Category Archives: MDX

ShareFile StorageZone Controller 2.2

The following content is a brief and unofficial prerequisites guide to setup, configure and test ShareFile StorageZone Controller 2.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STORAGEZONE CONTROLLER – szc
CERTIFICATE SIGNING REQUEST – csr
SHAREFILE – sf
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
COMMON INTERNET FILE SYSTEM – cifs
XENMOBILE APPCONTROLLER – xac

What’s New
1:This release coupled with prior versions now integrates both the Storage Center and Controller server software packages into one unified software package now called the “ShareFile StorageZone Controller 2.2”.
2: Access your organisations trusted existing or new network CIFS shares and SharePoint sites via a ShareFile On-Prem SZC which always users to securely connect via a FQDN over 443 (HTTPS) this ensuring secure and encrypted communication between the users device and the On-Prem SZC. It is worth mentioning that your organisations datasets do not traverse the ShareFile Control Plane in any way ref – http://support.citrixonline.com/en_US/ShareFile/all_files/SF090015.
3: ShareFile also introduced an EMEA Control Plane for organisations to meet local, regional and geo requirements and or restrictions one basic example could be Safe Harbor – http://export.gov/safeharbor/ as well as preferring to have localised data centre’s within the EU to manage and handle user requests and more. Note this feature was already widely available prior to this WordPress post/blog entry.
4: For information regarding what else is new please check out – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storagezones-about-22.html.

ShareFile Security Whitepaper PDF
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/sharefile-enterprise-security-whitepaper.pdf

Synergy SYN310: Deep Dive into ShareFile Enterprise Functionality

SYN310: Deep dive into ShareFile Enterprise functionality from Citrix

Deploying an On-Prem SZC (DRAFT & MAY CONTAIN ERROR(S))
1: Initially would suggest that your read/review the following CTX Article – http://support.citrix.com/article/CTX138041 and http://blogs.citrix.com/2012/03/19/saml-authentication-with-sharefile-using-ad-fs-2-0/ which covers numerous technical FAQ and may answer a number of your questions.
2: Setup a ShareFile Enterprise Account and request that On-Prem SZC be enabled against your account when setting up your account or if you already have one request that SZC be enabled by sending a email to ShareFile support – http://www.sharefile.com/company/contact-us.aspx and online help & support including videos is available at – http://support.citrixonline.com/sharefile. Verify that StorageZones are available under the Admin tab when you sign into your ShareFile sub-domain e.g xendc.sharefile.eu or axendatacentre.sharefile.com prior to continuing with the installation and configuration.
3: Prepare a Windows Server 2008 R2 and install IIS (include dependencies ASP, Basic Authentication if you want to connect to existing network shares for a PoC).
4: Setup and configure your external DNS A record e.g sharefile.axendacentre.com or sf.thedurbannatal-sharks.co.za and ensure that you can successful connect to the default IIS page on TCP Port 80.
5: Generate a CSR on the intended ShareFile On-Prem SZC for your FQDN and sign it with an external CA e.g http://www.verisign.co.uk or http://www.thawte.com e.t.c. Your are required to use an external CA as IIS self-signed or Enterprise CA certificates are not permitted and will not work with the ShareFile Control Plane. Download and install the cert response from your chosen external CA and Complete The Certificate Response in IIS.
6: Once the cert is successfully imported bind it to HTTPS (443) and the restart IIS and navigate to the FQDN via HTTPS externally to ensure that you can connect to it without any SSL cert mismatches, errors e.t.c
7: * Create a ShareFile service account within and assign full r/w access it to the intended On-Prem SZ folder located either on the local disk or secondary disk of the VM or remotely. Please do the same for your PoC Shared Area that you intend to access as an existing network share.
8: *Install the ShareFile Storage Zone Controller 2.2 software package and leave the checkbox to launch the Configuration Web Page. Once the page launches sign in with your Super Admin ShareFile Admin access details.
9: Follow the onscreen instructions which are fairly self explanatory however should you require any further help & support re the exact requirements please navigate to – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-install-storagezones.html and http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-connectors.html.
10: Please stop and ensure that you safely backup the SCKeys.txt file within the root of On-Prem SZ CIFS share to a alternative and secure location that is also backed up.
11: Provision a test user that resides within your domain and has also been created within the ShareFile Control Plane. For help with setting up users please take a look at – .
12: Ensure that your test user has permission to your intended CIFS Shared Area e.g your SZC that you setup and configured within the ShareFile Control Plane.
13: Now that you have successfully setup and configured your On-Prem SZ and SZC proceed to download a ShareFile mobile app from e.g iTunes – iPad https://itunes.apple.com/gb/app/sharefile-for-ipad-by-citrix/id440596621?mt=8, iPhone https://itunes.apple.com/gb/app/sharefile-mobile-by-citrix/id434391375?mt=8 or Google Play – https://play.google.com/store/apps/developer?id=ShareFile+by+Citrix&hl=en_GB. Once downloaded enter in your test users account details and test uploading and downloading a picture taken from within the ShareFile iOS app as an example.
14: Once you test that your On-Prem SZ

SZ Controller Management
This eDocs node will help you to proactively manage your On-Prem SZ Controller environment covering on to add/remove controllers for H/A as well as how-to promote, demote and disable SZ Controller – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-storagezone-controller.html. These eDoc articles are essential for the ongoing management and routine scheduled maintenance task(s).

Two-Step Verification = Stronger Security
http://support.citrixonline.com/en_US/sharefile/help_files/SF060010?title=Two-Step+Verification

XenMobile AppController 2.9

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.9 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
VOLUME PURCHASE PROGRAM – vpp
XENMOBILE APPCONTROLLER – xac

XenMobile Enterprise Reference Architecture 8.6
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.

What is a MicroVPN (mVPN)?
http://support.citrix.com/article/CTX136914.

Configure DNS Suffixes for Android
http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-connect-mobile-devices-android-split-dns-tsk.html#ng-connect-mobile-devices-android-split-dns-tsk

Deploying and Configuration of the XAC 2.9 (DRAFT & MAY CONTAIN ERROR(S))
1: Hypervisor System requirements – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html, http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-appcontroller-wrapper-con.html.
2: Network TCP Ports Source vs. Destination – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html and the current Architecture Diagram can be found at http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png
3: Download the virtual appliance from http://www.citrix.com/downloads.html. You will be required to sign in with your Citrix.com access details in order to download the XAC virtual appliance from your chosen hypervisor. Currently XenServer, VMWare ESX(i) and Hyper-V are supported. Deploy the XAC virtual appliance withih your hyper-visor of choice ensuring that you have provided it with adequate computing power resources and a NIC and system requirements can be viewed at – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html.
4: Complete the XAC pre-requites checklist available from eDocs at – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-prepare-xenmobile-checklist-con-.html. If however your just going to deploy the XAC 2.9 you could use the existing pre-requites checklist for XAC 2.8 which is available at – http://support.citrix.com/proddocs/topic/appcontroller-28/xmob-appc-plan-checklist-con.html however remember to compare it against the latest checklist. Create your DNS A record (You can only assign one FQDN to the XAC so you will need to consider creating DNS A records for both internal and external users to access and to connect to the XAC either internally directly or externally using NSG. Accessed via either Worx Home or a internet browser accessing the XAC’s RfW e.g https://XAC-FQDN/Citrix/StoreWeb. It is worth noting that if you type in just the FQDN the user will automatically be re-directed to the XAC’s RfW login page.) and then sign the CSR generated on the XAC with your organisations Enterprise CA or using OpenSSL (Windows, Unix, Linux or Mac) – . It is important though when downloading the response from a MS Enterprise CA download the certificate in and the chained certificate in “Base64” format.
5: Start the XAC VM and enter in console mode via your hypervisor and complete the basic configuration (network ip addr, subnet mask, gateway e.t.c; Note the default login is username: admin and password: password) required in order to complete the configuration via a web browser over https://XAC-FQDN:4443/ from a domain joined hosted shared desktop or VDI desktop. Once you have completed the initial basic configuration you can now reboot the XAC virtual appliance following the onscreen instructions
6: Once the XAC reboots successfully (Watch the console from your hypervisor) login to your domain joined desktop and open up your default internet browser of choice and type in https://XAC-FQDN:4443/ and accept the SSL error warnings (The default binded SSL certificate is for appcontroller.example.com which is why your internet browser throughs up SSL error warnings ) and login using username: Administrator and password: password. Once you have successfully logged in complete the onscreen wizard. You may not have a mail server if you have just built your own demo environment for XenMobile so simply put in the intended mail server details BUT do not mark the authentication check box otherwise the XAC wizard will fail as it will not be able to contact the intended mail server as it has not been built yet. Once the wizard completes you will be logged out which is normal.
7: Now re login into the XAC CP admin console and click Settings -> Certificates and complete a CSR for the FQDN of your XAC and optionally sign the CSR with a public (e.g http://uk.godaddy.com, http://www.thawte.com, http://www.verisign.co.uk and there many others to choose from) or private (e.g MS Enterprise CA, OpenSSL), then upload the response which should be in “Base64” format and then click “Make Active” and you will be automatically logged out which is normnal as the new upload cert is bound to HTTPS against your FQDN and not appcontroller.example.com any more. If you delete your history and cookies and close your internet browser and re-open it and navigate the XAC’s FQDN you’ll notice if on IE as example the addr bar is no longer red but is BLUE and if you click the SSL Lock icon you should not receive any SSL warnings or errors.
8: Login to the XDM FQDN and it configure with the XAC IP Addr or FQDN, shared secret password. (Complete only if your deploying the whole XenMobile Enterprise Solution)
9: Login into the XAC using your new defined access details the navigate to Settings -> XenMobile MDM and enter in the XDM IP Addr or FQDN, select your port communication 80 (HTTP) or 443 (HTTPS) between the XDM and XAC, enter in the exact shared secret password used in the step above then click “Test” and if confirmed click “Save” and it will begin setting up and configuring the appropriate resources between the XAC and the XDM e.g when you specific an app “Require App Installation” and a use enrols it will ensure the mobile app or resource from the XAC is installed on the users mobile device.
10: Click the “Apps & Docs” tab and create web links, SaaS, upload iOS/Android mobile apps *.apk, *.ipa which are unsigned (NEW in XAC 2.9) and of course upload your digitally signed OS/Android *.MDX mobile apps which have been signed on a Apple Mac running OS X using the Citrix App Preparation Tool leveraging the mobile app binaries for iOS/Android and your organisations provisioning profile(s), distribution certificate(s) from Apple and Android which the allows you to apply circa 60 policies against each *.MDX digitally signed mobile apps that you have uploaded to the XAC.
11: Configure access to ShareFile and XenApp, XenDesktop if applicable.
12: Click the “Roles” tab and create your user roles mapped to your AD OU’s e.g Sales = Domain Sales Users name then assigned resources to that role you’ve just created.
13: Navigate to in a browser https://XAC-FQDN/ which if you have not setup the XAC in StoreFront which redirect to https://XAC-FQDN/Citrix/StoreWeb/ which is RfW and login to access your assigned resources. It is worth mentioning you will not see mobile apps on a Windows Desktop likewise you will not see iOS mobile app resources on an Android platform and visa versa.
14: There is a wealth of useful links at – http://www.citrix.com/products/xenmobile/tech-info.html.

Worx Mobile Apps
1: Understanding Worx suite of mobile apps – http://support.citrix.com/proddocs/topic/xenmobile-connect-users/xmob-worx-about-worx-apps.html.
2: Each mobile platform has different requirements for wrapping the native *.ipa (iOS), *.apk (Android) app binaries to be converted into *.mdx file format which can be then uploaded to the XAC and MDX policies applied.
3: To wrap any iOS, Android mobile app binaries you require provision/distribution profiles for each mobile platform during the wrapping process, for iOS you require a iOS Enterprise Developer Account – and for Android – . You also require a Mac and the Citrix App Preparation Tool for more information on the system requirements please visit – .
4: To configure iOS MDX apps on the XAC refer to – http://support.citrix.com/proddocs/topic/xmob-appc-configure-29/xmob-appc-mobile-apps-policies-ios-con-nike.html, for Android – http://support.citrix.com/proddocs/topic/xmob-appc-configure-29/xmob-appc-mobile-apps-policies-andr-con-1.html.
5: To improve battery life for WorxMail setup and configure an STA ref – http://blogs.citrix.com/2013/09/16/improving-battery-life-with-worxmail-sta-to-the-rescue/, http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-appc-config-sta-tsk.html.

Coming Soon!
The mean time check out these links – http://blogs.citrix.com/2013/12/20/xenmobile-8-6-maintenance-release-deep-dive/, http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-product-videos-con.html.

Citrix Technology Advocate (CTA) Blog by @lyndonjonmartin

A Personal blog by Lyndon-Jon Martin on all things related End-User Computing (EUC) and Citrix

Category Archives: MDX

ShareFile StorageZone Controller 2.2

XenMobile AppController 2.9

Citrix MDX Technologies