Thursday, 15 December 2016

Known Issues

Known Issues


The following are known issues for the XenMobile 10 MDM Upgrade Tool:

  • The XenMobile lockout limit value is not migrated. After migration, reset the value. [#545770]
  • Options in role-based access control (RBAC) roles do not migrate cleanly. After migration, review RBAC roles and make any necessary adjustments. [#543183]
  • Log settings do not migrate. After migration, re-configure log settings in the XenMobile console. [#541869] 
  • When a configuration with multiple LDAP configurations in which only one LDAP configuration to support nested groups is migrated, after migration, nested groups support is enabled on all LDAPs you configured. In addition, groups synchronization happens on all LDAP servers during server start-up. [#540713]
  • When a Web Content Filter device policy contains URLs without HTTP/HTTPS, the URL is deleted when users edit the URL and then cancel the operation. After migration, make sure all URLs contain HTTP or HTTPS to prevent deletion when canceling an edit operation. [#540025]
  • When policies, apps, or actions are included in multiple packages with different rules, deployment rules do not migrate. This behavior is as designed. [#539517]
  • The XenMobile 9.0 administrator cannot log on to the XenMobile 10 console after successful migration when the administrator user name contains an uppercase character. Before migration, create an administrator user account with all lowercase letters and with all permissions enabled so that after migration you can use that account to log on to the XenMobile 10 console. [#547422]
  • If Multi-Tenant Console (MTC) is enabled on XenMobile 9, MTC cannot be migrated to XenMobile 10. [#549969]
  • The Super Admin role created in XenMobile 9.0 does not migrate several setting and assignment permissions in XenMobile 10. After migration, in the XenMobile 10 console, go to Configure > Settings > Role Based Access Control and recreate the XenMobile 9.0 Super Admin role with permissions from the XenMobile 10 Admin role. [#553079]
  • Deployment package names created in XenMobile 9.0 with special characters (:, !, $, (), #, % , +, *, ~, ?, |, {}, and []) cannot be edited after migration. In addition, local users and local groups created in XenMobile 9.0 that contain an open square bracket ([) cause problems in XenMobile 10 when creating enrollment invitations. Before migration, remove all special characters from Deployment Package names as well as open square brackets from local user and local group names. [#538639]
Posted by at No comments:

Prerequisites

Prerequisites

You need to complete the following prerequisites before you run the XenMobile 10 MDM Upgrade Tool.

Citrix License Server
Make sure that you install the 11.12.1 Citrix License Server (available on the page) and that you configure the server with the latest V6 MDM-only license. Ensure that the licensing server ports 27000 and 7279 are open to the server. This step is crucial to prevent unintentionally upgrading users' devices to XenMobile Enterprise mode, which may lead to a licensing violation and also force users to re-enroll their devices.

Database
Migration can only be done between databases of the same type. For example:

Supported

  • PostgreSQL to PostgreSQL
  • MSSQL to MSSQL


Not supported

  • MSSQL to PostgreSQL
  • PostgreSQL to MSSQL

During the data migration process, XenMobile needs the ability to access the database solution implemented on XenMobile 9.0 Device Manager. For example, the following ports must be open:
  • For Microsoft SQL Server, the default port is 1433.
  • For PostgreSQL, the default port is 5432.
To allow remote connections to PostgreSQL, you must complete the following steps:
1. Open the file pg_hba.conf and locate the following line: "host all all 127.0.0.1/32 md5"
2. Append a new line host all all [XMS address/external address]/32 md5 
3. Save the file.
4. Stop and start the service.
5. Locate and open the postgresql.conf file and change this line from:
"#listen_addresses = 'localhost'" to "listen_addresses = ‘*’"
Note: The line must be uncommented. This can be made restrictive by allowing only XenMobile 9.0 and XenMobile 10 server IPs to access the PostgreSQL database (listen_addresses = '10.x.x.1,10.x.x.2').
6. Stop and start the PostgreSQL service for changes take effect.
7. Ensure that XMS and the database are able to communicate with each other. (This also checks that the database is able to accept remote connections.)

If a custom port has been assigned to the database solution, you have to ensure that the port is allowed and open in the firewall protecting XenMobile 9.0 Device Manager. Doing so enables XenMobile 10 to connect to the database and to migrate the required information.

External SSL certificate
External SSL certificates must meet the conditions outlined in . Be sure to review your pki.xml before starting the migration to ensure that the SSL certificate meets those conditions.

Administrator account user name
The administrator account used to log on to the XenMobile 10 console can contain only lowercase letters; you will not be able to log on to the XenMobile 10 console after migration if the account contains uppercase letters. Create an administrator user account with all lowercase letters and with all permissions enabled so that after migration you can use that account to log on to the XenMobile 10 console.

Deployment Package names with special characters
Deployment package names in XenMobile 9.0 that contain special characters (!, $, (), #, % , +, *, ~, ?, |, {}, and []) migrate, but the Delivery Groups in XenMobile 10 cannot be edited after migration. In addition, local users and local groups created in XenMobile 9.0 that contain an open square bracket ([) cause problems in XenMobile 10 when creating enrollment invitations. Before migration, remove all special characters from Deployment Package names as well as open square brackets from local user and local group names.

Copy files from XenMobile 9.0 Device Manager
Assuming Device Manager is installed in the default location (C:\Program Files(x86)\Citrix\XenMobile Device Manager\tomcat), copy the following files into a temporary folder:

From C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\conf folder:
  • server.xml
  • https.p12
  • cacerts.pem.jks
  • pki-ca-root.p12
  • pki-ca-devices.p12
  • pki-ca-servers.p12
Note: If custom server SSL server certificates (.p12) were used on the server running Device Manager, make sure that you copy that certificate instead of https.p12 to the temporary folder.

From the C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes\ folder, copy the following files into the same temporary folder:
  • ew-config.properties
  • pki.xml
  • variables.xml
After you have copied all the preceding files, open the temporary folder and zip the files; do not zip the folder, only the files. The zipped files will be uploaded during the upgrade.

When you understand the known issues and meet all the prerequisites, start the upgrade. For details, see Running the XenMobile 10 MDM Upgrade Tool.
Posted by at No comments:

Wednesday, 12 October 2016

XenMobile 10 MDM Upgrade Tool

XenMobile 10 MDM Upgrade Tool

You use the XenMobile 10 MDM Upgrade Tool to upgrade from XenMobile 9.0 to XenMobile 10. The tool is supported for upgrades from XenMobile MDM edition deployments.

Important: Using the tool to upgrade from XenMobile App Edition or XenMobile Enterprise Edition is not supported. Likewise, you cannot use the tool to upgrade from XenMobile 8.6 or 8.7 to XenMobile 10. In addition, if the Multi-Tenant Console (MTC) is enabled on XenMobile 9.0, the MTC cannot be migrated to XenMobile 10.

If your XenMobile 9.0 setup is based on named SQL instances, you need to follow steps specific to this situation. For details see, .

The Upgrade Tool is built within the XenMobile 10 virtual machine. You enable the one-time only wizard through the command-line console during the initial installation of XenMobile 10.

What the Upgrade Tool does

The XenMobile 10 MDM Upgrade Tool migrates configuration and user data from the XenMobile 9.0 server to a new instance of XenMobile 10 with the same fully qualified domain name (FQDN).

You can choose to test drive the upgrade or to do a full production upgrade. When you choose Test Drive in the tool, only configuration data is migrated to XenMobile 10; no device or user data is migrated. This option lets you compare XenMobile 9.0 and XenMobile 10 without affecting your production environment.

When you choose Production Upgrade in the tool, all configuration, device, and user data is migrated. When you log on to the XenMobile 10 console after the upgrade, you see all the user and device data that was migrated from XenMobile 9.

Note: This is not an in-place migration; all data is copied during migration, not moved, to XenMobile 10. Everything in XenMobile 9.0 remains intact until you move the XenMobile 10 server into production. When users connect to XenMobile 10 in production, if for some reason you want to revert to XenMobile 9.0, those users must re-enroll in XenMobile 9.0. After a successful production upgrade, to move XenMobile 10 to live production, you must do the following:

1. Update the DNS entry to map the XenMobile 9.0 FQDN to the new XenMobile 10 server IP.
2. If NetScaler is load balancing XenMobile Device Manager servers, you need to switch the XenMobile 9.0 service to the XenMobile 10 service.

What the Upgrade Tool Does Not Do
The following information is not migrated to XenMobile 10 when you use the Upgrade Tool:


  • Licensing information.
  • Reports data.
  • Automated actions.
  • Server group policies and associated deployments.
  • MSP group.
  • Policies and packages related to Windows CE and Windows 8.0.
  • Deployment packages not in use; for example, when no users or groups are assigned to a deployment package.
  • Any other configuration or user data as described in the migration.log file.
  • CXM Web (replaced by Citrix WorxWeb).
  • DLP policies (replaced by Citrix Sharefile).
  • Custom Active Directory attributes.
  • If you have configured multiple branding policies, the branding policy is not migrated. XenMobile 10 supports one branding policy; you have to leave one branding policy in XenMobile 9.0 to successfully migrate to XenMobile 10.
  • Any settings in the auth.jsp file in XenMobile 9.0 that are used to restrict access to the console. Console access restrictions in XenMobile 10 are firewall settings that you can configure in the command line interface.
Also note the following changes with XenMobile 10:
  • XenMobile 10 does not support Active Directory users who are assigned to local groups.
  • The local groups hierarchy is flattened.
Terminology Change with XenMobile 10
Note that after you upgrade, deployment packages in Device Manager are now referred to as delivery groups, as shown in the following figure. For more information, see.

Inside the delivery group, you can view the MDM policies, actions, and apps required for the group of users who require the resources.

Device Enrollment After Upgrade
Users do not need to re-enroll their devices after you upgrade to XenMobile 10. The devices should connect automatically to the XenMobile 10 server based on the heartbeat interval.

If you want to connect a device to XenMobile 10 immediately, on the device, use WorxHome > Device Info > Refresh Policy.

After the user devices connect, check to make sure you see the devices in the XenMobile console, as shown in the following figure.
Posted by at 2 comments:

Saturday, 8 October 2016

Importing Certificates

Importing Certificates
The following procedure describes how to configure FIPS on XenMobile by importing the certificate, which is required when you use a VMware hypervisor.

SQL Prerequisites
1. The connection to the SQL instance from XenMobile needs to be secure and must be SQL Server version 2012 or SQL Server 2014. To secure the connection, see Microsoft Management Console.

2. If the service does not restart properly, check the following:Open Services.msc.
a. Copy the logon account information used for the SQL Server service.

b. Open MMC.exe on the SQL Server.

c. Go to File > Add/Remove Snap-in and then double-click the certificates item to add the certificates snap-in. Select the computer account and local computer in the two pages on the wizard.

d. Click OK.

e. Expand Certificates (Local Computer) > Personal > Certificates and find the imported SSL certificate.

f. Right-click the imported certificate (selected in the SQL Server Configuration Manager) and then click All Tasks > Manage Private Keys.

g. Under Group or User names, click Add.

h. Enter the SQL service account name you copied in the earlier step.

i. Clear the Allow Full Control option. By default the service account will be given both Full control and Read permissions, but it only needs to be able to read the private key.

j. Close MMC and start the SQL service.

3. Ensure the SQL service is started correctly.

Internet Information Services (IIS) Prerequisites
1. Download the rootcert (base 64).

2. Copy the rootcert to the default site on the IIS server, C:\inetpub\wwwroot.

3. Check the Authentication check box for the default site.

4. Set Anonymous to enabled.

5. Select the Failed Request Tracking rules check box.

6. Ensure that .cer is not blocked.

7. Browse to the location of the .cer in an Internt Explorer browser from the local server, http://localhost/certname.cer. The root cert text should appear in the browser.

8. If the root cert does not appear in the Internet Explorer browser, make sure that ASP is enabled on the IIS server as follows.
a. Open Server Manager.
b. Navigate to the wizard in Manage > Add Roles and Features.
c. In the server roles, expand Web Server (IIS), expand Web Server, expand Application Development and then select ASP.
d. Click Next until the install completes.

9. Open Internet Explorer and browse to http://localhost/cert.cer.
Note: You can use the use the IIS instance of the CA for this procedure.

Importing the Root Certificate During Initial FIPS Configuration
When you complete the steps to configure XenMobile for the first time in the command-line console, you must complete these settings to import the root certificate. For details on the installation steps,

Enable FIPS: Yes
Upload Root Certificate: Yes
Copy(c) or Import(i): i
Enter HTTP URL to import: http://FQDN of IIS server/cert.cer
Server: FQDN of SQL Server
Port: 1433
User name: Service account which has the ability to create the database (domain\username).
Password: The password for the service account.
Database Name: This is a name you choose.
Posted by at No comments:

Tuesday, 4 October 2016

Configuring XenMobile in a Web Browser

Configuring XenMobile in a Web Browser

After completing the initial portion of the XenMobile configuration in your hypervisor Command Prompt window, complete the process in your web browser.

1. In your web browser, navigate to the location provided at the conclusion of the Command Prompt window configuration.

2. Type the XenMobile console administrator account user name and password you created in the Command Prompt window.

3. On the Get Started page, click Start. The Licensing page appears.

4. Configure the license. XenMobile comes with an evaluation license valid for 30 days. For details on adding and configuring licenses and configuring expiration notifications, see . Important: If you intend to cluster nodes, or instances, of XenMobile, you need to use the Citrix Licensing on a remote
server.

5. On the Certificate page, click Import. The Import dialog box appears.
6. Import your APNs and SSL Listener certificate. For details on working with certificates, see. 
Note: The SSL Listener certificate requires restarting the server.

7. If appropriate to the environment, configure NetScaler Gateway. For details on configuring NetScaler Gateway, see.

Note: You can deploy NetScaler Gateway at the perimeter of your organization's internal network (or intranet) to provide a secure single point of access to the servers, applications, and other network resources that reside in the internal network. In this deployment, all remote users must connect to NetScaler Gateway before they can access any resources in the internal network.

Note: Although NetScaler Gateway is an optional setting, after you enter data on the page, you must clear or complete the required fields before you can leave the page.

8. Complete the LDAP configuration to access users and groups from Active Directory. For details on configuring the LDAP connection, see.

9. Configure the notification server to be able to send messages to users. For details on notification server configuration, see.

Configuring FIPS with XenMobile
Federal Information Processing Standards (FIPS) mode in XenMobile supports U.S. federal government customers by configuring the server to use only FIPS 140-2 certified libraries for all encryption operations. Installing your XenMobile server with FIPS mode ensures that all data at rest and data in transit for both the XenMobile client and server are fully compliant with FIPS 140-2.

Before installing a XenMobile Server in FIPS mode, you need to complete the following prerequisites.

->You must use an external SQL Server 2012 or SQL Server 2014 for the XenMobile database. The SQL Server also must be configured for secure SSL communication. For instructions on configuring secure SSL communication to SQL Server, see the SQL Server Books Online.

->Secure SSL communication requires that an SSL certificate be installed on your SQL Server. The SSL certificate can either be a public certificate from a commercial CA or a self-signed certificate from an internal CA. Note that SQL Server 2014 cannot accept a wildcard certificate. Citrix recommends, therefore, that you request an SSL certificate with the FQDN of the SQL Server.

->If you use a self-signed certificate for SQL Server, you will need a copy of the root CA certificate that issued your self-signed certificate. The root CA certificate must be imported to the XenMobile server during installation.

Configuring FIPS mode
You can enable FIPS mode only during the initial setup of XenMobile server. It is not possible to enable FIPS after installation is complete. Therefore, if you plan on using FIPS mode, you must install the XenMobile server with FIPS mode from the start. In addition, if you have a XenMobile cluster, all cluster nodes must have FIPS enabled; you cannot have a mix of FIPS and non-FIPS XenMobile servers in the same cluster.

There is a Toggle FIPS mode option in the XenMobile command-line interface that is not for production use. This option is intended for non-production, diagnostic use and is not supported on a production XenMobile server.

1. During initial setup, enable FIPS mode.

2. Upload the root CA certificate for your SQL Server. If you used a self-signed SSL certificate rather than a public certificate on your SQL Server, choose Yes for this option and then do one of the following:

a. Copy and paste the CA certificate.
b. Import the CA certificate. To import the CA certificate, you must post the certificate to a website that is accessible from the XenMobile server via an HTTP URL. For details, see the section later
in this article.

3. Specify the server name and port of your SQL Server, the credentials for logging into SQL Server, and the database name to create for XenMobile.

Note: You can use either a SQL logon or an Active Directory account to access SQL Server, but the logon you use must have the DBcreator role.

4. To use an Active Directory account, enter the credentials in the format domain\username.

5. Once these steps are complete, proceed with the XenMobile initial setup.

To confirm that the configuration of FIPS mode is successful, log on to the XenMobile command-line interface. The phrase In FIPS Compliant Mode appears in the logon banner.
Posted by at No comments:

Friday, 30 September 2016

XenMobile 10.x

XenMobile 10.x

Supported NetScaler Gateway versions:
11.0.64.x
10.5.x.e
10.5.x MR
10.1.x.e
10.1.x MR

XenMobile client components generally follow these compatibility requirements:
The latest versions of Worx Home and the MDX Toolkit are compatible with the latest version of XenMobile server and the two most recent versions before that.

The latest version of the MDX Tookit, and the two most recent versions before that, are compatible with the most recent versions of Worx Home and Worx Mobile Apps.

To take advantage of new features, fixes, and policy updates, Citrix recommends that you install the most recent version of the MDX Toolkit, Worx Home, and Worx Mobile apps for the best experience.

 Note
Worx Home versions earlier than 10.0.3 are compatible but not supported.

1 Windows Phone 10 is not supported on XenMobile server 10.1.
2In earlier releases, the Worx version of QuickEdit was named WorxEdit and the Worx version of ShareConnect was named WorxDesktop. Both the MDX and non-MDX versions now have the same names: QuickEdit and ShareConnect.
3 The download page includes a separate version of ShareFile Worx for iOS that is required for use with restricted StorageZones.

Browser Support
XenMobile 10.x supports the following browsers:
Internet Explorer*
Chrome
Firefox
Safari on mobile devices for use with the Self Help Portal.

XenMobile 10.x is compatible with the most current version of the browser and one version prior to the current version.
*XenMobile 10.x does not support Internet Explorer version 9 and earlier.

XenMobile 9
XenMobile 9 includes Device Manager 9.0 and App Controller 9.0.
Supported NetScaler Gateway versions:
11.0.64
10.5.x.e
10.5.x MR
10.1.x.e
10.1.x MR

XenMobile client components generally follow these compatibility requirements:
The latest version of Worx Home and the MDX Toolkit are compatible with the last two versions of
XenMobile server.
The latest version of the MDX Toolkit is compatible with the latest Worx Mobile Apps.
Recent MDX Toolkit versions are compatible with the following versions of Worx Home:

1 Previously, the Worx version of QuickEdit was named WorxEdit and the Worx version of ShareConnect was named WorxDesktop. As of the latest releases, both the MDX and non-MDX versions have the same names: QuickEdit and ShareConnect.

2 The download page includes a separate version of ShareFile Worx for iOS that is required for use with restricted StorageZones.

Device Manager 8.7.1 and App Controller 2.10
Supported NetScaler Gateway versions: 10.1.126.1203.e and 10.1.124.1308.e

Supported client versions:
* MDX Toolkit 2.3 and 2.2.1 do not support WorxNotes.
** Not applicable

Device Manager 8.6.1 and App Controller 2.9
Supported NetScaler Gateway version: 10.1.124.1308.e
Supported client versions:
* MDX Toolkit 2.2.1 does not support WorxNotes.
** Not applicable
Posted by at No comments:

Thursday, 29 September 2016

XenMobile support

XenMobile support


For details on how to access supported related information and tools in the XenMobile console, see XenMobile support and Maintenance.

Supporting Mobile Platforms in XenMobile Cloud

After you make a request for a XenMobile Cloud instance, you can, if you like, begin preparing to support Android, iOS, and Windows platforms. As you complete the steps that apply to your environment, keep the information handy so you can use it when configuring settings in the XenMobile console.

Note that these requirements are a subset of the overall communication and port requirements that make up the XenMobile Cloud onboarding process. For details, see XenMobile Cloud prerequisites and administation.

Android

- Create Google Play credentials. For details, see Google Play Getting Started with Publishing.
- Create an Android for Work administrator account. For details, see Managing Devices with Adroid for Work in Xenmobile.
- Verify your domain name with Google. For details, see Verify your domain for Google Apps.
- Enable APIs and create a service account for Android for Work. For details, see Google for Work Adroid.

iOS

- Create an Apple ID and developer account. For details, see the Apple Developer Program website.
- Create an Apple Push Notification service (APNs) certificate. For details, see the Apple Push Certificates Portal.
- Create a Volume Purchase Program (VPP) company token. For details, see Apple Volume Purchasing Program.

Windows

- Create a Microsoft Windows Store developer account. For details, see the Microsoft Windows Dav Center.
- Obtain a Microsoft Windows Store Publisher ID. For details, see the Microsoft Windows Dav Center.
- Acquire an enterprise certificate from Symantec. For details, see the Microsoft Windows Dav Center.
- Create an Application Enrollment Token (AET). For details, see the Microsoft Windows Dav Center.

System Requirements

To run XenMobile 10, you need the following minimum system requirements:

- One of the following:
XenServer (supported versions: 6.2.x, 6.1.x, or 6.0.x); for details, refer to XenServer
VMWare (supported versions: ESXi 4.1, ESXi 5.1, or ESXi 5.5); for details, refer to VMware
Hyper-V (supported versions: Windows Server 2008 R2, Windows Server 2012, or Windows Server
2012 R2); for details, refer to Hyper-V
- Dual core processor
- Two virtual CPUs
- 4 GB of RAM
- 50 GB disk space

The recommended configuration for 10,000 devices is the following:

- Quad core processor
- 8 GB of RAM

NetScaler Gateway System Requirements

To run NetScaler Gateway with XenMobile 10, you need the following minimum system requirements:

- XenServer, VMWare, or Hyper-V
- Two virtual CPUs
- 2 GB of RAM
- 20 GB disk space

You also need to be able to communicate with Active Directory, which requires a service account. You only need query and read access.

XenMobile 10 Database Requirements

The XenMobile repository requires a Microsoft SQL Server database running on one of the following supported versions:

- Microsoft SQL Server 2014
- Microsoft SQL Server 2012
- Microsoft SQL Server 2008 R2
- Microsoft SQL Server 2008

Citrix XenMobile supports SQL Always on availability group and SQL Clustering for database high availability. Citrix does not support database mirroring for XenMobile database high availability. We do support database high availability with Active/Active or Active Passive mode with MS SQL Cluster deployment..

Citrix recommends using Microsoft SQL remotely. PostgreSQL is included with XenMobile and should be used locally or remotely only in test environments.

XenMobile Compatibility

This article summarizes the versions of the supported XenMobile components that you can integrate, including NetScaler Gateway and the version of the MDX Toolkit needed to wrap, configure, and distribute Worx Mobile Apps.

Quick links to sections in this article:

- XenMobile 10.x
- XenMobile 9
- Device Manager 8.7.1 and App Controller 2.10
- Device Manager 8.6.1 and App Controller 2.9
Posted by at No comments:

Thursday, 22 September 2016

Amazon

Amazon

Amazon

XenMobile supports Amazon Kindle devices -- such as Kindle Fire Phone and HD 8.9― (Zen561) -- running Fire OS 3.0 and earlier versions running proprietary operating systems based on Android. Note, however, that the MDX Toolkit and Worx apps versions 10.3 do not supportAmazing Kindle devices.

Symbian

XenMobile 10.3

XenMobile 10.3 does not support Symbian.

These are some of the Symbian devices XenMobile 10.1 and 10 support. In XenMobile 10, they're supported for device management only:XenMobile 10 and 10.1

-Symbian 3
-Symbian S60 5th Edition
-Symbian S60 3rd Edition, Feature Pack 2
-Symbian S60 3rd Edition, Feature Pack 1
-Symbian S60 3rd Edition
-Symbian S60 2nd Edition, Feature Pack 3
-Symbian S60 2nd Edition, Feature Pack 2

BlackBerry
Management of BlackBerry devices is provided through XenMobile Mail Manager. For details, see
Mail Manager.

Port Requirements
To enable devices and apps to communicate with XenMobile, you need to open specific ports in your firewalls. The following tables list the ports that must be open.

Opening Ports for NetScaler Gateway and XenMobile to Manage Apps
You must open the following ports to allow user connections from Worx Home, Citrix Receiver, and the NetScaler Gateway Plug-in through NetScaler Gateway to XenMobile, StoreFront, XenDesktop, the XenMobile NetScaler Connector, and to other internal network resources, such as intranet websites.
Posted by at No comments:

Monday, 25 July 2016

Supported Device Platforms in XenMobile

Supported Device Platforms in XenMobile


XenMobile 10.x supports devices running the following platforms for enterprise mobility management, including app and device management. Due to platform restrictions and security features, not all functionality is supported on all platforms. To support older versions of mobile operating systems, such as Android 4.1 and iOS 7, see in the Citrix Support Knowledge Center.

Android


XenMobile 10.3

Operating systems supported for all modes: Android 4.4.x, 5.x, 6.x
Operating systems supported for MDM-only mode: Android 4.1.x, 4.2.x, 4.3

Worx Home is supported on x86-based Android devices for MDM capabilities. App management is ONLY available on ARM-based Android devices. With the MDX Toolkit 10.3, MDX wrapped enterprise apps are supported on Android x86- based devices. MDX-wrapped applications are not supported on Android x64-based devices.

Some Android devices used for testing with XenMobile 10.3 on the operating systems listed above are:

a. Nexus 10, 7, 5, 9
b. Samsung Galaxy S4 and Note 3, 4, 5
c. Galaxy Tablet 2, S3, S4, S5
d. HTC One
e. Samsung Tablet P750
f. Samsung S6 and S6 Edge
g. OnePlus X

XenMobile 10 and 10.1

Operating systems supported for all modes: 4.4.x, 5.x, 6.x
Operating systems supported for MDM-only mode: 4.1.x

Android 4.2 and 4.3 are not supported.

Worx Home is supported on x86-based Android devices for MDM capabilities. App management is only available on Android devices with ARM-based processors. MDX-wrapped applications are not supported on Android x86-based devices.

Some Android devices used for testing with XenMobile 10 and 10.1 on the operating systems listed above are:

a. Nexus 10, 7, 5, 9
b. Galaxy S4 and Note 2, 3
c. Galaxy Tablet 2, S3, S4, S5
d. Moto X
e. HTC One
f. HTC Desire, LG
g. Samsung Tablet P750

These devices are supported for device management only:

a. Android 3.0–3.2
b. Android 2.3

SAFE and KNOX


On compatible Samsung devices, XenMobile 10.x supports and extends both Samsung for Enterprise (SAFE) and Samsung KNOX policies. You must enable the SAFE APIs by deploying the built-in Samsung Enterprise License Management (ELM) key to a device before you can deploy SAFE policies and restrictions. To enable the Samsung KNOX API, you also need to purchase a Samsung KNOX license by using the Samsung KNOX License Management System (KLMS) in addition to deploying the Samsung ELM key.

XenMobile supports Amazon Kindle devices running Fire OS 3.0 and earlier versions running proprietary operating systems based on Android. For HTC-specific policies, XenMobile supports HTC API version 0.5.0. In the case of Sony-specific policies, XenMobile  supports Sony Enterprise SDK 2.0.

iOS


XenMobile 10.3
iOS 9.x
iOS 8.4.x

Some iOS devices that XenMobile 10.3 supports:
iPhone 5, 5s, 5c, 6, 6+
iPad 2, 3
Mac OS X
MacBook, Air, Mini, Mini Retina 10.9.5, 10.10, 10.11

XenMobile 10 and 10.1
iOS 9.x
iOS 8.4.x

Some iOS devices that XenMobile 10 and 10.1 support:
iPhone 5, 5s, 5c, 6, 6+
iPad2, 3, Mini, Air, Air2, Mini Retina

Windows Phone and Tablet


XenMobile 10.3

a. Windows 10 tablet
b. Windows 10 tablet is not supported when XenMobile is in MAM-only mode.
c. Windows Phone 8.1/10
d. For Windows Phone 10, you must install a patch from the .
e. Windows Phone 8.1 and 10 are not supported when XenMobile is in MAM-only mode.
f. Windows Phone 8.1 compatibility with Worx Home:
g. Worx Home 10.0 when XenMobile is in Enterprise mode.
h. Worx Home 9.1.0 when XenMobile is in MDM-only mode.
i. Windows 8.1 Pro and Enterprise editions (32-bit and 64-bit)
j. Windows RT 8.1
l. Windows Mobile/CE
m. Windows CE is not supported when XenMobile is in MAM-only mode.

Some Windows devices that XenMobile 10.3 supports:

a. Windows Tablet 10, 8.1
b. Windows Phone 10, 8.1
c. HTC (Windows Phone 8.1)
d. Nokia 920, 925, 1020, 1520 (Windows Phone 8.1)
e. Windows Tablet Surface Pro 3
f. Windows Tablet Surface 2
g. Windows Tablet RT

XenMobile 10 and 10.1

a. Windows 10 tablet
b. Windows Phone 8.1 / 10:
Windows Phone 8.1 is not supported when XenMobile is in MAM-only mode.
Windows Phone 10 is not supported on XenMobile 10.1.
c. Windows Phone 8.1 compatibility with Worx Home:
Worx Home 10.0 when XenMobile is in Enterprise mode
Worx Home 9.0.3 when XenMobile is in MDM-only mode
d. Windows 8.1 Pro and Enterprise editions (32-bit and 64-bit)
e. Windows RT 8.1
f. Windows Mobile: XenMobile 10.1 does not support Windows Mobile devices. Users with devices running Windows Mobile or Windows CE must continue to use XenMobile 9.

Some Windows devices that XenMobile 10 and 10.1 support:

a. Windows Tablet 8.1
b. HTC (Windows Phone 8.1)
c. Nokia 920, 925, 1020, 1520 (Windows Phone 8.1)
d. Windows Tablet Surface Pro 3
e. Windows Tablet Surface 2
f. Windows Tablet RT
Posted by at No comments:

Saturday, 23 July 2016

Downloading XenMobile Product Software

Downloading XenMobile Product Software


You can download product software from the Citrix web site. You need to log on to the site and then click the Downloads link on the Citrix web page. You can then select the product and type you want to download. For example, the following figure shows XenMobile product software drop-down list:



When you click Find, a page listing the available downloads appears with the most recent version at the top of the list:



You can select your software from the available list of options. For example, if you select XenMobile 8.6 Enterprise Edition, you can download the software for Device Manager, App Controller, NetScaler Gateway, and other XenMobile components as shown in the following figure:


To download the software for NetScaler Gateway


You can use this procedure to download the NetScaler Gateway virtual appliance or software upgrades to your existing NetScaler Gateway appliance.

1. Go to the Citrix web site.
2. Click My Account and log on.
3. Click Downloads.
4. Under Find Downloads, select NetScaler Gateway.
5. In Select Download Type, select Product Software and then click Find. You can also select Virtual Appliances to download NetScaler VPX. When you select this option, you receive a list of software for the virtual machine for each hypervisor.
6. On the NetScaler Gateway page, expand NetScaler Gateway or Access Gateway.
7. Click the appliance software version you want to download.
8. On the appliance software page for the version you want to download, select the virtual appliance and then click Download.
9. Follow the instructions on your screen to download the software.

To download the software for Device Manager


1. Go to the Citrix web site.
2. Click My Account and log on.
3. Click Downloads.
4. Under Find Downloads, select XenMobile.
5. In Select Download Type, select Product Software and then click Find.
6. On the XenMobile Product Software page, click XenMobile 8.6 MDM Edition.
7. Under XenMobile Device Manager, click Download next to XenMobile Device Manager 8.6.
8. Follow the instructions on your screen to download the software.

To download the software for App Controller


1. Go to the Citrix web site.
2. Click My Account and log on.
3. Click Downloads.
4. Under Find Downloads, select XenMobile.
5. In Select Download Type, select Product Software and then click Find.
6. On the XenMobile Product Software page, click XenMobile 8.6 App Edition.
7. On the XenMobile 8.6 App Edition page, click the appropriate App Controller virtual image in order to install App Controller on XenServer, VMware, or Hyper-V.
8. Follow the instructions on your screen to download the software.

To download the MDX Toolkit


You can run the MDX Toolkit for wrapping iOS and Android apps on Mac OS X Versions 10.7 (Lion), 10.8 (Mountain Lion), or 10.9 (Mavericks).

1. Go to the Citrix web site.
2. Click My Account and log on.
3. Click Downloads.
4. Under Find Downloads, select XenMobile.
5. In Select Download Type, select Product Software and then click Find.
6. On the XenMobile Product Software page, click XenMobile 8.6 App Edition.
7. On the XenMobile 8.6 App Edition page, expand Worx Mobile Apps.
8. Locate MDX Toolkit & SDK for iOS and Android Build <number> where <number> is the toolkit build number, such as 324.
9. Click Download.
10. Follow the instructions on your screen to download the software.
Posted by at No comments:

Friday, 22 July 2016

Sign the CSR

Sign the CSR


Before you can submit the certificate to Apple, it needs to be signed by Citrix so it can be used with XenMobile.

1. In your browser, go to the website.
2. Click Upload the CSR.
3. Browse to and select the certificate.
4. On the XenMobile APNs CSR Signing page, click Sign. The CSR is signed and automatically saved to your configured download folder.

To submit the signed CSR to Apple to obtain the APNs certificate


After receiving your signed Certificate Signing Request (CSR) from Citrix, you need to submit it to Apple to obtain the APNs certificate.

1. Click Create a Certificate.
2. If this is the first time you are creating a certificate with Apple, select the I have read and agree to these terms and conditions check box and then click Accept.
3. Click Choose File, browse to the signed CSR on your computer and then click Upload. A confirmation message should appear stating that the upload is successful.
4. Click Download to retrieve the .pem certificate.

To create a .pfx APNs certificate by using Microsoft IIS


To use the APNs certificate from Apple with XenMobile, you need to complete the certificate request in Microsoft IIS, export the certificate as a PCKS #12 (.pfx) file and then import the APNs certificate into XenMobile.

Important: You need to use the same IIS server for this task as the server you used to generate the CSR.

1. Open Microsoft IIS.
2. Click the Server Certificates icon.
3. In the Server Certificates window, click Complete Certificate Request.
4. Browse to the Certificate.pem file from Apple. Then, type a friendly name or the certificate name and click OK.
5. Select the certificate that you identified in Step 4 and then click Export.
6. Specify a location and file name for the .pfx certificate and a password and then click OK.
7. Copy the .pfx certificate to the server on which XenMobile will be installed.
8. Sign on to the XenMobile console as an administrator or as a user with access to the About tab.
9. Click the About tab and then click Update APNs Certificate.
10. In the Update APNs Certificate dialog box, browse to the APNs certificate .pfx file on your computer and then enter a new password.
11. Click Load APNs Certificate.
12. Click Update.

To create a .pfx APNs certificate on a Mac computer


1. On the same Mac computer running Mac OS X that you used to generate the CSR, locate the Production identity (. pem) certificate that you received from Apple.
2. Double-click the certificate file to import the file into the keychain.
3. If you are prompted to add the certificate to a specific keychain, keep the default login keychain selected and then click OK. The newly added certificate will appear in your list of certificates.
4. Click the certificate and then on the File menu, click Export to begin exporting the certificate into a PCKS #12 (.pfx) certificate.
5. Give the certificate file a unique name for use with the XenMobile server, choose a folder location for the saved certificate, select the .pfx file format and then click Save.
6. Enter a password for exporting the certificate. Citrix recommends that you use a unique, strong password. Also, be sure to keep the certificate and password safe for later use and reference.
7. The Keychain Access application will prompt you for the login password or selected keychain. Enter the password and then click OK. The saved certificate is now ready for use with the XenMobile server.

To create a .pfx APNs certificate by using OpenSSL


After you use OpenSSL to create a Certificate Signing Request (CSR), you can also use OpenSSL to create a .pfx APNs certificate.

1. At a command prompt or shell, execute the following command.
openssl pkcs12 -export -in MDM_Zenprise_Certificate.pem -inkey Customer.key.pem -out apns_identity. p12
2. Enter a password for the .pfx certificate file. Remember this password because you need to use the password again when you upload the certificate to XenMobile.
3. Note the location for the .pfx certificate file and then copy the file to the XenMobile server, so you can use the XenMobile console to upload the file.

To import an APNs certificate into XenMobile


After you have requested and received a new APNs certificate, you import the APNs certificate into XenMobile to either add the certificate for the first time or to replace an existing certificate.

1. Sign on to the XenMobile console as an administrator.
2. Click Configure > Settings > Certificates.
3. On the Certificates page, click Import. The Import dialog box appears.
4. Browse to the .p12 file on your computer.
5. Enter a password and then click Import.

For more information about certificates in XenMobile, see the Certificate section.

To renew an APNs certificate


To renew an APNs certificate, you need to perform the same steps you would if you were creating a new certificate. Then, you visit the and upload the new certificate. After logging on, you see your existing certificate or you may see a certificate that was imported from your previous Apple Developers account. On the Certificates Portal, the only difference when renewing the certificate is that you click Renew. You must have a developer account with the Certificates Portal in order to access the site.

Certificates. If the certificate is expired, however, do not revoke the certificate.

1. Generate a CSR using Microsoft Internet Information Services (IIS).
2. Click Renew.
3. Generate a PCKS #12 (.pfx) APNs certificate using Microsoft IIS.
4. Update the new APNs certificate to XenMobile in Configure > Settings > Certificates.
5. In Import dialog box, import the new certificate.
Posted by at No comments:

Wednesday, 20 July 2016

Configuring Roles with RBAC

Configuring Roles with RBAC


The Role-Based Access Control (RBAC) feature in XenMobile lets you assign predefined roles, or sets of permissions, to users and groups. These permissions control the level of access users have to system functions.

XenMobile implements four default user roles to logically separate access to system functions:

1. Administrator. Grants full system access.
2. Provisioning. Used by administrators to provision all Windows Mobile/CE devices as a group using the Device Provisioning Tool.
3. Support. Grants access to remote support.
4. User. Used by users who can enroll devices and access the Self Help Portal.

You can also create new user roles with permissions to access specific system functions beyond the functions defined by these default roles by using the default roles as templates that you customize.

Roles can be assigned to local users (at the user level) or to Active Directory groups (all users in that group have the same permissions). If a user belongs to several Active Directory groups, all the permissions are merged together to define the permissions for that user. For example, if ADGroupA users can locate manager devices, and ADGroupB users can wipe employee devices, then a user who belongs to both groups can locate and wipe devices of managers and employees.

You can use the RBAC feature in XenMobile to do the following:

1. Create a new role.
2. Add groups to a role.
3. Associate local users to roles.

1. In the XenMobile console, click Configure > Settings > Role-Based Access Control.



The Role page appears, which displays the four default user roles, plus any roles you have previously added.




2.Click Add to add a new user role, click the pen icon to the right of an existing role to edit the role, or click the trash can icon to the right of a role you previously defined to delete the role. You cannot delete the default user roles.

a. When you click Add or the pen icon, the Add Role or the Edit Role page appears.


b. When you click the trash can icon, a confirmation dialog appears. Click Delete to remove the selected role.

3. Enter the following information to create a new user role or to edit an existing user role:

a. RBAC name: Enter a descriptive name for the new user role. You cannot change the name of an existing role.
b. RBAC template: Click a template as the starting point for the new role or click a new template for an existing role.


Using a template is optional; you can directly select the options you want to assign to a role in the Authorized Access and Console Features fields.

a. Click Apply to populate the Authorized access and Console features check boxes with the0 predefined access and feature permissions for the selected template.
b. Select and clear the check boxes in Authorized access and Console features to customize the role.


c. Apply permissions: Select the groups to which you want to apply the selected permissions.



If you click To specific user groups, a list of groups appears from which you can select one or more groups.

4. Click Next. The Assignment page appears.


5. Enter the following information to assign the role to user groups and then click Save.

a. Select domain: In the list, click a domain.
b. Include user groups: Click Search to see a list of all available groups, or type a full or partial group name to limit the list to only groups with that name.
c. In the list that appears, select the user groups to which you want to assign the role. When you select a user group, the group appears in a list of selected groups to the right of the search box.



To remove a user group from the Selected user groups list, do one of the following:

a. Click Search to see a list of all user groups in the selected domain.
b. Type a full or partial group name in the search box, and then click Search to limit the list of user groups.

User groups in the list have check marks next to their name in the resulting list. Scroll through the list and clear the check box next to each group you want to remove.
Posted by at 1 comment:

Tuesday, 19 July 2016

Samsung browser device policies

Samsung browser device policies


You can create Samsung browser device polices for Samsung SAFE and Samsung KNOX devices to define whether users' devices can use the browser or to limit which browser functions users' devices can use. You can completely disable the browser, or you can enable or disable pop-ups, Javascript, cookies, autofill, and whether to force fraud warnings.

1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.



2. Click Add to add a new policy. The Add New Policy dialog box appears.



3. Click More, and then under Apps, click Samsung Browser. The Samsung Browser Policy information page appears.



4. In the Policy Information pane, enter the following information:
a. Policy Name: Type a descriptive name for the policy.
b. Description: Type an optional description of the policy.

5. Click Next. The Policy Platforms page appears.



6. Devloyment Rules.

7. Under Platforms, select Samsung platforms you want to add. If you are only configuring for one platform, clear the other, then configure the following settings:

a. Disable browser: Select whether to completely disable the Samsung browser on users's devices. The default is OFF, which lets users use the browser. When you disable the browser, the following options disappear.
b. Disable pop-up: Select whether to allow pop-up messages on the browser.
c. Disable Javascript: Select whether to allow Javascript to run on the browser.
d. Disable cookies: Select whether to allow cookies.
e. Disable autofill: Select whether to allow users to turn on the browser's autofill function. 
f. Force fraud warning: Select whether to display a warning when users visit a fraudulent or compromised website.

8. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.



a. In the lists, click options to determine when the policy should be deployed.
i.You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
ii. Click New Rule to define the conditions.
iii. In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
iv. Click New Rule again if you want to add more conditions. You can add as many conditions as you
would like.

b. Click the Advanced tab to combine the rules with Boolean options.


The conditions you chose on the Base tab appear.

c. You can use more advanced Boolean logic to combine, edit, or add rules.
i.Click AND, OR, or NOT.
ii. In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.
At any time, you can click to select a condition and then click EDIT to change the condition or
Delete to remove the condition.
iii. Click New Rule again if you want to add more conditions.



In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

9. Click Next. The Samsung Browser Device Policy page appears.

10. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.



11. Expand Deployment Schedule and then configure the following settings:

a. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON . If you choose OFF, no other options need to be configured.
b. Next to Deployment schedule, click Now or Later. The default option is Now.
c. If you click Later, click the calendar icon and then select the date and time for deployment.
d. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
e. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.



12. Click Save to save the policy.
Posted by at No comments:

Sunday, 17 July 2016

XenMobile Deployment Prerequisites

XenMobile Deployment Prerequisites


Before you deploy the XenMobile solution and install the components, make sure you have the right prerequisites and system requirements. This effort will prepare you to configure the network settings, open ports in your firewall, install certificates and licenses, and configure authentication.

This section details the deployment information you need to gather and includes the XenMobile Solution Pre-Installation Checklist to guide you through the recommended settings.

Gathering Information Before You Deploy XenMobile Components


Before you install XenMobile components in your network, you need the right prerequisites. These prerequisites include:

1. Network settings. These settings include IP addresses, ports, DNS, Network Time Protocol (NTP) and SMTP servers, and the IP address or fully qualified domain name (FQDN) of a load balancer.

2. Hardware and sizing requirements. These include Windows Servers, hypervisors, and NetScaler Gateway requirements. The NetScaler Gateway appliance you select (VPX, MDX, or SDX) determines the maximum number of user connections to your XenMobile deployment.

3. Certificates. These include server, root, intermediate, Apple Push Notification Service (APNS), and certificates for wrapping mobile apps with the MDX Toolkit.

4. Licenses. Licenses are required for XenMobile MDM Edition and NetScaler Gateway.

5. Active Directory settings. These settings are required for XenMobile MDM Edition and for XenMobile App Edition.

6. Authentication method Before deploying XenMobile components, it's important to decide on an authentication method. For example, you should decide if you are implementing the Worx PIN that you configure in App Controller. The Worx PIN caches Active Directory credentials and works with client certificate authentication. Authentication settings can enable LDAP, RADIUS, one-time passwords, client certificate authentication, and two-factor authentication. If users connect to internal web sites, you need to configure authentication for NetScaler Gateway and SharePoint to allow single sign-on (SSO) to work.

7. Load balancers. Load balancers manage connections to your XenMobile deployment. You might also need to plan for packet inspection appliances to monitor network traffic entering your internal network.

8. Email server and data synchronization settings These settings include Exchange Server and ActiveSync configurations for XenMobile MDM Edition and WorxMail.

9. Databases. These databases include either Microsoft SQL Server or Postgres for XenMobile MDM Edition. The Postgres database comes with XenMobile MDM Edition and installs when you install Device Manager.

Gathering Network Information


You need to identify the following network settings and configure appropriate server settings before you install the XenMobile components in your network:

1. IP addresses for each XenMobile component. For example, for NetScaler Gateway, you need the system IP (NSIP) and the subnet IP (SNIP) addresses.

2. Opening the appropriate ports in your firewall to allow network traffic to communicate with each component.

3. Domain Name Servers (DNS) for name resolution with users inside your network and users who connect from remote locations. You might need different IP addresses for each DNS server.

4. Network Time Protocol (NTP) server. The NTP server synchronizes the time between all of your network components. Citrix recommends that you use an NTP server for your XenMobile deployment.

5. SMTP server for email. When you configure an SMTP server, you need the fully qualified domain name (FQDN) of the email server, such as mail.mycompany.com. You also need to identify the port, the email addresses used for the send function, and user email addresses and passwords.

The XenMobile Pre-Installation checklist includes a section where you can write down all of your network settings. You might need to coordinate with other team members to configure the ports and servers you need for the XenMobile deployment.

Obtaining and Installing Certificates 


Certificates are used to create secure connections and authenticate users. XenMobile MDM requires a certificate from the Apple Push Notification Service (APNS). XenMobile MDM also uses its own PKI service or obtains certificates from the Microsoft Certificate Authority (CA) for client certificates.

All Citrix products support wildcard and SAN certificates. For most deployments, you only need two wildcard or SAN certificates. You can use the following formats:

1. External - *.mycompany.com
2. Internal - *.myinternaldomain.net

For NetScaler Gateway and App Controller, Citrix recommends obtaining server certificates from a public CA, such as Verisign, DigiCert, or Thawte. You can create a Certificate Signing Request (CSR) from the NetScaler Gateway configuration utility or the App Controller management console. After you create the CSR, submit it to the CA for signing. When the CA returns the signed certificate, you can install the certificate on NetScaler Gateway or App Controller.

For more information about installing certificates, see the following topics in Citrix eDocs:

1. NetScaler Gateway: Installing and Managing Certificates
2. App Controller: Configuring Certificates in App Controller
3. Device Manager: Requesting an APNS Certificate

Configuring Client Certificates for Authentication

NetScaler Gateway supports the use of client certificates for authentication. Users logging on to a NetScaler Gateway virtual server can also be authenticated based on the attributes of the client certificate that is presented to the virtual server. Client certificate authentication can also be used with another authentication type, such as LDAP or RADIUS, to provide two-factor authentication.

To authenticate users based on the client-side certificate attributes, client authentication should be enabled on the virtual server and the client certificate should be requested. You must bind a root certificate to the virtual server on NetScaler Gateway.

When users log on to the NetScaler Gateway virtual server, after authentication, the user name information is extracted from the specified field of the certificate. Typically, this field is Subject:CN. If the user name is extracted successfully, the user is then authenticated. If the user does not provide a valid certificate during the Secure Sockets Layer (SSL) handshake or if the user name extraction fails, authentication fails.

You can authenticate users based on the client certificate by setting the default authentication type to use the client certificate. You can also create a certificate action that defines what is to be done during the authentication based on a client SSL certificate.

Determining Your Hardware, Hypervisor, and Sizing Requirements


Each XenMobile component has specific hardware, hypervisor, or sizing requirements:

1. User devices. This hardware requirement includes the number and types of devices that enroll when you deploy Device Manager, such as iPads or Android phones.

2. Hardware or hypervisor. These requirements include the hardware resources to support your number of users and devices. You install App Controller and NetScaler VPX on a hypervisor, such as XenServer. You can also deploy the physical NetScaler or NetScaler Gateway appliance. The number of users who connect determines the NetScaler Gateway appliance model you select, or the number of App Controller instances you install on the hypervisor. 

Your hypervisor, such as XenServer, must contain enough disk space and memory to support multiple instances of App Controller or NetScaler VPX.

3. Sizing. The number of devices that connect to XenMobile components. For example, if Device Manager supports 5,000 devices, the Device Manager server needs from 2 through 4 CPUs, a minimum of 4 gigabytes (GB) of memory, and 24 GB of disk space.

This section describes detailed hardware or hypervisor requirements for each XenMobile component.

NetScaler Gateway Requirements

To determine which of the following NetScaler Gateway models suit the needs of your organization, you need to consider how many users will connect. You can use the following guidelines:

1. NetScaler SDX - a hardware platform on which virtual instances on NetScaler and NetScaler Gateway can run. NetScaler SDX can handle up to 62,500 user connections. For more information, see the NetScaler documentation in Citrix eDocs.

2. NetScaler Gateway MPX - a physical appliance that can handle up to 7,500 user connections.

3. NetScaler Gateway VPX - a virtual machine that can handle up to 875 user connections.


Posted by at No comments:
Subscribe to: Posts (Atom)