Recently we added the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector) to a customer environment, with the intention of giving only known smartphones access to ActiveSync. The definition of known in this case, is a smartphone enrolled within Citrix Endpoint Management (formerly XenMobile). After some testing, we switched on “Blocking Mode” on the Gateway connector for Exchange ActiveSync and indeed all the ActiveSync traffic was nicely regulated. Only connections from device which existed in the Endpoint Management database were allowed access to ActiveSync. The check if a email client is allowed access is done based on the ActiveSync ID, which should be unique for every device.
Just to clarify, a short explanation how the Gateway connector for Exchange ActiveSync works. The Citrix Gateway connector for Exchange ActiveSync is connected to the Endpoint Management server(s) and periodically graps all ActiveSync ID’s. All the grapped ActiveSync ID’s are stored locally on the Gateway connector for Exchange server, in a .xml file. Depending you installation folder and provider name it’s stored on the Gateway connector for Exchange Server in : “%InstallFolder%\XenMobile NetScaler Connector\config\%ProviderName%.xml”
Depending your Endpoint Management ActiveSync Gateway configuration devices can be allowed or denied access based on several rules.
Recently I was asked to increase the security for a public reachable ActiveSync url. Although the customer was using Citrix Endpoint Management (XenMobile) and Citrix Secure Mail was available in their Enterprise AppStore, employees were also allowed to use their native “un-secure” mail client, which made use of a public reachable ActiveSync URL.
A big advantage they had, was that almost all mobile devices were already enrolled within Citrix Endpoint Management, so we knew which ActiveSync ID’s where legit and allowed to access ActiveSync.
Cause we were already making use of Citrix Endpoint Management, we decided to use the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector), to add an extra layer of security to the public reachable ActiveSync url.
Until recently I used to wrap all XenMobile applications using an Apple provisioning profile which used a wildcard App ID. This way only a single provisioning profile was required for all my XenMobile applications.
Last week at a new customer site I noticed something different with their new Apple iOS Developer Enterprise account, which was created somewhere last week. I started by creating a “In-House” Production iOS Certificate to sign the apps
During a recent implementation of XenMobile 10 Enterprise (build 10.0.0.62300) I created a ShareFile Administrator Account within the ShareFile control plane to be used for the XenMobile integration.While I was still doing some testing and configuring a simple, non complex password was used for the ShareFile Administrator account. Soon as everything was working correctly I logged in to the ShareFile Control Plane and updated the password used for the ShareFile Administrator account for a complex one. Well so far so good. Next step in the process would naturally be to update the ShareFile Administrator account within the XenMobile Server (XMS) settings.
I logged in to the XenMobile 10 console and went to Configure > Settings > More > ShareFile and finally clicked Sharefile. Almost immediately I was confronted with an Error message “Username or Password was incorrect”.
In order to integrate XenMobile with the Google Play Store, a Public App Store you will need to configure your Google Play Credentials. Beside the user name and password, you will also need to enter the Device ID (Configure > Settings > More > Server > Google Play Credentials)
I went ahead entering the account credentials and Device ID supplied by the customer. While trying to save the Google Play configuration an error message appears “The Google logon request used a user name or password that is not recognized”.
During the Citrix Summit 2015 in Las Vegas Citrix officially announced the next version of the XenMobile solution, called XenMobile 10. Monday 19 January finally came the long awaited Tech Preview XenMobile version available for Partners. This article will give you a clear view of all the steps required during Installing Xenmobile 10 which was released today!
Citrix XenMobile is delivered as a single appliance (combining MDM/MAM) which needs to be imported into your hypervisor. The appliance is available for XenServer, HyperV & VMware.
After the appliance is imported and powered on a first time wizard starts, guiding you through the setup. First you’ll need to configure an console Admin account, not to be confused with the web Administrator account. This account is only being used to access the appliance from the console:
Since the initial community release of SFGuru Explorer on 25-10-2014 we (Daniel Nikolic / Rink Spies) have been busy developing the application. Every time when we detect repeating, or labor intensive tasks within our ShareFile support team we try to improve the job by integrating an optimized task in SFGuru Explorer. Currently we have lots of ideas and beta versions which we need to do some further testing on, but before releasing these features we want to be 100% sure everything runs stable. While all the coding and testing needs to be done in our spare time it could take some time before we can release all new features.
Meanwhile we made some great improvements, which have been fully tested. Improvements of which we are proud of 🙂 We decided to add all the tested features to a interim release, which will be released as SFGuru Explorer version 1.2!
So lets’s start with the new features we added:
SFGuru Explorer stores its configuration in an encrypted .config file. While working on several ShareFile environments we had to constantly switch .config files, or change the login information to connect with the correct site. We added a multitenant option, which supports multiple .config files in the SFGuru Explorer folder. As Soon as the application detects multiple .config files on startup it will display a menu in which you can select the desired environment:
Citrix ShareFile Files can be hosted in the Citrix Managed cloud, or a Customer Managed Cloud. For a Customer Managed Cloud a StorageZone Controller needs to be placed within the boundaries of your own datacenter. Up to and including StorageZone Controller version 2.2, Citrix Sharefile stored all the files within one single folder. In very large environments this could lead to some challenges due to the large amount of files within one single folder. Some time ago I wrote a blog “Citrix ShareFile : Lessons learned in real life“, in which I discussed the maximum number of files supported by the storage array.
Up to and including StorageZone Controller 2.2 all zone files were stores in a single folder.
With this new release, according to the eDocs StorageZone Controller version 2.3 is able to handle more files per zone. Unfortunately the documentation about this new feature is limited. Let me start to explain how ShareFile accomplished this, how to enable and configure this new feature.
By default the feature to support more files per zone is switched off. To enable this new feature you need to update a registry key on all StorageZone Controllers in your zone.
To simplify paid content (Apps / Books) Apple introduced the Volume Purchase Program (VPP), which makes it very easy to centrally purchase and distribute content for employees. The Volume Purchase Program was available in America for some time now, but recently Apple added several additional countries, including the Netherlands. For a complete list of supported countries take a look at the VPP Site ! Once enrolled for the Apple Volume Purchase Program you need to configure the Citrix XenMobile Device Manager for VPP. In this article I’ll go into the Citrix XenMobile Device Manager configuration in combination with the Apple Volume Purchase Program (VPP).
VPP Company Token
Start to sign in to the Apple Purchase Program site and select “Account Summary”, to open the detailed account information and display the “Managed Distribution” section.
Within the account summary page scroll to the section “Managed Distribution” and select Download Token to retrieve your VPP token:
ShareFile consist out of two different storage location, the Citrix Managed and the Customer Managed. The first one, the Citrix Managed storage location is hosted by Citrix in their public cloud. The second one, the Customer Managed storage location is hosted by the customer in his own datacenter. In this article I’ll go into the backup and restore procedures for the Customer Managed StorageZone.
Recycle Bin / Retention
Before I’ll go into the backup and restore process, let me clarify how ShareFile processes deleted files and folder. Every file being uploaded to ShareFile is registered in the ShareFile Metadata. In case of a customer managed StorageZone, the ShareFile cloud only contains the metadata, but not the actual files. These files are stored within your datacenter. When a file or folder is deleted from ShareFile it will be kept in the recycle bin for 7 days, within these 7 days its very easy to recover files. After 7 days the deleted files and folder are purged from the recycle bin and permanently deleted from the persistent storage folder. Unfortunately the 7 days recycle bin retention time cannot be changed, it’s hard coded.
The 7 Days Recycle Bin retention time is hardcoded at this time