Download presentation
Presentation is loading. Please wait.
Published byNancy Gallagher Modified over 9 years ago
1
November, 2013 XenMobile 8.6 App Edition Mobile Application Management Adolfo Montoya, Karen Sciberras, George Ang and Andrew Sandford Lead Support Readiness Specialist
2
© 2013 Citrix | Confidential – Do Not Distribute Document Management CategoryTracking Information Company:Citrix Systems, Inc. Author(s):Adolfo Montoya Owner(s):Worldwide Support Readiness Last modified:11/22/2013 Version:1.0 Length:4 hours
3
© 2013 Citrix | Confidential – Do Not Distribute Objectives 3 At the end of this course, you will be able to : Module 1: Deploy WorxMail 1.3 Configure and test some of the new WorxMail 1.3 features on iOS or Android devices Module 2: Deploy WorxWeb 1.3 Configure and verify ability to create blacklist/whitelist of URLs Configure and verify ability to set a Homepage for WorxWeb Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps Configure and verify ability to upload.IPA or.APK files to XenMobile App Controller Verify mobile users can access and download native apps from XenMobile App Controller
4
© 2013 Citrix | Confidential – Do Not Distribute Objectives 4 Module 4: Deploy Public Stores apps to iOS and Android devices Configure and verify ability to publish iOS free and paid apps available from the App Store Configure and verify ability to publish Android free and paid apps available from the Google Play Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment Configure XenMobile App Controller to authenticate users from two independent Windows domains Configure and test NetScaler Gateway 10.1.e to allow remote users access resources from either domain
5
© 2013 Citrix | Confidential – Do Not Distribute Objectives 5 Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways Configure and test XenMobile App Controller with multiple NetScaler Gateways (2) to allow remote users access resources from either Gateway
6
© 2013 Citrix | Confidential – Do Not Distribute Assessment 6 There would be an assessment at the end of the course, covering the following modules: Module 1: Deploy WorxMail 1.3 Module 2: Deploy WorxWeb 1.3 Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps Module 4: Deploy Public Stores apps to iOS and Android devices Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways
7
Module 1: Deploy WorxMail 1.3
8
© 2013 Citrix | Confidential – Do Not Distribute What is WorxMail? Mail, calendar, contacts Enterprise class security Beautiful native experience Full inter-app integration MDX-secured ActiveSync email client for iOS/Android Secure email body and attachment “Open in” control to provide data leak protection No Exchange server exposure to internet Send email with ShareFile attachments Integrated calendars and Exchange GAL
9
© 2013 Citrix | Confidential – Do Not Distribute ActiveSync Policy Support Control Sync settings for WorxMail Limit email size Allow Direct Push when roaming Allow attachments to be downloaded Allow HTML-formatted emails Define maximum attachment size
10
© 2013 Citrix | Confidential – Do Not Distribute Fast Join and Fast Dial Join GoToMeeting sessions right from WorxMail Dial-in right from the event details Running late option to quickly notify attendees via email
11
© 2013 Citrix | Confidential – Do Not Distribute Fast Join and Fast Dial
12
© 2013 Citrix | Confidential – Do Not Distribute Out of Office Out of Office option Configure time period Configure inside/outside my organization
13
© 2013 Citrix | Confidential – Do Not Distribute Secure Photo Sharing From WorxMail
14
© 2013 Citrix | Confidential – Do Not Distribute Info Rights Management – Android WorxMail
15
Module 2: Deploy WorxWeb 1.3
16
© 2013 Citrix | Confidential – Do Not Distribute WorxWeb Secure browser Internal web app access Full inter-app integration Consumer experience MDX-secured iOS and Android device intranet web browsing o Easy access to SharePoint, Intranet Portal etc Similar look/ feel as native browser o Safari on iOS; Chrome on Android Single sign-on via NetScaler o Respond to HTTP 401
17
© 2013 Citrix | Confidential – Do Not Distribute Secure Mobile Web Browser Full-featured consumer-like browser Secure access to internal, external and HTML5 web apps URL whitelisting and blacklisting Access to enterprise resources with a Micro VPN
18
© 2013 Citrix | Confidential – Do Not Distribute Internet WorxWeb - Topology NetScaler Gateway 1.WorxWeb does HTTP GET/Post to internal-FQDN 2.Traffic is tunneled inside micro VPN (SSL session) 3.NetScaler upwraps Worx Web traffic, communicates with internal web server 4.Enterprise web proxy could be NetScaler’s next-hop, for internet bound traffic (Split-tunnel is OFF) 5.Split-tunnel ‘ON’ sends internet traffic bypassing the enterprise
19
© 2013 Citrix | Confidential – Do Not Distribute Recap… Citrix WorxWeb for Secure Browser Management enables policy control over native browser for secure web access, such as: Block unapproved web sites in the browser Provide customs bookmarks Block users who have rooted or jail-broken devices Require log in using PIN or password, or pattern screen lock Require Wi-Fi or internal network controls Block screen capture, camera, and location services
20
© 2013 Citrix | Confidential – Do Not Distribute What’s New in 1.3 ? iOS 7 Support New policies support Homepage Hide function (URL, Toolbar, etc) Web links filtering
21
© 2013 Citrix | Confidential – Do Not Distribute
22
Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps
23
© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications
24
© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications Applications are not in.mdx format, no policies are applied Only details tab available in “edit” properties of application Cannot be included as part of a workflow
25
© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications Applications are not in.mdx format, no policies are applied Only details tab available in “edit” properties of application Cannot be included as part of a workflow No distinction between.ipa/.apk files and.mdx files in Apps/Docs view
26
© 2013 Citrix | Confidential – Do Not Distribute.IPA and.APK file support Support to publish both.ipa and.apk applications Applications are not in.mdx format, no policies are applied Only details tab available in “edit” properties of application Cannot be included as part of a workflow No distinction between.ipa/.apk files and.mdx files in Apps/Docs view Available as part of Worx store
27
Module 4: Deploy Public Stores apps to iOS and Android devices
28
© 2013 Citrix | Confidential – Do Not Distribute Features 28 Publish iOS apps from App Store FREE apps Paid apps Publish Android apps from Google Play store FREE apps Paid apps
29
© 2013 Citrix | Confidential – Do Not Distribute Public Store – iOS and Android apps 29
30
© 2013 Citrix | Confidential – Do Not Distribute Public Store – iOS apps 30 Publish iOS App Store links on XM App Controller XM App Controller will automatically determine if app is free or paid XM App Controller downloads App name Description Icon
31
© 2013 Citrix | Confidential – Do Not Distribute Public Store – iOS apps 31 Publish iOS App Store links on XM App Controller XM App Controller will automatically determine if app is free or paid XM App Controller downloads App name Description Icon
32
© 2013 Citrix | Confidential – Do Not Distribute Public Store – Android apps 32 Publish Android apps links from Google Play store on XM App Controller XM App Controller will not automatically determine if app is free or paid IT Admin needs to enter app info App name Description Paid or free Image (icon)
33
Module 5: Deploy XenMobile App Controller in a Multi- Windows Domain Environment
34
© 2013 Citrix | Confidential – Do Not Distribute Multiple Domain Support First domain specified in initial configuration is default domain Default domain cannot be deleted The domains may belong to different forests As long as service account can access base DN In forest deployment each domain will need to specified as separate instance Internal relationship between domains will not be considered Trusts between domains will not be considered Nested groups will not be supported Only users in specified group will be included in role Users in a group within a specified group will not be included in role
35
© 2013 Citrix | Confidential – Do Not Distribute App Controller Configuration Modify Domain setting Configuration data can be edited by Administrator Changes to user/group DN will require AppC to re-sync No further configuration changes can be completed during a re-sync
36
© 2013 Citrix | Confidential – Do Not Distribute App Controller Configuration Modify Domain setting Configuration data can be edited by Administrator Changes to user/group DN will require AppC to re-sync No further configuration changes can be completed during a re-sync When multiple domains are configured on AppC Direct login only allowed for default domain users All other domain authentication only supported through NetScaler Gateway Group membership across domains Global or Universal groups are not supported
37
© 2013 Citrix | Confidential – Do Not Distribute Master User List Master user list may be used to confirm that the additional domains synchronized correctly
38
© 2013 Citrix | Confidential – Do Not Distribute NetScaler Gateway Configuration To support authentication from multiple domains, users need to gain access through NetScaler Gateway Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration
39
© 2013 Citrix | Confidential – Do Not Distribute NetScaler Gateway Configuration To support authentication from multiple domains, users need to gain access through NetScaler Gateway Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration Same priority can be given to all the LDAP policies configured Within each LDAP policy, Server Logon Name is configured to UserPrincipalName
40
© 2013 Citrix | Confidential – Do Not Distribute NetScaler Gateway Configuration To support authentication from multiple domains, users need to gain access through NetScaler Gateway Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration Same priority can be given to all the LDAP policies configured Within each LDAP policy, Server Logon Name is configured to UserPrincipalName Within Published Application settings, ensure Single Sign-on domain is blank
41
Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways
42
© 2013 Citrix | Confidential – Do Not Distribute Problem with XenMobile 8.5 For XenDesktop deployment in multiple sites, one NSG is involved in each site App Controller supported only a single NSG to be configured App Controller needs to handle when all the NSGs use the same FQDN in GSLB case
43
© 2013 Citrix | Confidential – Do Not Distribute Deployment Options Windows StoreFront consolidates Apps AppController consolidates Apps
44
© 2013 Citrix | Confidential – Do Not Distribute How it worked previously AppController 2.8 and lower Enable Gateway in front of AppC Callback URL External URL VIP on the NetScaler Logon type Domain only Security token only Domain & Security token
45
© 2013 Citrix | Confidential – Do Not Distribute Password not required This is actually not the user’s password It is a token which the NetScaler Gateway provides to App Controller for later use The App Controller can specify that it does not need this token from NetScaler Gateway
46
© 2013 Citrix | Confidential – Do Not Distribute Approach ControlPoint allows multiple NSGs to be configured Each NSG has its own configurations FQDN (for Account Service Record) Callback URL (for AGESSO) App Controller AuthService uses two headers to reach back to the right NSG X-Citrix-Via (indicating NSG FQDN) X-Citrix-Via-VIP (indicating NSG VIP)
47
© 2013 Citrix | Confidential – Do Not Distribute Diagram
48
© 2013 Citrix | Confidential – Do Not Distribute Multi-NSG
49
© 2013 Citrix | Confidential – Do Not Distribute Detail ControlPoint NSG configuration table where each row represents one NSG For GSLB NSGs, only a single row is configured Otherwise there could be multiple rows AuthService If X-Citrix-Via-VIP header is present in the request Use X-Citrix-Via value as the SSL endpoint (for certificate validation against FQDN) Use X-Citrix-Via-VIP as TCP endpoint If X-Citrix-Via-VIP header is not present Use current behaviour by doing callback to X-Citrix-Via value If there is a static host entry for that NSG FQDN, use it instead of doing DNS lookup (OPTIONAL but requested by customers)
50
© 2013 Citrix | Confidential – Do Not Distribute
51
Multiple Callback URLs Each NetScaler Gateway will support multiple callback URLs (compared to before, it supported only one) Can have zero, one, or many callback URLs for each NetScaler Gateway When there are one or more callback URLs defined, AppController will choose the first URL on the list and failover to the next only if the first try times out and so on
52
© 2013 Citrix | Confidential – Do Not Distribute Certificates Increased Trust between App Controller and NetScaler Gateway Install server certificates (App Controller server certificate on The root trusted certificate needs to be installed on both to verify the server certificate
53
© 2013 Citrix | Confidential – Do Not Distribute Client Certificate based Authentication At the time of enrollment, a client certificate is obtained and provisioned on the user’s device User is able to authenticate himself/herself using their AD credentials Client certificate can be used in the following scenarios: For the User to prove his identity to WorxHome For WorxHome (on the user’s behalf) to prove the user’s identity to MDX Apps For MDX App (on the user’s behalf) to prove the user’s identity to backend resources (like Exchange)
54
© 2013 Citrix | Confidential – Do Not Distribute Piggy Back Features Internal Beacon configuration Currently App Controller uses its own FQDN as the internal beacon and it is not modifiable Making this field modifiable makes it easier to enforce clients to always go through NSG (Optional) External Beacon configuration Currently App Controller uses the NSG it is configured with for external beacon If possible, we should also make these modifiable
55
© 2013 Citrix | Confidential – Do Not Distribute Review 55 Module 1: Deploy WorxMail 1.3 Configure and test some of the new WorxMail 1.3 features on iOS or Android devices Module 2: Deploy WorxWeb 1.3 Configure and verify ability to create blacklist/whitelist of URLs Configure and verify ability to set a Homepage for WorxWeb Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps Configure and verify ability to upload.IPA or.APK files to XenMobile App Controller Verify mobile users can access and download native apps from XenMobile App Controller
56
© 2013 Citrix | Confidential – Do Not Distribute Review 56 Module 4: Deploy Public Stores apps to iOS and Android devices Configure and verify ability to publish iOS free and paid apps available from the App Store Configure and verify ability to publish Android free and paid apps available from the Google Play Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment Configure XenMobile App Controller to authenticate users from two independent Windows domains Configure and test NetScaler Gateway 10.1.e to allow remote users access resources from either domain
57
© 2013 Citrix | Confidential – Do Not Distribute Review 57 Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways Configure and test XenMobile App Controller with multiple NetScaler Gateways (2) to allow remote users access resources from either Gateway
58
Work better. Live better.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.