Category Archives: XenMobile App Edition

XenMobile Enterprise 8.5, 8.6, 8.7, 9.0 PoC Considerations

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 8.5, 8.6, 8.7 and 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE APPCONTROLLER – xac
NETSCALER GATEWAY – nsg
FIREWALL – f/w
CERTIFICATE – cert
ACTIVE DIRECTORY – ad
INFRASTRUCTURE-AS-A-SERVICE – IaaS
ENTERPRISE MOBILITY MANAGEMENT – emm

Preparation & Pre-requisites (DRAFT & MAY CONTAIN ERROR(S))
0: Never use a production NetScaler or NetScaler Gateway for PoC why? When you upload the trial licenses it will require a reboot which cannot be completed in a production environment without a planned maintenance window. Also you may want to use the latest NS(G) during the PoC for best results & optimal performance likewise some versions require a e release of NS(G) which will mean a firmware upgrade to your production NS(G) eventually.
1: If you don’t understand all the components of XenMobile Enterprise then I would suggest researching and reading (Data sheets of each) to understand what the XenMobile Device Manager, XenMobile AppController, XenMobile NetScaler Connector, XenMobile Mail Manager, NetScaler (Gateway) and finally what ShareFile StorageZone Connectors are all capable of individually as integrated as part of a Mobility Solution. XenMobile Enterprise can also include the delivery of hosted shared and VDI desktops, hosted published Windows apps delivered from XenApp, XenDesktop as part of the overall EMM Solution.
2: XenMobile Enterprise is an integration of a number of the Citrix products mentioned above deployed together to form a complete EMM solution.
3: Identify and visually understand where potentially all the components/products sit within the whole overall mobility solution. Here is a great visual reference that is clean and clear to understand – http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png?accessmode=direct.
4: Review the pre-requites and checklists if available for each product that you wish to deploy within XenMobile. I have listed a few here for you starting with all the required ports – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html, for the checklist – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-prepare-xenmobile-checklist-con-.html, for or XDM – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-device-manager-sys-reqs-con.html, for XAC – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html, for NSG – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-netscaler-gateway-reqs-con.html, for SF – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storage-center-sys-reqs.html and for XD – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-system-requirements-71.html.
5: Now that you have an understanding of the requirements for each and you should by now know and understand each product a little more read through the XenMobile 8.6 Reference Architecture – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.
6: Deploying the XenMobile Solution – http://support.citrix.com/article/CTX139235 as well as download a copy of the XenMobile MDXToolKit Documentation v1.0 – http://support.citrix.com/article/CTX140458.

Pre & Post Discovery Meeting (DRAFT & MAY CONTAIN ERROR(S))
1: Ensure that you educate the organisation as to what XenMobile is and is capable of doing re MDM, MAM and MIM.
2: Setup 2-3 GoToMeeting sessions. The first is to answer any Q&A that the organisation has for you re the pre-requites and ensure that they have started to prepare any external dependencies e.g iOS Enterprise Developer Account. The second is to ensure that all the pre-requites have been completed prior to the installation onsite for the PoC and to answer any further Q&A the organisation has. If the organisation has not completed the pre-requites then proceed with the third GoToMeeting and if the pre-requites have not being completed I would strongly advise escalating to managers on both that your PoC will more than likely be unsuccessful as your need ports opened, servers build, software downloaded, certificates e.t.c and you will need to focus on installing and then configuring the products to be integrated together and into mgmt infrastructure e.g (s)LDAP and finally configure policies and if applicable wrapping Worx, ShareFile *.ipa and *.apk files to become *.mdx to provide secure sandboxed, internet and intranet browsing (WorxWeb) + e-mail (WorxMail) and data sharing (ShareFile).
3: Decide on a database platform note that Postgres SQL is built-in to the XDM software package and is great for PoC’s or alternatively you can use MS SQL.
4: Decide upon the XDM management addr for mobile devices you can use either an IP Addr 10.10.100.200 for FQDN e.g mdm.axendatacentre.com, however I would recommend a FQDN. Why? When you install and configure the XDM your creating and configuring a CA if use used an IP addr and you decided to move the XDM server from one subnet to another and could not provide the exact IP or you move from one ISP to another you’ll get a new IP addr range you will break the CA and all enrolled devices will become unmanaged so install using an FQDN and you can always adjust the underlying IP addr of the XDM’s serves FQDN this not compromising/breaking the XDM’s CA and all devices will remain managed and connected to the XDM. Remember changing an IP addr of an external FQDN does and will require 24 hours for DNS to propagate through out the internet.
5: Login to your Citrix My Account at – http://www.citrix.com/ locate and click Partner Central (Opens a new tab) then once the web page loads click Sales in the navigation menu bar and click on SalesIQ (Opens a new tab) then once loaded click on PoC Central scroll down and download the XenMobile PoC kit. Note only valid Citrix Partners may download content from Citrix SalesIQ.

PoC Notes & Tips
1: Deploy your first few XenMobile 8.7 PoC’s using single NIC’s.
2: Stick with 2-3 devices during a PoC to maximise your PoC success and remember a PoC is designed to prove a concept or a technology.
3: If your deploying ShareFile On-Prem SZ remember to back SZKeys.txt in the root of your ShareFile data CIFS share.
4: Your PoC should run smoothly provided that you can confirm that all the perquisites for XenMobile Enterprise are successfully completed prior to arriving onsite and this should also potentially include having a basic customer defined MDM, MDX policy agreement so that you can setup and configure these policies post successfully deploying the XenMobile components so that you can begin your initial testing to check that everything is operating as expected thereafter you demonstrate that the deployment is active and working as expected. At this stage you can either define what MDM, MDX policies you wish to trial or test during the PoC however hopefully this has too also been previously agreed and you can begin defining the policies by platform and for any Worx or 3rd party signed MDX mobiles apps.
5: XDM clustering for high-availability in XenMobile 9.0 has changed so please refer to this blog article – which will help your understand what Tomcat configuration changes are required prior to performing an in place upgrade from XenMobile Device Manager 8.7 to 9.0. This changes also means that your XDM cluster can now reside in alternatively data centres ref – .

Support NetScaler Gateway (Builds + Versions) for XM 9.0
1: 10.5.53.9; 10.5.52.11; 10.5.52.1115.e; 10.5.51.1017.e; 10.5.51.10; 10.1.129.1105.e; 10.1.128.8003.e; 10.1.127.1007.e; 10.1.126.1203.e; 10.1.124.1308.e ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html.

XenApp 7.5 XenDesktop 7.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 7.5, XenDesktop 7.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENAPPP – xac
FLEXCAST MANAGEMENT ARCHITECTURE – fma
INFRASTRUCTURE-AS-A-SERVICE – IaaS
XENDESKTOP – xd
XENAPP/XENDESKTOP – xad
INDEPENDENT MANAGEMENT ARCHITECTURE – ima
STOREFRONT – sf
HOSTED SHARED DESKTOPS – hsd
VIRTUAL DESKTOP INFRASTRUCTURE – vdi
HOSTED SHARED PUBLISHED WINDOWS APPS – hspwa
RECEIVER FOR WEB – rfw
REMOTE ACCESS – r/a

XenApp 7.5 XenDesktop 7.5 Announcement
Citrix have recently announced XenApp 7.5 which is built upon Flexcast Management Architecture (FMA) and has been available within XenDesktop 7.0, 7.1 within the App Edition license tier. The least releases also brings with it XA hybrid cloud provisioning meaning that SysAdmins now are able to extend there private cloud to IaaS hosted cloud providers (ISP’s) provided they leverage Citrix CloudPlatform which will enable quick scalability and elasticity and without having to learn the ISP’s chosen design, build, provision and management consoles to provision your environment as it’s all integrated into Studio. The announcement can be found at – http://www.citrix.com/news/announcements/jan-2014/citrix-xenapp-7-5-simplifies-windows-app-delivery-for-the-mobile.html and it’s also worth reading up on about the benefits and features of Flexcast technology for XA at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-datasheet.pdf?accessmode=direct.

What’s New & Different in XenApp 7.5 from XenApp 6.5?
0: Check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-previous-xa-admins.html#previous-xa-admins.

What’s New & Highlights of XenApp/XenDesktop (XAD) 7.5
1: The platform architecture is now powered by FMA and not Independent Management Architecture (IMA) anymore thus providing enhanced scalability and ease of management through two consoles Studio which is used for deign, building, assigning polices and resources to users and Director which is used for management of user support & troubleshooting.
2: StoreFront 2.5 is included within XenApp and XenDesktop 7.5 app binaries and includes a number of new enhancements including an updated HTML5 Receiver, SDK to apply organisational logic if required and much more.
3: Support for Web Interface (WiF) 5.4 on supported Windows Server OSes.
4: AppDNA is included in Platinum edition.
5: Virtual Graphical Processing Unit (vGPU) and GPU support for supported Windows Desktop & Server OSes.
6: Support for Windows Server 2012 R2 and Windows 8.1 in addition to current supported OSes in XenDesktop 7.0, 7.1.
7: The Citrix Profile management 5.0 is installed silently by default on master images when the Virtual Delivery Agent is installed (Note: You do not have to use Citrix profile management solution).
8: Support for IPv4, IPv6 or dual-stack (IPv4/IPv6) environments from clients to core components.
9: MCS support for Microsoft Key Management System (KMS) activation.
10: For a complete list please check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-75-about-whats-new.html and also review the XA 7.5 data sheet at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-datasheet.pdf.

Synergy SYN405: Best Practices for Implementing Administering and Troubleshooting Xendesktop 7.5

Pre-requisites, Understanding & How-to Install XenApp 7.5 and enable R/A for your PoC or Custer Demo Environment (DRAFT & MAY CONTAIN ERROR(S))
Coming soon!

ShareFile StorageZone Controller 2.2

The following content is a brief and unofficial prerequisites guide to setup, configure and test ShareFile StorageZone Controller 2.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STORAGEZONE CONTROLLER – szc
CERTIFICATE SIGNING REQUEST – csr
SHAREFILE – sf
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
COMMON INTERNET FILE SYSTEM – cifs
XENMOBILE APPCONTROLLER – xac

What’s New
1:This release coupled with prior versions now integrates both the Storage Center and Controller server software packages into one unified software package now called the “ShareFile StorageZone Controller 2.2”.
2: Access your organisations trusted existing or new network CIFS shares and SharePoint sites via a ShareFile On-Prem SZC which always users to securely connect via a FQDN over 443 (HTTPS) this ensuring secure and encrypted communication between the users device and the On-Prem SZC. It is worth mentioning that your organisations datasets do not traverse the ShareFile Control Plane in any way ref – http://support.citrixonline.com/en_US/ShareFile/all_files/SF090015.
3: ShareFile also introduced an EMEA Control Plane for organisations to meet local, regional and geo requirements and or restrictions one basic example could be Safe Harbor – http://export.gov/safeharbor/ as well as preferring to have localised data centre’s within the EU to manage and handle user requests and more. Note this feature was already widely available prior to this WordPress post/blog entry.
4: For information regarding what else is new please check out – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storagezones-about-22.html.

ShareFile Security Whitepaper PDF
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/sharefile-enterprise-security-whitepaper.pdf

Synergy SYN310: Deep Dive into ShareFile Enterprise Functionality

Deploying an On-Prem SZC (DRAFT & MAY CONTAIN ERROR(S))
1: Initially would suggest that your read/review the following CTX Article – http://support.citrix.com/article/CTX138041 and http://blogs.citrix.com/2012/03/19/saml-authentication-with-sharefile-using-ad-fs-2-0/ which covers numerous technical FAQ and may answer a number of your questions.
2: Setup a ShareFile Enterprise Account and request that On-Prem SZC be enabled against your account when setting up your account or if you already have one request that SZC be enabled by sending a email to ShareFile support – http://www.sharefile.com/company/contact-us.aspx and online help & support including videos is available at – http://support.citrixonline.com/sharefile. Verify that StorageZones are available under the Admin tab when you sign into your ShareFile sub-domain e.g xendc.sharefile.eu or axendatacentre.sharefile.com prior to continuing with the installation and configuration.
3: Prepare a Windows Server 2008 R2 and install IIS (include dependencies ASP, Basic Authentication if you want to connect to existing network shares for a PoC).
4: Setup and configure your external DNS A record e.g sharefile.axendacentre.com or sf.thedurbannatal-sharks.co.za and ensure that you can successful connect to the default IIS page on TCP Port 80.
5: Generate a CSR on the intended ShareFile On-Prem SZC for your FQDN and sign it with an external CA e.g http://www.verisign.co.uk or http://www.thawte.com e.t.c. Your are required to use an external CA as IIS self-signed or Enterprise CA certificates are not permitted and will not work with the ShareFile Control Plane. Download and install the cert response from your chosen external CA and Complete The Certificate Response in IIS.
6: Once the cert is successfully imported bind it to HTTPS (443) and the restart IIS and navigate to the FQDN via HTTPS externally to ensure that you can connect to it without any SSL cert mismatches, errors e.t.c
7: * Create a ShareFile service account within and assign full r/w access it to the intended On-Prem SZ folder located either on the local disk or secondary disk of the VM or remotely. Please do the same for your PoC Shared Area that you intend to access as an existing network share.
8: *Install the ShareFile Storage Zone Controller 2.2 software package and leave the checkbox to launch the Configuration Web Page. Once the page launches sign in with your Super Admin ShareFile Admin access details.
9: Follow the onscreen instructions which are fairly self explanatory however should you require any further help & support re the exact requirements please navigate to – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-install-storagezones.html and http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-connectors.html.
10: Please stop and ensure that you safely backup the SCKeys.txt file within the root of On-Prem SZ CIFS share to a alternative and secure location that is also backed up.
11: Provision a test user that resides within your domain and has also been created within the ShareFile Control Plane. For help with setting up users please take a look at – .
12: Ensure that your test user has permission to your intended CIFS Shared Area e.g your SZC that you setup and configured within the ShareFile Control Plane.
13: Now that you have successfully setup and configured your On-Prem SZ and SZC proceed to download a ShareFile mobile app from e.g iTunes – iPad https://itunes.apple.com/gb/app/sharefile-for-ipad-by-citrix/id440596621?mt=8, iPhone https://itunes.apple.com/gb/app/sharefile-mobile-by-citrix/id434391375?mt=8 or Google Play – https://play.google.com/store/apps/developer?id=ShareFile+by+Citrix&hl=en_GB. Once downloaded enter in your test users account details and test uploading and downloading a picture taken from within the ShareFile iOS app as an example.
14: Once you test that your On-Prem SZ

SZ Controller Management
This eDocs node will help you to proactively manage your On-Prem SZ Controller environment covering on to add/remove controllers for H/A as well as how-to promote, demote and disable SZ Controller – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-storagezone-controller.html. These eDoc articles are essential for the ongoing management and routine scheduled maintenance task(s).

Two-Step Verification = Stronger Security
http://support.citrixonline.com/en_US/sharefile/help_files/SF060010?title=Two-Step+Verification

NetScaler Gateway 10.1.120.1316.e

The following content is a brief and unofficial prerequisites guide to setup, configure and test NetScaler Gateway 10.1.120.1316.e to support a XenMobile Enterprise 8.6 deployment prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
NETSCALER GATEWAY – nsg
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
REMOTE ACCESS – r/a
XENAPP – xa
XENDESKTOP – xd
XENMOBILE ENTERPRISE – xm
XENMOBILE APPCONTROLLER – xac
XENMOBILE DEVICE MANAGER – xdm

What Is A NetScaler Gateway
It allows you to safely, securely expose your organisations trusted network and resources to an end-point either via a MicroVPN (CVPN) – http://support.citrix.com/article/CTX136914 or a FULL VPN. The NSG provides and supports a simple yet secure R/A solution for Citrix XenDesktop, XenApp, XenMobile solutions. There have been recent updates to the NSG to incorporate setup wizards to enable organisations to more rapidly setup, configure and deploy a R/A solution without having to request a NetScaler Gateway expert to setup and configure the policies to enable R/A. What is a e release of a NSG check out – http://blogs.citrix.com/2013/03/29/citrix-access-gateway-demystifying-the-e-releases/.

Deploying & Configuring The NetScaler Gateway 10.1.120.1316.e For A XenMobile Enterprise 8.6 Solution
1: Physical or Virtual System requirements – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-netscaler-gateway-reqs-con.html, VPX – http://support.citrix.com/proddocs/topic/access-gateway-hig-appliances/ag-vpx-introduce-wrapper-con.html#ag-vpx-introduce-wrapper-con and MPX – http://support.citrix.com/proddocs/topic/access-gateway-hig-appliances/ag-model-MPX-spec-ref.html.
2: Pre-requites and checklist – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-checklist-10-1-con.html, http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-deploy-xenmobile-con.html
3: Deploying the NSG and performing the initial configuration – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-ng-network-con.html.
4: Creating a certificate for NSG – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-create-csr-ng-tsk.html also watch the NSG certificate video at – http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-product-videos-con.html.
5: Uploading a license to the NSG – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-license-on-ng-tsk.html.
6: Configuring the NSG for XenMobile – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-config-ng-wizards-con.html.
7: Configure DNS suffixes – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-connect-mobile-devices-android-split-dns-tsk.html#ng-connect-mobile-devices-android-split-dns-tsk or http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-mobile-device-dns-suffix-tsk.html and if you will be supporting Android handsets within your organisation remember to configure DNS for Android devices – http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-mobile-devices-android-split-dns-tsk.html.
8: Configuring the STA for WorxMail – http://www.citrix.com/tv/#videos/9210.
9: Testing your NSG – http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-test-ag-configuration-tsk.html.

Worx Mobile App Suite NSG Support Table Matrix
http://support.citrix.com/proddocs/topic/xenmobile-connect-users/xmob-worx-supported-platforms-con.html.

Coming Soon!
More coming soon in the inter in check out – http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-deploy-architect-netscaler-gateway-con.html.

Mobile Device, Application and Information Management

The following content is a brief and unofficial article about Mobile Device, Application and Information Management. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
MOBILE DEVICE MANAGEMENT – mdm
MOBILE APPLICATION MANAGEMENT – mam
MOBILE INFORMATION MANAGEMENT – mim
MOBILE APPLICATION PERFORMANCE MANAGEMENT – mapn
ACTIVE DIRECTORY – ad

What is MDM?
It’s the capability to restrict the services and mobile applications provided by a mobile platform only e.g disabling of Siri on iOS, Chrome on Android via MDM API’s provided by the mobile OS. To achieve these capabilities and many more a MDM server e.g XenMobile Device Manager will request a mobile device to securely authenticate via a agent installed on the mobile OS e.g Citrix Enrol with a users organisational access details which will then present or rather enable the user to proceed with the MDM enrolment process i.e securely
downloading (HTTPS) and installing a secure organisation profile and MDM policies enforced by IT which effectively will restrict the devices capabilities to access mobile applications of the mobile OS or disable services e.g Disable Siri from been available when a iPhone or iPad is locked but when the user of the iOS device safely unlocks the iPhone or iPad with a pin code they can use Siri.

What is MAM?
It allows and enables your organisation to deliver safe and secure applications from your organisations data centre. This applications can be native mobile apps (iOS, Android), SaaS and Windows published applications which can now be repurposed with the Windows Mobile SDK – https://www.citrix.com/go/mobile-sdk-for-windows-apps.html and http://www.citrix.com/mobilitysdk/docs/videos/RapidStarts.htm to improve the users experience on a mobile device (iOS). As these are logical resources published or delivered and installed on an mobile device you can only lock the resources, perform a selective wipe or perform an erase of the data within the mobile apps (Published apps you simple disable that surest access via AD).

What is MApM?
It’s an acronym for essentially describing the ability to provide intelligent reporting against mobile apps via an agent on smart devices.

What is MIM?
It provides organisations the ability to take their trusted data held within internally only accessed Shared Areas, SharePoint sites e.t.c and allows organisational employees or 3rd parties i.e contractors the ability to download and potential edit office based documents, watch videos on corporate issued or BYO devices on or offline in a safe and secured environment with the ability to perform a wipe, lock or configure a poison pill against the organisational trusted data that is stored on the users device(s).

XenApp 6.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 6.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
WEB INTERFACE – xml
STOREFRONT – sf
REMOTE DESKTOP SERVICES – rds
TERMINAL SERVICES – ts
VIRTUAL DELIVERY CONTROLLER – vda

nVidia Shared GPU
http://www.nvidia.co.uk/object/grid-xenapp-uk.html

XenDesktop 7

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenDesktop 7 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
REMOTE DESKTOP SERVICES – rds
VIRTUAL DESKTOP INFRASTRUCTURE – vdi
VIRTUAL DELIVERY CONTROLLER – vda
VIRTUAL GRAPHICS PROCESSING UNIT – vgpu
SERVICE LOCATION – srv

What is and does it do?
Citrix XenDesktop 7 allows you to deliver Remote Desktop Services (RDS), Virtual Desktop Infrastructure (VDI) workloads and secure remote access to an existing PC estate by installing the Virtual Delivery Agent (VDA) into those existing PC’s. All this capability is enabled from one single common architecture – FlexCast Management Architecture (FMA). If you are a Citrix XenApp 5.0, 6.5 Administrator I would encourage you to read through the following Citrix eDoc article – http://support.citrix.com/proddocs/topic/xendesktop-7/cds-overview-info-previous-xa-customers.html and follow on with this free Citrix 2 hour long course covering XenDesktop 7 weather your sales, pre-sales, sysadmin or engineer its useful in getting your mindset ready for XenDesktop 7 – http://training.citrix.com/mod/ctxcatalog/course.php?id=595.

Citrix TV & YouTube Videos To Watch
SYN320: XenDesktop 7: What You Should Know About FlexCast Management and XenApp Migration
http://www.citrix.com/tv/#videos/8493.
Citrix XenDesktop 7 3D Pro Demonstration – http://www.citrix.com/tv/#videos/9008.
XenDesktop 7 Masterclass – http://www.youtube.com/watch?v=XSFJ0xx7ztY.

XenDesktop 7 Handbook
Check out the blog article announcement – http://blogs.citrix.com/2013/10/10/new-xendesktop-7-handbook-published. You download the XenDesktop 7 Handbook directly at – http://support.citrix.com/article/CTX139331 and the XenDesktop 5.x Handbook at – http://support.citrix.com/article/CTX136546.

Components of XenDesktop 7 Explained
1: Studio is allows you to design and build your RDS, VDI workloads.
2: Director allows you to support and monitor your organisations XenDesktop 7 virtual machines, user sessions via MS RemoteAssistance, historical trending & metrics, network analytic’s if you have a NetScaler.
3: Delivery Controller is responsible for brokering the connections to your servers (ICA/RDS), virtual machines (VDI) or existing workstation PC’s.
4: Citrix Licensing Server is responsible for checking in/out of your FlexCast licenses. XenDesktop 7 requires CLS 11.11.
5: StoreFront provides users with a self-serve AppStore to tab to click to add your Windows hosted apps, hosted shared desktops (Windows Server 2008 R2) or VDI desktops (Windows 7,8).
6: Machine Creation Services (MCS) is built into XenDesktop 7 which enables as allows you to provision virtual machines from your master VM images. All you need to do to configure it is to input either XenServer, Hyper-V (Requires SCVMM) or ESX (Remember to trust the root certificate) hypervisor FQDN and the access details.
7: Provisioning Services (PVS)
8: User Profile Manager 5 (UPM) is built into XenDesktop 7 and provide Citrix’s profile management solution.
9: MS SQL is required to store configuration information and details about your XenDesktop 7 site. MS SQL express, standard, enterprise and data center* editions are supported and for H/A configuration options please visit this eDocs article at – *http://support.citrix.com/proddocs/topic/xendesktop-7/cds-sys-requirements.html.
10: Virtual Delivery Agent (VDA) is responsible for delivering a hosted shared desktop, windows hosted app and VDI desktop to users brokered via the Delivery Controller.

What Editions Are Available? VDI, App (XenApp capabilities e.g delivery of RDS workloads) , Enterprise and Platinum. To compare the feature sets of edition please check out – http://www.citrix.com/go/products/xendesktop/feature-matrix.html. At the time of writing this post you are required to login to Citrix.com with your access details.

Setup & Configure nVidia GRID VIRTUAL GPU (vGPU) on Citrix XenDesktop 7.1
To learn how-to setup and configure a test demo or PoC environment to leverage the vGPU capabilities of XenServer 6.2 and XenDesktop 7.1 Tech Preview check out – http://www.nvidia.co.uk/object/grid-virtual-gpus-uk.html. You can download the XenDesktop 7.1 Tech Preview at – and the system requirements can be found at – http://support.citrix.com/proddocs/topic/xendesktop/cds-xendesktop-71-landing-page.htm and the HDX system requirements please check out – http://support.citrix.com/proddocs/topic/xendesktop-71/hdx-enhance-ux-xd.html.

NVidia Resources
XenApp 6.5 GPU Sharing – http://www.nvidia.co.uk/object/grid-xenapp-uk.html.
XenDesktop vGPU – http://www.nvidia.co.uk/object/grid-xen-desktop-uk.html.

Multi-Site Configurations & High Availability
Coming soon! I will cover multiple data centres and sites and how-to enable and ensure H/A access to your published resources if you lost/lose communication with your XenDesktop 7 delivery controller(s) and the pitfalls. I would strongly recommend your environment is N+1 and with VM’s common these days setting and configuring an N+1 environment should be best practise for H/A, business continuity and DR.

How-to Enable Local App Access
Coming soon! However in the mean time please refer to http://support.citrix.com/proddocs/topic/xendesktop-7/laa-configure-enable.html#laa-enable.dita.

XenDesktop Introduction Training Course CXD-102
Citrix training offers a 2 hour introduction course to XenDesktop 7 for free. The course is available at – http://training.citrix.com/mod/ctxcatalog/course.php?id=595.

Howto Configure Email Based Discovery& Why It’s Important
Configuration of email based discovery using SRV records is simple and greatly enhances the users login experiences as they all know there email addr and domain password much like logging into Facebook, Twitter e.t.c so offering the same login user experience weather users are in or outside or the organisation means they don’t need to remember logging in with the following format domain\username and domain password they can simple use there corporate email addr and domain password.

There is a great Citrix blog article that covers covers configuration of e-mail based discovery in and outside of your organisation leveraging a NetScaler Gateway check out – http://blogs.citrix.com/2013/04/01/configuring-email-based-account-discovery-for-citrix-receiver/.

The process below is for configuration of SRV records within a trusted corporate environment. If you would like to know more about what else you can configure in terms of SRV records check out – http://en.wikipedia.org/wiki/SRV_record, http://technet.microsoft.com/en-us/library/cc961719.aspx (A Windows 2000 article but will get you thinking if your new to SRV records) and howto add other resources records into your organisations DNS – http://technet.microsoft.com/en-us/library/cc772362.aspx.

1: Launch your Microsoft DNS management console
2: Right click on your organisations Forward Lookup Zone that contains the StoreFront FQDN
3: Click “Other New Records”
4: Scroll down and select “Service Locaiton (SRV)” and click “Create Record”
5: Your organisations domain should already be pre-populated e.g citrix.lab or axendatacentre.com
6: Type in “_citrixreceiver” in the Service feild
7: Type in “_tcp” in the Protocol field
8: Type in “443” in the Port number field or 80 if you don’t use 443 internally
9: Type in “storefront.domain” in the Hosting offering this service e.g storefront.axendatacentre.com or storefront.axendc.local
10: Save/Commit the changes and close the current active window in DNS
11: Navigate to physical or virtual machine install and launch Citrix Receiver when prompted enter in your email addr and password when prompted.

Troubleshooting
Open up a Windows Command prompt and execute these two commands below and for more information in validating your SRV records check out – http://support.microsoft.com/kb/816587.

1: Type in “ipconfig /flushdns”
2: Type in “nslookup”
3: Type in “set type=srv”
4: Type in “_citrixreceiver._tcp.domain” e.g _citrixreceiver._tcp.axendatacentre.com

Microsoft Windows Server 2012 R2 & Windows 8 Support
http://blogs.citrix.com/2013/10/08/citrix-xendesktop-with-flexcast-management-architecture-adds-support-for-windows-server-2012-r2-and-windows-8-1/.

More coming soon!
In the mean time check out https://www.citrix.com/products/xendesktop/overview.html and Design Guide: Mobilising Windows Apps (Requires Form Input From Citrix)

XenMobile Device Manager 8.5

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.5 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – ldap
CERTIFICATE – cert
STORAGEZONE CONNECTOR – szc
XENMOBILE APPCONTROLLER – xac

Apple iOS 7 Support
You will need to apply Citrix’s iOS7 patch for XenMobile Device Manager 8.5 otherwise users attempting to enroll there BYO or Corporate iOS devices will receive the following Server ErrorCould Not Connect 500 reference – http://support.citrix.com/article/CTX139106. The patch and how-to apply it can be downloaded at – http://support.citrix.com/article/CTX139052.

Apple APNS
1: If you do not have a Apple ID for your organisation click here to create one – Apple ID https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/createAppleId?localang=en_US. I would suggest creating an external e-mail addr that is bound to the XenMobile or XDM domain service so that multiple SysAdmins within your organisation have access to the APNS portal to issue and or renew your APNS certificates which expire annually upon the date that they where issued. I would also suggest that if your ticketing system support auto generation of a support ticket annually to utilise this feature to generate a new ticket annually to notify support and have the ticket assigned to be actioned to eventually be renewed and uploaded to the XDM web ui console at http://FQDN/zdm.
2: Once you have created your Apple ID generate a CSR on the intended XDM server via IIS
3: Submit to Citrix to sign and they will return a *.plist file as a response.
3: Login with your newly created Apple ID to Apple APNS Portal – https://identity.apple.com/pushcert/.
4: Upload your signed CSR from Citrix (*.plist response) which then generate a *.pem certificate file.
5: Import the *.pem certificate response from APNS into IIS using complete certificate request then export from IIS filling in the password fields.
6: Delete the certificate in IIS.
7: Remove the IIS role and restart your XDM. The XDM installation installs Tomcat which clashes with IIS which is why we uninstall the IIS role prior to the XDM installation.

TCP Ports
1: The following TCP ports are required to enable the XDM to achieve device enrollment, retrieve mobile apps from external App Stores e.g Apple iTunes – https://itunes.apple.com/gb/genre/ios/id36?mt=8, Google Play Store – https://play.google.com/store?hl=en_GB and Samsung Apps – http://apps.samsung.com/venus/main/getMain.as?COUNTRY_CODE=GBR and much more.

80 – HTTP
443 – HTTPS
8443 – Secure
2159 – Apple APNS
2156 – Apple APNS
5223 – Apple Over the air WiFi enrollment
2: Troubleshooting Apple APNS – http://support.apple.com/kb/TS4264, http://support.apple.com/kb/HT3576

FQDN or Public Static IP Address
1: When installing the XDM which is the better option to use? A FQDN e.g http://axendatacentre.com/zdm or an IP addr: http://127.0.0.1/zdm? A FQDN provides the flexibility to move the XDM server between ISP’s as you always lose your IP addr range when moving from one ISP to another as all you need to do is adjust the DNS records to point to the new IP addr provided by your new ISP and the Tomcat CA remains unaffected and can still issue device certificates during enrollment.
2: If you did choose an IP addr over an FQDN and you moved the XDM to another static IP addr you would need to reinstall the XDM as the Tomcat CA would no longer be valid and able to issue device certificates.

Adding An iOS Public App
1: Search for iTunes WordPress as an example
2: Click on the first link in your search results which will typically direct you to the iTunes web page preview of the iOS mobile app e.g – https://itunes.apple.com/gb/app/wordpress/id335703880?mt=8.
3: Now make sure it’s that mobile app that you wish to add to the XDM software repository and copy the link.
TIP: You know the URL is valid as it always ends in ?mt=8
4: Login to the XDM admin console e.g https://FQDN/zdm and click the Applications tab.
5: Click new External iOS app
6: Copy and paste the URL and click GO thereafter it will contact the iTunes web page and collect an image, product name and description.
7: Select or Deselect any of the available check boxes , then click Create.
8: Navigate to the Deployment tab
9: Click the iOS base package or create an apps package for external apps give it a name, select the users then under resources select push apps and select WordPress now click finish.
10: You can click to deploy that updated deployment package or wait for iOS devices to connect back to the XDM whereby they will be notified of an update to external app package and imitate the trigger to prompt the user to download the WordPress iOS mobile app from iTunes (Remember the user will put in there iTunes password prior to it downloading).

Configuring An External Enterprise CA
Coming soon! In the meantime check out – http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-manage-securityid-configcert-ssl-tsk.html

XenMobile 8.5 Support Articles
General Support – http://support.citrix.com/product/xm/v8.5/
XenMobile Device Manager 8.5 Release Notes – http://support.citrix.com/article/CTX138116
XenMobile Device Manager 8.5.0 Patch for iOS 7 Compatibility – http://support.citrix.com/article/CTX139052
FAQ – Worx Home for Mobile Devices and MicroVPN Technology – http://support.citrix.com/article/CTX136914
Device Manager Web Services – http://support.citrix.com/article/CTX138803
XenMobile Enterprise Reference Architecture for XDM8.5, XAC2.8, SCZ 2.0 – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

More coming soon!
In the mean time check out the Admin Guide at – http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-intro-wrapper-con-85.html and download the software package at – http://www.citrix.com/downloads/xenmobile/product-software/xenmobile-85-mdm-edition.html

StoreFront 2.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT SERVICES – SFS
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER ACCESS GATEWAY – nsag
NETSCALER GATEWAY – nsg
CERTIFICATE – cert

Certificates
1: What type of certificate do you require for your SFS deployment depends upon weather the server is (a) internal only (b) deployed in-line with the AppController internally (c) deployed in the DMZ (d) deployed in-line with the AppController fronted by a nsg.
2:Another important consideration re what certificate to use includes weather you have an Enterprise CA with in your organisation to sign your CSRs or do you use self-signed certificates or do you generate and publicly sign your certificates (standalone or wildcard) externally?

StoreFront 2.0 Overview
1: StoreFront is replacing Web Interface 2015 ref Bitly link to Citrix EOL web page indicating WIF EoL. Why? StoreFront is the next generation platform which provides a great and seamless user experience across any type device supporting Citrix Receiver. StoreFront aggregates Windows & Mobile Apps*, Desktop, Web-links, SaaS and can with a single click can propagate configurations changes between all the StoreFront servers within your environment.
2: No more MS SQL database requirements with the SFS 2.0 release.
3: Improved login performance.
4: Bind your SSL certificate within IIS prior to installing or configuring SFS 2.0 and remove HTTP unless required to OS harden your SFS server. By binding the SSL cert prior to configuration of SFS it will ensure that the configuration wizard uses HTTPS over HTTP. In addition where possible use your organisations Enterprise CA to sign your StoreFront servers CSR instead of using the self-assigned SSL certificate option to generate a SSL cert in IIS as this will causes secure (SSL) communication issues between SFS and the delivery controller(s) if using HTTPS and when you attempt to access published resources from the configured delivery controller the resources will not be available as the servers cannot successful communicate with one another over HTTPS.
5: Beacons enable Citrix Receiver to understand intelligently wether a user is connecting to your organisations Citrix resources is internally or externally, by attempting to access the internal or external SFS FQDN’s within the StoreFront MMC snap in e.g storefront.axendatacentre.local (Internal) or sfs.axendatacentre.com (External and resolvable).
###
* Worx Home is now responsible for the delivery or mobile apps delivered via the XenMobile AppController 2.8
###
6: This Citrix blog article sums up the Receiver for HTML 5 – http://blogs.citrix.com/2012/08/31/receiver-for-html5-is-now-available/ and you can learn how-to install and configure it at – http://support.citrix.com/proddocs/topic/receiver-html5-11/receiver-html5-install.html.

Subscription Database Where Is It?
The release of Citrix StoreFront 2.0 from 1.2 brought with it a change in where and how follow-me apps subscription data is stored. Historically this was stored in an MS SQL database in 1.2 now this data is actually stored in a EDB file check out. – http://support.citrix.com/article/CTX139037 which is automatically replicated if a SFS cluster. You can also adjust the subscription synchronising period by following this eDocs article which requires some PoSH cmdlets – http://support.citrix.com/proddocs/topic/dws-storefront-20/dws-configure-ha-sync.html.

Customising Receiver for Web
This blog article goes into great detail about to customise Receiver for Web from the logos, background image, connecting from IP addr of the user to adding in additional elements e.g click here to contact your IT Helpdesk. Check it out at – http://blogs.citrix.com/2013/06/26/customizing-receiver-for-web-in-storefront-2-0/.

HTML 5 Receiver Configuration & Support
Coming Soon!

Citrix StoreFront 2.0 – Implementation Guide
http://support.citrix.com/article/CTX133185