in.

a – 1x Public routable FQDN for MDM e.g enroll.axendatacentre.com
b – 1x Public routable static IP addr that resolves to the MDM FQDN
c – 1x Public routable FQDN for MAM e.g apps.axendatacentre.com as Secure/Worx’s apps utilise a mVPN via WorxHome now SecureHub
d – 1x Public routable static IP addr that resolves to the public FQDN MAM
e – 1x DMZ private static IP addr for Gateway for your mVPN traffic
f – 1x DMZ private static IP addr for Load-balancing the MAM traffic
g – 1x DMZ private static IP addr for MDM traffic e.g enrolling and on-going device mgmt.
h – 1x DMZ private static IP addr for the actual XMS V/A

Sample PoC Diagram
* refers to the “.axendatacentre.com” ending the FQDN.

MDM (b) Firewall MDM (a/g) NetScaler Installation FQDN (h) XMS
enroll.*
81.xxx.nnn.100
enroll.*
192.168.2.30
enroll.enroll.axendatacentre.com
MAM (d) MAM (c/e/f)
apps.*
81.xxx.nnn.101
apps.*
192.168.2.31
192.168.2.33

7. NetScaler today as of writing this blog article requires the following IP ADDR reservations for NetScaler to allow you to front Citrix e.g “XenMobile”, ShareFile e.t.c and none-Citrix workloads e.g web services, exchange servers, application servers and much more.

– 1x DMZ private static NetScaler IP addr
– 1x DMZ private static NetScaler Mgmt IP addr for mgmt. of your NS virtual or physical appliance
– 1x DMZ private static Subnet IP addr for the NetScaler to access resources within your TRU network

8. Once you have successfully deployed your XMS use the built-in 30 day licenses for the initial configuration then allocate some eval licenses against the XMS hostname. You can allocate XM 10 licenses by choosing the “MDM/Enterprise 99 User” from – http://store.citrix.com/store/citrix/en_US/pd/productID.306222300/ThemeID.33753000. Once you have licensed the XMS V/A then proceed to successfully deploy the NS V/A and login into the NS V/A mgmt. interface which will be the NS’s mgmt IP addr find the HostID or utilise the following CTX article entitled “How to Allocate NetScaler VPX Licenses” – http://support.citrix.com/article/CTX133147 which will be required to license your NS V/A. Once you have the HostID visiting the Citrix Evaluation Store at – http://store.citrix.com/store/citrix/en_US/cat/ThemeID.33753000/categoryID.63401700 and allocate as an eXaMpLe a 3000 VPX at platinum for 90 days at – http://store.citrix.com/store/citrix/en_US/pd/productID.278306700/ThemeID.33753000 and also allocate a “Universal 99 Concurrent User Connection” from – http://store.citrix.com/store/citrix/en_US/pd/productID.282559700/ThemeID.33753000 once again for 90 days.
9. Reboot both the NS, XMS V/A and validate that they are back up and running and functioning as expected using the CLI and or the Admin WebUI’s of each V/A.

Let’s Deploy XMS fronted by a NS (DRAFT & MAY CONTAIN ERROR(S))
1. Login into NS Admin WebUI and navigate to the licensing tab and validate that you have all green ticks and ensure that you have 99-104 Universal licenses if not please read step 8 above before proceeding.
2. In the bottom left-hand corner click on “XenMobile” and select “XenMobile 10” from the dropdown list on the XenMobile initial wizard welcome page.
3. Under the NetScaler for XenMobile section to the left-hand side select the following “Access through NetScaler Gateway” (MAM e.g Worx’s Apps) and “Load Balance XenMobile Servers” (MDM) and then click on Continue.
4. Enter in the IP addr e and leave the port as 443 and provide a Virtual Server Name then click Continue.
5. Select and existing wildcard card certificate or upload a new wildcard certificate then click Continue.
6. Select and existing LDAP binding or create a new LDAP binding and then click Continue. Example of a Base DN for the domain axendc.co.za with domain users residing with the default Users folder within AD would e.f “Cn=Users,dc=axenc,dc=co,dc=za“.
7. Under Load-Balancing FQDN for MAM enter in a for the FQDN and for the IP addr beneath is enter in IP addr f and then click Continue. Please leave the defaults as is for now BUT please be aware that we will are not be performing any SSL Offloading, split tunnelling.
8. Select the same SSL cert as per step 5 above unless its NOT a wild card certificate in-which case then please upload the SSL cert for the MDM FQDN before proceeding. Click Continue.
9. Click “Add Server” under the XenMobile Servers section and enter in IP addr h and the click Continue. Note: Port for communication is 8443!
10. Click “Load Balance Device Manager/XenMobile Servers“.
11. Enter in the IP addr g and alter or leave the default name of the Virtual Server and click Continue. Note: Communication is HTTPS or SSL_Bridge as we choose not to perform HTTP or SSL Offloading in step 7 above.
12. You’ll notice that your XenMobile Servers IP addr’s are already automatically inserted under the XenMobile Servers section click Continue. Note: The Ports for communication are 443, 8443!
13. Click Done!
14. You have now successfully deployed a single XMS V/A fronted by a NS V/A. Once the wizard has completed you can click Edit under the “NetScaler Gateway” section on the top right-hand side under the Test Connectivity button to back into the wizard and modify the split tunnelling options to meet your organisations needs and or requirements.

XenMobile 10.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile 10.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE – xm
XENMOBILE SERVER – xms
VIRTUAL APPLIANCE – v/a
FEDERAL INFORMATION PROCESSING STANDARDs – fips
NETSCALER GATEWAY – nsg
VIRTUAL IP ADDRESS – vip
MOBILE APPLICATION MANAGEMENT – mam
MOBILE DEVICE MANAGEMENT -mdm

What’s New
1: XenMobile is now a single unified hardened Linux virtual appliance.
2: Complete overhaul of the Web UI which dramatically simplifies policy setup & configuration of MDM + MAM policies and it allows for the management of multiple platforms within a single policy.
3: Built-in V6 Citrix Licensing server provides a 30 day trial/evaluation and also support for remote V6 CTX licensing server.
4: Built-in PostgreSQL database recommended for PoC’s and there’s also support for remote MS SQL database which is recommended for production deployments.
4: XMS V/A includes IPtables which is a Linux firewall – http://en.wikipedia.org/wiki/Iptables.
5: XMS placement is in the DMZ. The V/A is hardened and is FIPS 140-2 compliant and remember you data is actually stored in a MS SQL database unless your utilising PostgreSQL database within the XMS V/A.
6: Traffic flow and ports between NetScaler Gateway and the XenMobile Server (XMS) have changed please refer to eDocs for an architecture overview of the changes at – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-arch-overview-con.html.
7: The Admin Web UI is now on https://XMS-FQDN:4443/. This port is not configured as part of the XenMobile 10 wizard on NetScaler Gateway build 10.5-55.8 which means that you will not be able to access the mgmt. Admin Web UI from the internet it will only be accessible from the DMZ and the TRU network dependant upon your firewall(s) ACL list.
8: New WorxHome build 10.0.3.83 which is also backwards compatible from XenMobile 10.x.n
9: The XenMobile NetScaler Connector (XNC) currently is still a separate Windows Server.
9: You can find our more by watching the following Mobility Master Class: What’s New in XenMobile 10 available from Citrix TV.

Mobility Master Class: What’s New in XenMobile 10

Mobility Master Class: Citrix XenMobile 10 Clustering & MDM Migrations

Deploying XenMobile 10
1: Review the system requirements for XMS at – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-system-requirements.html to understand the supported hypervisors, computing requirements. You should also make sure that you review the latest XM architecture as it has changed between XenMobile 9.0 vs. 10.0 and it can be viewed at – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-arch-overview-con.html. You’ll notice that the traffic between NSG and the XMS V/A has changed however all traffic externally still occurs on there traditional ports (443, 8443, 2195, 2196, 5223).
2: Review and understand the NetScaler Gateway compatible requirements at – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html.
3: Make sure that you print out and fill-in all the pre-requitses for the XMS V/A ref – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-xenmobile-install-checklist.html prior to deploying your XMS V/A on your chosen hypervisor.
4: Once you have uploaded the V/A to the hypervisor and booted it complete the onscreen instructions ref – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-install.html. Once you are finished login into the Admin WebUI replacing the IP Addr with your XMS V/A ip addr from this example https://XMS-IPADDR:4443/ and login with Administrator account your specified during the deployment and NOT admin which is used to access the XMS V/A CLI from your hypervisor only.
5: Once you’ve logged in you’ll need to have the following listed below available to successfully complete the second part of the initial XenMobile 10 deployment. There is also a pre-requites check list available at – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-xenmobile-install-checklist.html.

– Citrix v6 licensing file for either local or remote. Remote is recommended for H/A purposes.*
– Microsoft Active Directory (AD) ip addr or FQDN, base DN, domain, search service account with read-only permissions.
– Certificate in *.p12 or *.pfx format for the SSL_Listener which is used for two way secure HTTPS communication to the XMS V/A.
– APNS certificate.
– Separate MDM and MAM+ FQDN’s correctly setup in DNS with fwd and reserve lookup’s configured and each configured with its own static IP addr for external resolution.
– 3x VIP for configuring XenMobile 10 with NetScaler Gateway 10.5.55.8 +. You can find a compatible NSG V/A version and builds at – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-10-understand-compatibilitymatrix-con.html.
– MS SQL Database server configured to accept traffic and with write/read privileges to create and manage the remote XMS database.
– Mail server configuration which enables and provides workflow email messages, notifications to users e.t.c

6: Follow the onscreen prompts and once completed the web UI deployment wizard then you have successfully deployed a XMS V/A. Please not reboot the XMS V/A so that the existing SSL certificates for HTTPS can be unbound and the newly uploaded SSL cert(s) can be bound to HTTPS.
7: You may now setup a XMS cluster and configure H/A with a NSG and thereafter begin configuring your XenMobile 10.0 environment. See the H/A section for a how-to.
8: Logon to one of the XMS v/a direct IP addr e.g https://XMS:4443/ if in H/A fronted by the NSG as the XenMobile 10 wizard will not configure 4443 which means that you cannot access the mgmt interface via the VIP owned by the NSG. This means that the mgmt interface is not accessible either internally or externally on the FQDN that resolves the VIP owned by the NSG.
9: Scaling XenMobile 10.0 from 1000 up to 100,000 devices – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-scaling-xm.html.

XMS V/A High-Availability (H/A)
1: Prior to understanding how-to setup a XMS H/A or clustering you need to understand that the minimum requirements are for a remote CTX v6 licensing server and MS SQL database as the XMS V/A do not hold any user/cfg information this is all held in the remote database.
2: Once your have setup XMS follow the prompts in the CLI to enable clustering and configure the IPtables firewall ACL and then finally shut it down and clone it.
3: Rename the cloned XMS V/S to your required naming convention and then boot up the cloned XMS V/A login to the CLI and changed the IP addr and ensure that the IPtables firewall ACL ports are correctly enabled then shutdown the V/A.
4: Boot the first XMS V/A and then 60 seconds later boot the cloned XMS V/A and login to the CLI to very the cluster is enabled and then login into the XMS admin WebUI to verify that the cluster is up and functioning as expected. The original XMS V/A will be the oldest in the cluster.
5: You can now proceed to setting up the load-balancing for the XMS V/A’s with NSG to service MDM + MAM requests.

Supported NetScaler Gateway (Builds & Versions) for XM 10
1: 10.5.55.8 MR5; 10.5.54.9 MR4; 10.5.53.9 MR3; 10.1.130 MR & 10.1.129 MR ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html.

Deploying XM 10 with NetScaler Gateway 10.5.x.n (Draft)
1: Before beginning its worth mentioning that the way I will be describing how-to deploy XenMobile 10 in this blog article will be to utilise to external static IP addr’s + FQDN’s that are NATed to DMZ IP addr’s and I will utilising SplitDNS for device mgmt. in/outside of my TRU network. I will also be implementing the described XenMobile 10 environment below utilising an SSL Bridge although offloading includes a few more minor steps the intention of this section is aimed at helping you front your XenMobile 10.0 deployment with a NSG 10.5.x.n V/A.
2: Please review the following CTX article entitled “FAQ: XenMobile 10 and NetScaler 10.5 Integration” – http://support.citrix.com/article/CTX200430 which will aid you in been able to setup and configure load-balancing for XMS V/A’s, mVPN for Worx’s apps for XenMobile 10 with NetScaler Gateway 10.5.x.n.
3: You’ll require the following prior to be beginning:

– Correct NetScaler (Gateway) build +_ version the NSG version + build I’ll be discussing here is NetScaler Gateway 10.5.55.8 MR5 but you can check the latest supported version + builds at – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html
– 1x FQDN for MDM e.g. mdm.axendatacentre.com * that resolves to both external internet routable static IP addr and your internal assigned static IP. Please note that this should match exactly the FQDN entered in at the time of the deployment of your XMS V/A during the first phase in the CLI the text your looking for is/was “XenMobile Server FQDN:” and its highlighted in yellow. It is also worth/noting that if you have utilised an internal domain e.g xms.abc.local as the FQDN this will only manage devices internally as that FQDN is not routable on the internet so you’ll only be able to manage devices INSIDE of the trusted network to its recommended to a FQDN that is internet routable and you can utilise SplitDNS to manage traffic requests to the NSG VIP’s for XenMobile.
– 1x FQDN for MAM (Worx’s Apps) e.g. mobileapps.axendatacentre.com * that resolves to both external internet routable static IP addr and your internal assigned static IP
– 2x External routable internet IP addr’s * e.g 8.8.8.8 which most IT Pro’s utilise to ping to check internet connectivity
– 3x Internal IP addr’s owned by the NSG as VIP
|- 1x for MDM
|- 1x for MAM Gateway
|- 1x for Load-balancing IP
– Wildcard certificate for your domain e.g *.domain.com
– If your implementing SSL Offloading (HTTP) of your XenMobile traffic for MAM then you’ll require the devices cert from the XMS V/A which can be downloaded from the XMS Web AdminUI at https://xms:4443/

4: Setup the NetScaler Gateway configuration within the Admin WebUI of the XMS V/A following the process outlined at – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-netscaler-gateway.html its fairly straight forward and simple.
5: Login into the NSG Admin WebUI interface and click the XenMobile Wizard in the bottom left-hand corner and then you’ll be prompted to setup either XenMobile 9.0 or XenMobile 10.0 please selected XenMobile 10.0 and click “Get Started” to continue.
6: Ensure that “Access through NetScaler Gateway” which is for MAM, “Load Balance XenMobile Servers” which is for MAM are checked they should be by default, however you know have the opportunity to deselect either if one depending upon your deployment scenario/use case and obviously your acquired license. The current XenMobile 10 datasheet is available at –
https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf.
7: Enter in your first VIP for the MAM Gateway then port should be 443 and provide a suitable name.
8: Select your previously uploaded SSL certificate (I am utilising a wildcard cert for my domain *.axendatacentre.com) or upload your SSL cert.
9: Create your (s)LDAP binding you will need to provide the following:

– LDAP IP addr
– LDAP Port default is 389
– Base DN e.g Cn=Users,dc=axendatacentre,dc=com
– Service account username & password
– Timeout default is 3 seconds
– Server Login sAMAccountName or UserPrincipalName (SuGgEsTeD)

10: Now enter in your MDM FQDN and then the Load-balancing IP addr beneath and accept the default port of 8443. You can now also choose to select HTTPS (SSL Bridge) vs. HTTP (SSL Offload) and you can choose your DNS mode including split tunnelling.
11: Select your previously uploaded SSL certificate (I am utilising a wildcard cert for my domain *.axendatacentre.com) or upload your SSL cert.
12: Enter in your MDM VIP and you’ll notice the default ports are 443, 8443 for communication to the XMS V/A(s). You’ll notice that you cannot change the SSL traffic configuration as I specified to not to perform any SSL offloading in set 10 above or its under section “Load Balancing IP address for MAM” within the NSG XenMobile 10 wizard.
13: Next add in the XMS ip addr’s of each V/A in your XMS cluster and provide an appropriate name and ports are automated defaulted to 443, 8443.
14: Click continue to finish and then click done and you have now setup and configured all your traffic for XenMobile to route through your NSG V/A and we are performing SSL Bridging in the above scenario.

Worx Features by Platform
1:The following eDocs web page lists the features by Worx app which includes WorxHome, WorxMail, WorxWeb, WorxEdit, WorxNotes, WorxTasks & WorxDesktop ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-worx-feature-platform-matrix.html.
2: Be sure to also checkout the known issues list at – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-worx-knownissues-con.html and it is also worth noting that as of writing this blogging entry WorxTask’s is in Tech Preview (TP) ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-worx-tasks.html.

Twitter
You should follow the XenMobile team on twitter at – https://twitter.com/xenmobile for the very latest on Worx’s apps, updates, upgrades and so much more.

Security
1: The XenMobile security web page is available at – http://www.citrix.com/products/xenmobile/tech-info/mobile-security.html.
2: The XenMobile Security whitepaper is available at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf and I would strongly advise that you read/review it to get a better understanding of how XenMobile can help and assist any organisations EMM (Mobility) requirements.
3: The Mobile Application Management with XenMobile and the Worx App SDK –
https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/mobile-containers-with-citrix-mdx.pdf, this is well worth reading.

XenApp 7.6 XenDesktop 7.6 including Feature Pack (FP) 1

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 7.6, XernDesktop 7.6 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENAPP – xa
XENDESKTOP – xd
VIRTUAL DELIVERY AGENT – vda
LIGHT WEIGHT DIRECTORY PROTOCOL – ldap
ACTIVE DIRECTORY – ad
CERTIFICATE SIGNING REQUEST – csr
CONNECTION LEASING – cl
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns
DYNAMIC HOST CONFIGURATION PROTOCOL – dhcp
FEATURE PACK – fp

What’s New now with Feature Pack 1 (FP1)
0: If you are new to XenDesktop 7.x, XenApp & XenDesktop 7.5, 7.6 then I would suggest that you begin by reading and reviewing the Technical Overview of XAD 7.6 – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-architecture-article.html and follow on by understanding the System Requirements for XAD 7.6 at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-system-requirements-76.html.
1: XenApp – http://www.citrix.com/products/xenapp/whats-new.html.

2: XenDesktop – http://www.citrix.com/products/xendesktop/whats-new.html. 3: How to setup and configure session pre-launch and lingers for XAD 7.6 – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-dg-manage-sessions.html#xad-dg-manage-sessions__prelaunch-linger including a video from Citrix TV is embedded below. 4: Connection Leasing (Previously or rather similar to Local Host Cache (LHC) under XenApp 6.x and downwards) provides the ability to allow end-users within your organisation the ability to continue to access Citrix published desktops, applications even if your MS SQL highly available database is offline using the new feature in XAD 7.6. Please note that you should always still have a H/A SQL database environment in-place and connection leasing does require the 7.6 VDA. For more information please read and review – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-connection-leasing.html#xad-connection-leasing. 5: How-to perform a XenApp 6.5 migration – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-xamigrate.html#xad-xamigrate and the general eDocs node that covers off migrations from previous versions of XenApp 6.x and XenDesktop 4.x, 5.x are covered at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-upgrade-existing-environment.html. 6: Overview & Understanding High Definition eXperience (HDX) under XAD 7.6 including Flash and USB/Drive redirection, GPU Sharing and Network traffic priorities – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx-landing.html. 7: For a complete and full list of what’s new in XenApp 7.6 and XenDesktop 7.6 take a look at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-whats-new.html. 8: What’s new in the XAD 7.6 FP1? Check out http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-whats-new-7-6fp1.html for a list of the full details. I’ve provided summary below of what it includes: – Session Recording which/was formerly Smart Auditor. – Updated Citrix Licensing. – Updated Director which includes enable/disable session recording for the detail check out http://support.citrix.com/article/CTX142260. – HDX Real-Time Optimization Pack 1.7 for Microsoft Lync 2013 the details here at – http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-17/lync-realtime-optimization-pack-17.html. Detailed How-to Upgrade to Citrix Receiver 4.2.x.n 1: Learn what is required in order to perform an upgrade of your existing Citrix Receiver 3.4 implementation to to 4.2.100 by download this handy and useful PDF best practises guide at – http://docs.citrix.com/content/dam/en-us/receiver/windows/4-2/downloads/Receiver_for_Windows_4.2_Upgrade_Best_Practice_Guide.pdf. 2: It is also worth mentioning that the current new Citrix Receiver for Windows 4.2.x.n now supports TLS 1.1, 1.2, Start menu integration & shortcut management, USB 3.0 and so much more please check out – http://support.citrix.com/proddocs/topic/receiver-windows-42/receiver-windows-42-about.html#receiver-windows-42-about for more information so upgrading does and will provide numerous useful benefits for CTX SysAdmins and there end-users. Upgrading & Migration
1: XenApp 7.5 Migration Guide – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-75-migration-guide.pdf.
2: Upgrading & Migration Microsite for XenApp 6.x to XenApp 7.5 – http://www.citrix.com/products/xenapp/tech-info/upgrade.html.
3: Introduction to XenApp 7.6 Upgrade Planning recorded GoToWebcast from 07/102014 available at – https://citrix.webcasts.com/viewer/event.jsp?ei=1040823. If you would any overview please read the orginal events web page at – http://www.citrix.com/events/introduction-to-xenapp-76-upgrade-planning.html. Citrix Education
1: CXA-104 Citrix XenApp 7.6: Overview – – http://training.citrix.com/mod/ctxcatalog/course.php?id=925. 2: CXA-105 Getting Started with Citrix XenApp and XenDesktop 7.6 – http://training.citrix.com/mod/ctxcatalog/course.php?id=973 3: CXA-208 Moving to XenApp 7.6 – http://training.citrix.com/mod/ctxcatalog/course.php?id=1096. 4: CXD-105 Citrix XenApp and XenDesktop Help Desk Support – http://training.citrix.com/mod/ctxcatalog/course.php?id=1011. GUI Installation & Overview for XenApp 7.6, XenDesktop 7.6
1: XenApp 7.6 Reviewers Guide provides a simple installation overview which can be downloaded at https://www.citrix.com/content/dam/citrix/en_us/documents/oth/xenapp-reviewers-guide.pdf and the XenDesktop 7.6 equivalent can be found at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xendesktop-reviewers-guide.pdf. Unattended Installation of XAD 7.6 Infrastructure Components & The VDA
1: The installation executable is located at x64\XenDesktop Setup\XenDesktopServerSetup.exe within the installation media path. The below is an example and simply replace x with mounted ISO, CD/DVD drive letter or the UNC path to the XAD7.5-6 installation media. If you do not include the /xenapp switch it will automatically install XenDesktop.

x:\x64\XenDesktop Setup\XenDesktopServerSetup.exe /xenapp /components controller,desktopstudio /configure_firewall

2: Sample installation code to insert into a batch script from Citrix eDocs that will install the VDA on Desktop OS as a master image and it will include Citrix Receiver.


x:\x64\XenDesktop Setup\XenDesktopVdaSetup.exe /quiet /components
vda,plugins /controllers “Contr-Main.mydomain.local” /enable_hdx_ports /optimize
/masterimage /baseimage /enable_remote_assistance

If you are looking for how-to install the VDA for groups of machines in AD the please checkout this eDocs node the batch script that will allow you to install/configure or even remove the VDA – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-install-vda-adscript.html.
3: For more detailed information check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-install-command.html.

High-Definition user eXperience (HDX) 1: So what is HDX? That’s a very good question an introduction whitepaper to your questions can be found at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-hdx-technologies.pdf. 2: Now that you’ve read through the whitepaper you will want to begin configuring and testing some of the HDX policies in Studio to test out HDX capabilities. Start with reading through the HDX eDocs node at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx-landing.html. If your more interested in HDX 3D Pro which leverages GPU cards installed on workstations, servers within the data centre then I would suggest to start by reviewing – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx3dpro-intro.html. For a visual aid surrounding of how GPU technologies with work XenApp & XenDesktop take a look at how GPU pass-through works at – http://www.nvidia.com/object/xenapp.html for with XenApp and for a vGPU works for XenDesktop check out – http://www.nvidia.com/object/virtual-gpus.html. 3: High Definition User Experience template policy in Studio explained and feedback requested – http://blogs.citrix.com/2014/11/13/citrix-studio-templates-help-needed-out-of-the-box-configuration-for-xendesktop-and-xenapp/. Citrix Unveils New Version of Market Leading Third-Generation Unified Platform for Application and Desktop Virtualization
http://www.citrix.com/news/announcements/aug-2014/citrix-unveils-new-version-of-market-leading-third-generation-un.html Citrix Offers Technology Preview of Linux Virtual Apps and Desktops Delivered from XenApp and XenDesktop

http://www.citrix.com/news/announcements/aug-2014/citrix-offers-technology-preview-of-linux-virtual-apps-and-deskt.html Deploying Unified Communications (UC) Lync 2010/2013 1: Lync Feature Matrix is available at – http://support.citrix.com/article/CTX200279 which is very useful for understanding what is and what isn’t supported and whether you need to deploy either the HDX Optimisation Pack of the Microsoft VDI Plug-in. 2: Delivery options for deploying Microsoft Lync for XenApp 7.6 or XenDesktop 7.6 explained in detail at – http://blogs.citrix.com/2014/10/23/delivering-lync-from-xenapp-and-xendesktop/. I’ve summarised your options below: – Generic HDX Realtime * Pure ICA/HDX between two end-points and the infrastructure. – HDX RealTime Optimization Pack for Lync® * Optimised softphone with offloading of the media engine by Citrix Note: 1.6 is for Lync 2010 and 1.7 is for Lync 2013 check out 1.7 – http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-17/hdx-realtime-optimization-pack-about-17.html which is compatible with Lync Server 2013, Lync Server 2010, and Lync Online (Office 365). – Microsoft® Lync® VDI Plug-in * Optimised softphone with offloading of the media engine by Microsoft check out the CTX article for a how-to at – http://support.citrix.com/article/CTX138408. – Local App Access utilises a * XAD policy applied to users to utilise the locally installed Lync app over published Lync app from XenApp. If you want to under more about how-to enable this XAD feature please review – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-laa-intro.html. * Please refer to eDocs or CTX200279 3: UC with XenApp and XenDesktop Solutions Brief – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/unified-communications-with-xendesktop-solutions-overview.pdf.

XenMobile AppController 9.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns

New & Existing XenMobile AppController (XAC) Admin & User Consoles
1: The NEWEST console is a troubleshooting one which is accessible at https://XAC-FQDN:4443/ControlPoint/support which allows troubleshooting of NetScaler Gateway, XenMobile Device Manager
2: Control Point Admin console – https://XAC-FQDN:4443/ControlPoint/
3: Hidden Admin console – https://XAC-FQDN:4443/admin.
4: Receiver for Web (RfW) provides user access to SaaS, Web-links – https://XAC-FQDN:4443/Citrix/StoreWeb/ natively. You can integrate XAC with StoreFront to enumerate published Windows apps, Sever and Desktop VDI’s from XenApp, XenDesktop 7.x.

What’s New
0: XenMobile Security PDF document – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf and XenMobile security microsite is also available at – http://www.citrix.com/products/xenmobile/tech-info/mobile-security.html.
1: Support for Windows Phone 8.1 MDX Policy’s for WorxMail and WorxWeb only – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-worx-about-wrapper.html. You can learn how to wrap Worx apps for Windows Phone 8.1 using this useful CTX article entitled “FAQ: Windows Phone 8.1 and XenMobile 9” – http://support.citrix.com/article/CTX200105 and also watching the following video below from Citrix TV.

2: New troubleshooting and support console that can download logs, perform connectivity tests and upload logs to http://taas.citrix.com. The console is available at – https://XAC-FQDN:4443/ControlPoint/support once you have successful authenticated at https://XAC-FQDN:4443/ControlPoint/. You will need to know the admin access details for NSG, XAC and XDM in order to effectively use this console.

3: Wrapping iOS Worx Apps Video.

4: Wrapping Andriod Worx Apps including covering off how-to sign multiple *.APK files using a BASH script. Refer to the XenMobile 9.0 MDX Toolkit Documentation
– http://support.citrix.com/article/CTX140458 for more information once you have watched this video.

5: XenMobile 9.0 MDX Toolkit Documentation – http://support.citrix.com/article/CTX140458

Installing & Deploying XAC 9.0
1: Review and understand the systems & networking pre-requites of the XAC virtual appliance at – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-sysreqs-wrapper-con.html and http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-prepare-xenmobile-checklist-con.html.
2: Deploy the XAC virtual appliance on your chosen hypervisor and boot it and follow the onscreen instructions to apply the IP addr, DNS e.t.c and reboot upon completion connect to the Web Admin UI to compete the initialisation wizard thereafter you can begin to setup and configure your XAC virtual appliance and upload your MDX signed Worx apps and configure the MDX policies as required per app per supported platform. Don’t forget to generate and sign a CSR for the XAC and optionally sign it with your Enterprise CA (PoC/Demo environments) or a Public CA (PROD environments) and apply your own SSL certificate(s) to the XAC refer to – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-deploy-appc-cert-install-con.html or for a video demonstration watch – http://www.citrix.com/tv/#videos/9501.
3: Configuring MDX policies for Windows Phone 8.1 – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-wp81.html, iOS – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-andr-con-1.html. Finally checkout how-to configure encryption policies – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-encryption-con.html.
5: Once you have setup and configured your XAC appliance you can setup high-availability – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-ha-wrapper-con.html.
6: If you are looking for the XenMobile Reference Architecture please refer to http://support.citrix.com/article/CTX140433.

XenMobile Enterprise 9.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE ENTERPRISE – xme
XENMOBILE CLOUD – xc
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE APPCONTROLLER – xac
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns
PUBLIC KEY INFRASTRUCTURE – pki

XenMobile Security
1: Citrix have published a Whitepaper in PDF format covering the security within XenMobile which can be downloaded directly at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf there is also a new security web page within the XenMobile microsite on Citrix.com at – http://www.citrix.com/products/xenmobile/tech-info/mobile-security.html.
2: Security harden your XDM implementation leveraging Microsoft’s leading best practises I have listed below are a few (starter) useful resources. I always believe that you should challenge the way you are manage your infrastructure periodically from the services, ports, packages running on servers to the ACL at the edge of your network to ensure that you are using the latest leading best practises for monitoring, managing and supporting your environment(s) end-2-end and often this will require input from a Server, DBA SysAdmin & network engineer.

Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/gg236605.aspx
http://technet.microsoft.com/en-us/library/dd548350(v=ws.10).aspx

Windows Server 2012
http://technet.microsoft.com/en-us/library/jj898542.aspx
http://technet.microsoft.com/en-us/library/hh831360.aspx.

What’s New & Fixed
1: Support for Windows Phone 8.1 MDM API’s which include but not limited to software inventory, disabling of the camera, encryption e.t.c and for a complete list checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-config-win-81.html.
2: New MDX policies for Windows Phone 8.1 e.g Document exchange (Open In), App restrictions, iOS e.g AirDrop, Social media integration and others.

For a full list of MDX policies for iOS checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-andr-con-1.html and for Windows Phone 8.1 checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-wp81.html.

3: Cloud enabled Enterprise Mobility Management (EMM) powered by with XenMobile Cloud – http://www.citrix.com/products/xenmobile/tech-info/cloud.html.

4: New RBAC options within XDM to optionally ring or disown devices.
5: IPv6 licensing is now supported for XDM 9.0 check out – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-deploy-xenmobile-licenses-con.html in addition checkout this Citrix Blog article for a set by step how-to – http://blogs.citrix.com/2014/07/02/install-license-server-for-xenmobile-device-manager-in-xenmobile-9-0/.
6: XDM clustering for multiple geographic sites so that the device management service is resilient to outages at individual sites – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-ha-wrapper-con.html.
7: FIPS Compliance – http://support.citrix.com/proddocs/topic/xenmobile-90/clg-appwrap-fips-con.html
8: Secret Vault for iOS and Android- http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-secret-vault-ios-andr.html.
9: Penetration tested by Veracode and Gotham who are specialists in digital science and research.
10: Full a complete and full list of Whats new in XenMobile 9.0 please take a look at – http://support.citrix.com/proddocs/topic/xenmobile/xmob-understand-whats-new.html.
11: XenMobile 9.0 – Issues Fixed in This Release – http://support.citrix.com/article/CTX140926.
12: Always check in with the XenMobile data sheet for the most up to date and accurate features and details for XenMobile vs. editions at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf?accessmode=direct.

Citrix Support Forums for XenMobile 9.0
You can access the latest online Citrix Discussions focused on XenMobile 9 at – discussions.citrix.com/forum/1487-xenmobile-9x/ and previous discussions can be found at – discussions.citrix.com/forum/302-xenmobile/, including ZenPrise 7.x.

Wrapping & Deploying Worx Mobile Apps for Windows Phone 8.1
1: This CTX article provides a lot of detailed pre-requites & FAQ – http://support.citrix.com/article/CTX200105.
2: http://blogs.citrix.com/2014/07/11/deploying-worx-home-and-worx-apps-to-windows-phone-8-1-with-xenmobile/.

Xenmobile 9 Basic Upgrade Video Demonstration

XME Supported Mobile OS/Hardware Platforms
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-device-platforms.html

XenMobile 9.0 MDM Policies by OS Platform
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-device-platform-matrix.html

XenMobile 9.0 Compatibility Matrix
Currently the following NetScaler (Gateway) builds are supported for XenMobile 8.6 and 8.7 is 10.1.124.1308.e and for XenMobile 9.0 the following are supported 10.1.126.1203.e, 10.1.124.1308.e and 10.5 reference – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-compatibilitymatrix-con.html.

Worx features by Platform
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-worx-feature-platform-matrix-con.html

XenMobile Public Key Infrastructure (PKI) Integration
Prior to implementing with XME I would suggest that you review and read through the PKI section in eDocs for XenMobile Enterprise 9.0 at – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-security-pki-overview-con.html so that you are aware and familiar with the supported PKI capabilities supported by XenMobile 9.0. The below embedded videos are from Citrix TV and covering the Symantec PKI integration for XenMobile 9.0.


http://www.citrix.com/tv/#videos/10866XenMobile Symantec PKI Integration Part1


http://www.citrix.com/tv/#videos/10867XenMobile Symantec PKI Integration Part2

Deploying & Hardening XenMobile 9.0
1: Here is a really good blog article to help you understand XenMobile Bandwith requirements and considerations – http://blogs.citrix.com/2014/07/10/xenmobile-bandwidth/ .
2. How-to restrict the XDM admin console from the Internet when using SSL Offloading – http://blogs.citrix.com/2014/07/14/mobility-experts-restrict-xenmobile-device-manager-admin-web-console-access-from-internet-when-deployed-in-ssl-offload-mode/.

StoreFront 2.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.5, 2.5.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
XENDESKTOP – xd
XENAPP – xa
CERTIFICATE SIGNING REQUEST – csr
VDI-IN-A-BOX – viab
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
WEB INTERFACE – wif
NETSCALER GATEWAY – nsg
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns

What’s New
1: StoreFront API for an architecture overview and what capabilities are now available check out – http://blogs.citrix.com/2014/06/19/introducing-storefront-web-api/.
2: Update to the HTML5 Receiver Citrix’s agent free method to connected Web, SaaS, Windows Apps and Desktops (Server & Desktop VDI) checkout – http://support.citrix.com/proddocs/topic/receiver-html5-13a/receiver-html5-13-about.html#receiver-html5-13-about and also take a look at – http://blogs.citrix.com/2014/04/02/zero-install-receiver-for-html5-1-3-gives-enhanced-xenapp-and-xendesktop-experience/.
3: Improved customisation via cfg files to adjust the overall look and feel of Receiver for Web.
4: Folder View for Receiver for Web (RfW) checkout – http://blogs.citrix.com/2014/06/23/receiver-for-web-folder-view/. This does require a download from – https://www.citrix.com/downloads/storefront-web-interface/product-software.html with a valid Citrix.com account.

Installing & Deploying StoreFront
1: Review the System Requirements for StoreFront at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements.html and remember to make a note of the required ports for internal SFS communication & the HTML5 Receiver if your going to deploy it. It is also worth ensuring that you have the correct infrastructure requirements in place e.g version of XenApp, XenDestop e.tc that is supported by StoreFront 2.5 ref – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements-server.html, last but no least ensure your endpoint clients are updated accordingly to the lastest supported Citrix Receiver agent, HTML5 support Web Browser ref – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-system-requirements-client.html.
2: I would recommend that you download and read through the StroreFront Planning Guide available at – http://support.citrix.com/article/CTX136547, which covers off authentication between WiF and StoreFront, single and high-available deployments between two data centres leveraging a NetScaler Gateway which also includes deployment sizing from 500 through to 10000 users, how-to use features such as KEYWORDS:prefer=”application” when configuring SFS and the document contains a lot of useful information. *
3: Next download https://support.citrix.com/article/CTX133185 which will get your through an architectural overview and how-to install and configure SFS with an SSL certificates, NetScaler Gateway & STA for remote access, joining StoreFront servers to form a StoreFront cluster and much more. *
4: Finally howto customise your StoreFront 2.5 implementation end to end – http://blogs.citrix.com/2014/04/04/customizing-receiver-for-web-2-5/ from background re-branding, pre-announcements (pre-login), server side ASPX cfgs, language support and so much more.
5: *This CTX article is based off StoreFront 2.0 however I believe it still contains very useful information and resources.

Enhance The User’s Experience
A simple SRV record entry added to your DNS can make your users experience all that better and easier as all they need to remember essentially is there organisational email addr, password and optionally organisation specific a soft token e.g Symantec VIP or RSA SecureID.

If using the Citrix Receiver agent when logging in with the above access details it will auto configure the Store information for Citrix Receiver and you be able to launch resources delivered from XenApp, XenDesktop, XenMobile AppController and ViaB and if your where connecting using the agent less method i.e the HTML5 Receiver you will be able to the exact same resources launch directly from within any HTML5 web browser.

How do I enable the App tab by default in RfW, add drop down domains at the login web page, displayed user login id/name instead of display name, how do I hide Active, move the Apps and Desktops tab to an alt location and more so checkout – http://blogs.citrix.com/2014/06/20/receiver-for-web-faq/.

Create a StoreFront Cluster
http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-server-group.html & http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-deploy-join.html.

Creating a High-Available & Load Balancing StoreFront Cluster
Firstly take a look at this diagram at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-ha-example.html then follow process documented at – http://support.citrix.com/proddocs/topic/dws-storefront-25/dws-configure-ha-lb.html.

How to Configure XenApp 6.5 and StoreFront 2.0 for Direct HTML5 1.0/1.1 Receiver Connections
http://support.citrix.com/article/CTX139239.

XenMobile AppController 2.10

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.10 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
GoToMeeting – gtm
GoToAssist – gta
CERTIFICATE AUTHORITY – ca

Understanding MDX Technologies
1: Citrix MDX technologies provides and enable IT to wrap enhanced security, traffic around mobile apps for Android and iOS. The technologies can be segregated into 3 tiers called MDX ACCESS, MDX INTERAPP & MDX VAULT when determining what policy(s) to enforce. I will not look into the capabilities of each tier at a high level.
2: MDX VAULT enables encryption of the private data storage of MDX wrapped mobile apps. Check out – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-encryption-con.html.
3: MDX INTERAPP allows IT to control the application fabric of MDX wrapped mobile apps e.g restricting what apps it can open in (Document Open In); opening a service of the mobile platform e.g maps when a user clicks on an address in WorxMail.
4: MDX ACCESS enables and allows IT to set a MDX wrapped mobile apps traffic to be tunnelled via a mVPN, blocked or to the internet. The mVPN can be configured with either SecureBrowse (Only internal traffic traverses up the mVPN and anything bound for the internet does not) or FullVPN (All traffic flows up the mVPN).
5: You can find more surrounding the MDX policies at these two links one for iOS at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-mobile-apps-policies-andr-con-1.html.

Wrapping native *.APK, *.IPA mobile apps to become MDX enabled
1: Take a look at the following documentation in eDocs at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appwrap-toolkit-wrapper.html then the MDX Toolkit Documentation –http://support.citrix.com/servlet/KbServlet/download/37081-102-709208/MDXToolkit%20Documentation%20v1.0.pdf and video available at showing how to wrap Android mobile apps – http://www.citrix.com/tv/#videos/9465. I have embedded the video below from Citrix.com/TV:

Pre-requisites, Understanding & Installing The XenMobile 8.7 Components End-2-End for a PoC or a Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
Coming soon!

XenMobile Enterprise 8.7

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 8.7 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
SHAREFILE STORAGEZONE CONNECTOR – szc
XENMOBILE APPCONTROLLER – xac
RECEIVER FOR WEB – RfW
OUT OF OFFICE – ooo
GoToMeeting – gtm
GoToAssist – gta
VOLUME PURCHASE PROGRAM – vpp

What’s New The Highlights
0: XenMobile Datasheet by edition – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf.
1: Enrol and manage Windows 8.1 including support for Windows 8.1 RT devices – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-device-platforms.html.
2: Worx Home supports pin history & pin cycle checking.
3: Configure and deploy VPN cfgs to Amazon devices.
4: Shared Device Management support allows for multiple individuals to leverage MDM capabilities once the device has been enrolled.
5: ShareFile Single Sign-On (SSO) support from Worx apps to ShareFile.
6: Samsung SAFE devices support with the ability to now install Worx Home on Samsung SAFE devices running Android 4.3 and later from Google Play Store.
7: Support for Android 4.4.
8: Battery retention has improved by approximately 15% please see point 11 below for further details re the Tests performed.
9: IBM notes support for iOS in WorxMail.
10: Geo-fencing on Android.
11: A full and complete list of what’s new check out – http://support.citrix.com/proddocs/topic/xenmobile/xmob-understand-whats-new.html.
12: For a list of the new features in NetScaler Gateway 10.1 and NetScaler Gateway 10.1, Build 120.1316.e check out – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-whats-new-con.html.

XenMobile Compatibility Matrix
1: http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-compatibilitymatrix-con.html

Supported Device Platforms
1: http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-device-platforms.html

Pre-requisites, Understanding & Installing The XenMobile 8.7 Components End-2-End for a PoC or a Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
1: I would suggest starting with this really good XenMobile Architectural XenMobile Diagram to help you understand where the individual components are placed between the DMZ and TRUSTED network, so check out – http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png.
2: Understanding how-to deploy the components of XenMobile Enterprise – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-understand-deploy-architecture-wrapper-n-con.html and I would also recommend reading and understanding what ports are required to be enabled at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-component-port-reqs-n-con.html and the review the XenMobile and NetScaler Gateway checklists which are available at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-prepare-xenmobile-checklist-con.html & http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-checklist-10-1-con.html#ng-checklist-10-1-con followed understanding the Server & SAML certificate types/ requirements of XenMobile at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-certificates-con.html.
3: Sizing & System requirements for XenMobile 8.7 – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-netscaler-gateway-reqs-con.html.
4: How-to Install XenMobile 8.7 – . If your looking to install XDM at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-deploy-device-manager-install-steps-tsk.html for a basic visual overview and instructions. To deploy the XAC use the following to pre-configure the XenMobile AppControllers IP addr, DNS e.t.c at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-change-ipaddress-tsk.html followed by configuring the XAC using the initial web UI wizard at – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-appc-setup-wizard-tsk.html. To configure your NetScaler Gateway for the first time use – http://support.citrix.com/proddocs/topic/access-gateway-hig-appliances/ag-vpx-configure-basic-settings-wrapper-con.html, http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-config-ng-with-wizards-con.html followed by the initial NSG wizard accessible via the Web UI upon your initial login – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-config-first-time-new-install-con.html thereafter you can use the built-in NSG wizard to setup and configure remote access to the XAC for XenMobile Enterprise 8.7 at – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-install-simplified-config-tsk.html.

Enrolling by OS Platform
0: Prior to enrolling any devices you may want to consider configuring enrolment options – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-connect-config-enroll-mode-con.html.
1: iOS – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-ios-user-enroll-device-tsk.html.
2: Android – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-android-user-enroll-device-tsk.html.
3: Windows – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-enroll-users-devices-wrapper-con.html.
4: Symbian – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-symbian-user-enroll-device-tsk.html.

Performing In-place Upgrades from XenMobile 8.6 to 8.7
I performed in-place upgrade within my XenMobile Enterprise demo environment running Hyper-v on Microsoft Windows Server 2012 from 8.6 to 8.7 without any issues or errors.
2: Note: As I focus on PoC’s and Training the upgrade methods used below will be different for production environments and you should follow – http://support.citrix.com/article/CTX140444 for steps and guidance.
3: My current setup consisted of a XDM cluster on 8.6 l/b by NetScaler using a MS SQL database. I first performed a snapshot of both XDM servers and the SQL database then proceeded to shutdown the second XDM server and executed the XDM 8.7 software package on the primary XDM server which detected a XDM installation and performed a in-place upgrade following the onscreen steps. Once the software update completed I rebooted the VM and then proceeded to connect to XDM mgmt. Web UI locally via https://localhost/zdm on the primary XDM server desktop (Note: SSL error is normal as the FQDN your connected to is not for localhost but your organisations FQDN) and then logged in as a XDM admin then as domain user to verify that the SHP works as expected. Next shutdown the primary XDM server and boot the secondary XDM server and repeat the process above and once verified shutdown the secondary XDM server and boot the primary XDM server wait a few minute then boot the secondary XDM server and what a few minutes and then login to https://XDM-FQDN/Instance/helper.jsp e.g https://mdm.citrix.lab/zdm/helper.jsp and verify that the XDM cluster is active and working, next login to https://XDM-FQDN/Instance/ as a domain user and then a XDM admin to verify that everything works as expected e.g send a notification to an iOS device or enrol a new device using a custom deployment policies to verify your XDM is functioning as expected.

Security
1: XenMobile FIPS 140-2 Compliance – http://support.citrix.com/proddocs/topic/xenmobile-87/clg-appwrap-fips-con.html.
2: XDM supports internal and external PKI’s – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-security-pki-overview-con.html; SAML – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-saml-con.html.
3: Network Access Control (NAC) – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-configurenac-con.html.
4: Client certificate based authentication using Configuring Device Manager with Microsoft Active Directory Certificate Services – http://support.citrix.com/proddocs/topic/xenmobile-87/xmob-dm-manage-securityid-configdm-mscertificatesvs-con.html.

Synergy SYN308: Citrix Mobility & Desktop Integration