Recently I was asked to increase the security for a public reachable ActiveSync url. Although the customer was using Citrix Endpoint Management (XenMobile) and Citrix Secure Mail was available in their Enterprise AppStore, employees were also allowed to use their native “un-secure” mail client, which made use of a public reachable ActiveSync URL.
A big advantage they had, was that almost all mobile devices were already enrolled within Citrix Endpoint Management, so we knew which ActiveSync ID’s where legit and allowed to access ActiveSync.
Cause we were already making use of Citrix Endpoint Management, we decided to use the Citrix Gateway connector for Exchange ActiveSync (formerly XenMobile NetScaler Connector), to add an extra layer of security to the public reachable ActiveSync url.
Read More →
After being involved in several small an midsize Sharefile environments I recently migrated a Enterprise customer to ShareFile. They had a great vision in terms of flexible working, which was really nice, but very challenging from a technical perspective. Beside the number of users, this customer didn’t start with ShareFile as a greenfield environment, but decided to migrate all data into ShareFile. The customer didn’t want to use CIFS or ShareFile connectors, all data had to be placed into on premise Storage Zones.
Data would be accessible only through ShareFile, no other file services would be offered
Although Citrix ShareFile offers a client for almost every platform, the different clients don’t have the same functionality. For example the Windows and Mac OSX Client are not able to display the ShareFile CIFS connector. We were told Citrix has a different vision/idea about a classic Windows/Mac OSX client, on these clients users are supposed to use a classic drive mapping. From a user perspective I hope ShareFile will add this functionality in a upcoming release of the Windows and MAC OSx clients, one interface for all data across all clients is much simpler and transparent for end users!
The “Sync for Windows” & “Sync for Mac” client don’t support CIFS Share integration
For Mac OSX and mobile devices the client to choose is evident. There is only one choice. For Windows it is a different ball game. Windows has several options available:
In our case we have chosen to use the “Sync for Windows” client on all Windows devices in the environment. An environment which exists of desktops, laptops and a Citrix XenDesktop farm. For desktop and laptops the installation was pretty straight forward and we didn’t need to customize much. With the ShareFile preferences GUI, users are able to determine which folders need to be available for them, after which the selected files are cached offline. For a desktop or laptop I don’t mind the files being cached offline, for my Citrix XenDesktop server however I don’t want all users caching all files locally. Lucky the Sync for Windows client is RDS aware and behaves different, in this case on-demand sync is used! Because of the on-demand sync, we wanted to present all files and folder a user was authorized for. This could easily be achieved by using the ShareFileOn-demand.admx to configure the Sync for Windows client on an RDS server. We added all root RemoteFolderId’s to the On-demandFolderIds part of the policy. Users are presented a full list of files and folders to which they have access and are only synchronized when accessed.
ShareFile On-Demand Sync is designed for integration with hosted desktops and applications running in XenApp and XenDesktop environments. Unfortunately the on-demand sync options is not available on desktops or laptops, in my opinion this would be a nice addition
Read More →
During the implementation of various XenMobile sites I notice several customers run into the same problems. Problems and question which are being asked at the support forums as well. Sharing my “Lessons learned” hopefully helps others while doing deployments of Citrix XenMobile.
In many cases a pre-installation checklist is a nice to have, but not really necessary for installing a product. In case of Citrix XenMobile this is an absolute must have, before starting the project. There are many dependencies, without it you are not able to do a efficient installation.
Make use of the Pre-Installation Checklist Citrix offers !
Get hold of a test device, it’s not convenient to use your own production device during the test / installation fase. Several XDM deployments use different ROOT CA’s, which are not able to work next to each other. First you have to deleted your current profiles, before you can re-enroll the device to a different environment. Durings configuration and tests I would also like to test the geo-fencing options, including a full-wipe of the device. Not something you would want to test on your own production device.
Get a test device for every platform you need to support
Apple Mac OS X
To manage iOS and Android applications from within the AppController, applications (.ipa/apk) need to be wrapped. For wrapping applications Citrix provides the MDX Toolkit, which unfortunately only runs on Mac OS X. The MDX Toolkit doesn’t work on a virtualized Mac OS X, you need real Apple hardware for this.
The MDX Toolkit requires a Mac Mini, MacBook Air, or other Mac Device
Read More →
Lately, more and more customers are asking for a solution to manage their mobile devices. While discussing the Citrix XenMobile architecture question regarding High Availability (HA) and Load balancing (LB) are crucial for a solid design. How to configure the Citrix AppController for HA & LB is pretty straightforward and well documented. The Citrix Device Manager however is a different ball game and the documentation isn’t very clear. A full architecture with High Availability should look something like this:
The eDocs states:
Configure the Windows servers as a cluster, while the installation instructions tell you to configure a Tomcat cluster
The Citrix Reference Architecture for XenMobile 8.7 doesn’t mentions a Windows Cluster.
can be configured with multiple servers load-balanced behind a NetScaler appliance or another hardware load-balancing solution. The Device Managers work in an active-active configuration. In this environment, ports 80, 443, and 8443 are load-balanced. For SSL connections (ports 443 and 8443), make sure to turn on SSL session persistence in the load balancing rules. XDM requires a shared SQL server and NTP configured on each server.
At first I was a bit confused about all the different parts of information, what information is correct and what information is not? I contacted Citrix hoping to get a straightforward answer. Citrix came up with the following high level guidelines:
- Install for example two standalone XDM server (No MS Clustering)
- Place a network load balancer in front of the XDM server. In my case this will be a Netscaler (NS).
- Install/Configure the first XDM server and LB on the NS with only one XDM server active
- Test if the setup works as a expected
- Install/Configure the second XDM server and cluster (Yes, a Tomcat cluster) the two XDM servers as described in the installation guide (forget the part about the MS clustering).
- Configure the NS LB to support both XDM servers (Don’t forget session persistence)
- Retest if the setup still works as expected
Following this guidelines I was able create a fully working load balanced configuration for the XDM servers. For information about scaling a XenMobile environment take a look at this Citrix Blog!
During a XenMobile training last month I got a error message while logging on to the XenMobile 8.6 Device Manager Console. Didn’t pay much attention to it then, because i assumed something went wrong during the install of Citrix XenMobile Device Manager, a simple reinstall of XDM resolved the error message. Prior to upgrading an existing XenMobile 8.6 production environment to 8.7 I got the same error message again “Cannot load labels files”
Read More →
Recently Citrix released XenMobile 8.7 which includes updates and enhancements to the following components: App Controller, Device Manager, WorxHome, and WorxMail. The complete overview can be found in Citrix eDocs. In addition to the support of the Dutch language in WorxHome & WorxMail we have several users equipped with a Windows 8.1 RT tab, which couldn’t be managed by the previous version 8.6. We decided to be a early adaptor and upgrade our existing environment! The recommended upgrade order for the several components is:
- Netscaler (NS)
- XenMobile Device Manager (XDM)
- XenMobile Netscaler Connector (XNC)
- XenMobile AppController (XAC)
- MDX Toolkit to wrap .ipa & .apk files (WorxMail/WorxWeb)
This article will only cover upgrading XenMobile Device Manager 8.7 & XenMobile AppController 2.10.
Read More →