During the Citrix Summit 2015 in Las Vegas Citrix officially announced the next version of the XenMobile solution, called XenMobile 10. Monday 19 January finally came the long awaited Tech Preview XenMobile version available for Partners. This article will give you a clear view of all the steps required during Installing Xenmobile 10 which was released today!
Citrix XenMobile is delivered as a single appliance (combining MDM/MAM) which needs to be imported into your hypervisor. The appliance is available for XenServer, HyperV & VMware.
After the appliance is imported and powered on a first time wizard starts, guiding you through the setup. First you’ll need to configure an console Admin account, not to be confused with the web Administrator account. This account is only being used to access the appliance from the console:
Next you’ll need to configure the network settings for the appliance. Each appliance will need one unique IP address:
The XenMobile Server data can be protected by a random passphrase to secure the data. We’ll use to the default “yes”:
Federal Information Processing Standard (FIPS)
By default the Federal Information Processing Standard (FIPS) is not enabled. Depending on your needs you’ll need to switch on FIPS:
XenMobile requires a database to store its configuration. Although a PostgreSQL database is provided, this is only for testing and small POC environments. PostgreSQL shouldn’t be used within a production environment. The database doesn’t need to exist on forehand, the wizard will automatically create the database for you (If your account has the correct SQL privileges). The username you entered for the database connection will be used by the appliance to connect with the database. I prefer not using the SA account for this, but a separate service account.
One is none, so yes for production environments you’ll want to create a cluster of at least 2 XenMobile Servers:
Enter the Citrix XenMobile hostname which will be used by your clients! This should be the external FQDN, for example xenmobile.rinkspies.com:
In most scenario’s the default port numbers will be ok and don’t need to be changed:
Public Key Infrastructure (PKI)
The XenMobile Servers will need 4 certificates, which will be generated as self signed certificates. You’ll need to protect the private key of these certificates with a password, so no one can abuse your certificates. Depending on you security needs you can protect each certificate with a separate password, or use the same password for all certificates:
XenMobile Web Console Administrator
Enter a Administrator account which will be used to access the management website:
After the wizard finishes the initial system configuration is completed and your XenMobile Server 10 is ready to access by a web browser. The XenMobile management website is accessible through the url displayed on the console. By default it runs on port 4443, but depending on you port choose this could be different.
Let’s start a web browser and access the management console:
Get Started Wizard
After the initial logon a second wizard will start, guiding you through some additional settings, which needs te be in place for a working XenMobile Server setup.
Of course the first thing XenMobile needs is a license:) By default the appliances comes with a 30 days evaluation license which can be used when the licensing server or licenses are not yet in place
Then the SSL certificates needs to be configured. Not only your SSL listener, but also your APN (Apple Push Notification) certificate needs to be imported into the appliance.
Selecting the import button will open a certificate import windows, where you can select the type of certificate you want to import:
When importing a SSL listener or APNS certificate the XenMobile 10 appliance needs te be rebooted. Unfortunately you’re not able to reboot the XenMobile appliance from the management web gui, but needs to be done through the console.
For a secure deployment of XenMobile we should make use of a Citrix Netscaler. The Citrix Access Gateway url and authentication type which is being used should be entered. For use with XenMobile 10 you should use Citrix NetScaler 10.5-54.9, which has updated wizard specific for XenMobile version 10.
You need to configure a connection with a LDAP directory like Microsoft Active Directory, which can be used to import users and/or groups. Keep in mind to use the same “User search by” property as used within the NetScaler Access Gateway!
Last thing we need to configure within the configuration wizard is the notification server. The notification server will be used by the XenMobile server to send email notification, enrollment request, administrative alerts, etc.
Test your notification server configuration before continuing the wizard.
After setting all the required settings a summary page is being displayed where you can review all settings. Don’t worry for making mistakes, all the setting can be adjusted afterwards !
Then finally we are able to logon to the new management web gui, which runs on port 4443 (https://fqdn/ip:4443)
In my opinion the XenMobile team did a great job combining the MDM & MAM part into one single appliance, which is much easier to configure and setup. Not only the setup was greatly improved, but also the overall management, although they still have some work to do. Soon I’ll write some additional blog about differences and first experiences with XenMobile 10, so stay tuned!