5. XenMobile provides...
unified management of devices & applications
corporate app store
mobile device and app management
unified access getaway & SSO
workflow-driven productivity apps
military-grade (FIPS) security
mobile content management
broad platform support
6. Editions...
XenMobile MDM
mobile device management (MDM)
allow IT Administrators to enroll and enforce restriction
policies to corporate-owned or BYO devices
XenMobile Advanced
mobile device and application management (MDM + MAM)
adds support for IT Admins to create enterprise app store for
mobile, web/SaaS and Windows apps with MDX capabilities
(securing data and network resources)
XenMobile Enterprise
enterprise mobile management (EMM) solution
adds ShareFile capability for data mobility management
7. Scenarios: XenMobile MDM
mobile device management
jailbreak detection
selective or full wipe
geolocation tracking
passcode enforcement
pushing applications
native mail client access control
Wi-Fi & VPN access control
access to local documents/files for editing
8. Scenarios: XenMobile Advanced
all MDM edition use scenarios
federated single sign-on (SSO)
secure email
secure browsing
automated account provisioning
workflows
policy-based interapp security
app specific microVPN tunnels
unified corporate app store
access to local documents/files for editing
9. Scenarios: XenMobile Enterprise
all XenMobile Advanced edition use scenarios
secure document sharing,
syncing & editing (ShareFile
Enterprise)
10. Features
single administrative experience with RBAC
unified XenMobile server (Linux appliance)
simplified deployment and configuration
designed for 100,000 user environments (with 150,000+
devices)
integrated enterprise store with ratings, screenshots and
app reviews
cross-platform app & policy definitions
single sign-on for MDX apps
FIPS 140-2 support
connectivity checks & support bundle
integrated Worx productivity apps
12. Worx apps (1)
WorxHome
authenticates users (AD with certificates, tokens and other
second factors)
permits lock/wipe of corporate data/apps on selected devices
SSO for all managed apps (hosted (HDX) apps and desktops,
web/SaaS apps, MDX managed mobile apps)
access to the MDX apps (determines policies and app
entitlements and controls data exchange)
provides gateway tickets for microVPN access, certificates for
protected websites, SAML tokens for ShareFile access, ...
13. Worx apps (2)
WorxWeb
HTML5-compatible browser
whitelist/blacklist URLs, set bookmarks and home page
leverages microVPN (full tunnel) or SecureBrowse (client-side
rewrite)
https://bramwolfs.com/2012/08/24/cloud-gateway-a-wrap-up-so-far-
part-2/
WorxMail
ActiveSync mail/calendar/contacts client
microVPN or STA to sync email from Exchange or Office 365
14. Worx apps (3)
WorxEdit
open, view, create or edit Microsoft Office documents
view PDF files
track changes from multiple reviewers
local storage for offline copy editing
WorxNotes
create, sync and share notes
create notes from WorxMail messages
ShareFile integration for storage and sync
integrated with Exchange server (email and calendar)
15. Worx apps (4)
WorxTasks
securely manage tasks
integration with Outlook tasks and WorxMail
WorxDesktop
secure „VDI like” access to physical desktop
access work files and apps
ShareFile
secure enterprise file share and sync
mobile content editing
SharePoint & network files integration
17. NetScaler
hardware (MPX, SDX) or software appliance (VPX)
provides content switching and load balancing for
MDM, MAM or EMM
manages the complete lifecycle of the
request/response transaction
supports connection reuse (reduces TCP overhead on
web servers)
communicates with XenMobile (better together)
built-in monitor for XenMobile
built-in diagnostic tools for XenMobile
supports microVPN (MDX) technology in XenMobile
18. NetScaler addresses
NSIP
NetScaler IP (IP of the appliance)
management IP
SNIP
subnet IP
communication to backend services like XenMobile, AD,
database, ... („points of presence” in different subnets)
VIP
virtual IP
IP address of a virtual server (client-side access)
20. Deployment of EMM (1)
prerequisites:
firewall ports
http://docs.citrix.com/en-us/xenmobile/10-3/xmob-system-
requirements/xmob-deploy-component-port-reqs-con.html
hypervisor of choice
SQL Server 2012+
XenMobile license
service accounts (DB creator, AD reader)
4 free IP Addresses in the DMZ
2 free public IP addresses
2 SSL certificates (or a wildcard certificate)
Apple Push Notification Services certificate (APNS)
for managing Apple devices
NetScaler Gateway
NetScaler Standard or higher supports Load Balancing
SMTP server (optional)
21. Deployment of EMM (2)
steps:
XenMobile
import the XenMobile appliance(s)
initial configuration from CLI (IP, database, NTP, ...)
additional configuration from console (SSL, NSGW, LDAP, ...)
create additional appliance(s)/enable clustering
update the environment (for WM10)
integration with NetScaler
import the NetScaler appliance(s)
initial configuration from CLI (NSIP)
additional configuration from console (license, SSL, ...)
XenMobile integration wizard
create additional appliance(s)/enable HA mode
23. Tips...
XenMobile
don’t install and upgrade the first node and later try to add another
one (hint: database schema upgrades... sometimes )
use VM cloning for multiplication of nodes
RBAC – can’t add a group to Support role
create another role, tailored to your wishes
restart appliances to pick up certificates & updates
NetScaler
4K certificates limitation on VPX
only hardware appliances support 4K certificates
vCPU limitation on Hyper-V (intentional!)
limited to two vCPUs (use VMware instead )
bug with AD authentication in GUI
if you password contains special characters, beware...
24. Conclusion
complete enterprise mobility management solution
three „flavours” – MDM, MDM+MAM, EMM
end-to-end security, easy deployment and great user
experience
integration with NetScaler appliance is easy and
preferred
nice built-in productivity apps
fast deployment
26. Ankete
Popunite ankete i osvojite vrijedne
nagrade!
Ankete su dostupne na:
a) Mobilnim uređajima (Android, Apple, Windows)
b) Web-u http://www.mobilityday.com
PIN za pristup se nalazi na poleđini akreditacije i u vašem
on-line profilu.
This session will be a kind of introduction to Citrix XenMobile solution for IT Pros. We will talk about what is Citrix XenMobile solution, its prerequisites and components, and how to set it all up. As NetScaler ADC is an important part of the complete solution, we will introduce it as well and show you how it fits into the Citrix mobile management story. Last, but not least, we will show you how to manage different mobile devices using XenMobile.