The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.
Shortened Names
XENMOBILE ENTERPRISE – xme
XENMOBILE CLOUD – xc
CERTIFICATE SIGNING REQUEST – csr
FULLY QUALIFIED DOMAIN NAME – fqdn
RECEIVER FOR WEB – rfw
CERTIFICATE AUTHORITY – ca
STOREFRONT SERVICES – sfs
PUBLIC KEY INFRASTRUCTURE – pki
NETSCALER GATEWAY – nsg
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE APPCONTROLLER – xac
XENMOBILE NETSCALER CONNECTOR – xnc
SECURE TICKET AUTHORITY – sta
DOMAIN NAME SERVER – dns
PUBLIC KEY INFRASTRUCTURE – pki
XenMobile Security
1: Citrix have published a Whitepaper in PDF format covering the security within XenMobile which can be downloaded directly at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/xenmobile-security.pdf there is also a new security web page within the XenMobile microsite on Citrix.com at – http://www.citrix.com/products/xenmobile/tech-info/mobile-security.html.
2: Security harden your XDM implementation leveraging Microsoft’s leading best practises I have listed below are a few (starter) useful resources. I always believe that you should challenge the way you are manage your infrastructure periodically from the services, ports, packages running on servers to the ACL at the edge of your network to ensure that you are using the latest leading best practises for monitoring, managing and supporting your environment(s) end-2-end and often this will require input from a Server, DBA SysAdmin & network engineer.
Windows Server 2008 R2
http://technet.microsoft.com/en-us/library/gg236605.aspx
http://technet.microsoft.com/en-us/library/dd548350(v=ws.10).aspx
Windows Server 2012
http://technet.microsoft.com/en-us/library/jj898542.aspx
http://technet.microsoft.com/en-us/library/hh831360.aspx.
What’s New & Fixed
1: Support for Windows Phone 8.1 MDM API’s which include but not limited to software inventory, disabling of the camera, encryption e.t.c and for a complete list checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-config-win-81.html.
2: New MDX policies for Windows Phone 8.1 e.g Document exchange (Open In), App restrictions, iOS e.g AirDrop, Social media integration and others.
For a full list of MDX policies for iOS checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-ios-con-nike.html and Android checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-andr-con-1.html and for Windows Phone 8.1 checkout – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-mobile-apps-policies-wp81.html.
3: Cloud enabled Enterprise Mobility Management (EMM) powered by with XenMobile Cloud – http://www.citrix.com/products/xenmobile/tech-info/cloud.html.
4: New RBAC options within XDM to optionally ring or disown devices.
5: IPv6 licensing is now supported for XDM 9.0 check out – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-deploy-xenmobile-licenses-con.html in addition checkout this Citrix Blog article for a set by step how-to – http://blogs.citrix.com/2014/07/02/install-license-server-for-xenmobile-device-manager-in-xenmobile-9-0/.
6: XDM clustering for multiple geographic sites so that the device management service is resilient to outages at individual sites – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-ha-wrapper-con.html.
7: FIPS Compliance – http://support.citrix.com/proddocs/topic/xenmobile-90/clg-appwrap-fips-con.html
8: Secret Vault for iOS and Android- http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-appc-secret-vault-ios-andr.html.
9: Penetration tested by Veracode and Gotham who are specialists in digital science and research.
10: Full a complete and full list of Whats new in XenMobile 9.0 please take a look at – http://support.citrix.com/proddocs/topic/xenmobile/xmob-understand-whats-new.html.
11: XenMobile 9.0 – Issues Fixed in This Release – http://support.citrix.com/article/CTX140926.
12: Always check in with the XenMobile data sheet for the most up to date and accurate features and details for XenMobile vs. editions at – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-xenmobile-the-revolutionary-way-to-mobilize-your-business.pdf?accessmode=direct.
Citrix Support Forums for XenMobile 9.0
You can access the latest online Citrix Discussions focused on XenMobile 9 at – discussions.citrix.com/forum/1487-xenmobile-9x/ and previous discussions can be found at – discussions.citrix.com/forum/302-xenmobile/, including ZenPrise 7.x.
Wrapping & Deploying Worx Mobile Apps for Windows Phone 8.1
1: This CTX article provides a lot of detailed pre-requites & FAQ – http://support.citrix.com/article/CTX200105.
2: http://blogs.citrix.com/2014/07/11/deploying-worx-home-and-worx-apps-to-windows-phone-8-1-with-xenmobile/.
Xenmobile 9 Basic Upgrade Video Demonstration
XME Supported Mobile OS/Hardware Platforms
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-device-platforms.html
XenMobile 9.0 MDM Policies by OS Platform
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-device-platform-matrix.html
XenMobile 9.0 Compatibility Matrix
Currently the following NetScaler (Gateway) builds are supported for XenMobile 8.6 and 8.7 is 10.1.124.1308.e and for XenMobile 9.0 the following are supported 10.1.126.1203.e, 10.1.124.1308.e and 10.5 reference – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-compatibilitymatrix-con.html.
Worx features by Platform
http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-understand-worx-feature-platform-matrix-con.html
XenMobile Public Key Infrastructure (PKI) Integration
Prior to implementing with XME I would suggest that you review and read through the PKI section in eDocs for XenMobile Enterprise 9.0 at – http://support.citrix.com/proddocs/topic/xenmobile-90/xmob-dm-manage-security-pki-overview-con.html so that you are aware and familiar with the supported PKI capabilities supported by XenMobile 9.0. The below embedded videos are from Citrix TV and covering the Symantec PKI integration for XenMobile 9.0.
http://www.citrix.com/tv/#videos/10866 – XenMobile Symantec PKI Integration Part1
http://www.citrix.com/tv/#videos/10867 – XenMobile Symantec PKI Integration Part2
Deploying & Hardening XenMobile 9.0
1: Here is a really good blog article to help you understand XenMobile Bandwith requirements and considerations – http://blogs.citrix.com/2014/07/10/xenmobile-bandwidth/ .
2. How-to restrict the XDM admin console from the Internet when using SSL Offloading – http://blogs.citrix.com/2014/07/14/mobility-experts-restrict-xenmobile-device-manager-admin-web-console-access-from-internet-when-deployed-in-ssl-offload-mode/.