Presentation is loading. Please wait.

Presentation is loading. Please wait.

XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya

Published byEvelyn Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya"— Presentation transcript:

1 XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya
Good morning everyone and welcome to TechEdge! Very excited to be here and be able to share some of the insights about our recent release of XenMobile version 10. My name is Adolfo Montoya proud member of the Worldwide Support Readiness team in charge of training the Technical Support folks in the area of mobility. Let’s get started! Principal Readiness Specialist May 2015

2 Agenda What is new on XenMobile 10? XenMobile 10 vs. XenMobile 9
XenMobile Security Deployment best practices & communication flow Demo – Install XenMobile 10 in 15 minutes! Agenda This is what I have planned for our agenda today. We will go over the key highlights of XenMobile 10 Next, we will go over the architectural differences between XenMobile 9 and 10. Following that, we will cover the XenMobile security key features that we provide to customers. Next, we will talk about the best practices and communication flows of XenMobile on an enterprise solution. Finally, I will show you how easy is to deploy XenMobile 10 in less than 15 mins.

3 With mobility, experience matters.
User experience matters. It matters in our personal lives and our professional lives and often times dictates what technology we decide to use. Just because IT makes technology available to a mobile workforce doesn’t mean people are going to use it. While security is a primary driver for enterprise mobility initiatives, user experience is equally important. How we interact with our mobile devices is critical for mobile workforce efficiency. We don’t want mobile to actually slow us down. Nirvana is being able to do everything from your mobile device that you can do from your desktop in about the same amount of time. That’s where Citrix and XenMobile plan to go.

4 What is new on XenMobile 10?
So, what’s new on XenMobile 10?

5 Manage apps and devices in half the time – simplified administration
Easily scale to 100,000 concurrent users – new architecture Successful compliance and security audits – new security enhancements (FIPS 140-2) Complete mobile workflows twice as fast – Integrated Worx productivity apps XenMobile 10 Key Messaging These are the four key messaging areas that XenMobile 10 targets to our enterprise mobility users. First, the simplified administration. XenMobile 10 has unified the management settings and features from MAM (or App Controller) and MDM (or Device Manager) into a single Web management console. You are no longer required to log on to two different consoles and maintain two independent systems. Second. Thanks to the new architecture of XenMobile 10, you are now able to scale up to 100k concurrent users. Thanks to the new 64-bit architecture, Administrators can easily adjust the system resources to accommodate the load. Third. For anyone concern about security, XenMobile 10 is now FIPS compliant to secure the data that is in motion or at rest on the mobile device. Fourth. More integration within our Worx productivity apps to ensure better workflow between tasks and actions to be perform like attending a GoToMeeting within WorxMail, accessing your ShareFile profile within WorxEdit and more.

6 Productivity and Collaboration
10.0 Productivity and Collaboration Unified management of devices & apps Corporate app store Mobile app management Unified access gateway & SSO Workflow driven productivity apps Military-grade security Mobile Content Management Broad platform support Data Management App Management As a starting point I want to put this in the context of the stack. It’s complete and it doesn’t come at the problem from a single point of view. Rather, we think that mobility requires a holistic approach that includes app, data and device management. It’s worth noting that there’s no other vendor in industry that can deliver on this promise. Device Management

7 XenMobile Matrix Offerings XenMobile MDM MDM only features
Citrix V6 Licensing Worx apps: Worx Home WorxEdit XenMobile Advanced MDM and MAM features Citrix V6 Licensing Worx apps: Worx Home WorxMail WorxWeb WorxEdit XenMobile Enterprise MDM and MAM features Citrix V6 Licensing Worx apps: Worx Home WorxMail WorxWeb WorxEdit WorxDesktop WorxTasks WorxNotes ShareFile ShareFile Enterprise edition From the offerings point of view, there are three options available: XenMobile MDM edition that focuses on the Mobile Device Management aspect of the mobility arena. The idea behind it is to secure mobile devices at the physical level how they behave in the corporate network. For example, if my employee loses his/her device, should I wipe the corporate apps? Can I locate the mobile device? And more. XenMobile Advanced edition is our re-branded edition from XenMobile App Edition. In the past, XenMobile App edition was restricted to only provide Mobile Application Management (MAM). Now, XenMobile Advanced Edition offers both MDM and MAM core functionalities, plus the advantage of be able to control how the data is managed at the mobile device. XenMobile provides granular app-level policies to enable / disable specific features on mobile device operating systems; for example, disable iPrint, disable the camera, disable Bluetooth, and more. XenMobile Enterprise edition is our complete Enterprise Mobility Management (EMM) solution that provides MDM and MAM core features, the full suite of business apps, plus data/document management thanks to ShareFile Enterprise.

8 Complete EMM suite of productivity apps
XenMobile provides the most productivity apps with business optimized features and integrated workflows Mail, calendar, contacts Enterprise class Better than native Secure browser Internal web access URL BL/WL Secure EFSS Mobile content editing SharePoint & network files Secure notes Team notebooks and calendar integration Offline content edit Review , comment and collaborate on documents Secure VDI like access to physical desktop Access work files and apps Securely manage tasks Integrated with Outlook Tasks Integrated with WorxMail for efficient workflows Here is the complete Enterprise Mobility Management (EMM) application suite. Let me explain briefly what each app is and does. WorxMail. This is our enterprise class native mail app that uses ActiveSync for mail delivery. It allows you to access your contacts, calendar events, send attachments via ShareFile, join GoToMeeting sessions with ease and more. WorxWeb. This is our native mobile Web browser that allow users connect natively and securely to intranet sites without the need to create a Full VPN tunnel to their network. Besides, Administrators can also create a whitelist or blacklist of URLs that users can access and also control the UI – such as hiding the address bar and set a Home Page. ShareFile. This is our native MDX app to securely access your files from either SharePoint, network shares or from your ShareFile profile. It allows users edit content and save it securely back to where it matters – to the data center or cloud. WorxNotes. Allows you to create notes and securely save them in the cloud. In addition, end-users have the option to share those notes via as a PDF attachment. WorxEdit. Allows you to edit content offline, review comments from other peers and save them back as an original Microsoft Office document. WorxDesktop. Allows you to access securely your remote PC in a native format. Meaning that your files and applications are a click away from being accessed without the hassle of zoom in/out for user experience. WorxTasks. Allows you to securely access your tasks created in Outlook and manage them. Any changes made on WorxTasks will synchronize back to your mailbox via ActiveSync.

9 XenMobile 10 vs. XenMobile 9
Let’s now change the topic and talk about the differences in architecture between XenMobile 10 and XenMobile 9.

10 Pre-XenMobile 10 Architecture
App Controller Device Manager Admin UI Auth Store App Mgmt DB Admin UI Auth Local users Store Dev Mgmt DB Dep Engine Tomcat HA/Cluster Logic First, let’s start by explaining how the pre-XenMobile 10 architecture looked like. Earlier versions of XenMobile 10, it is typical see two main components for a XenMobile enterprise solution: one an App Controller and a Device Manager server. The App Controller is a Linux virtual appliance that can run on most known hypervisors such as – XenServer, HyperV and VMware. The App Controller is a MAM solution – Mobile Application Management. Meaning that Administrators can upload native mobile apps and control how these app would behave on the mobile device. In addition, the App Controller has its own database of settings not being shared with the Device Manager database. Making the solution a little cumbersome for administration purposes. The Device Manager server is a Windows Server that runs Tomcat on top to effectively run the MDM (Mobile Device Management) functionality of XenMobile. This is where administrators can create restriction policies that can be pushed to iOS, Android or Windows Phone devices and control the mobile device at the physical level. Just like App Controller, the Device Manager has its own database, completely independent from the App Controller. Any changes made on either component are not independent from each other. HA/Cluster Logic Tomcat Linux Appliance Windows

11 XenMobile 10 Architecture
New! MDM MAM OCA Unified Console Console CLI Release Management Worx Store REDIS Server Postgres SQL DB Microsoft SQL Server Tomcat 7 + Hibernate + Spring Platform Services External DB User Space Now, with XenMobile 10, this is how our new unified architecture looks like. It is single virtual machine running a secure custom version of Linux 3.4, 64-bit and FIPS compliant. Just like the App Controller component, this virtual machine runs on most commonly known hypervisors like XenServer, HyperV and VMware. Linux bit (FIPS) Kernel Space HyperVisor (XenServer, HyperV, ESX)

12 XenMobile Security

13 Security Features mVPN MDM policies Worx PIN FIPS 140-2
These are the main security features that XenMobile Enterprise offers to you. First, we have MicroVPN. MicroVPN is part of the MDX technology framework brought by XenMobile. This is the per-app VPN feature that allows end-users access securely corporate resources without even establishing a FULL VPN tunnel to the network. The mVPN is controlled per app specific and can be further controlled by the NetScaler to either redirect traffic to a Web proxy, assigned a private address and more. The MDM policies. This the feature that allow IT Administrators enforce security restrictions at the mobile device level. If you want to restrict certain OS built-in functions, you can do so by using MDM policies. If you need to push new certificates to access network resources, this is the security feature that allows you to do it. Worx PIN. This is the feature that allow Administrators containerized Windows credentials by offering users to enter just a PIN number. The Windows credentials are securely saved on Worx Home but can be unlocked by using this Worx PIN set of characters. FIPS XenMobile 10 is FIPS compliant meaning that the data at rest or in motion is always secured. To ensure you are fully compliant, make sure you have all system requirements such as NetScaler MPX (FIPS), XenMobile 10 with FIPS enabled and Microsoft SQL with FIPS configured.

14 Deployment Best Practices & Communication Flow
Now that we have talked about all these features that XenMobile 10 offers, let’s go over the best practices on deploying this solution and at the same time, let us explain how the communication flow goes.

15 XenMobile Enterprise Deployment
80/443 HDX StoreFront | XD/XA 4443 XenMobile Server License Server 27000 443/8443 MDM Active Directory NetScaler 389/636 443 MAM MDM LB (443) 80/443 SharePoint 5223 MDM LB (8443) Exchange 25/443 APNs 2195/2196 1433 SQL MAM LB (8443) This is a typical XenMobile Enterprise deployment solution. If you notice, XenMobile Server still resides on the DMZ to ensure the proper security standards are met. There a number of ports that need to be open in the firewall to ensure the proper communication between resources. This is how the communication flow goes: The mobile device requires the Worx Home client to be installed for getting enrolled and accessing resources. For enrollment, let’s say the end-user enters the FQDN of the XenMobile solution. This FQDN resolves to the NetScaler load balancing virtual server listening on 443. The NetScaler at this stage, could do two things: either forward the SSL traffic to the XenMobile Server and not terminate the SSL communication – OR – terminate the SSL communication and contact the XenMobile Server on port 80 to offload the SSL traffic on the NetScaler. SSL Offload is certainly the most effective way to save resources on the XenMobile Server system. Then, the XenMobile Server does not know who this user is it prompts the user for authentication. Once credentials are forwarded, the XenMobile Server contacts the AD server for verification. Once verified, then, the XenMobile Server needs to notify the mobile device where to go next. And by this, I mean, where to gather the Windows or MDX apps from XenMobile. This is where the XenMobile Server sends the FQDN of the NetScaler Gateway. Worx Home initiates a new SSL connection to NetScaler Gateway. NetScaler Gateway challenges the user invisibly since the user does not get prompted for credentials. However, Worx Home client forwards the credentials over to the NetScaler Gateway and NetScaler verifies those credentials with AD. Once verified, then, NetScaler will contact the MAM load balancing vServer. This is an internal vServer used by NetScaler when XenMobile 10 is deployed in cluster mode. In order to forward the MAM traffic successfully to the correct XM node, NetScaler looks for a cookie value submitted by Worx Home. This cookie determines which XM node to contact. The NetScaler forwards the request to the correct XM node, the XM server then presents the correct the set of apps for the end-user. ShareFile 443 443 CA NSG (443) 53 DNS 123 NTP

16 Takeaways XenMobile Primary focus XenMobile editions Security first
Citrix’s Enterprise Mobility Management (EMM) solution Primary focus End-to-end security, easy deployment and user experience XenMobile editions XenMobile MDM edition XenMobile Advanced edition XenMobile Enterprise edition Security first MicroVPN Restriction policies (MDM) FIPS compliant Containerized credentials (Worx PIN) This is the takeaway list of items we covered today. Thanks for coming today!

17 A free offering to help keep your Citrix environment running well.
Over 400 plugins that detect various conditions and offer prescriptive advice. New ones added every week. Previously known as Tools as a Service (TaaS). Visit the Citrix Insight Services Team in the Expo Hall at the “Ask the Experts” booth to learn more and receive a free gift (while supplies last)

18 Configure XenMobile Enterprise in less than 15 mins!
Demo Configure XenMobile Enterprise in less than 15 mins! Let’s jump into the demo!

19 Questions?

Download ppt "XenMobile 10 MDM and MAM Unified Architecture Adolfo Montoya"

Similar presentations

Paul Roberts – Enterprise Mobility Specialist

Paul Roberts – Enterprise Mobility Specialist
Unified communications platform Enterprise-ready.

Unified communications platform Enterprise-ready.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel

Mission Critical Messaging Platform Roni Havas Unified Communications Solution Specialist Specialists Technology Unit – EPG - Microsoft Israel
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.

Desktop Central Managing Desktops, Servers & Devices Romanus Prabhu R Technical Account Manager LinkedIn : romanus.prabhu.
 Troy Hopwood Program Manager Microsoft Corporation BB53.

 Troy Hopwood Program Manager Microsoft Corporation BB53.
Authentication Administration Storage Compliance Authentication Administration Storage Compliance Audio Conferencing E-mail and Calendaring E-mail.

Authentication Administration Storage Compliance Authentication Administration Storage Compliance Audio Conferencing and Calendaring .
XProtect® Expert 2013 Product presentation

XProtect® Expert 2013 Product presentation
© 2014 Citrix. Confidential. Mobile Workstyles & Mobile Workspaces The new reality Q4 2014.

© 2014 Citrix. Confidential. Mobile Workstyles & Mobile Workspaces The new reality Q
Enterprise Desktop A Detailed Intro ved Jeppe Skovhus Gerholt © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational.

Enterprise Desktop A Detailed Intro ved Jeppe Skovhus Gerholt © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational.
Kerio Connect 7.1 More Than Just a Mail Server

Kerio Connect 7.1 More Than Just a Mail Server
Deliver Citrix Desktop Virtualization Confidently with Microsoft SCOM

Deliver Citrix Desktop Virtualization Confidently with Microsoft SCOM
Enterprise Key Enterprise CALs Servers Standard CALs Exchange Server (Std or Ent) Office SharePoint Server Exchange Std CAL (Messaging, Calendar, Contacts)

Enterprise Key Enterprise CALs Servers Standard CALs Exchange Server (Std or Ent) Office SharePoint Server Exchange Std CAL (Messaging, Calendar, Contacts)
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
ShareFile Enterprise. © 2012 Citrix | Confidential – Do Not Distribute Consumerization of IT My Workspace My Device(s) My Apps ?My Data.

ShareFile Enterprise. © 2012 Citrix | Confidential – Do Not Distribute Consumerization of IT My Workspace My Device(s) My Apps ?My Data.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Application Architecture

Application Architecture

Similar presentations

Ads by Google