Recently we added the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector) to a customer environment, with the intention of giving only known smartphones access to ActiveSync. The definition of known in this case, is a smartphone enrolled within Citrix Endpoint Management (formerly XenMobile). After some testing, we switched on “Blocking Mode” on the Gateway connector for Exchange ActiveSync and indeed all the ActiveSync traffic was nicely regulated. Only connections from device which existed in the Endpoint Management database were allowed access to ActiveSync. The check if a email client is allowed access is done based on the ActiveSync ID, which should be unique for every device.
Just to clarify, a short explanation how the Gateway connector for Exchange ActiveSync works. The Citrix Gateway connector for Exchange ActiveSync is connected to the Endpoint Management server(s) and periodically graps all ActiveSync ID’s. All the grapped ActiveSync ID’s are stored locally on the Gateway connector for Exchange server, in a .xml file. Depending you installation folder and provider name it’s stored on the Gateway connector for Exchange Server in : “%InstallFolder%\XenMobile NetScaler Connector\config\%ProviderName%.xml”
Depending your Endpoint Management ActiveSync Gateway configuration devices can be allowed or denied access based on several rules.
During regular maintenance at a customer we noticed the Ivanti WorkSpace Control logging database was getting quite big. The logging database had reached a size of more than 1TB, something of which the cause was not immediately clear. Sure they had lots of users and were keeping lots of auditing data, but the increase in database size couldn’t be related to additional users or something else.
We contacted Ivanti Support to investigate the huge increase in logging database size. They told me about a useful tool called “Workspace Manager Logging Management Tool“. The tool was created by a former employee Patrick van Grinsven. Soon it became clear what exactly was using so much space within the logging database.
Recently I was asked to increase the security for a public reachable ActiveSync url. Although the customer was using Citrix Endpoint Management (XenMobile) and Citrix Secure Mail was available in their Enterprise AppStore, employees were also allowed to use their native “un-secure” mail client, which made use of a public reachable ActiveSync URL.
A big advantage they had, was that almost all mobile devices were already enrolled within Citrix Endpoint Management, so we knew which ActiveSync ID’s where legit and allowed to access ActiveSync.
Cause we were already making use of Citrix Endpoint Management, we decided to use the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector), to add an extra layer of security to the public reachable ActiveSync url.
Prior to Windows 10 (build 1607) Sticky Notes was a “Desktop App”, for which it was quite easy to roam all user settings and notes. But since the Windows 10 anniversary update Sticky Notes is available as a “Windows App” (Universal App). This creates a new challenge.
We have to make sure that Sticky Notes settings and notes, which a created by the users are being roamed. In case that roaming profiles are being used, this won’t be very challenging, because the whole user profile will be stored soon as an user logs off. However when local or mandatory profiles are used, in combination with a Zero Profile technology, like the technology offered by Ivanti Workspace Control (formerly RES Workspace Manager), some challenges lie ahead.
Until recently I used to wrap all XenMobile applications using an Apple provisioning profile which used a wildcard App ID. This way only a single provisioning profile was required for all my XenMobile applications.
Last week at a new customer site I noticed something different with their new Apple iOS Developer Enterprise account, which was created somewhere last week. I started by creating a “In-House” Production iOS Certificate to sign the apps
During a recent implementation of XenMobile 10 Enterprise (build 10.0.0.62300) I created a ShareFile Administrator Account within the ShareFile control plane to be used for the XenMobile integration.While I was still doing some testing and configuring a simple, non complex password was used for the ShareFile Administrator account. Soon as everything was working correctly I logged in to the ShareFile Control Plane and updated the password used for the ShareFile Administrator account for a complex one. Well so far so good. Next step in the process would naturally be to update the ShareFile Administrator account within the XenMobile Server (XMS) settings.
I logged in to the XenMobile 10 console and went to Configure > Settings > More > ShareFile and finally clicked Sharefile. Almost immediately I was confronted with an Error message “Username or Password was incorrect”.
In order to integrate XenMobile with the Google Play Store, a Public App Store you will need to configure your Google Play Credentials. Beside the user name and password, you will also need to enter the Device ID (Configure > Settings > More > Server > Google Play Credentials)
I went ahead entering the account credentials and Device ID supplied by the customer. While trying to save the Google Play configuration an error message appears “The Google logon request used a user name or password that is not recognized”.
During the Citrix Summit 2015 in Las Vegas Citrix officially announced the next version of the XenMobile solution, called XenMobile 10. Monday 19 January finally came the long awaited Tech Preview XenMobile version available for Partners. This article will give you a clear view of all the steps required during Installing Xenmobile 10 which was released today!
Citrix XenMobile is delivered as a single appliance (combining MDM/MAM) which needs to be imported into your hypervisor. The appliance is available for XenServer, HyperV & VMware.
After the appliance is imported and powered on a first time wizard starts, guiding you through the setup. First you’ll need to configure an console Admin account, not to be confused with the web Administrator account. This account is only being used to access the appliance from the console:
Since the initial community release of SFGuru Explorer on 25-10-2014 we (Daniel Nikolic / Rink Spies) have been busy developing the application. Every time when we detect repeating, or labor intensive tasks within our ShareFile support team we try to improve the job by integrating an optimized task in SFGuru Explorer. Currently we have lots of ideas and beta versions which we need to do some further testing on, but before releasing these features we want to be 100% sure everything runs stable. While all the coding and testing needs to be done in our spare time it could take some time before we can release all new features.
Meanwhile we made some great improvements, which have been fully tested. Improvements of which we are proud of 🙂 We decided to add all the tested features to a interim release, which will be released as SFGuru Explorer version 1.2!
So lets’s start with the new features we added:
SFGuru Explorer stores its configuration in an encrypted .config file. While working on several ShareFile environments we had to constantly switch .config files, or change the login information to connect with the correct site. We added a multitenant option, which supports multiple .config files in the SFGuru Explorer folder. As Soon as the application detects multiple .config files on startup it will display a menu in which you can select the desired environment:
Citrix ShareFile Files can be hosted in the Citrix Managed cloud, or a Customer Managed Cloud. For a Customer Managed Cloud a StorageZone Controller needs to be placed within the boundaries of your own datacenter. Up to and including StorageZone Controller version 2.2, Citrix Sharefile stored all the files within one single folder. In very large environments this could lead to some challenges due to the large amount of files within one single folder. Some time ago I wrote a blog “Citrix ShareFile : Lessons learned in real life“, in which I discussed the maximum number of files supported by the storage array.
Up to and including StorageZone Controller 2.2 all zone files were stores in a single folder.
With this new release, according to the eDocs StorageZone Controller version 2.3 is able to handle more files per zone. Unfortunately the documentation about this new feature is limited. Let me start to explain how ShareFile accomplished this, how to enable and configure this new feature.
By default the feature to support more files per zone is switched off. To enable this new feature you need to update a registry key on all StorageZone Controllers in your zone.