xenmobile: enterprise mobility management solution

of 27/27
29.09.2016. Zagreb Hotel Antunović

Post on 15-Jan-2017




0 download

Embed Size (px)


PowerPoint Presentation

29.09.2016.ZagrebHotel Antunovi

This session will be a kind of introduction to Citrix XenMobile solution for IT Pros. We will talk about what is Citrix XenMobile solution, its prerequisites and components, and how to set it all up. As NetScaler ADC is an important part of the complete solution, we will introduce it as well and show you how it fits into the Citrix mobile management story. Last, but not least, we will show you how to manage different mobile devices using XenMobile.1

XenMobile: Enterprise mobile management solutionTomica [email protected] | http://blog.kaniski.eu/

Zagreb, 29.09.2016.



XenMobile provides...unified management of devices & applicationscorporate app storemobile device and app managementunified access getaway & SSOworkflow-driven productivity appsmilitary-grade (FIPS) securitymobile content managementbroad platform support

Editions...XenMobile MDMmobile device management (MDM)allow IT Administrators to enroll and enforce restriction policies to corporate-owned or BYO devicesXenMobile Advancedmobile device and application management (MDM + MAM)adds support for IT Admins to create enterprise app store for mobile, web/SaaS and Windows apps with MDX capabilities (securing data and network resources)XenMobile Enterpriseenterprise mobile management (EMM) solutionadds ShareFile capability for data mobility management

Scenarios: XenMobile MDMmobile device managementjailbreak detectionselective or full wipegeolocation trackingpasscode enforcementpushing applicationsnative mail client access controlWi-Fi & VPN access controlaccess to local documents/files for editing

Scenarios: XenMobile Advancedall MDM edition use scenariosfederated single sign-on (SSO)secure emailsecure browsingautomated account provisioningworkflowspolicy-based interapp securityapp specific microVPN tunnelsunified corporate app storeaccess to local documents/files for editing

Scenarios: XenMobile Enterpriseall XenMobile Advanced edition use scenariossecure document sharing,syncing & editing (ShareFileEnterprise)

Featuressingle administrative experience with RBACunified XenMobile server (Linux appliance)simplified deployment and configurationdesigned for 100,000 user environments (with 150,000+ devices)integrated enterprise store with ratings, screenshots and app reviewscross-platform app & policy definitionssingle sign-on for MDX appsFIPS 140-2 supportconnectivity checks & support bundleintegrated Worx productivity apps

The big picture

Worx apps (1)WorxHomeauthenticates users (AD with certificates, tokens and other second factors)permits lock/wipe of corporate data/apps on selected devicesSSO for all managed apps (hosted (HDX) apps and desktops, web/SaaS apps, MDX managed mobile apps)access to the MDX apps (determines policies and app entitlements and controls data exchange)provides gateway tickets for microVPN access, certificates for protected websites, SAML tokens for ShareFile access, ...

Worx apps (2)WorxWebHTML5-compatible browserwhitelist/blacklist URLs, set bookmarks and home pageleverages microVPN (full tunnel) or SecureBrowse (client-side rewrite)https://bramwolfs.com/2012/08/24/cloud-gateway-a-wrap-up-so-far-part-2/

WorxMailActiveSync mail/calendar/contacts clientmicroVPN or STA to sync email from Exchange or Office 365

Worx apps (3)WorxEditopen, view, create or edit Microsoft Office documentsview PDF filestrack changes from multiple reviewerslocal storage for offline copy editing

WorxNotescreate, sync and share notescreate notes from WorxMail messagesShareFile integration for storage and syncintegrated with Exchange server (email and calendar)

Worx apps (4)WorxTaskssecurely manage tasksintegration with Outlook tasks and WorxMail

WorxDesktopsecure VDI like access to physical desktopaccess work files and apps

ShareFilesecure enterprise file share and syncmobile content editingSharePoint & network files integration

DEMOWorx apps

Zagreb, 29.09.2016.

NetScalerhardware (MPX, SDX) or software appliance (VPX)provides content switching and load balancing for MDM, MAM or EMMmanages the complete lifecycle of the request/response transactionsupports connection reuse (reduces TCP overhead on web servers)communicates with XenMobile (better together)built-in monitor for XenMobilebuilt-in diagnostic tools for XenMobilesupports microVPN (MDX) technology in XenMobile

NetScaler addressesNSIPNetScaler IP (IP of the appliance)management IP

SNIPsubnet IPcommunication to backend services like XenMobile, AD, database, ... (points of presence in different subnets)

VIPvirtual IPIP address of a virtual server (client-side access)

The big picture

Deployment of EMM (1)prerequisites:firewall portshttp://docs.citrix.com/en-us/xenmobile/10-3/xmob-system-requirements/xmob-deploy-component-port-reqs-con.htmlhypervisor of choiceSQL Server 2012+XenMobile licenseservice accounts (DB creator, AD reader)4 free IP Addresses in the DMZ2 free public IP addresses2 SSL certificates (or a wildcard certificate)Apple Push Notification Services certificate (APNS)for managing Apple devicesNetScaler GatewayNetScaler Standard or higher supports Load BalancingSMTP server (optional)

Deployment of EMM (2)steps:XenMobileimport the XenMobile appliance(s)initial configuration from CLI (IP, database, NTP, ...)additional configuration from console (SSL, NSGW, LDAP, ...)create additional appliance(s)/enable clusteringupdate the environment (for WM10)integration with NetScalerimport the NetScaler appliance(s)initial configuration from CLI (NSIP)additional configuration from console (license, SSL, ...)XenMobile integration wizardcreate additional appliance(s)/enable HA mode

DEMOXenMobile Enterprise deployment and NetScaler integration

Zagreb, 29.09.2016.

Tips...XenMobiledont install and upgrade the first node and later try to add another one (hint: database schema upgrades... sometimes )use VM cloning for multiplication of nodesRBAC cant add a group to Support rolecreate another role, tailored to your wishesrestart appliances to pick up certificates & updates

NetScaler4K certificates limitation on VPXonly hardware appliances support 4K certificatesvCPU limitation on Hyper-V (intentional!)limited to two vCPUs (use VMware instead )bug with AD authentication in GUIif you password contains special characters, beware...


Conclusioncomplete enterprise mobility management solutionthree flavours MDM, MDM+MAM, EMMend-to-end security, easy deployment and great user experienceintegration with NetScaler appliance is easy and preferrednice built-in productivity appsfast deployment


Popunite ankete i osvojite vrijedne nagrade!Ankete su dostupne na:Mobilnim ureajima (Android, Apple, Windows)Web-u http://www.mobilityday.comPIN za pristup se nalazi na poleini akreditacije i u vaem on-line profilu.



Zagreb, 29.09.2016.