Tag Archives: StoreWeb

StoreFront 2.0

The following content is a brief and unofficial prerequisites guide to setup, configure and test StoreFront 2.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STOREFRONT SERVICES – SFS
FULLY QUALIFIED DOMAIN NAME – fqdn
NETSCALER ACCESS GATEWAY – nsag
NETSCALER GATEWAY – nsg
CERTIFICATE – cert

Certificates
1: What type of certificate do you require for your SFS deployment depends upon weather the server is (a) internal only (b) deployed in-line with the AppController internally (c) deployed in the DMZ (d) deployed in-line with the AppController fronted by a nsg.
2:Another important consideration re what certificate to use includes weather you have an Enterprise CA with in your organisation to sign your CSRs or do you use self-signed certificates or do you generate and publicly sign your certificates (standalone or wildcard) externally?

StoreFront 2.0 Overview
1: StoreFront is replacing Web Interface 2015 ref Bitly link to Citrix EOL web page indicating WIF EoL. Why? StoreFront is the next generation platform which provides a great and seamless user experience across any type device supporting Citrix Receiver. StoreFront aggregates Windows & Mobile Apps*, Desktop, Web-links, SaaS and can with a single click can propagate configurations changes between all the StoreFront servers within your environment.
2: No more MS SQL database requirements with the SFS 2.0 release.
3: Improved login performance.
4: Bind your SSL certificate within IIS prior to installing or configuring SFS 2.0 and remove HTTP unless required to OS harden your SFS server. By binding the SSL cert prior to configuration of SFS it will ensure that the configuration wizard uses HTTPS over HTTP. In addition where possible use your organisations Enterprise CA to sign your StoreFront servers CSR instead of using the self-assigned SSL certificate option to generate a SSL cert in IIS as this will causes secure (SSL) communication issues between SFS and the delivery controller(s) if using HTTPS and when you attempt to access published resources from the configured delivery controller the resources will not be available as the servers cannot successful communicate with one another over HTTPS.
5: Beacons enable Citrix Receiver to understand intelligently wether a user is connecting to your organisations Citrix resources is internally or externally, by attempting to access the internal or external SFS FQDN’s within the StoreFront MMC snap in e.g storefront.axendatacentre.local (Internal) or sfs.axendatacentre.com (External and resolvable).
###
* Worx Home is now responsible for the delivery or mobile apps delivered via the XenMobile AppController 2.8
###
6: This Citrix blog article sums up the Receiver for HTML 5 – http://blogs.citrix.com/2012/08/31/receiver-for-html5-is-now-available/ and you can learn how-to install and configure it at – http://support.citrix.com/proddocs/topic/receiver-html5-11/receiver-html5-install.html.

Subscription Database Where Is It?
The release of Citrix StoreFront 2.0 from 1.2 brought with it a change in where and how follow-me apps subscription data is stored. Historically this was stored in an MS SQL database in 1.2 now this data is actually stored in a EDB file check out. – http://support.citrix.com/article/CTX139037 which is automatically replicated if a SFS cluster. You can also adjust the subscription synchronising period by following this eDocs article which requires some PoSH cmdlets – http://support.citrix.com/proddocs/topic/dws-storefront-20/dws-configure-ha-sync.html.

Customising Receiver for Web
This blog article goes into great detail about to customise Receiver for Web from the logos, background image, connecting from IP addr of the user to adding in additional elements e.g click here to contact your IT Helpdesk. Check it out at – http://blogs.citrix.com/2013/06/26/customizing-receiver-for-web-in-storefront-2-0/.

HTML 5 Receiver Configuration & Support
Coming Soon!

Citrix StoreFront 2.0 – Implementation Guide
http://support.citrix.com/article/CTX133185

XenMobile AppController 2.8

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.8 ( Previously Cloud Gateway) part of Citrix XenMobile Enterprise prior to deploying in a PoC, Pilot or Production environment by the author of this entry.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN – fqdn
CLOUD GATEWAY – cg

XenMobile Is Federal Information Processing Standard (FIPS) 140 Compliant
Check out – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-fips-con.html.

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Self Assigned Certificate
1: To create a self assigned certificate directly on XenMobile AppController login to the admin console at – https://FQDN:4443 using your access details and once authenticated
2: Click Settings
3: Click Certificates
4: Click New and complete onscreen input fields the primary fields are to select certificate cipher encryption strength to be 2048 nothing less, then enter in the common name for cert e.g appcontroller.yourorganisation.net or xac.natal-sharks.local and select the correct country.
5: Click Save
6: Next the Certificate Signing Request will appear click Close
7: Click to highlight the certificate with common name entered in above
8: Click Self-Signed
9: Enter in a value for which the certificate will be valid in number of days e.g 365 for a full calendar year and click Save.
10: Your CSR has now been self assigned.
11: Click to highlight it again and click Make Active
12: Click Yes and the newly self-assigned certificate will be bound to HTTPS and log you out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.
14: For further information please read the following – eDocs Certificate Signing Request for the XenMobile AppController 2.8 .

Enterprise CA signed Certificate
1: Complete steps 1 through 5 under the self-assigned certificates.
2: When the Certificate Signing Request box appear’s copy the CSR response generated into a text file and save to your desktop and click Close.
3: Navigate to your Enterprise CA’s FQDN and follow the onscreen instructions and complete the CSR and ensure that you download the certificate response in Base64 format.
4: Navigate back to the XAC Click Import and select Server (.pem) and select your certificate and Click import.
5: If your certificate has a public and private key (*.pfx12) enter in the password in the password fields or leave blank and the Click Ok.
6: Your signed certificate is now imported successfully.
7: Click to highlight your newly import server certificates and click Make Active.
12: Click Yes and the newly signed certificate will be bound to HTTPS and you be logged out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.

XenMobile AppController 2.8
1: Download the virtual appliance for your platform at – https://www.citrix.com/downloads/xenmobile.html .The supported hypervisors include XenServer, Hyper-V, ESXi
2: Designate and document a FQDN (Optionally create either an Internal or External), IP address, subnet netmask, default gateway, DNS, NTP, AD including a domain services account + e-mail address and strong admin password.
3: Deploy the xac virtual appliance and access the xac console and login using the default access details which are username: admin and password: password.
4: Click 0 and press return/enter to enter the Express Setup mode and complete the required configuration steps onscreen and then Click 5 and press return/enter to reboot the xac.
6: Once the xac reboots open up your internet browser and navigate to the designated https://FQDN:4443 and login using default access details mentioned above.
7: Upon login complete the onscreen wizard. Please note that some of the configuration options will already be prep-populated from your entries entered in at the xac console in Step 4 above. Once completed you will be logged out which is normal.
8: Relogin to the xac and complete either the self-assigned or Enterprise CA signed certificate process.

Multi-Domain Support
Currently the XenMobile AppController 2.8 doesn’t support multi-domain domains e.g multiple LDAP(S) bindings to more than one domain. The following Citrix Blog article is however quiet a useful when leveraging a NetScaler Gateway “Implementing cascading LDAP policies along with universal domain groups” Text in brackets credit of the author of the Citrix Blog Entry –

XenMobile Enterprise (XAC 2.8, XDM 8.5, SCZ 2.0) Reference Architecture
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

Coming soon!
In the mean time check out the eDocs supporting documentation re XenMobile
AppController 2.8 edocs.citrix.com, WorxMail and WorxWeb.