The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Device Manager 8.0.1 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – ldap

Apple APNS
1: Generate a CSR on the intended XDM server via IIS
2: Create an Apple ID – https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/createAppleId?localang=en_US
3: Login with your newly created Apple ID to Apple APNS Portal – https://identity.apple.com/pushcert/
4: Upload your signed CSR from Citrix which then be generated into an *.pem certificate file.
5: Import your *.pem certificate file from APNS into IIS using complete certificate request then export from IIS filling in the password fields.

XenMobile Device Manager Version 8.0.1
1: You’ll need a license file which can be downloaded from www.citrix.com.
2: APNS *.pem certificate file converted into a *.pfx12 certificate file.
3: External FQDN e.g xdm.yourdomain.co.uk or devicemanager.yourdomain.co.za
4: Server requirements check out – http://support.citrix.com/proddocs/topic/xmob-dm-8/xmob-dm-sys-reqs-con.html
5: Test that your external FQDN resolves to the intended xdm server using a trace or ping then apply the following changes to your f/w to allow the following networking ports access – http://support.citrix.com/proddocs/topic/xmob-dm-8/xmob-dm-sys-reqs-other-prereqs-con.html
6: Install XDM using the default postgres DB for 100x users or less alternatively then utilise the documented best practises for alternatively SQL DB engines.
7: Once installed navigate to http://xdm.yourdomain.co.uk/zdm to access the console. Note you can also access the following resources aswell after the FQDN of the xdm server /zdm/enroll which provides links to the current enrolment agents for xdm.

User Provisioning
1: You can optionally create users manually within the xdm console this approach is time consuming and a manual task for a SysAdmin.
2: You can upload a *.csv file containing all the required user information to provision users this approach is far more favourable but its a manual approach to user provisioning.
3: Provision users using your organisations AD environment is the best approach and less time consuming for SysAdmins. The xdm supports LDAP and LDAPS* and performs a real-time query to your AD server instead of caching a local dataset copy and then periodically updating this cache at a predefined intervals.

* LDAPS is a secure connection of LDAP between the xdm server and your organisations AD server.

Troubleshooting Tips
1: Setup a reoccurring calendar invite using your support ticketing system or group exchange invite to renew your APNS certificate which expires annually and needs to be renewed and uploaded to the xdm server otherwise iOS devices will become unresponsive as they reply on the APNS network.
2: Always deploy the xdm server using a FQDN over a Static IP as it is easier to adjust DNS records if and when moving your xdm server is needs be to another IP address range e.g changing ISPs. It is also easier to remember a FQDN over a IP address.
3: OS harden the server no matter if the xdm server is placed in the DMZ or a TRUSTED network it prevents and limits exposing the xdm server to network related threats or attacks.
4: Place the xdm server behind a networking appliance e.g NetScaler to load-balance the HTTP, HTTPS traffic, scale-out more xdm servers.
5: Read through the Citrix Reference Architecture for MDM and MAM.