Tag Archives: Mobile Application Management

XenApp 7.6 XenDesktop 7.6 including Feature Pack (FP) 1

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenApp 7.6, XernDesktop 7.6 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENAPP – xa
XENDESKTOP – xd
VIRTUAL DELIVERY AGENT – vda
LIGHT WEIGHT DIRECTORY PROTOCOL – ldap
ACTIVE DIRECTORY – ad
CERTIFICATE SIGNING REQUEST – csr
CONNECTION LEASING – cl
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns
DYNAMIC HOST CONFIGURATION PROTOCOL – dhcp
FEATURE PACK – fp

What’s New now with Feature Pack 1 (FP1)
0: If you are new to XenDesktop 7.x, XenApp & XenDesktop 7.5, 7.6 then I would suggest that you begin by reading and reviewing the Technical Overview of XAD 7.6 – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-architecture-article.html and follow on by understanding the System Requirements for XAD 7.6 at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-system-requirements-76.html.
1: XenApp – http://www.citrix.com/products/xenapp/whats-new.html.

2: XenDesktop – http://www.citrix.com/products/xendesktop/whats-new.html. 3: How to setup and configure session pre-launch and lingers for XAD 7.6 – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-dg-manage-sessions.html#xad-dg-manage-sessions__prelaunch-linger including a video from Citrix TV is embedded below. 4: Connection Leasing (Previously or rather similar to Local Host Cache (LHC) under XenApp 6.x and downwards) provides the ability to allow end-users within your organisation the ability to continue to access Citrix published desktops, applications even if your MS SQL highly available database is offline using the new feature in XAD 7.6. Please note that you should always still have a H/A SQL database environment in-place and connection leasing does require the 7.6 VDA. For more information please read and review – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-connection-leasing.html#xad-connection-leasing. 5: How-to perform a XenApp 6.5 migration – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-xamigrate.html#xad-xamigrate and the general eDocs node that covers off migrations from previous versions of XenApp 6.x and XenDesktop 4.x, 5.x are covered at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-upgrade-existing-environment.html. 6: Overview & Understanding High Definition eXperience (HDX) under XAD 7.6 including Flash and USB/Drive redirection, GPU Sharing and Network traffic priorities – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx-landing.html. 7: For a complete and full list of what’s new in XenApp 7.6 and XenDesktop 7.6 take a look at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-whats-new.html. 8: What’s new in the XAD 7.6 FP1? Check out http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-whats-new-7-6fp1.html for a list of the full details. I’ve provided summary below of what it includes: – Session Recording which/was formerly Smart Auditor. – Updated Citrix Licensing. – Updated Director which includes enable/disable session recording for the detail check out http://support.citrix.com/article/CTX142260. – HDX Real-Time Optimization Pack 1.7 for Microsoft Lync 2013 the details here at – http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-17/lync-realtime-optimization-pack-17.html. Detailed How-to Upgrade to Citrix Receiver 4.2.x.n 1: Learn what is required in order to perform an upgrade of your existing Citrix Receiver 3.4 implementation to to 4.2.100 by download this handy and useful PDF best practises guide at – http://docs.citrix.com/content/dam/en-us/receiver/windows/4-2/downloads/Receiver_for_Windows_4.2_Upgrade_Best_Practice_Guide.pdf. 2: It is also worth mentioning that the current new Citrix Receiver for Windows 4.2.x.n now supports TLS 1.1, 1.2, Start menu integration & shortcut management, USB 3.0 and so much more please check out – http://support.citrix.com/proddocs/topic/receiver-windows-42/receiver-windows-42-about.html#receiver-windows-42-about for more information so upgrading does and will provide numerous useful benefits for CTX SysAdmins and there end-users. Upgrading & Migration
1: XenApp 7.5 Migration Guide – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenapp-75-migration-guide.pdf.
2: Upgrading & Migration Microsite for XenApp 6.x to XenApp 7.5 – http://www.citrix.com/products/xenapp/tech-info/upgrade.html.
3: Introduction to XenApp 7.6 Upgrade Planning recorded GoToWebcast from 07/102014 available at – https://citrix.webcasts.com/viewer/event.jsp?ei=1040823. If you would any overview please read the orginal events web page at – http://www.citrix.com/events/introduction-to-xenapp-76-upgrade-planning.html. Citrix Education
1: CXA-104 Citrix XenApp 7.6: Overview – – http://training.citrix.com/mod/ctxcatalog/course.php?id=925. 2: CXA-105 Getting Started with Citrix XenApp and XenDesktop 7.6 – http://training.citrix.com/mod/ctxcatalog/course.php?id=973 3: CXA-208 Moving to XenApp 7.6 – http://training.citrix.com/mod/ctxcatalog/course.php?id=1096. 4: CXD-105 Citrix XenApp and XenDesktop Help Desk Support – http://training.citrix.com/mod/ctxcatalog/course.php?id=1011. GUI Installation & Overview for XenApp 7.6, XenDesktop 7.6
1: XenApp 7.6 Reviewers Guide provides a simple installation overview which can be downloaded at https://www.citrix.com/content/dam/citrix/en_us/documents/oth/xenapp-reviewers-guide.pdf and the XenDesktop 7.6 equivalent can be found at – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xendesktop-reviewers-guide.pdf. Unattended Installation of XAD 7.6 Infrastructure Components & The VDA
1: The installation executable is located at x64\XenDesktop Setup\XenDesktopServerSetup.exe within the installation media path. The below is an example and simply replace x with mounted ISO, CD/DVD drive letter or the UNC path to the XAD7.5-6 installation media. If you do not include the /xenapp switch it will automatically install XenDesktop.

x:\x64\XenDesktop Setup\XenDesktopServerSetup.exe /xenapp /components controller,desktopstudio /configure_firewall

2: Sample installation code to insert into a batch script from Citrix eDocs that will install the VDA on Desktop OS as a master image and it will include Citrix Receiver.


x:\x64\XenDesktop Setup\XenDesktopVdaSetup.exe /quiet /components
vda,plugins /controllers “Contr-Main.mydomain.local” /enable_hdx_ports /optimize
/masterimage /baseimage /enable_remote_assistance

If you are looking for how-to install the VDA for groups of machines in AD the please checkout this eDocs node the batch script that will allow you to install/configure or even remove the VDA – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-install-vda-adscript.html.
3: For more detailed information check out – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-install-command.html.

High-Definition user eXperience (HDX) 1: So what is HDX? That’s a very good question an introduction whitepaper to your questions can be found at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-hdx-technologies.pdf. 2: Now that you’ve read through the whitepaper you will want to begin configuring and testing some of the HDX policies in Studio to test out HDX capabilities. Start with reading through the HDX eDocs node at – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx-landing.html. If your more interested in HDX 3D Pro which leverages GPU cards installed on workstations, servers within the data centre then I would suggest to start by reviewing – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-hdx3dpro-intro.html. For a visual aid surrounding of how GPU technologies with work XenApp & XenDesktop take a look at how GPU pass-through works at – http://www.nvidia.com/object/xenapp.html for with XenApp and for a vGPU works for XenDesktop check out – http://www.nvidia.com/object/virtual-gpus.html. 3: High Definition User Experience template policy in Studio explained and feedback requested – http://blogs.citrix.com/2014/11/13/citrix-studio-templates-help-needed-out-of-the-box-configuration-for-xendesktop-and-xenapp/. Citrix Unveils New Version of Market Leading Third-Generation Unified Platform for Application and Desktop Virtualization
http://www.citrix.com/news/announcements/aug-2014/citrix-unveils-new-version-of-market-leading-third-generation-un.html Citrix Offers Technology Preview of Linux Virtual Apps and Desktops Delivered from XenApp and XenDesktop

http://www.citrix.com/news/announcements/aug-2014/citrix-offers-technology-preview-of-linux-virtual-apps-and-deskt.html Deploying Unified Communications (UC) Lync 2010/2013 1: Lync Feature Matrix is available at – http://support.citrix.com/article/CTX200279 which is very useful for understanding what is and what isn’t supported and whether you need to deploy either the HDX Optimisation Pack of the Microsoft VDI Plug-in. 2: Delivery options for deploying Microsoft Lync for XenApp 7.6 or XenDesktop 7.6 explained in detail at – http://blogs.citrix.com/2014/10/23/delivering-lync-from-xenapp-and-xendesktop/. I’ve summarised your options below: – Generic HDX Realtime * Pure ICA/HDX between two end-points and the infrastructure. – HDX RealTime Optimization Pack for Lync® * Optimised softphone with offloading of the media engine by Citrix Note: 1.6 is for Lync 2010 and 1.7 is for Lync 2013 check out 1.7 – http://support.citrix.com/proddocs/topic/hdx-realtime-optimization-pack-17/hdx-realtime-optimization-pack-about-17.html which is compatible with Lync Server 2013, Lync Server 2010, and Lync Online (Office 365). – Microsoft® Lync® VDI Plug-in * Optimised softphone with offloading of the media engine by Microsoft check out the CTX article for a how-to at – http://support.citrix.com/article/CTX138408. – Local App Access utilises a * XAD policy applied to users to utilise the locally installed Lync app over published Lync app from XenApp. If you want to under more about how-to enable this XAD feature please review – http://support.citrix.com/proddocs/topic/xenapp-xendesktop-76/xad-laa-intro.html. * Please refer to eDocs or CTX200279 3: UC with XenApp and XenDesktop Solutions Brief – https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/unified-communications-with-xendesktop-solutions-overview.pdf.

XenMobile AppController 2.8

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.8 ( Previously Cloud Gateway) part of Citrix XenMobile Enterprise prior to deploying in a PoC, Pilot or Production environment by the author of this entry.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN – fqdn
CLOUD GATEWAY – cg

XenMobile Is Federal Information Processing Standard (FIPS) 140 Compliant
Check out – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-fips-con.html.

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Self Assigned Certificate
1: To create a self assigned certificate directly on XenMobile AppController login to the admin console at – https://FQDN:4443 using your access details and once authenticated
2: Click Settings
3: Click Certificates
4: Click New and complete onscreen input fields the primary fields are to select certificate cipher encryption strength to be 2048 nothing less, then enter in the common name for cert e.g appcontroller.yourorganisation.net or xac.natal-sharks.local and select the correct country.
5: Click Save
6: Next the Certificate Signing Request will appear click Close
7: Click to highlight the certificate with common name entered in above
8: Click Self-Signed
9: Enter in a value for which the certificate will be valid in number of days e.g 365 for a full calendar year and click Save.
10: Your CSR has now been self assigned.
11: Click to highlight it again and click Make Active
12: Click Yes and the newly self-assigned certificate will be bound to HTTPS and log you out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.
14: For further information please read the following – eDocs Certificate Signing Request for the XenMobile AppController 2.8 .

Enterprise CA signed Certificate
1: Complete steps 1 through 5 under the self-assigned certificates.
2: When the Certificate Signing Request box appear’s copy the CSR response generated into a text file and save to your desktop and click Close.
3: Navigate to your Enterprise CA’s FQDN and follow the onscreen instructions and complete the CSR and ensure that you download the certificate response in Base64 format.
4: Navigate back to the XAC Click Import and select Server (.pem) and select your certificate and Click import.
5: If your certificate has a public and private key (*.pfx12) enter in the password in the password fields or leave blank and the Click Ok.
6: Your signed certificate is now imported successfully.
7: Click to highlight your newly import server certificates and click Make Active.
12: Click Yes and the newly signed certificate will be bound to HTTPS and you be logged out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.

XenMobile AppController 2.8
1: Download the virtual appliance for your platform at – https://www.citrix.com/downloads/xenmobile.html .The supported hypervisors include XenServer, Hyper-V, ESXi
2: Designate and document a FQDN (Optionally create either an Internal or External), IP address, subnet netmask, default gateway, DNS, NTP, AD including a domain services account + e-mail address and strong admin password.
3: Deploy the xac virtual appliance and access the xac console and login using the default access details which are username: admin and password: password.
4: Click 0 and press return/enter to enter the Express Setup mode and complete the required configuration steps onscreen and then Click 5 and press return/enter to reboot the xac.
6: Once the xac reboots open up your internet browser and navigate to the designated https://FQDN:4443 and login using default access details mentioned above.
7: Upon login complete the onscreen wizard. Please note that some of the configuration options will already be prep-populated from your entries entered in at the xac console in Step 4 above. Once completed you will be logged out which is normal.
8: Relogin to the xac and complete either the self-assigned or Enterprise CA signed certificate process.

Multi-Domain Support
Currently the XenMobile AppController 2.8 doesn’t support multi-domain domains e.g multiple LDAP(S) bindings to more than one domain. The following Citrix Blog article is however quiet a useful when leveraging a NetScaler Gateway “Implementing cascading LDAP policies along with universal domain groups” Text in brackets credit of the author of the Citrix Blog Entry –

XenMobile Enterprise (XAC 2.8, XDM 8.5, SCZ 2.0) Reference Architecture
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

Coming soon!
In the mean time check out the eDocs supporting documentation re XenMobile
AppController 2.8 edocs.citrix.com, WorxMail and WorxWeb.

XenMobile AppController 2.6

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test AppController 2.6 (Previously Cloud Gateway) part of the Mobile Solutions Bundle prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN NAME – fqdn
ACTIVE DIRECTORY – ad
STOREFRONT SERVER – sfs
HIGHLY-AVAILABLE – h/a
XENAPP – xa
XENDESKTOP -xd
NETSCALER GATEWAY – nsg
SOFTWARE-AS-A-SERVICE – SaaS
REMOTE ACCESS – r/a

Apple iOS Developer Account
1: Register for an Apple Enterprise iOS Developer Account and NOT Standard – bit.ly link to https://developer.apple.com/programs/ios/enterprise/. Why your probably asking? The enterprise account is designed to allow you to deliver your digitally signed wrapped apps e.g Worx Home, WorxWeb and WorxMail to an unlimited number of iOS devices from your enterprise app store e.g XAC. The standard account is designed for you to develop and then test your app to a fair number of iOS devices (iPad mini, iPhone) and then publish your app to the iTune’s AppStore.
2: Download the Citrix App Preparation Tool for iOS – http://www.citrix.com/downloads/
3: Prior to continuing please review review the following Citrix eDocs article – http://support.citrix.com/proddocs/topic/cloudgateway/clg-appwrap-landing-page-con.html
4: Following the instructions for digitally signing your iOS app using the Citrix App Preparation Tool for iOS

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Uploading & Configuring Wrapped iOS Apps
1: Once the app has been digitally signed with your iOS Enterprise developer account please navigate to your AppControllers Mgmt. FQDN e.g yourdomain.co.uk:4443 and login with your administrative credentials.
2: Navigate to Apps & Docs tab select iOS then upload and locate the signed iOS app and follow the onscreen instructions – http://support.citrix.com/proddocs/topic/appcontroller-26/clg-appc-mobile-apps-wrapper-d-con.html.
3: To configure any of the MDX policies i.e MDX Access, InterApp, Vault for your iOS app – http://support.citrix.com/proddocs/topic/appcontroller-26/clg-appc-mobile-apps-policies-d-con.html
4: The iOS app is now available and ready to be selected and downloaded onto the users end-point mobile device via StoreFront.

Deployment Modes
1: There are two types of deployment modes for the XenMobile AppController which is either direct or integrated. It is important to understand that this is NOT h/a.
2: Direct mode is where users connect directly to the XenMobile AppController bypassing StoreFront. In this deployment scenario the xac can only service and deliver Mobile apps, SaaS and web links to users. If you would like to test this mode deploy and configure your xac with mobile apps, web links within your environment and connect to the xac’s https://FQDN/ either internal or external using a internet browser on an iOS device as an example and it will redirect you to https://FQDN/Citrix/StoreWeb where you will be able to login using your AD credentials thereafter you’ll be able to select and launch a web link or click and install a Mobile app.
4: Integrated mode is where all the requests for mobile apps, SaaS, web links are aggregated through to the sfs over a HTTPS connection. ( xac <-- HTTPS 443 -->sfs ). The xac is setup as a delivery controller within StoreFront must the same a XA, XD. TIP: Prior to setting this configuration connect to the xac admin console from the sfs to ensure there is no SSL mismatch issues or errors with the certificate (Using IE you’ll receive a blue bar + background around the lock icon). If you would like to test this mode deploy and configure your xac with mobile apps, web links and configure the trust setting to point to your sfs e.g. https://sfs.local/ from the xac. Now attempt to connect to the xac’s https://FQDN/ either internal or external using a internet browser on an iOS device as an example and it will redirect you to https://FQDN/Citrix/StoreWeb but you will NOT be able to complete the request! Why? The xac disables its local StoreWeb as another trust setting has been configured i.e https://sfs.local. Now connect to your sfs FQDN and login using your AD credentials thereafter you’ll be able to select and launch a web link, published windows application e.g Notepad, Windows 7 desktop and select and click to install a Mobile app. How? As long as you have a setup the following delivery controllers servers in StoreFront xac, xa, xd and published the resources you can tap to select and launch any of the described resources. TIP: Allows ensure that if you have configured your delivery controllers to use HTTPS (443) there are no SSL mismatch errors with the FQDN as this is the most common error causing SysAdmins alot of headaches in troubleshooting where the issue lies.

Users
1: Users are provisioned using your organisations AD but first ensure that all users you attempt to provision have a first, last name and email fields populated even if you don’t have a mail server within your domain populate the e-mail address field as are a mandatory requirement for the xac.

Troubleshooting Tips
1: Setup a reoccurring calendar invite using your support ticketing system or group exchange invite to renew your iOS Enterprise Developer Account which expires annually and needs to be renewed.
2: Use a Enterprise CA to sign your CSR’s for your xac, sfs instead of using self-assigned certificates but use a publicly signed SSL certificate for R/A using a NetScaler Gateway.
3: Read through the Citrix Reference Architecture for MDM and MAM.