The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile 10.0 prior to deploying in a PoC which will eventually mature to a Pilot, UAT then finally into an Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.
XENMOBILE – xm
XENMOBILE SERVER – xms
VIRTUAL APPLIANCE – v/a
FEDERAL INFORMATION PROCESSING STANDARDs – fips
NETSCALER GATEWAY – nsg
MICROVPN – mVPN
FIREWALL – f/w
CERTIFICATE – cert
ACTIVE DIRECTORY – ad
INFRASTRUCTURE-AS-A-SERVICE – iaas
ENTERPRISE MOBILITY MANAGEMENT – emm
MOBILE CONTENT/INFORMATION MANAGEMENT – mc/im
MOBILE DEVICE MANAGEMENT – mdm
MOBILE APPLICATION MANAGEMENT – mam
Preparation & Pre-requisites (DRAFT & MAY CONTAIN ERROR(S))
1: XenMobile 10 is completely different from XenMobile 9 as it is now a single harden Linux V/A and the communication paths between the NSG and the XMS V/A are also now differently likewise setting and configuring XM 10 is different from XM 9 and its substantially more quicker and easier.
2: Never use a production NSG for a customer PoC why? When you upload the trial licenses it will require the NSG V/A to reboot which cannot be completed in a production environment without a scheduled and carefully planned maintenance window.
3: You may want to use the latest NS(G) firmware for the XM PoC to achieve the best possible outcome, result and of course to have the best optimal performance.
4: XenMobile has the ability to integration of a number of the Citrix products to form an end-2-end EMM solution that encompasses MDM, MAM, MC/IM.
5: Identify and visually understand where potentially all the components/products sit within the whole overall mobility solution. Here is a great visual reference that is clean and clear to understand – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-arch-overview-con.html for XenMobile 10.
6: Review the pre-requites and checklists if available for each product that you wish to deploy within XenMobile. I have listed a few here for you starting with all the required ports:
Architecture – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-arch-overview-con.html
System Requirements – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-system-requirements.html
Ports – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-deploy-component-port-reqs-con.html
Pre-Installation Checklist – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-xenmobile-install-checklist.html
7: Now that you have an understanding of the requirements I would strongly advise that you also read through the XenMobile security whitepaper available at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf. Although you may not actually want to read through this whitepaper even just a brief glance at the MDX technology sections will provide you with a greater understanding of mVPN’s and the MDX framework that powers all of Citrix’s Worx App’s – http://www.citrix.com/products/xenmobile/tech-info/worx-mobile-apps.html.
Pre & Post Discovery Meetings (DRAFT & MAY CONTAIN ERROR(S))
1: Ensure that you educate the organisation as to what XenMobile is and it’s capabilities surrounding enterprise mobility management commonly referred to EMM. I often find that individuals still today don’t have a very clear and defined understanding of what is MDM and MAM are so its worth educating your customer.
2: I would suggest that you setup 2-3 GoToMeeting sessions a minimum. This is to ensure and allow the organisation to ask any questions surrounding the pre-requites and system requirements of XenMobile including supporting any and all external dependencies e.g iOS Enterprise Developer Account for signing Worx’s apps. The second reason is to ensure that all the pre-requites have been completed successfully prior to you arriving onsite to complete a PoC implementation and to answer any further Q&A the organisation has. If the organisation has not completed the pre-requites then proceed with the third GoToMeeting and if the pre-requites have still not being completed successfully I would strongly advise escalating to managers on both organisations and rescheduling your PoC deployment date to an alternative date as the chances of your PoC being successfully will be less likely and as for example the required ports may not be opened correctly, certificates for securing communication are completed etc. If you do choose to proceed you’ll more than likely spend a great deal of time troubleshooting in order to successfully complete your XenMobile 10 PoC deployment.
3: Decide on a database platform note that Postgres SQL is built-in to the XMS V/A and it is recommended PoC deployments only, where as a remote MS SQL database is best utilised for production deployments.
4: Decide upon the MDM management addr for mobile devices which should be a FQDN e.g mdm.axendatacentre.com. If you intend to manage devices both in and outside of your organisation I would recommended implementing SplitDNS ref – http://en.wikipedia.org/wiki/Split-horizon_DNS.
Example of SplitDNS
Internal 10.10.1.1 resolves to mdm.axendatacentre.com over the corporate trusted Wi-Fi or wired ethernet
External 18.104.22.168 resolves to mdm.axendatacentre.com over 3/4G
5: Login to your Citrix My Account at – http://www.citrix.com/ locate and click Partner Central (Opens a new tab) then once the web page loads click Sales in the navigation menu bar and click on SalesIQ (Opens a new tab) then once loaded click on PoC Central scroll down and download the XenMobile PoC kit. Note only valid Citrix Partners may download content from Citrix SalesIQ.
How-to resolve – Profile Installation Failed The server certificate for “https://XM-FQDN:8443” is invalid when enrolling a device against XenMobile
1: The following error message Profile Installation Failed The server certificate for ‘https://XM-FQDN:8443″ is invalid is received when enrolling iOS 7.x.n + with XenMobile 10.
2: The issues is related to the private key within the exported *.p12/pfx certificate when exported from a Windows machine with either Certificate Manager or IIS Manager on Windows Server.
3: I would suggest that you download and run DigiCert Certificate Utility for Windows from – https://www.digicert.com/util/ on the server that originated the CSR that was used to generate a wildcard certificate. Once the tool is open find your wildcard cert and follow the steps at – https://www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm to export the certificate BUT before you proceed with the export please highlight the intended wildcard certificate and select “Test Key” once its completed successfully select “Export Certificate” option.
4: Upload the exported DigiCert p12/pfx cert to the XMS V/A for both the server and the SSL listener and restart the XMS V/A.
5: Once the XMS V/A is online login to both the SFP and the Admin WebUI to validate that the XMS V/A is active and responding as normal/expected.
6: Begin enrolling your iOS device and the following error message Profile Installation FailedThe server certificate for “https://” is invalid should no longer appear and you should be able to successfully enroll your iOS device.
PoC Notes & Tips
1: Deploy your first few XenMobile 10.0 PoC as single entities without the complexity of clustering, load-balancing e.t.c
2: Stick with 2 devices during a PoC to maximise your success and remember a PoC is designed to prove a concept or that a technology works as described.
3: If your deploying ShareFile On-Prem SZ remember to backup the SZKeys.txt in the root of your ShareFile Data CIFS share.
4: Support NetScaler Gateway (Builds + Versions) for XM 10.0 currently include – 10.5.55.8 MR5, 10.5.54.9 MR4, 10.5.53.9 MR3, 10.1.130 MR and 10.1.129 MR ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html. Please review the following CTX article entitled “FAQ: XenMobile 10 and NetScaler 10.5 Integration” available at – http://support.citrix.com/article/CTX200430 which is a great and resourceful CTX article.
5: Although this is typically not considered during a PoC Citrix provides detailed overview of scaling XenMobile 10.0 from 1000 up to 100,000 devices fronted by both VPX and MPX NS appliances – http://support.citrix.com/proddocs/topic/xenmobile-10/xmob-scaling-xm.html.