Deploying Enterprise Mobility Solutions with Citrix XenMobileeducation.citrix.co.jp/wp-content/uploads/2016/05/CXM... · 2016-05-19 · Deploying Enterprise Mobility Solutions with

Deploying Enterprise Mobility Solutions with Citrix XenMobile

Citrix Course CXM-303

2 © Copyright 2015 Citrix Systems, Inc.

Deploying Enterprise Mobility

Solutions with Citrix XenMobile

Citrix Course CXM-303 October 2015

Version 1.4



Table of Contents

Module 1: XenMobile 10 overview ....................................................................... 11 XenMobile 10 .....................................................................................................................................13 Use cases ........................................................................................................................................... 14

Overview ......................................................................................................................................... 14 Lesson summary........................................................................................................................... 15 Test your knowledge .....................................................................................................................14

Client and server feature releases .................................................................................................. 15 Overview ......................................................................................................................................... 15 Delivering a better IT experience ............................................................................................... 15 Improving the user experience .................................................................................................... 15 Unified administrative console ..................................................................................................... 16 XenMobile 10 architecture ........................................................................................................... 16 XenMobile 10 Enterprise deployment architecture ................................................................. 16 Unified server .................................................................................................................................17 Unified App Store .......................................................................................................................... 17 Supportability ................................................................................................................................. 18 Server functionality: Manageability ............................................................................................. 19 Server functionality: Security ....................................................................................................... 19 Client functionality: Business ....................................................................................................... 20 New features – WorxMail and WorxWeb .................................................................................. 21 New features – WorxNotes and QuickEdit ............................................................................... 22 Deprecated features .....................................................................................................................22 Citrix Licensing...............................................................................................................................22 Lesson summary ...........................................................................................................................23 Test your knowledge ..................................................................................................................... 23

Worx Mobile Apps .............................................................................................................................24 Overview ......................................................................................................................................... 24 What is a mobile application? ..................................................................................................... 24 Worx Mobile Apps .........................................................................................................................25 Worx Home .................................................................................................................................... 28 Worx Store...................................................................................................................................... 29 Worx Home support ......................................................................................................................29 Using location in Worx Home ..................................................................................................... 30 Send feedback to Citrix ................................................................................................................ 30 WorxMail ......................................................................................................................................... 31 WorxWeb ........................................................................................................................................ 31 QuickEdit......................................................................................................................................... 32 WorxNotes ...................................................................................................................................... 33 ShareConnect ................................................................................................................................ 34 WorxTasks ...................................................................................................................................... 35 Lesson summary ........................................................................................................................... 36 Test your knowledge .....................................................................................................................36


Module 2: XenMobile 10 architecture.................................................................. 37 XenMobile 10 architecture ............................................................................................................... 39 XenMobile architecture .................................................................................................................... 40

Overview ........................................................................................................................................ 40 Product editions ............................................................................................................................ 40 MDM Edition architecture ............................................................................................................ 40 MDM Edition components ........................................................................................................... 41 MDM Edition use cases ............................................................................................................... 42 Advanced Edition architecture .................................................................................................... 43 Advanced Edition components ................................................................................................... 44 Advanced Edition use cases ....................................................................................................... 44 Enterprise Edition architecture.................................................................................................... 45 Enterprise Edition components................................................................................................... 46 Enterprise Edition use cases ...................................................................................................... 47 Lesson summary .......................................................................................................................... 48 Test your knowledge .................................................................................................................... 49

Mobile device experience ................................................................................................................ 50 Overview ........................................................................................................................................ 50 MDX framework capabilities ....................................................................................................... 50 App deployment overview – Securing apps with MDX ........................................................... 51 Information containment .............................................................................................................. 51 Secure inter-app communication ............................................................................................... 52 MDX policy overview - App behavior restrictions ..................................................................... 53 MDX policy overview - App access controls ............................................................................. 55 MicroVPN ....................................................................................................................................... 56 MicroVPN - Network access policy ............................................................................................ 57 Network access modes - Secure Browse vs. Full VPN .......................................................... 58 Lesson summary .......................................................................................................................... 58 Test your knowledge .................................................................................................................... 58

XenMobile clustering ........................................................................................................................ 59 Overview ........................................................................................................................................ 59 Clustering enhancements ............................................................................................................ 59 Adding cluster nodes.................................................................................................................... 60 NetScaler clustering integration ................................................................................................. 60 NetScaler integration persistent (SSL Session ID) .................................................................. 61 NetScaler integration persistent (CustomServerID) ................................................................ 62 Clustering menu ............................................................................................................................ 62 Cluster verification ........................................................................................................................ 62 Configuration ................................................................................................................................. 63 Lesson summary .......................................................................................................................... 64 Test your knowledge .................................................................................................................... 64

Module 3: XenMobile 10 implementation ........................................................... 65 XenMobile 10 implementation ......................................................................................................... 67 Installation .......................................................................................................................................... 68

Overview ........................................................................................................................................ 68


Installation prerequisites ............................................................................................................... 68 Installation media........................................................................................................................... 68 First time user mode ..................................................................................................................... 69 Clustering ........................................................................................................................................ 74 Lesson summary ........................................................................................................................... 74 Test your knowledge ..................................................................................................................... 75

Configuration ...................................................................................................................................... 76 Overview ......................................................................................................................................... 76 Using the "Getting Started" wizard ............................................................................................. 76 Lesson summary ........................................................................................................................... 86 Test your knowledge ..................................................................................................................... 87

Unified administrative access ..........................................................................................................88 Overview ......................................................................................................................................... 88 XenMobile console ........................................................................................................................ 89 Lesson summary ........................................................................................................................... 92 Test your knowledge ..................................................................................................................... 93

App wrapping ..................................................................................................................................... 94 Overview ......................................................................................................................................... 94 App wrapping .................................................................................................................................95 Wrapping Android apps using MDX toolkit or Command-line ............................................... 95 Customizing MDX apps ................................................................................................................96 WorxMail network access ............................................................................................................ 96 Configuring WorxMail STA ........................................................................................................... 98 WorxMail APNs .............................................................................................................................. 99 Using WorxMail APNs ..................................................................................................................99 Export WorxMail contacts ......................................................................................................... 100 Worx timers ................................................................................................................................. 101 Lesson summary ........................................................................................................................ 102 Test your knowledge .................................................................................................................. 103

Managing apps................................................................................................................................ 104 Overview ...................................................................................................................................... 104 Managing apps ........................................................................................................................... 104 Using Categories ........................................................................................................................ 106 Lesson summary ........................................................................................................................ 106 Test your knowledge .................................................................................................................. 107

Policies ............................................................................................................................................. 108 Overview ...................................................................................................................................... 108 Device-level policies .................................................................................................................. 108 iOS 8 extended features ........................................................................................................... 109 New iOS policy restrictions ....................................................................................................... 109 Creating an MDM policy ............................................................................................................ 110 Editing policies ............................................................................................................................ 113 Lesson summary ........................................................................................................................ 113 Test your knowledge .................................................................................................................. 113

Delivery groups ............................................................................................................................... 115 Overview ...................................................................................................................................... 115 Delivery groups ........................................................................................................................... 115


Create a delivery group ............................................................................................................. 115 Editing delivery groups .............................................................................................................. 119 Lesson summary ........................................................................................................................ 120 Test your knowledge .................................................................................................................. 120

Module 4: XenMobile 10 NetScaler and StoreFront integration .................... 121 NetScaler and StoreFront integration .......................................................................................... 123

Module introduction .................................................................................................................... 123 Terminology ................................................................................................................................. 123

NetScaler integration ...................................................................................................................... 125 Overview ...................................................................................................................................... 125 NetScaler benefits ...................................................................................................................... 125 NetScaler requirements ............................................................................................................. 126 Using the NetScaler Wizard ...................................................................................................... 127 Using XenMobile server............................................................................................................. 139 Lesson summary ........................................................................................................................ 140 Test your knowledge .................................................................................................................. 141

StoreFront integration ..................................................................................................................... 142 Overview ...................................................................................................................................... 142 StoreFront requirements ............................................................................................................ 142 StoreFront configuration ............................................................................................................ 143 XenMobile Server configuration ............................................................................................... 145 Worx Home Store ....................................................................................................................... 146 Lesson summary ........................................................................................................................ 147 Test your knowledge .................................................................................................................. 147

Module 5: XenMobile 10 ShareFile integration ................................................ 149 Managing ShareFile ....................................................................................................................... 151 ShareFile enterprise ....................................................................................................................... 152

Overview ...................................................................................................................................... 152 Benefits ........................................................................................................................................ 152 Lesson summary ........................................................................................................................ 153 Test your knowledge .................................................................................................................. 153

MDX-wrapped ShareFile SSO ...................................................................................................... 154 Overview ...................................................................................................................................... 154 ShareFile authentication options .............................................................................................. 154 MDX-wrapped ShareFile SSO .................................................................................................. 155 SAML overview ........................................................................................................................... 155 Configure XenMobile as an IdP for ShareFile SSO............................................................... 155 Authentication flow ..................................................................................................................... 156 Configure SAML SSO for ShareFile MDX apps ..................................................................... 156 Configure SAML for non-MDX ShareFile apps ...................................................................... 158 Lesson summary ........................................................................................................................ 158 Test your knowledge .................................................................................................................. 158


Module 6: XenMobile 10 troubleshooting ......................................................... 159 Troubleshooting .............................................................................................................................. 161 Troubleshooting .............................................................................................................................. 162

Overview ...................................................................................................................................... 162 Diagnostics .................................................................................................................................. 162 Log operations ............................................................................................................................ 163 Support bundle............................................................................................................................ 163 Advanced server information .................................................................................................... 164 Product documentation .............................................................................................................. 165 Additional tools............................................................................................................................ 165 APNs signing utility .................................................................................................................... 166 XenMobile diagnostics ............................................................................................................... 167 Lesson summary ........................................................................................................................ 167 Test your knowledge .................................................................................................................. 167

Connectivity checks ........................................................................................................................ 168 Diagnostics overview ................................................................................................................. 168 NetScaler connectivity checks .................................................................................................. 168 XenMobile connectivity checks ................................................................................................ 171 Lesson summary ........................................................................................................................ 172 Test your knowledge .................................................................................................................. 173

Support bundle ................................................................................................................................ 174 Overview ...................................................................................................................................... 174 XenMobile support page ........................................................................................................... 174 Support bundle ........................................................................................................................... 175 Customize support data ............................................................................................................ 176 Generate a NetScaler Gateway support bundle .................................................................... 177 Extracting and using the data ................................................................................................... 178 Upload to Citrix Insight Services .............................................................................................. 178 Citrix Insight Services ................................................................................................................ 179 Finding additional information................................................................................................... 180 Lesson summary ........................................................................................................................ 181 Test your knowledge .................................................................................................................. 181

Log operations ................................................................................................................................ 182 Overview ...................................................................................................................................... 182 View the debug log file .............................................................................................................. 182 Configure log settings ................................................................................................................ 183 Download XenMobile logs ........................................................................................................ 188 Lesson summary ........................................................................................................................ 189 Test your knowledge .................................................................................................................. 189

Module 7: XenMobile 10 advanced authentication ......................................... 191 Advanced authentication ............................................................................................................... 193

Module overview ......................................................................................................................... 193 Microsoft Certificate Authority ....................................................................................................... 194

Overview ...................................................................................................................................... 194 Client Certificate Authentication ............................................................................................... 194


Setting up Microsoft Certificate Services ................................................................................ 195 Microsoft AD Certificate Services part 1 ................................................................................. 196 Microsoft AD Certificate Services part 2 ................................................................................. 199 Microsoft AD Certificate Services part 3 ................................................................................. 203 Microsoft AD Certificate Services part 4 ................................................................................. 206 Lesson summary ........................................................................................................................ 210 Test your knowledge .................................................................................................................. 210

NetScaler user certificates ............................................................................................................. 211 Overview ...................................................................................................................................... 211 NetScaler user certificate authentication ................................................................................ 211 Lesson summary ........................................................................................................................ 216

XenMobile Server Certificates ...................................................................................................... 217 Overview ...................................................................................................................................... 217 XenMobile user certificate authentication ............................................................................... 217 Lesson summary......................................................................................................................... 224

XenMobile 10

(中略)

implementation

Module 3

3


Module 3: XenMobile 10 implementation 67 © Copyright 2015 Citrix Systems, Inc.

XenMobile 10 implementation Before you deploy the XenMobile solution and install the components, make sure you have the right prerequisites and system requirements. This effort will prepare you to configure the network settings, open ports in your firewall, install certificates and licenses, and configure authentication.

In this module, you will learn about:

• Installation prerequisites

• Configuration methods

• Accessing the administrative console

• Wrapping and managing apps

• Creating and editing policies

• Managing access using delivery groups

68 Module 3: XenMobile 10 implementation © Copyright 2015 Citrix Systems, Inc.

Installation

Overview

The XenMobile virtual machine (VM) runs on Citrix XenServer, VMware ESXi, or Microsoft Hyper-V. You can use XenCenter or vSphere management consoles to install Citrix XenMobile.

In this lesson, you will learn about:

• Supported hypervisors and their prerequisites

• Product installation modes

• Clustering requirements

Installation prerequisites

XenMobile 10 is supported on three hypervisor platforms: XenServer, VMWare ESXi, and Microsoft Hyper-V. For additional information on hypervisor configuration, refer to your XenServer, ESXi, or Hyper-V product documentation.

Before installing XenMobile on XenServer or VMware ESXi, you must do the following:

• Install XenServer or VMware ESXi on a computer with adequate hardware resources.

• Install the XenCenter or vSphere management console on a separate computer.

Before installing XenMobile on Hyper-V, you must do the following.

• Install Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 on the host computer, ensuring there are adequate system resources.

• Enable the Hyper-V role and be sure to specify the network interface cards (NICs) on the server that Hyper-V will use to create the virtual networks. You should reserve NICs on the host for this type of network communication.

Installation media

You can download the product software from www.citrix.com/downloads.

The computer that hosts the XenCenter or vSphere management consoles will connect to the XenServer or VMware ESXi host through the network.

You will need a Citrix account to log on and download the software.

http://www.citrix.com/downloads


First time user mode The steps below take you through the installation of a new XenMobile 10 Server.

Step 1 1. Import the XenMobile virtual machine into the Hypervisor.

2. On the console page, begin configuration in FTU (First time user) mode.

3. Enter a CLI administrator account password.

No characters will be displayed when you type the password.


Step 2 Enter the following network settings:

• IP address

• Netmask

• Default Gateway

• Primary DNS server

• Secondary DNS server (optional)

Step 3

Create a passphrase to encrypt secure data:

• Type Y to automatically generate a passphrase

• Type N and manually enter a password (12 characters)

Step 4 Enable FIPs mode, if required.


Step 5 Configure the database connection to local or remote server:

A local PostgreSQL database can be used for a proof-of-concept installation.

A remote MS SQL database is required for a production setup.

Step 6 Enter the database settings:

• Type (mi/p)

• Use SSL (cert required)

• Server port

• Username

• Password

• Database name

A remote database must be configured to cluster XenMobile server instances.

SQL server and Windows authentication modes are both supported


Step 7 Enable clustering in FTU mode, if you plan to build a clustered environment.

Clustering can also be enabled from the CLI post installation, as shown:

Step 8 Enter the external hostname/FQDN for the server. This will be the Mobile Device Management (MDM) enrollment server's fully qualified domain name.

Step 9

Press the Enter key to accept the default communication ports, as shown below:

• HTTP: 80

• HTTPS: 443

• HTTPS no cert: 8443

• HTTPS Management: 4443

The FQDN must be entered correctly or device enrollment will fail. XenMobile Server also creates a certificate during this time, which also uses the FQDN. This certificate FQDN cannot be changed later.


Step 10 Create the MDM server’s certificate authorities. If you plan to cluster two or more XenMobile Server nodes, you will need to provide an identical password for each node.

Passwords must be provided for the PKI certificates.

The same password may be used for all certificates.


Step 11 A local administration account must be created to access the Web Admin Console. Once created, the configuration will proceed.

Step 12

Confirm whether you are upgrading from a previous release. An upgrade is currently supported only from the MDM Edition.


Upgrading the Enterprise Edition will be supported in a future release. See www.citrix.com for release details.

http://www.citrix.com/


Step 13 The initial CLI configuration is now complete.

Once the application has successfully started, access https://xms- ipaddress:4443 to continue the setup.

Clustering

The XenMobile Server has been installed and clustering mode enabled. You can elect to provision a second XenMobile Server to make the environment highly available.

Based on the number of nodes required, you will create new VMs and point them to the same database and provide the same pki certificate passwords. You should also ensure the enable cluster is set to y in the CLI when configuring the first XenMobile server node.

Lesson summary

The XenMobile 10 installation is supported on multiple hypervisor platforms. You can refer to the specific hypervisor administrative guides for additional configuration instructions. Clustering multiple XenMobile servers provides redundancy in the environment for your mobile device management servers.

In this lesson, you learned:

• XenMobile 10 is supported on the XenServer, VMWare ESXi,and Hyper-V hypervisor platforms.

• Clustering is enabled in FTU mode and in the CLI after installation.

Add the server IPs to your DNS server to prevent certificate warnings from appearing when accessing the web console using https.


• Clustering requires the same database and certificate passwords for each XenMobile node.

• A remote SQL server is required for production deployment.

Test your knowledge You can install XenMobile 10 on a Windows 2012 server.

A. True

B. False


Configuration

Overview

Citrix XenMobile 10 can be configured using the Getting Started wizard. A new installation of XenMobile will run the Getting Started Wizard automatically upon first access.

In this lesson, you will learn:

• How to access the Getting Started Wizard

• Required configuration options

• Optional configurable features

Using the "Getting Started" wizard

This section will walk you through the steps to configure the XenMobile console when accessed for the first time.


Step 1 Sign in to the XenMobile console using the credentials assigned during the initial configuration.

Step 2 The Getting Started wizard will be presented. Click x to begin the configuration wizard.


Step 3 XenMobile 10 uses the same Citrix licensing model as other Citrix products, such as XenApp or XenDesktop. A license server and license for XenMobile is required.

The XenMobile Server can be configured during installation with a 30-day evaluation license for testing purposes, and a full license can be updated or added later from the management console under the Settings option.


Step 4 Import your SSL Certificate. The available options are:

• Server - Server certificates support the communication functions of the XenMobile Server; they are uploaded to the XenMobile web console. They include CA certificates, RA certificates, and certificates for client authentication with other components of your infrastructure. In addition, you may use server certificates as a storage repository for certificates you want to deploy to establish trust on a user device.

• SAML - Security Assertion Markup Language (SAML) certification allows you to provide single sign-on (SSO) access to servers, websites, and apps.

• APNs - Apple Push Notification service (APNs) certificates from Apple enable mobile device management through the Apple Push Network.

• SSL Listener - Secure Sockets Layer (SSL) Listener notifies XenMobile of SSL cryptographic activity.


Step 5 Import your APNs Certificate.

Step 6 Import your Public SSL Certificate, if available. Citrix recommends using an SSL certificate. The self-signed SSL Listener created during the initial configuration of the XenMobile server will also work for enrollment.


Step 7 Configure the NetScaler Gateway.


Step 8 LDAP Configuration

Configure the following settings:

• Directory type - Click the directory type being used. By default, Microsoft Active Directory is selected.

• Primary server - Enter the primary server used for LDAP authentication. You can enter the LDAP server's IP address or the fully qualified domain name (FQDN).

• Secondary server - Enter the IP address or FQDN of a secondary LDAP server (optional configuration, enter if one is available).

• Port - Enter the port number used by the LDAP server. By default, the port number is set to 389 for unsecured LDAP connections. You can also use port number 636 for secure LDAP connections, 3268 for Microsoft unsecure LDAP connections, or 3269 for Microsoft secure LDAP connections.

• Domain name - Enter the domain name.

• User base DN - Enter the location of users in Active Directory through a unique identifier. Syntax examples include: (ou=users, dc=example, or dc=com).

• Group base DN - Enter the group base DN group name specified as cn=groupname --for example in cn=users, dc=servername, dc=net where cn=users is the group name.

• User ID - Enter the user ID associated with the Active Directory account.

• Password - Enter the password associated with the user.

• Domain alias - Enter an alias for the domain name, if one exists.

• XenMobile Lockout Limit - Enter a number between 0 and 999 for the maximum allowed number of failed logon attempts. Setting this field to 0 indicates that XenMobile will never lock out the user based on unsuccessful logons.

• XenMobile Lockout Time - Enter a number between 0 and 99999 representing the number of minutes a user must wait after exceeding the lockout time limit before user logons are allowed again. Setting this field to 0 indicates that the user will not be forced to wait after a lockout.

• Global Catalog TCP Port - Enter the TCP port number for the Global Catalog server. By default, the TCP port number is set to 3268; for SSL connections, use port number 3269.

• Global Catalog Root Context - Enter the Global Root Context value used to enable a global catalog search in Active Directory, this setting is optional. This search option is in addition to the standard LDAP search, in any domain without the need to


specify the actual domain name.

• User search by - Search options available are userPrincipalName or sAMAccountName and these can be selected from the list.

• Use secure connection - Click YES to enable secure connections.

Step 9 Notification Server settings

Configure the following settings:

• Name - Type the name associated with this SMTP server account.

• Description - Enter a description of the server, this is optional.

• SMTP Server - Type the host name for the SMTP server. The host name entered as fully qualified domain name (FQDN) or an IP address.

• Secure channel protocol - Select the secure channel protocol used by the server from the list; by default this field is set to None. If you choose to use secure channel communication ensure that the server is configured to use secure authentication such as SSL or TLS.

• SMTP server port - Type the port used by the SMTP server. By default, the port is set to 25; if SMTP connections use the SSL secure channel protocol, the port is set to 465.

• Authentication - Select ON or OFF to enable the authentication option. By default, this feature is disabled.

• Microsoft Secure Password Authentication (SPA) - If the SMTP server is using the SPA, select ON. By default, this feature is disabled.

• From Name - Type the name displayed in the From box when a client receives a notification email from this server. For example,


Corporate IT.

• From email - Type the email address used if an email recipient replies to the notification sent by the SMTP server.

• Test Configuration - Click the button to send a test email notification.

Step 10 Finalize the settings.


Lesson summary

The Getting Started wizard takes you through configuring the basic features required to get XenMobile 10 up and running. Various features must be enabled to allow XenMobile to work correctly including licensing, certificates, NetScaler Gateway and LDAP settings for authentication.

In this lesson, you learned:

• The Getting Started wizard can be used to enabled and disable XenMobile features.

• A secure deployment can be configured using SSL certificates.

• LDAP settings must be configured for successful directory authentication.

• NetScaler Gateway can be integrated for secure mobile device access.

Test your knowledge The Getting Started wizard can be accessed at any time from the Settings menu?

A. True

B. False


(後略)

851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA (954) 267 3000 www.citrix.com

Rheinweg 9 8200 Schaffhausen Switzerland +41 (0) 52 63577 00 www.citrix.com

© Copyright 2015 Citrix Systems, Inc. All rights reserved.



Documents

Deploying Enterprise Mobility Solutions with Citrix XenMobileeducation.citrix.co.jp/wp-content/uploads/2016/05/CXM... · 2016-05-19 · Deploying Enterprise Mobility Solutions with