0
Citrix Enterprise Mobility
XenMobile Enterprise, Architecture,
Components and more..
October 30th 2013
Agenda
• Quick Overview

• Enterprise Mobility Management
• Components, Architecture and Communications
• Administrator an...
Netscaler Gateway

What Does an Enterprise XenMobile Solution Consist of?

Mobile Devices
© 2013 Citrix

XDM Server

Share...
What Problems Does XenMobile Help You Solve
• Secure data through device encryption,
authentication, app containerization ...
Device Management Components

Netscaler

XDM Server

Mobile Enroll

WorxHome

© 2013 Citrix

Device
Management
Active
Sync...
Supported Device Platforms
The XenMobile Device Manager
supports the following platforms:
ᵒ iOS
ᵒ Android
ᵒ Windows 8 Phon...
Device Management - Demo

© 2013 Citrix
XenMobile MDM HA Architecture
XDM
Cluster

Active-Passive

XDM

Load Balancer

Mobile Enroll
XDM

Netscaler
WorxHome

DMZ
...
Device Management Details
Mail invitations

Exchange
Netscaler

DMZ
WorxHome
Active
Sync Filter

© 2013 Citrix

Appstore T...
XenMobile AppC Architecture
XMA
SaaS
Apps
Mobile Enroll

Netscaler

App
Store

MDX
Apps

HDX
Apps
WorxHome

DMZ
© 2013 Cit...
XenMobile AppC Clustering

Netscaler
Mobile Enroll

XMA

Prim./Active (CL. Head)

Load Balancer

WorxHome

DMZ

TCP 9736

...
XenMobile AppC Architecture – Integrated Mode
Active Sync
Filter

XNC

ShareFile

XDM

Mobile Enroll

Netscaler

Optional
...
XenMobile Netscaler Gateway Architecture

Netscaler Gateway
V Server
V Server
V Server

© 2013 Citrix

Netscaler Gateway V...
NetScaler Gateway Demo

© 2013 Citrix
XenMobile AppC Architecture
Auth

Active
Directory

XMA
Netscaler
V Server

Auth
User/Group attr

Workflow
Mail approval

...
WorxHome as “Hub”

Citrix Native Apps
Enterprise Authentication
Native

Micro-VPN

Native

3rd Party

Your App

Secure Sto...
MDX Architecture
Managed apps

Netscaler
Gateway

Secure Network Tunnel
Secure IPC

logon

app
one

app
two

MDX Framework...
MDX Application Behavior

Encryption

Need to
login ?

Network
Access

Policies

© 2013 Citrix

Check
Policies

VPN

App
S...
MDX VPN Access
XMA

Netscaler

Policy
Control

Authentication

VPN, cVPN, STA

© 2013 Citrix

Internal
Services
MDX Toolkit - System requirements

•
•
•
•

JDK v1.7
Android SDK
Android APK Tool
Digitally Signed Certificate

© 2013 Cit...
Application Management - Demo

© 2013 Citrix
Tips & Tricks: Helpful information
• E-Docs is your friend

• http://support.citrix.com/product/xm/v8.5

© 2013 Citrix
Tips & Tricks: Worx Home vs. Receiver
Feature
MDM Registration

AppC Registration
GoToAssist remote support
Provisioning F...
Web & SaaS Apps

DMZ Zone

80/443
(App Specific)

FIREWALL

FIREWALL

Internet Zone

Corporate LAN Zone

DNS 53
NTP 123

D...
Tips & Tricks: NetScaler Gateway SSO
• NetScaler Gateway Single Sign-on (SSO) or callback is used by StoreFront or
App Con...
Tips & Tricks: What to check for SSO?
AppController & Storefront
• Ensure External URL matches with the AG URL users will ...
Certificates
• Being used all over in the XM world
ᵒ XDM Server
• WEB / HTTPS
• Device Certs

ᵒ AppC
• WEB / HTTPS
• SAML
...
Secure Browse
• Client-side rewrite
feature to access
intranet sites
• Available on Receiver
for iOS 5.6.1 or later
• Must...
Tips & Tricks: How does the endpoint know if
Secure Browse is available
• Secure Browse is enabled by default

• WorxHome ...
Tips & Tricks: How does the endpoint indicate
support for micro VPN
• Receiver / WorxHome HTTP POST to NetScaler Gateway
P...
Tips & Tricks: Using STA with WorxMail
• Mail typically operates in a 24/7 mode, hence when using mVPN this may have
an im...
Tips & Tricks: Using STA with WorxMail
• Configure the “new” STA for WorxMail at the NetScaler Gateway

Add the
AppC URL t...
Tips & Tricks: Using STA with WorxMail
• Configure the WorxMail policies at the AppC
Add the following information:
• Back...
Questions / Discussion

© 2013 Citrix
Work better. Live better.
Upcoming SlideShare
Loading in...5
×

Citirx Day 2013: Citrix Enterprise Mobility

9,558

Published on

Walter Hofstetter präsentierte am Citrix Day 2013 die Enterprise XenMobile Solution.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
9,558
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
225
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Citirx Day 2013: Citrix Enterprise Mobility"

  1. 1. Citrix Enterprise Mobility XenMobile Enterprise, Architecture, Components and more.. October 30th 2013
  2. 2. Agenda • Quick Overview • Enterprise Mobility Management • Components, Architecture and Communications • Administrator and User POV • Tips and Tricks © 2013 Citrix
  3. 3. Netscaler Gateway What Does an Enterprise XenMobile Solution Consist of? Mobile Devices © 2013 Citrix XDM Server ShareFile XMA Server Servers A Cloud File Sharing Service
  4. 4. What Problems Does XenMobile Help You Solve • Secure data through device encryption, authentication, app containerization and cloud file services • Manage what applications are on the device, who can access the apps and how they access data • Push policies to the device such as passcode or disable camera. Control the device through actions such as lock or selectively wipe device © 2013 Citrix Data Management App Management Device Management
  5. 5. Device Management Components Netscaler XDM Server Mobile Enroll WorxHome © 2013 Citrix Device Management Active Sync Filter App Store DMZ Web clips Public Apps Exchange XNC
  6. 6. Supported Device Platforms The XenMobile Device Manager supports the following platforms: ᵒ iOS ᵒ Android ᵒ Windows 8 Phone ᵒ Windows 8 Tablet ᵒ Windows Mobile ᵒ Symbian © 2013 Citrix
  7. 7. Device Management - Demo © 2013 Citrix
  8. 8. XenMobile MDM HA Architecture XDM Cluster Active-Passive XDM Load Balancer Mobile Enroll XDM Netscaler WorxHome DMZ © 2013 Citrix SQL
  9. 9. Device Management Details Mail invitations Exchange Netscaler DMZ WorxHome Active Sync Filter © 2013 Citrix Appstore Traffic XNC XDM Server SQL Device Management Web clips App Store Active Directory Public Apps Auth + User / Group Info
  10. 10. XenMobile AppC Architecture XMA SaaS Apps Mobile Enroll Netscaler App Store MDX Apps HDX Apps WorxHome DMZ © 2013 Citrix
  11. 11. XenMobile AppC Clustering Netscaler Mobile Enroll XMA Prim./Active (CL. Head) Load Balancer WorxHome DMZ TCP 9736 443 (AppC VIP) 443 © 2013 Citrix Service Node TCP 9737 XMA AppC HA Pair XMA Sec./Passive
  12. 12. XenMobile AppC Architecture – Integrated Mode Active Sync Filter XNC ShareFile XDM Mobile Enroll Netscaler Optional XenApp XenDesktop XMA Storefront WorxHome DMZ © 2013 Citrix
  13. 13. XenMobile Netscaler Gateway Architecture Netscaler Gateway V Server V Server V Server © 2013 Citrix Netscaler Gateway VIP AAA VPN cVPN “Special” tunnels – STA etc
  14. 14. NetScaler Gateway Demo © 2013 Citrix
  15. 15. XenMobile AppC Architecture Auth Active Directory XMA Netscaler V Server Auth User/Group attr Workflow Mail approval Exchange Micro VPN Web © 2013 Citrix
  16. 16. WorxHome as “Hub” Citrix Native Apps Enterprise Authentication Native Micro-VPN Native 3rd Party Your App Secure Storage Other Native Apps Constrained Execution Web HDX* Apps Apps Remote Apps * HDX Apps require Receiver for ICA/HDX © 2013 Citrix
  17. 17. MDX Architecture Managed apps Netscaler Gateway Secure Network Tunnel Secure IPC logon app one app two MDX Framework MDX Framework MDX Framework app private data vault app private data vault app private data vault policies Worx Home shared data vault vault encryption © 2013 Citrix MDX Framework provided by either: 1. Wrapping toolset 2. Directly compiled SDK XenMobile
  18. 18. MDX Application Behavior Encryption Need to login ? Network Access Policies © 2013 Citrix Check Policies VPN App Startup Device Storage Inter App Comms
  19. 19. MDX VPN Access XMA Netscaler Policy Control Authentication VPN, cVPN, STA © 2013 Citrix Internal Services
  20. 20. MDX Toolkit - System requirements • • • • JDK v1.7 Android SDK Android APK Tool Digitally Signed Certificate © 2013 Citrix • iOS Distribution Provisioning Profile • Certificate • X-code command-line tools
  21. 21. Application Management - Demo © 2013 Citrix
  22. 22. Tips & Tricks: Helpful information • E-Docs is your friend • http://support.citrix.com/product/xm/v8.5 © 2013 Citrix
  23. 23. Tips & Tricks: Worx Home vs. Receiver Feature MDM Registration AppC Registration GoToAssist remote support Provisioning File Email-based account discovery MDX apps access HDX apps access Secure Browse support MicroVPN support © 2013 Citrix Worx Home Receiver
  24. 24. Web & SaaS Apps DMZ Zone 80/443 (App Specific) FIREWALL FIREWALL Internet Zone Corporate LAN Zone DNS 53 NTP 123 DNS & NTP DNS 53 NTP 123 Netscaler 80/443 (App Specific) 1494 / 2598 443 443 80 /443 8443 NSIP 443 80 for downloads SNIP AG VIP iOS only 5223 2195 &2196 80/443 AppController XNC 389/636 LB VIP 443 80/443 StoreFront Active Directory Exchange 9080 80 80 /443 / 8443 Goole Apple Play Store App Store 443 445 443 443 443 for Form-Fill auth StorageZone Controller MS CS XDM 1433 © 2013 Citrix XA/XD SQL CIFS 443 SharePoint
  25. 25. Tips & Tricks: NetScaler Gateway SSO • NetScaler Gateway Single Sign-on (SSO) or callback is used by StoreFront or App Controller to request NetScaler Gateway for user credentials • Callback URL requires a secure connection (HTTPS) back to the AG virtual server who authenticated the user (most cases) • Callback URL can be another NG virtual server on the same NG VPX/MPX • Example: https://NG-VIP-FQDN/CitrixAuthService/AuthService.asmx (case sensitive) © 2013 Citrix
  26. 26. Tips & Tricks: What to check for SSO? AppController & Storefront • Ensure External URL matches with the AG URL users will enter on their web browsers or Receiver • Callback URL needs to resolve back to the AG that authenticated the end-user AppController © 2013 Citrix StoreFront
  27. 27. Certificates • Being used all over in the XM world ᵒ XDM Server • WEB / HTTPS • Device Certs ᵒ AppC • WEB / HTTPS • SAML ᵒ Netscaler • WEB / HTTPS ᵒ XenDesktop / XenApp / Storefront • WEB / HTTPS © 2013 Citrix
  28. 28. Secure Browse • Client-side rewrite feature to access intranet sites • Available on Receiver for iOS 5.6.1 or later • Must use NetScaler Gateway 10 (build 69.4 or later) © 2013 Citrix Micro-VPN • On-demand application VPN tunnel between mobile device and NetScaler Gateway • Available on Receiver for Android 3.1 or later and Receiver for iOS 5.7 • Must use NetScaler Gateway 10 (build 69.4 or later) WorxWeb • Native iOS/Android mobile browser application • Securely connects to corporate network using on-demand Micro-VPN tunnel • Must use NetScaler Gateway 10 (build 69.4 or later)
  29. 29. Tips & Tricks: How does the endpoint know if Secure Browse is available • Secure Browse is enabled by default • WorxHome requests: ᵒ GET https://FQDN/AGServices/rewriteMode HTTP/1.1 • Netscaler Gateway responses HTTP/1.1 200 OK Content-Length: 23 Cache-control: no-cache, no-store Pragma: no-cache Content-Type: text/plain HTTP/1.1 200 OK Content-Length: 23 Cache-control: no-cache, no-store Pragma: no-cache Content-Type: text/plain SB:SecureBrowse RW:cvpn RW:cvpn © 2013 Citrix
  30. 30. Tips & Tricks: How does the endpoint indicate support for micro VPN • Receiver / WorxHome HTTP POST to NetScaler Gateway POST https://FQDN/cgi/login HTTP/1.1 Host: FQDN User-Agent: CitrixReceiver/com.citrix.ReceiveriPad iOS/5.7 (build 170) CitrixReceiver-iPad CFNetwork Darwin VpnCapable HTTP/1.1 302 Object Moved Location: /cgi/setclient?iosc Set-Cookie: NSC_AAAC=55f4f4d9926e4b6533f6033 24b45fa1f0311fe8c345525d5f4f58455 e445a4a42;Secure;HttpOnly;Path=/ © 2013 Citrix HTTP/1.1 302 Object Moved Location: /cgi/setclient?andr Set-Cookie: NSC_AAAC=55f4f4d9926e4b6533f6033 24b45fa1f0311fe8c345525d5f4f58455e 445a4a42;Secure;HttpOnly;Path=/
  31. 31. Tips & Tricks: Using STA with WorxMail • Mail typically operates in a 24/7 mode, hence when using mVPN this may have an impact on battery life. • STA in AppC has additional features specifically for WorxMail, the main difference is a “ticket table” to keep track of the tickets • AppC STA allows proxying TCP connection to CAS / Exchange via SOCKS5 Note: This is exclusively used (supported) for WorxMail, even in theory other apps could leverage this method too © 2013 Citrix
  32. 32. Tips & Tricks: Using STA with WorxMail • Configure the “new” STA for WorxMail at the NetScaler Gateway Add the AppC URL to the STA list © 2013 Citrix
  33. 33. Tips & Tricks: Using STA with WorxMail • Configure the WorxMail policies at the AppC Add the following information: • Background Network Services (including port number) • Ticket Expiration • Services Gateway (NG FQDN) © 2013 Citrix
  34. 34. Questions / Discussion © 2013 Citrix
  35. 35. Work better. Live better.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×