Tag Archives: XenMobile AppController 2.9

XenMobile Enterprise 8.5, 8.6, 8.7, 9.0 PoC Considerations

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile Enterprise 8.5, 8.6, 8.7 and 9.0 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
XENMOBILE APPCONTROLLER – xac
NETSCALER GATEWAY – nsg
FIREWALL – f/w
CERTIFICATE – cert
ACTIVE DIRECTORY – ad
INFRASTRUCTURE-AS-A-SERVICE – IaaS
ENTERPRISE MOBILITY MANAGEMENT – emm

Preparation & Pre-requisites (DRAFT & MAY CONTAIN ERROR(S))
0: Never use a production NetScaler or NetScaler Gateway for PoC why? When you upload the trial licenses it will require a reboot which cannot be completed in a production environment without a planned maintenance window. Also you may want to use the latest NS(G) during the PoC for best results & optimal performance likewise some versions require a e release of NS(G) which will mean a firmware upgrade to your production NS(G) eventually.
1: If you don’t understand all the components of XenMobile Enterprise then I would suggest researching and reading (Data sheets of each) to understand what the XenMobile Device Manager, XenMobile AppController, XenMobile NetScaler Connector, XenMobile Mail Manager, NetScaler (Gateway) and finally what ShareFile StorageZone Connectors are all capable of individually as integrated as part of a Mobility Solution. XenMobile Enterprise can also include the delivery of hosted shared and VDI desktops, hosted published Windows apps delivered from XenApp, XenDesktop as part of the overall EMM Solution.
2: XenMobile Enterprise is an integration of a number of the Citrix products mentioned above deployed together to form a complete EMM solution.
3: Identify and visually understand where potentially all the components/products sit within the whole overall mobility solution. Here is a great visual reference that is clean and clear to understand – http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png?accessmode=direct.
4: Review the pre-requites and checklists if available for each product that you wish to deploy within XenMobile. I have listed a few here for you starting with all the required ports – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html, for the checklist – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-prepare-xenmobile-checklist-con-.html, for or XDM – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-device-manager-sys-reqs-con.html, for XAC – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html, for NSG – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-netscaler-gateway-reqs-con.html, for SF – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storage-center-sys-reqs.html and for XD – http://support.citrix.com/proddocs/topic/xendesktop-71/cds-system-requirements-71.html.
5: Now that you have an understanding of the requirements for each and you should by now know and understand each product a little more read through the XenMobile 8.6 Reference Architecture – http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.
6: Deploying the XenMobile Solution – http://support.citrix.com/article/CTX139235 as well as download a copy of the XenMobile MDXToolKit Documentation v1.0 – http://support.citrix.com/article/CTX140458.

Pre & Post Discovery Meeting (DRAFT & MAY CONTAIN ERROR(S))
1: Ensure that you educate the organisation as to what XenMobile is and is capable of doing re MDM, MAM and MIM.
2: Setup 2-3 GoToMeeting sessions. The first is to answer any Q&A that the organisation has for you re the pre-requites and ensure that they have started to prepare any external dependencies e.g iOS Enterprise Developer Account. The second is to ensure that all the pre-requites have been completed prior to the installation onsite for the PoC and to answer any further Q&A the organisation has. If the organisation has not completed the pre-requites then proceed with the third GoToMeeting and if the pre-requites have not being completed I would strongly advise escalating to managers on both that your PoC will more than likely be unsuccessful as your need ports opened, servers build, software downloaded, certificates e.t.c and you will need to focus on installing and then configuring the products to be integrated together and into mgmt infrastructure e.g (s)LDAP and finally configure policies and if applicable wrapping Worx, ShareFile *.ipa and *.apk files to become *.mdx to provide secure sandboxed, internet and intranet browsing (WorxWeb) + e-mail (WorxMail) and data sharing (ShareFile).
3: Decide on a database platform note that Postgres SQL is built-in to the XDM software package and is great for PoC’s or alternatively you can use MS SQL.
4: Decide upon the XDM management addr for mobile devices you can use either an IP Addr 10.10.100.200 for FQDN e.g mdm.axendatacentre.com, however I would recommend a FQDN. Why? When you install and configure the XDM your creating and configuring a CA if use used an IP addr and you decided to move the XDM server from one subnet to another and could not provide the exact IP or you move from one ISP to another you’ll get a new IP addr range you will break the CA and all enrolled devices will become unmanaged so install using an FQDN and you can always adjust the underlying IP addr of the XDM’s serves FQDN this not compromising/breaking the XDM’s CA and all devices will remain managed and connected to the XDM. Remember changing an IP addr of an external FQDN does and will require 24 hours for DNS to propagate through out the internet.
5: Login to your Citrix My Account at – http://www.citrix.com/ locate and click Partner Central (Opens a new tab) then once the web page loads click Sales in the navigation menu bar and click on SalesIQ (Opens a new tab) then once loaded click on PoC Central scroll down and download the XenMobile PoC kit. Note only valid Citrix Partners may download content from Citrix SalesIQ.

PoC Notes & Tips
1: Deploy your first few XenMobile 8.7 PoC’s using single NIC’s.
2: Stick with 2-3 devices during a PoC to maximise your PoC success and remember a PoC is designed to prove a concept or a technology.
3: If your deploying ShareFile On-Prem SZ remember to back SZKeys.txt in the root of your ShareFile data CIFS share.
4: Your PoC should run smoothly provided that you can confirm that all the perquisites for XenMobile Enterprise are successfully completed prior to arriving onsite and this should also potentially include having a basic customer defined MDM, MDX policy agreement so that you can setup and configure these policies post successfully deploying the XenMobile components so that you can begin your initial testing to check that everything is operating as expected thereafter you demonstrate that the deployment is active and working as expected. At this stage you can either define what MDM, MDX policies you wish to trial or test during the PoC however hopefully this has too also been previously agreed and you can begin defining the policies by platform and for any Worx or 3rd party signed MDX mobiles apps.
5: XDM clustering for high-availability in XenMobile 9.0 has changed so please refer to this blog article – which will help your understand what Tomcat configuration changes are required prior to performing an in place upgrade from XenMobile Device Manager 8.7 to 9.0. This changes also means that your XDM cluster can now reside in alternatively data centres ref – .

Support NetScaler Gateway (Builds + Versions) for XM 9.0
1: 10.5.53.9; 10.5.52.11; 10.5.52.1115.e; 10.5.51.1017.e; 10.5.51.10; 10.1.129.1105.e; 10.1.128.8003.e; 10.1.127.1007.e; 10.1.126.1203.e; 10.1.124.1308.e ref – http://support.citrix.com/proddocs/topic/worx-mobile-apps/xmob-10-understand-compatibilitymatrix-con.html.

ShareFile StorageZone Controller 2.2

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test ShareFile StorageZone Controller 2.2 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
STORAGEZONE CONTROLLER – szc
CERTIFICATE SIGNING REQUEST – csr
SHAREFILE – sf
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
COMMON INTERNET FILE SYSTEM – cifs
XENMOBILE APPCONTROLLER – xac

What’s New
1:This release coupled with prior versions now integrates both the Storage Center and Controller server software packages into one unified software package now called the “ShareFile StorageZone Controller 2.2”.
2: Access your organisations trusted existing or new network CIFS shares and SharePoint sites via a ShareFile On-Prem SZC which always users to securely connect via a FQDN over 443 (HTTPS) this ensuring secure and encrypted communication between the users device and the On-Prem SZC. It is worth mentioning that your organisations datasets do not traverse the ShareFile Control Plane in any way ref – http://support.citrixonline.com/en_US/ShareFile/all_files/SF090015.
3: ShareFile also introduced an EMEA Control Plane for organisations to meet local, regional and geo requirements and or restrictions one basic example could be Safe Harbor – http://export.gov/safeharbor/ as well as preferring to have localised data centre’s within the EU to manage and handle user requests and more. Note this feature was already widely available prior to this WordPress post/blog entry.
4: For information regarding what else is new please check out – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-storagezones-about-22.html.

ShareFile Security Whitepaper PDF
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/sharefile-enterprise-security-whitepaper.pdf

Synergy SYN310: Deep Dive into ShareFile Enterprise Functionality

SYN310: Deep dive into ShareFile Enterprise functionality from Citrix

Deploying an On-Prem SZC (DRAFT & MAY CONTAIN ERROR(S))
1: Initially would suggest that your read/review the following CTX Article – http://support.citrix.com/article/CTX138041 and http://blogs.citrix.com/2012/03/19/saml-authentication-with-sharefile-using-ad-fs-2-0/ which covers numerous technical FAQ and may answer a number of your questions.
2: Setup a ShareFile Enterprise Account and request that On-Prem SZC be enabled against your account when setting up your account or if you already have one request that SZC be enabled by sending a email to ShareFile support – http://www.sharefile.com/company/contact-us.aspx and online help & support including videos is available at – http://support.citrixonline.com/sharefile. Verify that StorageZones are available under the Admin tab when you sign into your ShareFile sub-domain e.g xendc.sharefile.eu or axendatacentre.sharefile.com prior to continuing with the installation and configuration.
3: Prepare a Windows Server 2008 R2 and install IIS (include dependencies ASP, Basic Authentication if you want to connect to existing network shares for a PoC).
4: Setup and configure your external DNS A record e.g sharefile.axendacentre.com or sf.thedurbannatal-sharks.co.za and ensure that you can successful connect to the default IIS page on TCP Port 80.
5: Generate a CSR on the intended ShareFile On-Prem SZC for your FQDN and sign it with an external CA e.g http://www.verisign.co.uk or http://www.thawte.com e.t.c. Your are required to use an external CA as IIS self-signed or Enterprise CA certificates are not permitted and will not work with the ShareFile Control Plane. Download and install the cert response from your chosen external CA and Complete The Certificate Response in IIS.
6: Once the cert is successfully imported bind it to HTTPS (443) and the restart IIS and navigate to the FQDN via HTTPS externally to ensure that you can connect to it without any SSL cert mismatches, errors e.t.c
7: * Create a ShareFile service account within and assign full r/w access it to the intended On-Prem SZ folder located either on the local disk or secondary disk of the VM or remotely. Please do the same for your PoC Shared Area that you intend to access as an existing network share.
8: *Install the ShareFile Storage Zone Controller 2.2 software package and leave the checkbox to launch the Configuration Web Page. Once the page launches sign in with your Super Admin ShareFile Admin access details.
9: Follow the onscreen instructions which are fairly self explanatory however should you require any further help & support re the exact requirements please navigate to – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-install-storagezones.html and http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-connectors.html.
10: Please stop and ensure that you safely backup the SCKeys.txt file within the root of On-Prem SZ CIFS share to a alternative and secure location that is also backed up.
11: Provision a test user that resides within your domain and has also been created within the ShareFile Control Plane. For help with setting up users please take a look at – .
12: Ensure that your test user has permission to your intended CIFS Shared Area e.g your SZC that you setup and configured within the ShareFile Control Plane.
13: Now that you have successfully setup and configured your On-Prem SZ and SZC proceed to download a ShareFile mobile app from e.g iTunes – iPad https://itunes.apple.com/gb/app/sharefile-for-ipad-by-citrix/id440596621?mt=8, iPhone https://itunes.apple.com/gb/app/sharefile-mobile-by-citrix/id434391375?mt=8 or Google Play – https://play.google.com/store/apps/developer?id=ShareFile+by+Citrix&hl=en_GB. Once downloaded enter in your test users account details and test uploading and downloading a picture taken from within the ShareFile iOS app as an example.
14: Once you test that your On-Prem SZ

SZ Controller Management
This eDocs node will help you to proactively manage your On-Prem SZ Controller environment covering on to add/remove controllers for H/A as well as how-to promote, demote and disable SZ Controller – http://support.citrix.com/proddocs/topic/sharefile-storagezones-22/sf-manage-storagezone-controller.html. These eDoc articles are essential for the ongoing management and routine scheduled maintenance task(s).

Two-Step Verification = Stronger Security
http://support.citrixonline.com/en_US/sharefile/help_files/SF060010?title=Two-Step+Verification

XenMobile AppController 2.9

Leave a Reply

The following content is a brief and unofficial prerequisites guide to setup, configure and test XenMobile AppController 2.9 prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views, opinions and concepts expressed are those by the author of this entry only and do not necessary conform to industry descriptions or best practises.

Shortened Names
XENMOBILE DEVICE MANAGER – xdm
CERTIFICATE SIGNING REQUEST – csr
APPLE PUSH NOTIFICATION SERVICE – apns
FULLY QUALIFIED DOMAIN NAME – fqdn
SECURE LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL – (s)ldap
CERTIFICATE – cert
VOLUME PURCHASE PROGRAM – vpp
XENMOBILE APPCONTROLLER – xac

XenMobile Enterprise Reference Architecture 8.6
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-reference-architecture-for-xenmobile-86.pdf.

What is a MicroVPN (mVPN)?
http://support.citrix.com/article/CTX136914.

Configure DNS Suffixes for Android
http://support.citrix.com/proddocs/topic/netscaler-gateway-101/ng-connect-mobile-devices-android-split-dns-tsk.html#ng-connect-mobile-devices-android-split-dns-tsk

Deploying and Configuration of the XAC 2.9 (DRAFT & MAY CONTAIN ERROR(S))
1: Hypervisor System requirements – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html, http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-deploy-install-appcontroller-wrapper-con.html.
2: Network TCP Ports Source vs. Destination – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-deploy-component-port-reqs-n-con.html and the current Architecture Diagram can be found at http://www.citrix.com/content/dam/citrix/en_us/images/info-graphics/xenmobile_architecture_86.png
3: Download the virtual appliance from http://www.citrix.com/downloads.html. You will be required to sign in with your Citrix.com access details in order to download the XAC virtual appliance from your chosen hypervisor. Currently XenServer, VMWare ESX(i) and Hyper-V are supported. Deploy the XAC virtual appliance withih your hyper-visor of choice ensuring that you have provided it with adequate computing power resources and a NIC and system requirements can be viewed at – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-appc-sysreqs-wrapper-con.html.
4: Complete the XAC pre-requites checklist available from eDocs at – http://support.citrix.com/proddocs/topic/xenmobile-prepare/xmob-prepare-xenmobile-checklist-con-.html. If however your just going to deploy the XAC 2.9 you could use the existing pre-requites checklist for XAC 2.8 which is available at – http://support.citrix.com/proddocs/topic/appcontroller-28/xmob-appc-plan-checklist-con.html however remember to compare it against the latest checklist. Create your DNS A record (You can only assign one FQDN to the XAC so you will need to consider creating DNS A records for both internal and external users to access and to connect to the XAC either internally directly or externally using NSG. Accessed via either Worx Home or a internet browser accessing the XAC’s RfW e.g https://XAC-FQDN/Citrix/StoreWeb. It is worth noting that if you type in just the FQDN the user will automatically be re-directed to the XAC’s RfW login page.) and then sign the CSR generated on the XAC with your organisations Enterprise CA or using OpenSSL (Windows, Unix, Linux or Mac) – . It is important though when downloading the response from a MS Enterprise CA download the certificate in and the chained certificate in “Base64” format.
5: Start the XAC VM and enter in console mode via your hypervisor and complete the basic configuration (network ip addr, subnet mask, gateway e.t.c; Note the default login is username: admin and password: password) required in order to complete the configuration via a web browser over https://XAC-FQDN:4443/ from a domain joined hosted shared desktop or VDI desktop. Once you have completed the initial basic configuration you can now reboot the XAC virtual appliance following the onscreen instructions
6: Once the XAC reboots successfully (Watch the console from your hypervisor) login to your domain joined desktop and open up your default internet browser of choice and type in https://XAC-FQDN:4443/ and accept the SSL error warnings (The default binded SSL certificate is for appcontroller.example.com which is why your internet browser throughs up SSL error warnings ) and login using username: Administrator and password: password. Once you have successfully logged in complete the onscreen wizard. You may not have a mail server if you have just built your own demo environment for XenMobile so simply put in the intended mail server details BUT do not mark the authentication check box otherwise the XAC wizard will fail as it will not be able to contact the intended mail server as it has not been built yet. Once the wizard completes you will be logged out which is normal.
7: Now re login into the XAC CP admin console and click Settings -> Certificates and complete a CSR for the FQDN of your XAC and optionally sign the CSR with a public (e.g http://uk.godaddy.com, http://www.thawte.com, http://www.verisign.co.uk and there many others to choose from) or private (e.g MS Enterprise CA, OpenSSL), then upload the response which should be in “Base64” format and then click “Make Active” and you will be automatically logged out which is normnal as the new upload cert is bound to HTTPS against your FQDN and not appcontroller.example.com any more. If you delete your history and cookies and close your internet browser and re-open it and navigate the XAC’s FQDN you’ll notice if on IE as example the addr bar is no longer red but is BLUE and if you click the SSL Lock icon you should not receive any SSL warnings or errors.
8: Login to the XDM FQDN and it configure with the XAC IP Addr or FQDN, shared secret password. (Complete only if your deploying the whole XenMobile Enterprise Solution)
9: Login into the XAC using your new defined access details the navigate to Settings -> XenMobile MDM and enter in the XDM IP Addr or FQDN, select your port communication 80 (HTTP) or 443 (HTTPS) between the XDM and XAC, enter in the exact shared secret password used in the step above then click “Test” and if confirmed click “Save” and it will begin setting up and configuring the appropriate resources between the XAC and the XDM e.g when you specific an app “Require App Installation” and a use enrols it will ensure the mobile app or resource from the XAC is installed on the users mobile device.
10: Click the “Apps & Docs” tab and create web links, SaaS, upload iOS/Android mobile apps *.apk, *.ipa which are unsigned (NEW in XAC 2.9) and of course upload your digitally signed OS/Android *.MDX mobile apps which have been signed on a Apple Mac running OS X using the Citrix App Preparation Tool leveraging the mobile app binaries for iOS/Android and your organisations provisioning profile(s), distribution certificate(s) from Apple and Android which the allows you to apply circa 60 policies against each *.MDX digitally signed mobile apps that you have uploaded to the XAC.
11: Configure access to ShareFile and XenApp, XenDesktop if applicable.
12: Click the “Roles” tab and create your user roles mapped to your AD OU’s e.g Sales = Domain Sales Users name then assigned resources to that role you’ve just created.
13: Navigate to in a browser https://XAC-FQDN/ which if you have not setup the XAC in StoreFront which redirect to https://XAC-FQDN/Citrix/StoreWeb/ which is RfW and login to access your assigned resources. It is worth mentioning you will not see mobile apps on a Windows Desktop likewise you will not see iOS mobile app resources on an Android platform and visa versa.
14: There is a wealth of useful links at – http://www.citrix.com/products/xenmobile/tech-info.html.

Worx Mobile Apps
1: Understanding Worx suite of mobile apps – http://support.citrix.com/proddocs/topic/xenmobile-connect-users/xmob-worx-about-worx-apps.html.
2: Each mobile platform has different requirements for wrapping the native *.ipa (iOS), *.apk (Android) app binaries to be converted into *.mdx file format which can be then uploaded to the XAC and MDX policies applied.
3: To wrap any iOS, Android mobile app binaries you require provision/distribution profiles for each mobile platform during the wrapping process, for iOS you require a iOS Enterprise Developer Account – and for Android – . You also require a Mac and the Citrix App Preparation Tool for more information on the system requirements please visit – .
4: To configure iOS MDX apps on the XAC refer to – http://support.citrix.com/proddocs/topic/xmob-appc-configure-29/xmob-appc-mobile-apps-policies-ios-con-nike.html, for Android – http://support.citrix.com/proddocs/topic/xmob-appc-configure-29/xmob-appc-mobile-apps-policies-andr-con-1.html.
5: To improve battery life for WorxMail setup and configure an STA ref – http://blogs.citrix.com/2013/09/16/improving-battery-life-with-worxmail-sta-to-the-rescue/, http://support.citrix.com/proddocs/topic/xmob-deployment/xmob-appc-config-sta-tsk.html.

Coming Soon!
The mean time check out these links – http://blogs.citrix.com/2013/12/20/xenmobile-8-6-maintenance-release-deep-dive/, http://support.citrix.com/proddocs/topic/xenmobile-understand/xmob-product-videos-con.html.

Citrix Technology Advocate (CTA) Blog by @lyndonjonmartin

A Personal blog by Lyndon-Jon Martin on all things related End-User Computing (EUC) and Citrix

Tag Archives: XenMobile AppController 2.9

XenMobile Enterprise 8.5, 8.6, 8.7, 9.0 PoC Considerations

ShareFile StorageZone Controller 2.2

XenMobile AppController 2.9