Recently we added the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector) to a customer environment, with the intention of giving only known smartphones access to ActiveSync. The definition of known in this case, is a smartphone enrolled within Citrix Endpoint Management (formerly XenMobile). After some testing, we switched on “Blocking Mode” on the Gateway connector for Exchange ActiveSync and indeed all the ActiveSync traffic was nicely regulated. Only connections from device which existed in the Endpoint Management database were allowed access to ActiveSync. The check if a email client is allowed access is done based on the ActiveSync ID, which should be unique for every device.
Just to clarify, a short explanation how the Gateway connector for Exchange ActiveSync works. The Citrix Gateway connector for Exchange ActiveSync is connected to the Endpoint Management server(s) and periodically graps all ActiveSync ID’s. All the grapped ActiveSync ID’s are stored locally on the Gateway connector for Exchange server, in a .xml file. Depending you installation folder and provider name it’s stored on the Gateway connector for Exchange Server in : “%InstallFolder%\XenMobile NetScaler Connector\config\%ProviderName%.xml”
Depending your Endpoint Management ActiveSync Gateway configuration devices can be allowed or denied access based on several rules.
Until recently I used to wrap all XenMobile applications using an Apple provisioning profile which used a wildcard App ID. This way only a single provisioning profile was required for all my XenMobile applications.
Last week at a new customer site I noticed something different with their new Apple iOS Developer Enterprise account, which was created somewhere last week. I started by creating a “In-House” Production iOS Certificate to sign the apps
During a recent implementation of XenMobile 10 Enterprise (build 10.0.0.62300) I created a ShareFile Administrator Account within the ShareFile control plane to be used for the XenMobile integration.While I was still doing some testing and configuring a simple, non complex password was used for the ShareFile Administrator account. Soon as everything was working correctly I logged in to the ShareFile Control Plane and updated the password used for the ShareFile Administrator account for a complex one. Well so far so good. Next step in the process would naturally be to update the ShareFile Administrator account within the XenMobile Server (XMS) settings.
I logged in to the XenMobile 10 console and went to Configure > Settings > More > ShareFile and finally clicked Sharefile. Almost immediately I was confronted with an Error message “Username or Password was incorrect”.
In order to integrate XenMobile with the Google Play Store, a Public App Store you will need to configure your Google Play Credentials. Beside the user name and password, you will also need to enter the Device ID (Configure > Settings > More > Server > Google Play Credentials)
I went ahead entering the account credentials and Device ID supplied by the customer. While trying to save the Google Play configuration an error message appears “The Google logon request used a user name or password that is not recognized”.
During the Citrix Summit 2015 in Las Vegas Citrix officially announced the next version of the XenMobile solution, called XenMobile 10. Monday 19 January finally came the long awaited Tech Preview XenMobile version available for Partners. This article will give you a clear view of all the steps required during Installing Xenmobile 10 which was released today!
Citrix XenMobile is delivered as a single appliance (combining MDM/MAM) which needs to be imported into your hypervisor. The appliance is available for XenServer, HyperV & VMware.
After the appliance is imported and powered on a first time wizard starts, guiding you through the setup. First you’ll need to configure an console Admin account, not to be confused with the web Administrator account. This account is only being used to access the appliance from the console:
To simplify paid content (Apps / Books) Apple introduced the Volume Purchase Program (VPP), which makes it very easy to centrally purchase and distribute content for employees. The Volume Purchase Program was available in America for some time now, but recently Apple added several additional countries, including the Netherlands. For a complete list of supported countries take a look at the VPP Site ! Once enrolled for the Apple Volume Purchase Program you need to configure the Citrix XenMobile Device Manager for VPP. In this article I’ll go into the Citrix XenMobile Device Manager configuration in combination with the Apple Volume Purchase Program (VPP).
VPP Company Token
Start to sign in to the Apple Purchase Program site and select “Account Summary”, to open the detailed account information and display the “Managed Distribution” section.
Within the account summary page scroll to the section “Managed Distribution” and select Download Token to retrieve your VPP token:
After being involved in several small an midsize Sharefile environments I recently migrated a Enterprise customer to ShareFile. They had a great vision in terms of flexible working, which was really nice, but very challenging from a technical perspective. Beside the number of users, this customer didn’t start with ShareFile as a greenfield environment, but decided to migrate all data into ShareFile. The customer didn’t want to use CIFS or ShareFile connectors, all data had to be placed into on premise Storage Zones.
Data would be accessible only through ShareFile, no other file services would be offered
Although Citrix ShareFile offers a client for almost every platform, the different clients don’t have the same functionality. For example the Windows and Mac OSX Client are not able to display the ShareFile CIFS connector. We were told Citrix has a different vision/idea about a classic Windows/Mac OSX client, on these clients users are supposed to use a classic drive mapping. From a user perspective I hope ShareFile will add this functionality in a upcoming release of the Windows and MAC OSx clients, one interface for all data across all clients is much simpler and transparent for end users!
The “Sync for Windows” & “Sync for Mac” client don’t support CIFS Share integration
For Mac OSX and mobile devices the client to choose is evident. There is only one choice. For Windows it is a different ball game. Windows has several options available:
In our case we have chosen to use the “Sync for Windows” client on all Windows devices in the environment. An environment which exists of desktops, laptops and a Citrix XenDesktop farm. For desktop and laptops the installation was pretty straight forward and we didn’t need to customize much. With the ShareFile preferences GUI, users are able to determine which folders need to be available for them, after which the selected files are cached offline. For a desktop or laptop I don’t mind the files being cached offline, for my Citrix XenDesktop server however I don’t want all users caching all files locally. Lucky the Sync for Windows client is RDS aware and behaves different, in this case on-demand sync is used! Because of the on-demand sync, we wanted to present all files and folder a user was authorized for. This could easily be achieved by using the ShareFileOn-demand.admx to configure the Sync for Windows client on an RDS server. We added all root RemoteFolderId’s to the On-demandFolderIds part of the policy. Users are presented a full list of files and folders to which they have access and are only synchronized when accessed.
ShareFile On-Demand Sync is designed for integration with hosted desktops and applications running in XenApp and XenDesktop environments. Unfortunately the on-demand sync options is not available on desktops or laptops, in my opinion this would be a nice addition
Citrix XenMobile Device Manager (MDM Edition) and the App Controller (App Edition) can be deployed separately or combined to form the Enterprise Edition. In the Enterprise Edition a connections needs to be configured between the Device Manager server and the App Controller so they can communicate with each other. Detailed information to Enabling Connections Between Device Manager and App Controller can be found through eDocs
A user who enrols a new mobile device is asked if Worx Homes needs to secure the device.
Enroll : Worx Home can secure your iPad in addition to your work apps. Do you want to enroll you device?
At first I thought pressing “Yes” would be the only correct choice, when enrolling a mobile device, but some time ago I noticed pressing “No” would also enroll the mobile device. The outcome would be quite different, but in both cases Worx Home worked. Pressing yes enrolled the mobile device within the Device Manager and App Controller, where pressing no only enrolled the mobile device without the App Controller.
During the implementation of various XenMobile sites I notice several customers run into the same problems. Problems and question which are being asked at the support forums as well. Sharing my “Lessons learned” hopefully helps others while doing deployments of Citrix XenMobile.
In many cases a pre-installation checklist is a nice to have, but not really necessary for installing a product. In case of Citrix XenMobile this is an absolute must have, before starting the project. There are many dependencies, without it you are not able to do a efficient installation.
Test Hardware Get hold of a test device, it’s not convenient to use your own production device during the test / installation fase. Several XDM deployments use different ROOT CA’s, which are not able to work next to each other. First you have to deleted your current profiles, before you can re-enroll the device to a different environment. Durings configuration and tests I would also like to test the geo-fencing options, including a full-wipe of the device. Not something you would want to test on your own production device.
Get a test device for every platform you need to support
Apple Mac OS X To manage iOS and Android applications from within the AppController, applications (.ipa/apk) need to be wrapped. For wrapping applications Citrix provides the MDX Toolkit, which unfortunately only runs on Mac OS X. The MDX Toolkit doesn’t work on a virtualized Mac OS X, you need real Apple hardware for this.
Last week I upgraded our production XenMobile environment to version 8.7, after which I wanted to enroll a Windows 8.1 RT. Unfortunately there is no Worx Home application in the Windows Store, nor does Citrix offer a WorxMail of WorxWeb client. The Windows 8.1 enroll process is slightly different than a iOS of Android device and can be found in the eDocs. Ok, let’s enroll a Windows 8.1 RT and let us see what we can do with it.