November, 2013 XenMobile 8.6 App Edition Mobile Application Management Adolfo Montoya, Karen Sciberras, George Ang and Andrew Sandford Lead Support Readiness.

Slides:



Advertisements
Similar presentations
Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.
Advertisements

Enabling Secure Internet Access with ISA Server
Paul Roberts – Enterprise Mobility Specialist
 This session details common scenarios for deploying Office 365 services. Office 365 provides a breadth of capability, but often there is a key scenario.
UAG Authentication and Authorization- part1
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
The Natural way for Secure Mobile v.1.4
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
Communication Technology Peer Group BLACKBERRY 10: ASKED AND ANSWERED.
XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
IOS 8 for MDM/EMM Greg Elliott Shiv Chandra Kumar.
Understanding Active Directory
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Course 201 – Administration, Content Inspection and SSL VPN
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Access Gateway Operation
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:2/20/2012.
Deploying Chromebooks RICK NICHOLAS A.
Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Zscaler New Interface and Reporting From Saturday 8 th June 2013.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Deploy Windows Mobile 5 On Exchange 2003 SP2 Mark Mulvany MCT,MCSE,MCSE+I,CNA Microsoft Small Business Specialist SMS&P Breadth Partner Training Specialist.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Appendix A UM in Microsoft® Exchange Server 2010.
Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Module 7 Planning and Deploying Messaging Compliance.
Integrating and Troubleshooting Citrix Access Gateway.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
SYN107 – Is XenMobile just like any other MDM solution? Brian Robison – Principal Technology Evangelist, XenMobile May 6, 2014.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Implementing Microsoft Exchange Online with Microsoft Office 365
Microsoft Virtual Academy Preparing for the Windows 8.1 MCSA Module 5: Managing Devices & Resource Access.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Patricia App How to Get Started
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Module 3: Enabling Access to Internet Resources
Product Specialist Enterprise Mobility Technical Readiness EMEA
Module Overview Installing and Configuring a Network Policy Server
Securing the Network Perimeter with ISA 2004
To Join the Teleconference
Utilize Group Policy Terminal Server Settings
SharePoint Online Hybrid – Configure Outbound Search
Chapter 10: Advanced Cisco Adaptive Security Appliance
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Presentation transcript:

November, 2013 XenMobile 8.6 App Edition Mobile Application Management Adolfo Montoya, Karen Sciberras, George Ang and Andrew Sandford Lead Support Readiness Specialist

© 2013 Citrix | Confidential – Do Not Distribute Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:11/22/2013 Version:1.0 Length:4 hours

© 2013 Citrix | Confidential – Do Not Distribute Objectives 3 At the end of this course, you will be able to : Module 1: Deploy WorxMail 1.3  Configure and test some of the new WorxMail 1.3 features on iOS or Android devices Module 2: Deploy WorxWeb 1.3  Configure and verify ability to create blacklist/whitelist of URLs  Configure and verify ability to set a Homepage for WorxWeb Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps  Configure and verify ability to upload.IPA or.APK files to XenMobile App Controller  Verify mobile users can access and download native apps from XenMobile App Controller

© 2013 Citrix | Confidential – Do Not Distribute Objectives 4 Module 4: Deploy Public Stores apps to iOS and Android devices  Configure and verify ability to publish iOS free and paid apps available from the App Store  Configure and verify ability to publish Android free and paid apps available from the Google Play Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment  Configure XenMobile App Controller to authenticate users from two independent Windows domains  Configure and test NetScaler Gateway 10.1.e to allow remote users access resources from either domain

© 2013 Citrix | Confidential – Do Not Distribute Objectives 5 Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways  Configure and test XenMobile App Controller with multiple NetScaler Gateways (2) to allow remote users access resources from either Gateway

© 2013 Citrix | Confidential – Do Not Distribute Assessment 6 There would be an assessment at the end of the course, covering the following modules: Module 1: Deploy WorxMail 1.3 Module 2: Deploy WorxWeb 1.3 Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps Module 4: Deploy Public Stores apps to iOS and Android devices Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways

Module 1: Deploy WorxMail 1.3

© 2013 Citrix | Confidential – Do Not Distribute What is WorxMail? Mail, calendar, contacts Enterprise class security Beautiful native experience Full inter-app integration MDX-secured ActiveSync client for iOS/Android Secure body and attachment “Open in” control to provide data leak protection No Exchange server exposure to internet Send with ShareFile attachments Integrated calendars and Exchange GAL

© 2013 Citrix | Confidential – Do Not Distribute ActiveSync Policy Support Control Sync settings for WorxMail  Limit size  Allow Direct Push when roaming  Allow attachments to be downloaded  Allow HTML-formatted s  Define maximum attachment size

© 2013 Citrix | Confidential – Do Not Distribute Fast Join and Fast Dial Join GoToMeeting sessions right from WorxMail Dial-in right from the event details Running late option to quickly notify attendees via

© 2013 Citrix | Confidential – Do Not Distribute Fast Join and Fast Dial

© 2013 Citrix | Confidential – Do Not Distribute Out of Office Out of Office option Configure time period Configure inside/outside my organization

© 2013 Citrix | Confidential – Do Not Distribute Secure Photo Sharing From WorxMail

© 2013 Citrix | Confidential – Do Not Distribute Info Rights Management – Android WorxMail

Module 2: Deploy WorxWeb 1.3

© 2013 Citrix | Confidential – Do Not Distribute WorxWeb Secure browser Internal web app access Full inter-app integration Consumer experience MDX-secured iOS and Android device intranet web browsing o Easy access to SharePoint, Intranet Portal etc Similar look/ feel as native browser o Safari on iOS; Chrome on Android Single sign-on via NetScaler o Respond to HTTP 401

© 2013 Citrix | Confidential – Do Not Distribute Secure Mobile Web Browser Full-featured consumer-like browser Secure access to internal, external and HTML5 web apps URL whitelisting and blacklisting Access to enterprise resources with a Micro VPN

© 2013 Citrix | Confidential – Do Not Distribute Internet WorxWeb - Topology NetScaler Gateway 1.WorxWeb does HTTP GET/Post to internal-FQDN 2.Traffic is tunneled inside micro VPN (SSL session) 3.NetScaler upwraps Worx Web traffic, communicates with internal web server 4.Enterprise web proxy could be NetScaler’s next-hop, for internet bound traffic (Split-tunnel is OFF) 5.Split-tunnel ‘ON’ sends internet traffic bypassing the enterprise

© 2013 Citrix | Confidential – Do Not Distribute Recap… Citrix WorxWeb for Secure Browser Management enables policy control over native browser for secure web access, such as: Block unapproved web sites in the browser Provide customs bookmarks Block users who have rooted or jail-broken devices Require log in using PIN or password, or pattern screen lock Require Wi-Fi or internal network controls Block screen capture, camera, and location services

© 2013 Citrix | Confidential – Do Not Distribute What’s New in 1.3 ? iOS 7 Support New policies support  Homepage  Hide function (URL, Toolbar, etc)  Web links filtering

© 2013 Citrix | Confidential – Do Not Distribute

Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps

© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications

© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications Applications are not in.mdx format, no policies are applied Only details tab available in “edit” properties of application  Cannot be included as part of a workflow

© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications Applications are not in.mdx format, no policies are applied Only details tab available in “edit” properties of application  Cannot be included as part of a workflow No distinction between.ipa/.apk files and.mdx files in Apps/Docs view

© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications Applications are not in.mdx format, no policies are applied Only details tab available in “edit” properties of application  Cannot be included as part of a workflow No distinction between.ipa/.apk files and.mdx files in Apps/Docs view Available as part of Worx store

Module 4: Deploy Public Stores apps to iOS and Android devices

© 2013 Citrix | Confidential – Do Not Distribute Features 28 Publish iOS apps from App Store  FREE apps  Paid apps Publish Android apps from Google Play store  FREE apps  Paid apps

© 2013 Citrix | Confidential – Do Not Distribute Public Store – iOS and Android apps 29

© 2013 Citrix | Confidential – Do Not Distribute Public Store – iOS apps 30 Publish iOS App Store links on XM App Controller XM App Controller will automatically determine if app is free or paid XM App Controller downloads  App name  Description  Icon

© 2013 Citrix | Confidential – Do Not Distribute Public Store – iOS apps 31 Publish iOS App Store links on XM App Controller XM App Controller will automatically determine if app is free or paid XM App Controller downloads  App name  Description  Icon

© 2013 Citrix | Confidential – Do Not Distribute Public Store – Android apps 32 Publish Android apps links from Google Play store on XM App Controller XM App Controller will not automatically determine if app is free or paid IT Admin needs to enter app info  App name  Description  Paid or free  Image (icon)

Module 5: Deploy XenMobile App Controller in a Multi- Windows Domain Environment

© 2013 Citrix | Confidential – Do Not Distribute Multiple Domain Support First domain specified in initial configuration is default domain  Default domain cannot be deleted The domains may belong to different forests  As long as service account can access base DN In forest deployment each domain will need to specified as separate instance  Internal relationship between domains will not be considered  Trusts between domains will not be considered Nested groups will not be supported  Only users in specified group will be included in role  Users in a group within a specified group will not be included in role

© 2013 Citrix | Confidential – Do Not Distribute App Controller Configuration Modify Domain setting  Configuration data can be edited by Administrator  Changes to user/group DN will require AppC to re-sync  No further configuration changes can be completed during a re-sync

© 2013 Citrix | Confidential – Do Not Distribute App Controller Configuration Modify Domain setting  Configuration data can be edited by Administrator  Changes to user/group DN will require AppC to re-sync  No further configuration changes can be completed during a re-sync When multiple domains are configured on AppC  Direct login only allowed for default domain users  All other domain authentication only supported through NetScaler Gateway Group membership across domains  Global or Universal groups are not supported

© 2013 Citrix | Confidential – Do Not Distribute Master User List Master user list may be used to confirm that the additional domains synchronized correctly

© 2013 Citrix | Confidential – Do Not Distribute NetScaler Gateway Configuration To support authentication from multiple domains, users need to gain access through NetScaler Gateway Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration

© 2013 Citrix | Confidential – Do Not Distribute NetScaler Gateway Configuration To support authentication from multiple domains, users need to gain access through NetScaler Gateway Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration Same priority can be given to all the LDAP policies configured Within each LDAP policy, Server Logon Name is configured to UserPrincipalName

© 2013 Citrix | Confidential – Do Not Distribute NetScaler Gateway Configuration To support authentication from multiple domains, users need to gain access through NetScaler Gateway Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration Same priority can be given to all the LDAP policies configured Within each LDAP policy, Server Logon Name is configured to UserPrincipalName Within Published Application settings, ensure Single Sign-on domain is blank

Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways

© 2013 Citrix | Confidential – Do Not Distribute Problem with XenMobile 8.5 For XenDesktop deployment in multiple sites, one NSG is involved in each site App Controller supported only a single NSG to be configured App Controller needs to handle when all the NSGs use the same FQDN in GSLB case

© 2013 Citrix | Confidential – Do Not Distribute Deployment Options Windows StoreFront consolidates Apps AppController consolidates Apps

© 2013 Citrix | Confidential – Do Not Distribute How it worked previously AppController 2.8 and lower Enable Gateway in front of AppC Callback URL External URL VIP on the NetScaler Logon type Domain only Security token only Domain & Security token

© 2013 Citrix | Confidential – Do Not Distribute Password not required This is actually not the user’s password It is a token which the NetScaler Gateway provides to App Controller for later use The App Controller can specify that it does not need this token from NetScaler Gateway

© 2013 Citrix | Confidential – Do Not Distribute Approach ControlPoint allows multiple NSGs to be configured Each NSG has its own configurations  FQDN (for Account Service Record)  Callback URL (for AGESSO) App Controller AuthService uses two headers to reach back to the right NSG  X-Citrix-Via (indicating NSG FQDN)  X-Citrix-Via-VIP (indicating NSG VIP)

© 2013 Citrix | Confidential – Do Not Distribute Diagram

© 2013 Citrix | Confidential – Do Not Distribute Multi-NSG

© 2013 Citrix | Confidential – Do Not Distribute Detail ControlPoint  NSG configuration table where each row represents one NSG For GSLB NSGs, only a single row is configured Otherwise there could be multiple rows AuthService  If X-Citrix-Via-VIP header is present in the request Use X-Citrix-Via value as the SSL endpoint (for certificate validation against FQDN) Use X-Citrix-Via-VIP as TCP endpoint  If X-Citrix-Via-VIP header is not present Use current behaviour by doing callback to X-Citrix-Via value If there is a static host entry for that NSG FQDN, use it instead of doing DNS lookup (OPTIONAL but requested by customers)

© 2013 Citrix | Confidential – Do Not Distribute

Multiple Callback URLs Each NetScaler Gateway will support multiple callback URLs (compared to before, it supported only one) Can have zero, one, or many callback URLs for each NetScaler Gateway When there are one or more callback URLs defined, AppController will choose the first URL on the list and failover to the next only if the first try times out and so on

© 2013 Citrix | Confidential – Do Not Distribute Certificates Increased Trust between App Controller and NetScaler Gateway  Install server certificates (App Controller server certificate on The root trusted certificate needs to be installed on both to verify the server certificate

© 2013 Citrix | Confidential – Do Not Distribute Client Certificate based Authentication At the time of enrollment, a client certificate is obtained and provisioned on the user’s device User is able to authenticate himself/herself using their AD credentials Client certificate can be used in the following scenarios:  For the User to prove his identity to WorxHome  For WorxHome (on the user’s behalf) to prove the user’s identity to MDX Apps  For MDX App (on the user’s behalf) to prove the user’s identity to backend resources (like Exchange)

© 2013 Citrix | Confidential – Do Not Distribute Piggy Back Features Internal Beacon configuration  Currently App Controller uses its own FQDN as the internal beacon and it is not modifiable  Making this field modifiable makes it easier to enforce clients to always go through NSG (Optional) External Beacon configuration  Currently App Controller uses the NSG it is configured with for external beacon  If possible, we should also make these modifiable

© 2013 Citrix | Confidential – Do Not Distribute Review 55 Module 1: Deploy WorxMail 1.3  Configure and test some of the new WorxMail 1.3 features on iOS or Android devices Module 2: Deploy WorxWeb 1.3  Configure and verify ability to create blacklist/whitelist of URLs  Configure and verify ability to set a Homepage for WorxWeb Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps  Configure and verify ability to upload.IPA or.APK files to XenMobile App Controller  Verify mobile users can access and download native apps from XenMobile App Controller

© 2013 Citrix | Confidential – Do Not Distribute Review 56 Module 4: Deploy Public Stores apps to iOS and Android devices  Configure and verify ability to publish iOS free and paid apps available from the App Store  Configure and verify ability to publish Android free and paid apps available from the Google Play Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment  Configure XenMobile App Controller to authenticate users from two independent Windows domains  Configure and test NetScaler Gateway 10.1.e to allow remote users access resources from either domain

© 2013 Citrix | Confidential – Do Not Distribute Review 57 Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways  Configure and test XenMobile App Controller with multiple NetScaler Gateways (2) to allow remote users access resources from either Gateway

Work better. Live better.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.