Creating and Updating Notification Templates

Creating and Updating Notification Templates

You can create or update notification templates in XenMobile to be used in automated actions, enrollment, and standard notification messages sent to users. You configure the notification templates to send messages over three different channels: Worx Home, SMTP, or SMS.

Note: If you plan to use SMTP or SMS channels to send notifications to users, you must set up the channels before you can activate them. XenMobile prompts you to set up the channels when you add notification templates if they are not already set up. For details, see Notification in Xenmobile.

1. In the XenMobile console, click Configure > Settings > Notification Templates.

2. Do one of the following:

- Click Add to add a new notification template. If no SMS gateway or SMTP server has been set up, a message appears regarding the use of SMS and SMTP notifications. You can choose to set up the SMTP server or SMS gateway now or set them up later. For details, see .

Note: If you choose to set up SMS or SMTP server settings now, you are redirected to the Configure > Settings > Notification Server page. After setting up the channels you want to use, you can return to the Configure > Settings > Notification Template page to continue adding or modifying notification templates.

Important: If you choose to set up SMS or SMTP server settings later, you will not be able to activate those channels when you add or edit a notification template, which means those channels will not be available for sending user notifications.

- Select an existing template to edit or delete. Click the option you want to use.

Note:

You can delete only notification templates that you have added; you cannot delete predefined notification templates.

When you select the check box next to a notification template, the options menu appears above the notification template list; when you click anywhere else in the list, the options menu appears on the right side of the listing.

XenMobile includes many predefined notification templates that reflect the distinct types of events that XenMobile automatically responds to for every device in the system.

When you click to add a template, the Add Notification Template page appears.

3. On the Add Notification Template page (or the Edit Notification Template page if you are editing an existing notification), enter or modify the following information:

a. Name: Type a descriptive name for the template.

b. Description: Type a description for the template.

c. Type: Select the notification type. Only supported channels for the selected type appear.

Note: For some template types, the phrase Manual sending supported appears below the type. This means that the template is available in the Notifications list on the Dashboard and on the Devices page to let you manually send the notification to users. Manual sending is not available in any templates that use the following macros in the Subject or Message field on any channel:

${outofcompliance.reason(whitelist_blacklist_apps_name)}

${outofcompliance.reason(smg_block)}

Attention: Only one APNS Cert Expiration template is allowed, which is a predefined template. This means you cannot add a new template of this type.

4. Channels: Enter or modify the information for each channel to be used with this notification. You can choose any or all channels. The channels you choose depends on how you want to send notifications:

- If you choose Worx Home, only iOS and Android devices receive the notifications, which appear in

the device's notification tray.

- If you choose SMS, only users using devices with a SIM card receive the notification.

- If you choose SMTP, most users should receive the message because they will have enrolled with

their email addresses.

Worx Home

a. Activate: Click to enable the notification channel.

b. Message: Type the message to be sent to the user. This field is required if you are using Worx Home.

c. Sound File: Select the notification sound the user hears when the notification is received.

SMTP

a. Click Activate to enable the notification channel.

Important: You are only able to activate the SMTP notification if you have already set up the SMTP server. For details, see Notification in Xenmobile.

b. Sender: Enter an optional sender for the notification, which can be a name, an email address, or both.

c. Recipient: This field contains a pre-built macro for all but Ad-Hoc notifications to ensure that notifications are sent to the correct SMTP recipient address. Citrix recommends that you do not modify macros in templates. You can also add recipients (for example, the corporate admin), in addition to the user by adding their addresses separated by a semi-colon (;). To send Ad Hoc notifications, you can enter specific recipients on this page, or you can select devices from the Manage > Devices page and send notifications from there. For details.

d. Subject: Type a descriptive subject for the notification. This field is required if you are using SMTP.

e. Message: Type the message to be sent to the user.

SMS

a. Click Activate to enable the notification channel.

Important: You are only able to activate the SMTP notification if you have already set up the SMTP server. For details, see Notification in Xenmobile.

b. Recipient: This field contains a pre-built macro for all but Ad-Hoc notifications to ensure that notifications are sent to the correct SMTP recipient address. Citrix recommends that you do not modify macros in templates. To send Ad Hoc notifications, you can enter specific recipients, or you can select devices from the Manage > Devices page. For details.

c. Message: Type the message to be sent to the user. This field is required if you are using SMS. Important: You are only able to activate the SMS notification if you have already set up the SMS gateway. For details, see Notification in Xenmobile.

5. Click Add to add the new template or click Save to save your edits. When all channels are correctly configured, they appear in this order on the Notification Templates page: SMTP, SMS, and Worx Home. Any channels not correctly configured appear after the correctly configured channels.

Configuring Deployment Rules

Configuring Deployment Rules

You can set any number of parameters that will affect the deployment outcome of a package.

For example, your package deployment could be based on a specific operating system version, on a particular hardware platform, or some other combination. In this wizard, you will find both a Base and Advanced rule editor. The Advanced view is a free-form editor. The image below illustrates the Deployment Rules screen accessible when adding or editing an app:

Base Deployment Rules

Base deployment rules are comprised of predefined tests and resulting actions. When possible, the results are pre-built into the example tests. For example, when basing a package deployment on a hardware platform, all existing known platforms are populated into the resulting test, drastically reducing your rule creation time and limiting possible errors.

Click New rule to add a rule to the package.
Note: The rule builder includes further information, specific to each test.

To create a new rule, you select a rule template, select the condition type, and then customize the rule. Customizing the rule includes modifying the description. When you finish configuring settings, you add the rule to the package.

You can add as many rules as you want. The package is deployed when all of the rules match.

Advanced Deployment Rules

If you click on the Advanced tab, the Advanced Rule Editor appears.

In this mode, you can specify what relationship is set between the rules. The operators AND, OR, and NOT are available.

Configuring XenMobile for the First-Time Use

Configuring XenMobile for the First-Time Use

Configuring XenMobile for the first time is a two-part process.

1. Configure the IP address and subnet mask, default gateway, and DNS servers for XenMobile by using the XenCenter or vSphere command-line console.

2. Log on to the XenMobile management console and follow the steps in the initial logon screens.

Configuring XenMobile in the Command Prompt Window

1. Import the XenMobile virtual machine into Citrix XenServer, Microsoft Hyper-V, or VMware ESXi. For details, see , , or documentation.

2. In your hypervisor, select the imported XenMobile virtual machine and start the command prompt view. For details, see the documentation for your hypervisor.

3. From the hypervisor’s console page, create an administrator account for XenMobile in the Command Prompt window.

Note: No characters, such as asterisks, are shown when you type the new password. Nothing appears.

4. Provide the following:

a. IP address

b. Netmask

c. Default gateway

d. Primary DNS server

e. Secondary DNS server (optional)

Note: The addresses shown in this image are non-working and are provided as examples only.

5. Type y to increase security by generating a random passphrase or n provide your own passphrase. Citrix recommends typing y to generate a random passphrase. The passphrase is used as part of the protection of the encryption keys used to secure your sensitive data. A hash of the passphrase, stored in the server file system, is used to retrieve the keys during the encryption and decryption of data. The passphase cannot be viewed.

Note: If you intend to extend your environment and configure additional servers, you should provide your own passphrase. There is no way to view the passphrase if you selected a random passphrase.

6. Optionally, enable Federal Information Processing Standard (FIPS). For details about FIPS, see

2 Compliance. Also, be sure to complete a set of prerequisites, as discussed in .

7. Configure the database connection. Your database can be local or remote. When asked Local or remote, type r or l. Important:

-->Citrix recommends using Microsoft SQL remotely. PostgreSQL is included with XenMobile and should be used locally or remotely only in test environments.

-->Database migration is not supported. Databases created in a test environment cannot be moved to a production environment.

Important: The default port for PostgreSQL is 5432.

Note: The addresses shown in this image are non-working and are provided as examples only.

8. Provide the fully qualified domain name (FQDN) for the server hosting XenMobile. This one host server provides both device management and app management services.

Important: You will not be able to change the FQDN without completely reinstalling the server.

9. Identify the communication ports. For details on ports and their uses, see .

Note: Accept the default ports by pressing Enter (Return on a Mac).

10. You are asked to provide passwords for all the Public Key Infrastructure (PKI) server certificates and given the option to use the same password for each certificate. For details on the XenMobile PKI feature, see XenMobile.

Important: If you intend to cluster nodes, or instances, of XenMobile together, you will need to provide the identical passwords for subsequent nodes.

Note: No characters, such as asterisks, are shown when you type the new password. Nothing appears.

11. Create an administrator account for logging on to the XenMobile console with a web browser. Be sure to remember these credentials for later use.

Note: No characters, such as asterisks, are shown when you type the new password. Nothing appears.

12. When asked if this is an upgrade, type n because it is a new installation.

13. Copy the complete URL that appears on the screen and continue this initial XenMobile configuration in your web

Pre-Installation Checklist

Pre-Installation Checklist

You can use this checklist to note the prerequisites and settings for installing XenMobile 10. Each task or note includes a column indicating the component or function for which the requirement applies. For installation steps, see XenMobile.

Basic Network Connectivity

The following are the network settings you need for the XenMobile solution.

Licensing

XenMobile requires you to purchase licensing options for NetScaler Gateway and XenMobile. For more information about Citrix Licensing, see .

Certificates

XenMobile and NetScaler Gateway require certificates to enable connections with other Citrix products and app and from user devices. For details, see .

Ports

You need to open ports to allow communication with the XenMobile components. For a complete list of ports you need to open, see .

Database

You need to configure a database connection. The XenMobile repository requires a Microsoft SQL Server database running on one of the following supported versions: Microsoft SQL Server 2014, SQL Server 2012, SQL Server 2008 R2, or SQL Server 2008. Citrix recommends using Microsoft SQL remotely. PostgreSQL is included with XenMobile and should be used locally or remotely only in test environments.

User Connections: Access to XenDesktop, XenApp, and Worx Home

Citrix recommends that you use the Quick Configuration wizard in NetScaler to configure connection settings between XenMobile and NetScaler Gateway and between XenMobile and Worx Home. You create a second virtual server to enable user connections from Receiver and web browsers to connect to Windows-based applications and virtual desktops in XenApp and XenDesktop. Citrix recommends that you use the Quick Configuration wizard in NetScaler to configure these settings as well.

Known Issues

The following are known issues for XenMobile 10.0.

For a list of fixed issues in this release, see http://support.citrix.com/article/CTX14172 .

-->Worx Home may show gray placeholders instead of icons when an iOS device is updated from iOS 7 to iOS 8 and then restarted. This is a third-party issue. [#502879]

-->During enrollment, iOS devices may experience errors during or after mobile device management (MDM) profile installation. Users may see "Cocoa error 4097," on devices running iOS 8.1, or "Profile cannot be decrypted," on devices running earlier versions of iOS. If this occurs, users should try enrolling again. In some cases, it may take more than one attempt. [#507948]

-->You cannot make checkUserPassword and addGroup SOAP calls in the USER group class in XenMobile 10. The User API changes appear in the database, but not on device user interfaces. [#511551, #511822]

-->The ability to change the deployment order of delivery group resources from the XenMobile web console is not available. If you want to control the deployment order, rename your resources to follow the deployment protocol used by XenMobile: numerical (1, 2, 3, …), uppercase alphabetical (A, B, C, …), and lowercase alphabetical (a, b, c, …). A resource with a name beginning with 24 would be deployed before a resource with a name beginning with WM, and both resources would deploy before a resource with a name beginning with tw. [#512566]

-->SafeSearch is disabled and set to moderate on Windows Phone 8.1 devices when the Filter Adult Content restriction is enabled. [#513605]

-->When you deploy Windows 8.1 tablet device policies, before XenMobile receives an acknowledgment from the device that the policy has executed, you may see the policies listed in the Deployed tab in Device details in the XenMobile console. [#514749]

-->When re-enrolling a device, enrollment may fail if users re-enroll too soon after un-enrolling. [#516567]

-->Occasionally, when users re-enroll in Worx Home, XenMobile presents a cached SSL session and users see the enrollment screen again. When this occurs, users should re-enroll again. [#517301]

-->App enumeration fails when delivery groups are defined with Active Directory groups belonging to parent and child domains using the AND operator. To prevent this situation, use the OR operator when defining the delivery groups. [#518084]

-->If you configure a setting or policy in the XenMobile console in which you upload a file (certificate, PDF, font, and so on), if you later view the policy or setting details, the file name does not appear. [#519552]

-->XenMobile does not support authentication with a PIN in mobile app management (MAM) mode for iOS and Android devices. If you configure this mode as the default in the XenMobile console, users must enter their credentials twice in Worx Home. [#519572]

-->If you disable the AllUsers group as a delivery group in the XenMobile console, users who not belong to any delivery group cannot enroll a device but can log on to the Self Help Portal. [#521393]

-->Worx Home for Windows Phone 8.x, in mobile device management mode, only supports apps from public stores when they are deployed as optional. If these apps are added to the delivery group as required, they do not appear in Worx Home. [#521524]

-->The Role-Based Access Control (RBAC) Role Info page appears to allow you to edit the default Admin template. Despite changes you make in the RBAC template field and elsewhere, these changes are not saved to the Admin template. The Admin template is designed to not be edited. [#521540]

-->On iOS devices, the provisioning of the SAML token when users enroll in Worx Home and configure their ShareFile accounts may be out of sync. As a workaround, users can sign off and back on to Worx Home and then log on to the ShareFile app in order to trigger the SAML token request again. [#521934]

-->On most devices, when users running Android devices tap the Menu icon, the Accept and Decline menu options appear, allowing users to continue the enrollment process. On some devices running operating systems earlier than 4.0, however, such as the Samsung Tablet GT-P7510, the Menu icon does not appear on the Terms and Conditions page in default view, and users cannot complete the enrollment process. As a workaround, you can exempt the devices from the Terms and Conditions deployment. [#524039]

-->Worx Home on iOS devices cannot connect to Worx Store if the default store name on the Beacons page of the XenMobile console (Configure > Settings > More > Beacons) is changed. The default setting is Store. If this setting is changed, the Discovery Service fails during logon and Worx Store cannot be found. To avoid this failure, leave the Store name setting on the Beacons page set to Store. [#523306]

-->In a XenMobile configuration with load balancing and SSL offload, when you configure SAML apps, in order for single sign-on (SSO) to work when users install WorxWeb and open a Service Provider-initiated app, all references to the XenMobile server must point to port 8443 instead of to port 443. [#528680]

-->When you create a Samsung KNOX passcode policy, when you configure the Lock device after (minutes of activity) setting even though the setting in the console lists minutes as the unit, the server enforces the lock in seconds. [#531204]

-->You cannot configure your own SAML service and identity provider in XenMobile 10 in order to authenticate users and their devices. [#530892]

-->You cannot add a single BlackBerry or Windows device in the XenMobile console. [#532844]

-->If you configure a SAML app with the number sign (#) in the name, single sign-on (SSO) from Worx Home does not work and an error message appears. [#533078]

-->When you add a generic PKI (GPKI) entity in the XenMobile console, you cannot test the Web Services Description Language (WSDL) URL adapter connection during the configuration. [#533871]

-->Windows tablet password policies do not take effect immediately on devices and some inconsistencies in enforcement of updates to the minimum password lengths occur. This is a third-party issue. [#534088]

-->When users enroll an iOS device in mobile device management (MDM) mode, the Security options in the XenMobile console on the Manage > Devices page for locating and tracking the device do not immediately appear. After a short delay, the options appear. [#534672]

-->If you configure StoreFront Delivery Controller display name with a special character in the name, such as a period (.), users cannot subscribe to and open apps with XenApp through Worx Home. The error, "Cannot complete your request" appears. As a workaround, remove special characters from the name. [#535497]

-->Apps do not appear in the Worx Store for iOS devices earlier than iOS 8 if you type a value in the Excluded devices field in the XenMobile console when you add and configure the app. As a workaround, you can configure a deployment rule to specify the devices that can install the app. [#537631]

-->When you configure NetScaler Gateway connections with XenMobile on a port other than the default 443, mobile app management (MAM) enrollment fails on iOS devices as well as Worx Home on Windows devices. [#537368]

-->Special characters like $, @ and " are not recognized in passwords for the CLI when installing XenMobile 10 and those assigned to certificates; the special character and all characters following it are ignored and the log on fails. Subsequent to installation, the CLI password cannot be changed to include special characters. [#541997] [#542436]

-->An invalid profile error occurs when you try to configure the iOS Device Enrollment Program in the XenMobile console. This is a third-party issue. [#608213]

The following are known issues for XenMobile Mail Manager 10.0.

-->The installed XenMobile Mail Manager version always displays as 8.5 during upgrade to XenMobile Mail Manager 10; however, the upgrade to XenMobile Mail Manager occurs. [#539520]

-->Reporting of â€oedevices found― in the minor snapshot may be confusing. The same device or devices may be reported as â€oenew― in the successive minor snapshot summaries when the minor snapshots are run subsequent to the start of a major snapshot.

Windows Phone and Tablet

Windows Phone and Tablet

XenMobile 10.3

-->Windows 10 tablet

Windows 10 tablet is not supported when XenMobile is in MAM-only mode.

-->Windows Phone 8.1/10

For Windows Phone 10, you must install a patch from the .

Windows Phone 8.1 and 10 are not supported when XenMobile is in MAM-only mode.

-->Windows Phone 8.1 compatibility with Worx Home:

Worx Home 10.0 when XenMobile is in Enterprise mode.

Worx Home 9.1.0 when XenMobile is in MDM-only mode.

-->Windows 8.1 Pro and Enterprise editions (32-bit and 64-bit)

-->Windows RT 8.1

-->Windows Mobile/CE

Windows CE is not supported when XenMobile is in MAM-only mode.

Some Windows devices that XenMobile 10.3 supports:

-->Windows Tablet 10, 8.1

-->Windows Phone 10, 8.1

-->HTC (Windows Phone 8.1)

-->Nokia 920, 925, 1020, 1520 (Windows Phone 8.1)

-->Windows Tablet Surface Pro 3

-->Windows Tablet Surface 2

-->Windows Tablet RT

XenMobile 10 and 10.1

-->Windows 10 tablet

-->Windows Phone 8.1 / 10:

Windows Phone 8.1 is not supported when XenMobile is in MAM-only mode.

Windows Phone 10 is not supported on XenMobile 10.1.

Windows Phone 10 is supported on XenMobile 9, but you must install a patch from the downloads page.

-->Windows Phone 8.1 compatibility with Worx Home:

Worx Home 10.0 when XenMobile is in Enterprise mode

Worx Home 9.0.3 when XenMobile is in MDM-only mode

-->Windows 8.1 Pro and Enterprise editions (32-bit and 64-bit)

-->Windows RT 8.1

-->Windows Mobile: XenMobile 10.1 does not support Windows Mobile devices. Users with devices running Windows Mobile or Windows CE must continue to use XenMobile 9.

Some Windows devices that XenMobile 10 and 10.1 support:

-->Windows Tablet 8.1

-->HTC (Windows Phone 8.1)

-->Nokia 920, 925, 1020, 1520 (Windows Phone 8.1)

-->Windows Tablet Surface Pro 3

-->Windows Tablet Surface 2

-->Windows Tablet RT

Management of Windows Phone 7 is provided through XenMobile Mail Manager. For details, see

Mail Manager.

Amazon

XenMobile supports Amazon Kindle devices -- such as Kindle Fire Phone and HD 8.9― (Zen561) -- running Fire OS 3.0 and earlier versions running proprietary operating systems based on Android. Note, however, that the MDX Toolkit and Worx apps versions 10.3 do not support Amazing Kindle devices.

Symbian

XenMobile 10.3

XenMobile 10.3 does not support Symbian.

XenMobile 10 and 10.1

These are some of the Symbian devices XenMobile 10.1 and 10 support. In XenMobile 10, they're supported for device management only:

-->Symbian 3

-->Symbian S60 5th Edition

-->Symbian S60 3rd Edition, Feature Pack 2

-->Symbian S60 3rd Edition, Feature Pack 1

-->Symbian S60 3rd Edition

-->Symbian S60 2nd Edition, Feature Pack 3

-->Symbian S60 2nd Edition, Feature Pack 2

XenMobile Compatibility

XenMobile Compatibility

This article summarizes the versions of the supported XenMobile components that you can integrate, including NetScaler Gateway and the version of the MDX Toolkit needed to wrap, configure, and distribute Worx Mobile Apps.

Quick links to sections in this article:

XenMobile 10.x

XenMobile 9

Device Manager 8.7.1 and App Controller 2.10

Device Manager 8.6.1 and App Controller 2.9

XenMobile 10.x

Supported NetScaler Gateway versions:

11.0.64.x

10.5.x.e

10.5.x MR

10.1.x.e

10.1.x MR

XenMobile client components generally follow these compatibility requirements:

The latest versions of Worx Home and the MDX Toolkit are compatible with the latest version of XenMobile server and the two most recent versions before that.

The latest version of the MDX Tookit, and the two most recent versions before that, are compatible with the most recent versions of Worx Home and Worx Mobile Apps.

Note

Worx Home versions earlier than 10.0.3 are compatible but not supported.

1 Windows Phone 10 is not supported on XenMobile server 10.1.

2In earlier releases, the Worx version of QuickEdit was named WorxEdit and the Worx version of ShareConnect was named WorxDesktop. Both the MDX and non-MDX versions now have the same names: QuickEdit and ShareConnect.

3 The download page includes a separate version of ShareFile Worx for iOS that is required for use with restricted StorageZones.

Browser Support

XenMobile 10.x supports the following browsers:

Internet Explorer*

Chrome

Firefox

Safari on mobile devices for use with the Self Help Portal.

XenMobile 10.x is compatible with the most current version of the browser and one version prior to the current version.

*XenMobile 10.x does not support Internet Explorer version 9 and earlier.

XenMobile 9

XenMobile 9 includes Device Manager 9.0 and App Controller 9.0.

Supported NetScaler Gateway versions:

11.0.64

10.5.x.e

10.5.x MR

10.1.x.e

10.1.x MR

XenMobile client components generally follow these compatibility requirements:

The latest version of Worx Home and the MDX Toolkit are compatible with the last two versions of

XenMobile server.

The latest version of the MDX Toolkit is compatible with the latest Worx Mobile Apps.

Recent MDX Toolkit versions are compatible with the following versions of Worx Home:

Note

Worx Home versions earlier than 10.0.3 are compatible but not supported.

1 Previously, the Worx version of QuickEdit was named WorxEdit and the Worx version of ShareConnect was named WorxDesktop. As of the latest releases, both the MDX and non-MDX versions have the same names: QuickEdit and ShareConnect.

2 The download page includes a separate version of ShareFile Worx for iOS that is required for use with restricted StorageZones.

System Requirements

System Requirements

To run XenMobile 10, you need the following minimum system requirements:

One of the following: XenServer (supported versions: 6.2.x, 6.1.x, or 6.0.x); for details, refer to XenServer VMWare (supported versions: ESXi 4.1, ESXi 5.1, or ESXi 5.5); for details, refer to VMware Hyper-V (supported versions: Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2); for details, refer to Hyper-V 

Dual core processor 

Two virtual CPUs

4 GB of RAM 

50 GB disk space

The recommended configuration for 10,000 devices is the following:

Quad core processor

8 GB of RAM

NetScaler Gateway System Requirements

To run NetScaler Gateway with XenMobile 10, you need the following minimum system requirements:

XenServer, VMWare, or Hyper-V

Two virtual CPUs

2 GB of RAM

20 GB disk space

You also need to be able to communicate with Active Directory, which requires a service account. You only need query and read access.

XenMobile 10 Database Requirements

The XenMobile repository requires a Microsoft SQL Server database running on one of the following supported versions:

Microsoft SQL Server 2014

Microsoft SQL Server 2012

Microsoft SQL Server 2008 R2

Microsoft SQL Server 2008

Citrix XenMobile supports SQL Always on availability group and SQL Clustering for database high availability. Citrix does not support database mirroring for XenMobile database high availability. We do support database high availability with Active/Active or Active Passive mode with MS SQL Cluster deployment..

Note: If database is offline, Device Manager will not service any connections from devices as Device Manager will also be offline.

Citrix recommends using Microsoft SQL remotely. PostgreSQL is included with XenMobile and should be used locally or remotely only in test environments.

Note: Make sure the service account of the SQL Server to be used on XenMobile has the DBcreator role permission. For more information about SQL Server service accounts, see the following pages on the Microsoft Developer Network site (these links point to information for SQL Server 2014. If you are using a different version, select your server version from the Other Versions list):

Server Configuration - Service Accounts

Configure Windows Service Accounts and Permissions

Server-Level Roles

XenMobile Cloud Prerequisites and Administration

XenMobile Cloud Prerequisites and Administration

The steps that make up the onboarding process from the time you make a request for a XenMobile Cloud instance through to user testing with the devices in your organization are shown in the following figure. When you are evaluating or purchasing XenMobile Cloud, the XenMobile Cloud Operational team provides ongoing onboarding help and communication to ensure that the core XenMobile Cloud services are running and configured correctly.

Citrix hosts and delivers your XenMobile Cloud solution. Some communication and port requirements, however, are required to connect the XenMobile Cloud infrastructure to corporate services, such as Active Directory. Review the following sections to prepare for your XenMobile Cloud deployment.

XenMobile Cloud IPSec tunnel gateways

You can use a XenMobile Enterprise Connector, an IPsec tunnel to connect the XenMobile Cloud infrastructure with corporate services, such as Active Directory. 

The IPsec gateways listed in the following Amazon Web Services website are officially tested and supported with the XenMobile Cloud solution: . Scroll to the â€oeQ. What customer gateway devices are known to work with Amazon VPC?― section to find the list of supported gateways.

Note

If your IPSec gateway is not part of the approved list, the IPsec gateway may still work with XenMobile Cloud, but could take longer to set up, and may require you to use one of the official supported IPSec gateways as a fallback plan.

Your IPSec gateway needs to have a public IP address assigned directly to it, and the address cannot use Network Address Translation (NAT). 

The following figure shows how the IPsec tunnel is configured in the XenMobile Cloud solution to connect to your corporate services through various ports.

The following table shows communication and port requirements for a XenMobile Cloud deployment, including IPSec tunnel requirements.

1 Will be provided by the XenMobile Cloud team when the XenMobile Cloud instance and IPSec components are provisioned in the XenMobile Cloud infrastructure.

2 An unused /24 subnet provided by the customer as part of the provisioning process, which does not conflict with internal subnets in the customer data center, and which is routable.

If you plan to deploy XenMobile Mail Manager or XenMobile NetScaler Connector for native email filtering, such as the ability to block or allow email connectivity from native email clients on users' mobile devices, review the following additional requirements.

XenMobile Apple APNs certificate

If you plan to manage IOS devices with your XenMobile Cloud deployment, you need an Apple APNs certificate. You should prepare the certificate before you deploy your XenMobile Cloud solution. For steps, see certificate.

WorxMail for iOS push notification certificate

If you want to make use of push notification for your WorxMail deployment, you should prepare an Apple APNS certificate for iOS WorxMail push notification. For details, see .

XenMobile MDX Toolkit

The MDX Toolkit is an app wrapping technology that prepares apps for secure deployment with XenMobile. If you want to wrap apps, such as Citrix WorxMail, WorxMail, WorxNotes, QuickEdit, and so on, you need to install the MDX Toolkit. For details, see . 

If you plan to wrap iOS apps, you need an Apple Developer account to create the necessary Apple distribution profiles. For details, see the MDX Toolkit and the t website. 

If you plan to wrap apps for Windows Phone 8.1 devices, see the.

XenMobile autodiscovery for Windows Phone enrollment

If you want to make use of XenMobile autodiscovery for your Windows Phone 8.1 enrollment, make sure you have a public SSL certificate available. For details, see .

The XenMobile console

The XenMobile Cloud solution makes use of the same web console as an on-premise XenMobile deployment. In this way, day-to-day administration of your Cloud solution, such as policy management, app management, device management and so on occurs in a similar way as an on-premise XenMobile deployment. For information about managing apps and devices in the XenMobile console, see .

Software and Hardware Details

Exit Criteria

Logon rates are the foundation of this analysis. They provide the guidelines for the infrastructure components and their respective configurations. It is important to note that the logon rates take into account a margin of error that consists of the following:

-->Invalid responses

     A response with status code 401/404 instead of 200 is considered invalid.

-->Request time-outs

    A response is expected within 120 seconds.

-->Connection errors

    A connection reset occurs.

    An abrupt connection termination occurs.

The logon rate is acceptable if the overall error rate is less than 1 percent of the total requests that are sent from a given device. The error rate includes errors corresponding to each individual workload operation, as well as the physical performance of the infrastructure component, such as CPU and memory exhaustion.

Software and Hardware Details

This includes the infrastructure core services (for example, Active Directory, Windows Domain Name Service (DNS), Certificate Authority, Microsoft Exchange, and so on), as well as the XenMobile components (XenMobile virtual appliance and the NetScaler Gateway VPX virtual appliance, where applicable). 

For additional product information and technical questions concerning this article or the products mentioned herein, see , search the XenMobile documentation for the latest product documentation, or contact your local Citrix representative.

About XenMobile Cloud

XenMobile Cloud is a product service that offers a XenMobile enterprise mobility management (EMM) environment for managing apps and devices as well as users or groups of users. With XenMobile Cloud, Citrix handles the configuration and maintenance of the infrastructure onsite through the Citrix Cloud Operations group. This separation lets you focus exclusively on the user experience and on managing devices, policies, and apps. XenMobile Cloud also replaces the need to purchase and manage licenses with a subscription fee. 

Cloud Operations administrators handle maintenance and configuration of the network connectivity, as well as the integration of Citrix products like NetScaler, XenApp, XenDesktop, StoreFront, and ShareFile. The Cloud environment is

hosted in Amazon datacenters located throughout the world to deliver high performance, rapid response, and support. 

To get started with XenMobile Cloud, go to https://www.citrix.com/products/xenmobile/tech-info/cloud.html

Note

The Remote Support client is not available in XenMobile Cloud versions 10.x for Windows CE and

Samsung Android devices. 

XenMobile Cloud server-side components are not FIPS 140-2 compliant.

Citrix does not support syslog integration in XenMobile Cloud with an an on-premises syslog server.

Instead, you can download the logs from the Support page in the XenMobile console. When doing so,

you must click Download All in order to get system logs. For details, see Files in XenMobile.

You can integrate XenMobile Cloud architecture into you existing infrastructure by installing and deploying Citrix CloudBridge or by using an existing IPsec gateway in your datacenter.

This architecture allows you to benefit from using NetScaler either in the cloud, as handled by the Cloud Operations group, or in your datacenter. When used in the datacenter, NetScaler gives you a single point of management to control access and limit actions within sessions based on both user identity and the endpoint device. This deployment provides better application security, data protection, and compliance management. 

To download and install Citrix CloudBridge, go to https://www.citrix.com/downloads/cloudbridge.html