Citrix XenMobile Device Manager (MDM Edition) and the App Controller (App Edition) can be deployed separately or combined to form the Enterprise Edition. In the Enterprise Edition a connections needs to be configured between the Device Manager server and the App Controller so they can communicate with each other. Detailed information to Enabling Connections Between Device Manager and App Controller can be found through eDocs

A user who enrols a new mobile device is asked if Worx Homes needs to secure the device.

Enroll : Worx Home can secure your iPad in addition to your work apps. Do you want to enroll you device?

Enroll

At first I thought pressing “Yes” would be the only correct choice, when enrolling a mobile device, but some time ago I noticed pressing “No”  would also enroll the mobile device. The outcome would be quite different, but in both cases Worx Home worked. Pressing yes enrolled the mobile device within the Device Manager and App Controller, where pressing no only enrolled the  mobile device without the App Controller.

By default XenMobile uses the samAccountName to validate mobile connections. I the case of the XenMobile Enterprise Edition we mostly use certificate based authentication to validate the mobile connections. A user certificate, combined with a Worx Pin is much more user friendly on a mobile device. With certificate based authentication in place the question to secure your iPad is unnecessary.

The user certificate is deployed by the Device Manager, without XDM enrollment, no certificate is installed on the iPad. Without user certificate Worx Home is not able to connect with the Netscaler VIP, which was configured to only accept certificates. Lucky there is a option to suppress the Enroll box.

From the XenMobile App Controller admin console (https://appc.fqdn:4443) select  the Settings tab > Select XenMobile MDM from the menu and click edit.

Box

Make sure the box “Require Device Manager enrollment” is selected. Now when a user enrols a mobile device no question is asked to secure your IPad.

Despite the enrol box is not being displayed, I personally think mobile users should be notified about the administrative access. A warning notice will however be displayed soon as the profiles are installed. At this point a users can still cancel the enrollment!

warning

 

 

 

  • Nice one Rink! However keep in mind that you disable the BYOD access with this option. A user is now required to enroll his device in MDM before he can make use of corporate applications (MAM)! I think that won’t fit in most scenario’s while a user won’t be happy to let IT manage his personal device!?

    • Not necessarily..every client is different. If they aren’t going to WorxMail 100% or want to allow client choice between WorxMail or native and are using ActiveSync gating via XNC or XMM this would be needed..it all just depends (how’s that for a consultant answer! HAH!)

  • Larry Kuhlman

    Excellent article but we just recently got into MDM and i assume this is for version 9 or lower. Do you know how do you implement this on XenMobile 10?

    • Hi Larry,

      Yes this article was based on version 9. In XenMobile 10 this can be configured here:

      Configure > Settings > More > Server Properties > Displayname “Enrollment Required” Key “wsapi.mdm.required.flag” set to true

Post Navigation