Tag Archives: @WorkMail

XenMobile AppController 2.8

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.8 ( Previously Cloud Gateway) part of Citrix XenMobile Enterprise prior to deploying in a PoC, Pilot or Production environment by the author of this entry.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN – fqdn
CLOUD GATEWAY – cg

XenMobile Is Federal Information Processing Standard (FIPS) 140 Compliant
Check out – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-fips-con.html.

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Self Assigned Certificate
1: To create a self assigned certificate directly on XenMobile AppController login to the admin console at – https://FQDN:4443 using your access details and once authenticated
2: Click Settings
3: Click Certificates
4: Click New and complete onscreen input fields the primary fields are to select certificate cipher encryption strength to be 2048 nothing less, then enter in the common name for cert e.g appcontroller.yourorganisation.net or xac.natal-sharks.local and select the correct country.
5: Click Save
6: Next the Certificate Signing Request will appear click Close
7: Click to highlight the certificate with common name entered in above
8: Click Self-Signed
9: Enter in a value for which the certificate will be valid in number of days e.g 365 for a full calendar year and click Save.
10: Your CSR has now been self assigned.
11: Click to highlight it again and click Make Active
12: Click Yes and the newly self-assigned certificate will be bound to HTTPS and log you out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.
14: For further information please read the following – eDocs Certificate Signing Request for the XenMobile AppController 2.8 .

Enterprise CA signed Certificate
1: Complete steps 1 through 5 under the self-assigned certificates.
2: When the Certificate Signing Request box appear’s copy the CSR response generated into a text file and save to your desktop and click Close.
3: Navigate to your Enterprise CA’s FQDN and follow the onscreen instructions and complete the CSR and ensure that you download the certificate response in Base64 format.
4: Navigate back to the XAC Click Import and select Server (.pem) and select your certificate and Click import.
5: If your certificate has a public and private key (*.pfx12) enter in the password in the password fields or leave blank and the Click Ok.
6: Your signed certificate is now imported successfully.
7: Click to highlight your newly import server certificates and click Make Active.
12: Click Yes and the newly signed certificate will be bound to HTTPS and you be logged out which is normal.
13: Clear your internet browsers cache on IE as an example and restart the browser and navigate back to xac admin console and you should notice that there is no SSL certificate errors and the lock icon has a blue background. You have successfully created and bound a self assigned certificate to your xac.

XenMobile AppController 2.8
1: Download the virtual appliance for your platform at – https://www.citrix.com/downloads/xenmobile.html .The supported hypervisors include XenServer, Hyper-V, ESXi
2: Designate and document a FQDN (Optionally create either an Internal or External), IP address, subnet netmask, default gateway, DNS, NTP, AD including a domain services account + e-mail address and strong admin password.
3: Deploy the xac virtual appliance and access the xac console and login using the default access details which are username: admin and password: password.
4: Click 0 and press return/enter to enter the Express Setup mode and complete the required configuration steps onscreen and then Click 5 and press return/enter to reboot the xac.
6: Once the xac reboots open up your internet browser and navigate to the designated https://FQDN:4443 and login using default access details mentioned above.
7: Upon login complete the onscreen wizard. Please note that some of the configuration options will already be prep-populated from your entries entered in at the xac console in Step 4 above. Once completed you will be logged out which is normal.
8: Relogin to the xac and complete either the self-assigned or Enterprise CA signed certificate process.

Multi-Domain Support
Currently the XenMobile AppController 2.8 doesn’t support multi-domain domains e.g multiple LDAP(S) bindings to more than one domain. The following Citrix Blog article is however quiet a useful when leveraging a NetScaler Gateway “Implementing cascading LDAP policies along with universal domain groups” Text in brackets credit of the author of the Citrix Blog Entry –

XenMobile Enterprise (XAC 2.8, XDM 8.5, SCZ 2.0) Reference Architecture
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf

Coming soon!
In the mean time check out the eDocs supporting documentation re XenMobile
AppController 2.8 edocs.citrix.com, WorxMail and WorxWeb.

Citrix MDX Technologies

The following content is a brief and unofficial article about Citrix’s MDX Technology. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN NAME – fqdn
XENMOBILE DEVICE MANAGER – xdm

What is and does Citrix MDX mean for wrapped iOS, Android mobile apps

Digital Signing (Wrapping) *.IPA, *.APK App Binaries To Become MDX Enabled
Coming soon! In the mean time check out Signing Android mobile apps – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-android-wrap-app-tsk.html, iOS mobile apps – http://support.citrix.com/proddocs/topic/apppreptool/clg-appwrap-ios-wrap-app-tsk.html.

MDX Vault
The MDX Vault technology essential provides a logical safe and secure sandboxed container within an iOS, Android platform on a device.

MDX InterApp
The MDX InterApp technology essential allows or denies other public delivered mobile apps (iTunes, Google Play) on a device access to communicate with a MDX digitally signed mobile only if allowed e.g communication for the signed MDX mobile app is set to unrestricted. How if the MDX mobile
app delivered from the XenMobile AppController is set to restricted the SysAdmin or MobilityAdmin would need to specific what mobile apps the MDX mobile app is able to communicate and share information with on the mobile device.

MDX Access
The MDX Access technology essential provides safe, secure access to internal intranet resources within your trusted network from any where in the world connected via optionally 3G, 4G & Edge mobile or wired/wireless public and untrusted networks. The technology requires a Citrix NetScaler Gateway if want to know how it works check out – http://www.citrix.com/products/netscaler-gateway/how-it-works.html. You can easily deploy a NetScaler Gateway solution utilising release 10.1+ which includes wizards – http://blogs.citrix.com/2013/07/03/citrix-netscaler-gateway-10-1-118-7-quick-configuration-wizard/.

XenMobile FIPS 140 Compliance
http://support.citrix.com/proddocs/topic/apppreptool/nl/ru/clg-appwrap-fips-con.html?locale=en

XenMobile AppController 2.6

The following content is a brief and unofficial prerequisites guide to setup, configure and test AppController 2.6 (Previously Cloud Gateway) part of the Mobile Solutions Bundle prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE APPCONTROLLER – xac
FULLY QUALIFIED DOMAIN NAME – fqdn
ACTIVE DIRECTORY – ad
STOREFRONT SERVER – sfs
HIGHLY-AVAILABLE – h/a
XENAPP – xa
XENDESKTOP -xd
NETSCALER GATEWAY – nsg
SOFTWARE-AS-A-SERVICE – SaaS
REMOTE ACCESS – r/a

Apple iOS Developer Account
1: Register for an Apple Enterprise iOS Developer Account and NOT Standard – bit.ly link to https://developer.apple.com/programs/ios/enterprise/. Why your probably asking? The enterprise account is designed to allow you to deliver your digitally signed wrapped apps e.g Worx Home, WorxWeb and WorxMail to an unlimited number of iOS devices from your enterprise app store e.g XAC. The standard account is designed for you to develop and then test your app to a fair number of iOS devices (iPad mini, iPhone) and then publish your app to the iTune’s AppStore.
2: Download the Citrix App Preparation Tool for iOS – http://www.citrix.com/downloads/
3: Prior to continuing please review review the following Citrix eDocs article – http://support.citrix.com/proddocs/topic/cloudgateway/clg-appwrap-landing-page-con.html
4: Following the instructions for digitally signing your iOS app using the Citrix App Preparation Tool for iOS

Certificates
1: By default the following two types of self-assigned certificates are issued to your XenMobile AppController upon initial deployment which are a Server, SAML certificates issued to the FQDN AppController.example.com.
2: It is safe to perform the initial xac with the default certificates thereafter I would recommend generating a CSR and signing with your Enterprise CA vs. self-assigned to the host name.

Uploading & Configuring Wrapped iOS Apps
1: Once the app has been digitally signed with your iOS Enterprise developer account please navigate to your AppControllers Mgmt. FQDN e.g yourdomain.co.uk:4443 and login with your administrative credentials.
2: Navigate to Apps & Docs tab select iOS then upload and locate the signed iOS app and follow the onscreen instructions – http://support.citrix.com/proddocs/topic/appcontroller-26/clg-appc-mobile-apps-wrapper-d-con.html.
3: To configure any of the MDX policies i.e MDX Access, InterApp, Vault for your iOS app – http://support.citrix.com/proddocs/topic/appcontroller-26/clg-appc-mobile-apps-policies-d-con.html
4: The iOS app is now available and ready to be selected and downloaded onto the users end-point mobile device via StoreFront.

Deployment Modes
1: There are two types of deployment modes for the XenMobile AppController which is either direct or integrated. It is important to understand that this is NOT h/a.
2: Direct mode is where users connect directly to the XenMobile AppController bypassing StoreFront. In this deployment scenario the xac can only service and deliver Mobile apps, SaaS and web links to users. If you would like to test this mode deploy and configure your xac with mobile apps, web links within your environment and connect to the xac’s https://FQDN/ either internal or external using a internet browser on an iOS device as an example and it will redirect you to https://FQDN/Citrix/StoreWeb where you will be able to login using your AD credentials thereafter you’ll be able to select and launch a web link or click and install a Mobile app.
4: Integrated mode is where all the requests for mobile apps, SaaS, web links are aggregated through to the sfs over a HTTPS connection. ( xac <-- HTTPS 443 -->sfs ). The xac is setup as a delivery controller within StoreFront must the same a XA, XD. TIP: Prior to setting this configuration connect to the xac admin console from the sfs to ensure there is no SSL mismatch issues or errors with the certificate (Using IE you’ll receive a blue bar + background around the lock icon). If you would like to test this mode deploy and configure your xac with mobile apps, web links and configure the trust setting to point to your sfs e.g. https://sfs.local/ from the xac. Now attempt to connect to the xac’s https://FQDN/ either internal or external using a internet browser on an iOS device as an example and it will redirect you to https://FQDN/Citrix/StoreWeb but you will NOT be able to complete the request! Why? The xac disables its local StoreWeb as another trust setting has been configured i.e https://sfs.local. Now connect to your sfs FQDN and login using your AD credentials thereafter you’ll be able to select and launch a web link, published windows application e.g Notepad, Windows 7 desktop and select and click to install a Mobile app. How? As long as you have a setup the following delivery controllers servers in StoreFront xac, xa, xd and published the resources you can tap to select and launch any of the described resources. TIP: Allows ensure that if you have configured your delivery controllers to use HTTPS (443) there are no SSL mismatch errors with the FQDN as this is the most common error causing SysAdmins alot of headaches in troubleshooting where the issue lies.

Users
1: Users are provisioned using your organisations AD but first ensure that all users you attempt to provision have a first, last name and email fields populated even if you don’t have a mail server within your domain populate the e-mail address field as are a mandatory requirement for the xac.

Troubleshooting Tips
1: Setup a reoccurring calendar invite using your support ticketing system or group exchange invite to renew your iOS Enterprise Developer Account which expires annually and needs to be renewed.
2: Use a Enterprise CA to sign your CSR’s for your xac, sfs instead of using self-assigned certificates but use a publicly signed SSL certificate for R/A using a NetScaler Gateway.
3: Read through the Citrix Reference Architecture for MDM and MAM.