Citrix XenMobile Device Manager (MDM Edition) and the App Controller (App Edition) can be deployed separately or combined to form the Enterprise Edition. In the Enterprise Edition a connections needs to be configured between the Device Manager server and the App Controller so they can communicate with each other. Detailed information to Enabling Connections Between Device Manager and App Controller can be found through eDocs

A user who enrols a new mobile device is asked if Worx Homes needs to secure the device.

Enroll : Worx Home can secure your iPad in addition to your work apps. Do you want to enroll you device?


At first I thought pressing “Yes” would be the only correct choice, when enrolling a mobile device, but some time ago I noticed pressing “No”  would also enroll the mobile device. The outcome would be quite different, but in both cases Worx Home worked. Pressing yes enrolled the mobile device within the Device Manager and App Controller, where pressing no only enrolled the  mobile device without the App Controller.

By default XenMobile uses the samAccountName to validate mobile connections. I the case of the XenMobile Enterprise Edition we mostly use certificate based authentication to validate the mobile connections. A user certificate, combined with a Worx Pin is much more user friendly on a mobile device. With certificate based authentication in place the question to secure your iPad is unnecessary.

The user certificate is deployed by the Device Manager, without XDM enrollment, no certificate is installed on the iPad. Without user certificate Worx Home is not able to connect with the Netscaler VIP, which was configured to only accept certificates. Lucky there is a option to suppress the Enroll box.

From the XenMobile App Controller admin console (https://appc.fqdn:4443) select  the Settings tab > Select XenMobile MDM from the menu and click edit.


Make sure the box “Require Device Manager enrollment” is selected. Now when a user enrols a mobile device no question is asked to secure your IPad.

Despite the enrol box is not being displayed, I personally think mobile users should be notified about the administrative access. A warning notice will however be displayed soon as the profiles are installed. At this point a users can still cancel the enrollment!





Post Navigation