The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.9 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.
Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
VOLUME PURCHASE PROGRAM – vpp
XENMOBILE APPCONTROLLER – xac
XenMobile Enterprise Reference Architecture 8.6
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.
What is a MicroVPN (mVPN)?
http://support.citrix.com/article/CTX136914.
Configure DNS Suffixes for Android
http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-connect-mobile-devices-android-split-dns-tsk.html#ng-connect-mobile-devices-android-split-dns-tsk
Deploying and Configuration of the XAC 2.9 (DRAFT & MAY CONTAIN ERROR(S))
1: Hypervisor System requirements – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html, http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-appcontroller-wrapper-con.html.
2: Network TCP Ports Source vs. Destination – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html and the current Architecture Diagram can be found at http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png
3: Download the virtual appliance from http://www.citrix.com/downloads.html. You will be required to sign in with your Citrix.com access details in order to download the XAC virtual appliance from your chosen hypervisor. Currently XenServer, VMWare ESX(i) and Hyper-V are supported. Deploy the XAC virtual appliance withih your hyper-visor of choice ensuring that you have provided it with adequate computing power resources and a NIC and system requirements can be viewed at – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html.
4: Complete the XAC pre-requites checklist available from eDocs at – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-prepare-xenmobile-checklist-con-.html. If however your just going to deploy the XAC 2.9 you could use the existing pre-requites checklist for XAC 2.8 which is available at – http://support.citrix.com/proddocs/topic/appcontroller-28/xmob-appc-plan-checklist-con.html however remember to compare it against the latest checklist. Create your DNS A record (You can only assign one FQDN to the XAC so you will need to consider creating DNS A records for both internal and external users to access and to connect to the XAC either internally directly or externally using NSG. Accessed via either Worx Home or a internet browser accessing the XAC’s RfW e.g https://XAC-FQDN/Citrix/StoreWeb. It is worth noting that if you type in just the FQDN the user will automatically be re-directed to the XAC’s RfW login page.) and then sign the CSR generated on the XAC with your organisations Enterprise CA or using OpenSSL (Windows, Unix, Linux or Mac) – . It is important though when downloading the response from a MS Enterprise CA download the certificate in and the chained certificate in “Base64” format.
5: Start the XAC VM and enter in console mode via your hypervisor and complete the basic configuration (network ip addr, subnet mask, gateway e.t.c; Note the default login is username: admin and password: password) required in order to complete the configuration via a web browser over https://XAC-FQDN:4443/ from a domain joined hosted shared desktop or VDI desktop. Once you have completed the initial basic configuration you can now reboot the XAC virtual appliance following the onscreen instructions
6: Once the XAC reboots successfully (Watch the console from your hypervisor) login to your domain joined desktop and open up your default internet browser of choice and type in https://XAC-FQDN:4443/ and accept the SSL error warnings (The default binded SSL certificate is for appcontroller.example.com which is why your internet browser throughs up SSL error warnings ) and login using username: Administrator and password: password. Once you have successfully logged in complete the onscreen wizard. You may not have a mail server if you have just built your own demo environment for XenMobile so simply put in the intended mail server details BUT do not mark the authentication check box otherwise the XAC wizard will fail as it will not be able to contact the intended mail server as it has not been built yet. Once the wizard completes you will be logged out which is normal.
7: Now re login into the XAC CP admin console and click Settings -> Certificates and complete a CSR for the FQDN of your XAC and optionally sign the CSR with a public (e.g http://uk.godaddy.com, http://www.thawte.com, http://www.verisign.co.uk and there many others to choose from) or private (e.g MS Enterprise CA, OpenSSL), then upload the response which should be in “Base64” format and then click “Make Active” and you will be automatically logged out which is normnal as the new upload cert is bound to HTTPS against your FQDN and not appcontroller.example.com any more. If you delete your history and cookies and close your internet browser and re-open it and navigate the XAC’s FQDN you’ll notice if on IE as example the addr bar is no longer red but is BLUE and if you click the SSL Lock icon you should not receive any SSL warnings or errors.
8: Login to the XDM FQDN and it configure with the XAC IP Addr or FQDN, shared secret password. (Complete only if your deploying the whole XenMobile Enterprise Solution)
9: Login into the XAC using your new defined access details the navigate to Settings -> XenMobile MDM and enter in the XDM IP Addr or FQDN, select your port communication 80 (HTTP) or 443 (HTTPS) between the XDM and XAC, enter in the exact shared secret password used in the step above then click “Test” and if confirmed click “Save” and it will begin setting up and configuring the appropriate resources between the XAC and the XDM e.g when you specific an app “Require App Installation” and a use enrols it will ensure the mobile app or resource from the XAC is installed on the users mobile device.
10: Click the “Apps & Docs” tab and create web links, SaaS, upload iOS/Android mobile apps *.apk, *.ipa which are unsigned (NEW in XAC 2.9) and of course upload your digitally signed OS/Android *.MDX mobile apps which have been signed on a Apple Mac running OS X using the Citrix App Preparation Tool leveraging the mobile app binaries for iOS/Android and your organisations provisioning profile(s), distribution certificate(s) from Apple and Android which the allows you to apply circa 60 policies against each *.MDX digitally signed mobile apps that you have uploaded to the XAC.
11: Configure access to ShareFile and XenApp, XenDesktop if applicable.
12: Click the “Roles” tab and create your user roles mapped to your AD OU’s e.g Sales = Domain Sales Users name then assigned resources to that role you’ve just created.
13: Navigate to in a browser https://XAC-FQDN/ which if you have not setup the XAC in StoreFront which redirect to https://XAC-FQDN/Citrix/StoreWeb/ which is RfW and login to access your assigned resources. It is worth mentioning you will not see mobile apps on a Windows Desktop likewise you will not see iOS mobile app resources on an Android platform and visa versa.
14: There is a wealth of useful links at – http://www.citrix.com/products/xenmobile/tech-info.html.
Worx Mobile Apps
1: Understanding Worx suite of mobile apps – http://support.citrix.com/proddocs/topic/xenmobile-connect-users/xmob-worx-about-worx-apps.html.
2: Each mobile platform has different requirements for wrapping the native *.ipa (iOS), *.apk (Android) app binaries to be converted into *.mdx file format which can be then uploaded to the XAC and MDX policies applied.
3: To wrap any iOS, Android mobile app binaries you require provision/distribution profiles for each mobile platform during the wrapping process, for iOS you require a iOS Enterprise Developer Account – and for Android – . You also require a Mac and the Citrix App Preparation Tool for more information on the system requirements please visit – .
4: To configure iOS MDX apps on the XAC refer to – http://support.citrix.com/proddocs/topic/xmob-appc-configure-29/xmob-appc-mobile-apps-policies-ios-con-nike.html, for Android – http://support.citrix.com/proddocs/topic/xmob-appc-configure-29/xmob-appc-mobile-apps-policies-andr-con-1.html.
5: To improve battery life for WorxMail setup and configure an STA ref – http://blogs.citrix.com/2013/09/16/improving-battery-life-with-worxmail-sta-to-the-rescue/, http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-appc-config-sta-tsk.html.
Coming Soon!
The mean time check out these links – http://blogs.citrix.com/2013/12/20/xenmobile-8-6-maintenance-release-deep-dive/, http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-product-videos-con.html.