Professional Documents
Culture Documents
XenMobile Architecture
Components
MDM Edition
Use case
Jailbreak detection
Passcode enforcement
Pushing applications
Client Side
Server Side
Worx
Enroll
XenMobile
Device
Manager
Worx
Home
MDM Only
ShareFile
XDM
Worx Enroll
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
XNC
XDM
email
Worx Enroll
NetScaler
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
Active-Passive
XDM
Worx Enroll
XDM
NetScaler
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
SQL
Server
Device Manager
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
XenMobile MDM
Worx Enroll
Worx Enroll
iOS
Android
Windows 8 Phone
Windows 8 Tablet
Windows Mobile
Symbian
XenMobile MDM
Server Requirements
Device Manager
Physical or Virtual
Quad Core Processor
6 GB Memory
20 GB disk space
XenMobile MDM
Software Requirements
Device Manager
Windows Server
2012
2008 R2 SP1
Database
MS SQL 2008 R2 and 2012
PostgreSQL 8.3
DNS Record
Public DNS
APNS Certificate
2013 Citrix | Confidential Do Not Distribute
XenMobile MDM
Software Requirements
Device Manager
Apache Tomcat
Java Development Kit (JDK)
Version 7
APN
S
APN
S
XDM
XDM
APN
S
Enrollment
8443 iOS
80 / 443
XDM
Device Traffic
443
XDM
Support
8081
XDM
Management
80 / 443
XDM
5223
2195
APN
S
feedback.push.apple.com
2196
XDM
XenMobile MDM
Ports
Complete list of ports used by
XenMobile MDM
DMZ Zone
FIREWALL
FIREWALL
Internet Zone
80/443
(App Specific)
NetScaler
80/443
(App Specific)
443
443
NSIP
80 /443
8443
SNIP
443
2195 &2196
1494 / 2598
443
80/443
AG
VIP
AppContr
oller
XNC
389/636
LB
VIP
443
9080
80 /443 /
8443
80
Goole
Apple
Play StoreApp Store
443
443
443
443 for Form-Fill auth
XDM
1433
80/443
StoreFron
t
XA/XD
Active
Directory
Exchange
StorageZo
ne
Controller
MS CS
SQL
445
CIFS
443
SharePoint
XenMobile overview
XenMobile edition comparison
Best practices on deployment
Scalability
Communication ports
ActiveSync Security
XenMobile NetScaler Connector and
Secure Mobile Gateway
Device UUID
Username
Mobile OS version
GPS location
Mail client type
Many others!!
Use cases:
If user installs malware, block mail
If user leaves allowed zone based on GPS location, block mail
Challenges
ActiveSync components might have a
single point of failure
NetScaler value-add!
ActiveSync Security
XNC
Worx Enroll
NetScaler
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
XDM
ActiveSync Security
XNC
Worx Enroll
3G / 4G
LTE
NetScaler
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
XDM
ActiveSync Security
Active Sync
Filter
Worx Enroll
3G / 4G
LTE
NetScaler
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
XNC
XDM
ActiveSync Security
1
Active Sync
Filter
XNC
2
Worx Enroll
3G / 4G
LTE
NetScaler
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
XDM
ActiveSync Security
1
Active Sync
Filter
rooted
XNC
2
Worx Enroll
3G / 4G
LTE
NetScaler
Bad
App
DMZ
2013 Citrix | Confidential Do Not Distribute
XDM
User
Agent
IP
URL
Result-type
HTTP.REQ.URL.STARTSWITH("/Microsoft-Server-ActiveSync") &&
HTTP.REQ.HOSTNAME.EQ("callout.asfilter.internal").NOT &&
SYS.HTTP_CALLOUT(active_sync_filter).CONTAINS("deny")
2013 Citrix | Confidential Do Not Distribute
Cache_req_without_DeviceId
This uses a URL_match selector only
Stores objects in separate content group: Req_without_DeviceId
SMG
CAS
Worx Enroll
3G / 4G
LTE
Worx Home
DMZ
2013 Citrix | Confidential Do Not Distribute
Restrictive
Allows no devices
unless they meet all
policy rules.
Apache Tomcat
Database
XenMobile Web Console
Database
License
Server Connectors
iOS usage
http / https
XenMobile MDM
Device Manager 8.5
Getting Started wizard
3 easy steps to configure XenMobile
DM!
Build a package for mobile devices
iOS
Android
Test enrollment
Download Enroll client
Manage devices
Ready to set new policies!
XenMobile MDM
Device Manager 8.5
Is XenMobile App Controller
deployed?
MDX or native apps can be deployed
by XM App Controller
Support only with XM App Controller 2.8
XenMobile MDM
Device Manager 8.5
Build a mobile device package
Supported only for iOS/Android mobile
devices
XenMobile MDM
Device Manager 8.5
Build a mobile device package
Supported only for iOS/Android mobile
devices
What would you like to include in the
Base Package?
WiFi
Passcode
Jailbroken Detection
Example
- Set device as out of compliance
- Notify users
XenMobile MDM
Device Manager 8.5
Configure Active Directory or local
users
For Active Directory, select LDAP or
LDAPS
Enter your Active Directory information
Define groups that will have
XenMobile roles
Done!
XenMobile MDM
Device Manager 8.5
Test enrollment for iOS or Android
mobile devices
Download Citrix Mobile Enroll (iOS) or
Citrix Mobile Connect (Android)
Support for QR Barcode
Download app directly from App Store or
Google Play
XenMobile MDM
Device Manager 8.5
Discovering mobile devices
Once devices get Citrix Mobile
Connect or Enroll installed, XenMobile
DM will discover them
XenMobile MDM
Device Manager 8.5
You are done!
Go to Device Manager to customize
your deployment and policies
Name
Groups / Users
Resources
Schedule
Rules
MDM Policies
Device Specific
Automated Actions
App Access
SharePoint
Device Specific
Automated Actions
App Access
SharePoint
Device Specific
Automated Actions
App Access
SharePoint
Device Specific
Automated Actions
App Access
SharePoint
Device Specific
Automated Actions
App Access
SharePoint
Popular policies
Installation
Link
High Security
URL
URL + Password
URL + Pin
Two Factor
Username +
Password
Username + PIN
Full Wipe
Locate
Unlock
Selective Wipe
Enable Tracking
Revoke Access
2013 Citrix | Confidential Do Not Distribute
Location Services
Locate / Enable
Tracking
2013 Citrix | Confidential Do Not Distribute