The following content is a brief and unofficial prerequisites guide to setup, configure and test a NetScaler Gateway 10.5.x.n or NetScaler Unified Gateway 11.x.n fronting a XenMobile 10.x.n XMS virtual appliance prior to deploying in a PoC, Pilot or Production environment by the author of this entry. The views expressed here are my own and do not necessarily reflect the views of Citrix.<\/p>\n
Shortened Names<\/strong> Deployment Preparation Overview (DRAFT & MAY CONTAIN ERROR(S))<\/strong> a – 1x Public routable FQDN for MDM e.g enroll.axendatacentre.com Sample PoC Diagram<\/strong>
\nXENMOBILE – xm
\nXENMOBILE SERVER – xms
\nVIRTUAL APPLIANCE – v\/a
\nFEDERAL INFORMATION PROCESSING STANDARDs – fips
\nNETSCALER GATEWAY – nsg
\nNETSCALER UNIFIED GATEWAY – nug
\nVIRTUAL IP ADDRESS – vip
\nMOBILE APPLICATION MANAGEMENT – mam
\nMOBILE DEVICE MANAGEMENT -mdm
\nCERTIFICATE AUTHORITY – ca <\/p>\n
\n0. The section also contain the pre-requite, system requirements for each virtual appliance (V\/A) for NetScaler and the XenMobile Server (XMS).
\n1. Review the XenMobile comparability matrix at – http:\/\/docs.citrix.com\/en-us\/xenmobile\/10-1\/xmob-system-requirements\/xmob-10-understand-compatibilitymatrix-con.html<\/a> to choose the correct NS build vs. XMS build.
\n2. Download the V\/A’s for each at <\/a> signing in with your Citrix partner access details.
\n3. You need an SSL certificate a wildcard is recommend for simplicity and this should be using at min a 2048-bit key for your CSR that you submit to your CA. If you are experiencing the following issue enrolment issue Profile Installation Failed<\/b> \u201cThe server certificate for \u2018https:\/\/\u2019 is invalid\u201c the please review http:\/\/axendatacentre.com\/blog\/2015\/03\/29\/xenmobile-10-0-poc-considerations\/<\/a> to help resolve this issue.
\n4. Generate an APNS certificate following this process at http:\/\/docs.citrix.com\/en-us\/xenmobile\/9\/xmob-dm-config-requesting-apns-con.html<\/a> and sign your APNS certificate with Citrix at – https:\/\/xenmobiletools.citrix.com\/<\/a>.
\n5. You need to be aware that the port communication between the different components has changed and also the placement of the XMS V\/A in XenMobile 10. A network diagram can be viewed at – http:\/\/docs.citrix.com\/en-us\/xenmobile\/10-1\/xmob-arch-overview-con.html<\/a> I would recommended that you please refer to the figure 4. MDM and MAM modes and also figure 5. Cluster deployments.
\n6. XenMobile 10 today as of writing this blog post requires the following FQDN and IP ADDR reservations to be made available when fronting a XMS V\/A with NS appliance either virtual or physical 10.5.x.n and 11.x.n. Please note that for simplicity I will refer to a NetScaler Virtual Appliance V\/A from here on in.<\/p>\n
\nb – 1x Public routable static IP addr that resolves to the MDM FQDN
\nc – 1x Public routable FQDN for MAM e.g apps.axendatacentre.com as Secure\/Worx’s apps utilise a mVPN via WorxHome now SecureHub
\nd – 1x Public routable static IP addr that resolves to the public FQDN MAM
\ne – 1x DMZ private static IP addr for Gateway for your mVPN traffic
\nf – 1x DMZ private static IP addr for Load-balancing the MAM traffic
\ng – 1x DMZ private static IP addr for MDM traffic e.g enrolling and on-going device mgmt.
\nh – 1x DMZ private static IP addr for the actual XMS V\/A<\/p>\n
\n* refers to the “.axendatacentre.com” ending the FQDN.<\/p>\n