Building Your XenMobile Solution
The XenMobile components you deploy are based on the device or app management requirements of your organization. The components of XenMobile are modular and build on each other. For example, you want to give users in your organization remote access to mobile apps and you need to track the device types with which users connect. In this scenario, you would deploy NetScaler Gateway, XenMobile Device Manager, and App Controller.
This section discusses this and additional scenarios for deploying the XenMobile components in your network, as well as for the NetScaler appliance. The topics include architectural diagrams, information about the Citrix products you can integrate into your deployment, a recommended order in which to deploy the components, and the ways users connect depending on the deployment scenario you implement.
Deploying XenMobile Components
You can deploy XenMobile components to enable users to connect to resources in your internal network in the following ways:
1. Connections to the internal network. If your users are remote, they can connect by using a VPN or Micro VPN connection through NetScaler Gateway to access apps and desktops in the internal network.
2. Device enrollment in Device Manager. Users can enroll mobile devices in DeviceManager so you can manage the devices that connect to network resources.
3. Web, SaaS, and mobile apps from App Controller. Users can access their web, SaaS, and mobile apps from AppController by using Worx Home or Receiver.
4. Windows-based apps and virtual desktops. Users can connect with Citrix Receiver or a web browser to access Windows-based apps and virtual desktops from StoreFront or the Web Interface.
To achieve some or all of these capabilities, Citrix recommends deploying XenMobile components in the following order:
1. NetScaler Gateway. You can configure settings in NetScaler Gateway to enable communication with App Controller, StoreFront, or the Web Interface by using the Quick Configuration wizard. You must install App Controller, StoreFront, or the Web Interface before using the Quick Configuration wizard in NetScaler Gateway.
2. Device Manager. After you install Device Manager, you can configure policies and settings that allow users to enroll their mobile devices.
3. App Controller. After you install App Controller, you can configure mobile, web, and SaaS apps. Mobile apps can include apps from the Apple App Store or Google Play. Users can also connect to mobile apps you wrap with the MDX Toolkit and upload to App Controller.
4. MDX Toolkit. You can wrap .ipa or .apk apps and Worx apps with the MDX Toolkit. After you wrap the apps, you can upload the apps to App Controller.
5. StoreFront (optional). You can provide access to Windows-based apps and virtual desktops from StoreFront through connections with Receiver.
6. ShareFile Enterprise (optional). If you deploy ShareFile, you enable enterprise directory integration through App Controller or Security Assertion Markup Language (SAML). For more information about ShareFile, see ShareFile Enterprise in Citrix eDocs.
If you install all of the XenMobile components in your network, the deployment may look like the following figure:
The topics in this section detail the possible deployment scenarios in your network for the XenMobile components, as well as for the NetScaler appliance. The topics include architectural diagrams, information about the Citrix products you can integrate into your deployment, and the ways users connect depending on the deployment scenario you implement.
Deploying NetScaler Gateway with App Controller and StoreFront
You can deploy NetScaler Gateway at the perimeter of your organization's internal network (or intranet) to provide a secure single point of access to the servers, applications, and other network resources that reside in the internal network. In this deployment, all remote users must connect to NetScaler Gateway before they can access any resources in the internal network.
You can deploy NetScaler Gateway with the following Citrix products:
- XenMobile App Edition
- StoreFront
- XenApp
- XenDesktop
- Web Interface
Users can connect to resources in your internal network by using the following methods:
1. Worx Home for users who connect with mobile devices and need access to MDX mobile apps. Users must connect with Worx Home on the mobile device to access MDX apps.
2. Receiver so users can access Windows-based applications and desktops hosted by XenApp or XenDesktop. To allow users access to their Windows-based apps, you must deploy StoreFront or the Web Interface. If users connect with Receiver on a Windows or Mac computer, MDX apps are not available to users.
3. Optionally, users can also connect with the NetScaler Gateway Plug-in for full VPN access to the internal network. Users can access email servers, files shares, and web servers with the NetScaler Gateway Plug-in for Windows or the NetScaler Gateway Plug-in for Mac.
The way you deploy App Controller in your internal network depends on how users connect: with Worx Home or with Receiver. In either scenario, you install NetScaler Gateway in the DMZ.
You can deploy the App Controller virtual machine (VM) on XenServer, VMware ESXi, or Microsoft Hyper-V located in your internal network. Users can connect to App Controller from an external connection (the Internet) or from the internal network. If users connect from the Internet or a remote location, the connection must route through NetScaler Gateway. App Controller resides in the internal network behind the firewall.
Allowing Access to MDX Apps Through NetScaler Gateway
If users connect with Worx Home and you have MDX mobile apps installed on App Controller, you place StoreFront behind App Controller in your internal network. Users can connect to App Controller through NetScaler Gateway in the DMZ to obtain their web, SaaS, Android and iOS mobile apps, along with documents from ShareFile. StoreFront resides behind App Controller to deliver Windows-based apps and virtual desktops as shown in the following figure:
Deploying Device Manager
In order to get your users' devices under management, users need to enroll their devices into Device Manager. To get started, you install Device Manager in your network. Next, you connect to Active Directory to import users by using the LDAP wizard. Then, you configure the following settings in Device Manager:
- Policies
- Apps
When you finish configuring Device Manager, you can send enrollment invitations to your users. The invitation contains a link that allows users to download Worx Enroll, which then allows users to enroll their devices in Device Manager. When users log on, Device Manager authenticates the user's identity and enrolls the device.
Citrix recommends that you deploy NetScaler or NetScaler Gateway for security. You deploy NetScaler or NetScaler Gateway in the DMZ with Device Manager, as shown in the following figure. When you deploy NetScaler or NetScaler Gateway, you can use the XenMobile NetScaler Connector (XNC) to control access to email, calendar, and contacts from mobile devices. In this deployment, after enrollment, user devices connect to NetScaler or NetScaler Gateway to access resources.
If users enroll their iOS devices, the devices and Device Manager must communicate with the Apple Push Notification Service (APNS).
The preceding figure also shows the ports you need to open to enable the connections. You must open all of the ports behind the firewall for each identified service. For details about the ports, see Opening Ports for the XenMobile Solution on page 21. For details about the APNS server, also shown in the preceding figure, see Requesting an APNS Certificate in the Device Manager documentation in Citrix eDocs.
Deploying the MDX Toolkit
Mobile app management allows you to securely manage and deliver mobile apps to users. With the Citrix MDX Toolkit, you can wrap iOS and Android apps to secure access and enforce policies. After you wrap the app, you can upload the app to XenMobile App Edition and configure MDX policies. Users can then download and install the app from Citrix Receiver. They can subsequently open and work with the app from an icon on the home screen, on the mobile device, or from the Receiver home page.
For more information about MDX policies for Android and iOS mobile apps in App Controller 2.8, see the following topics in Citrix eDocs:
- Configuring MDX Policies for Android Apps in App Controller
- Configuring MDX Policies for iOS Apps in App Controller
Deploying the Entire XenMobile Solution
If you deploy all of the components of the XenMobile solution, you have successfully completed the following tasks:
- Opened the required ports for communication between each component.
- Installed each component in your network.
- Successfully tested connections from user devices.
The next section discusses the deployment prerequisites and includes a checklist for you to use to get ready for your deployment. The subsequent sections contain component installation steps, and configuration tests you can carry out.
The following figure shows the complete solution:
No comments:
Post a Comment