Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

XenMobile: Enterprise mobility management solution

1,782 views

Published on

Slides from my Citrix XenMobile session at the MobilityDay 2016 conference.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

XenMobile: Enterprise mobility management solution

  1. 1. 29.09.2016. Zagreb Hotel Antunović
  2. 2. Zagreb, 29.09.2016. XenMobile: Enterprise mobile management solution Tomica Kaniški tomica@kaniski.eu | http://blog.kaniski.eu/
  3. 3. POKROVITELJI AKADEMSKI PARTNERI DIGITALNI PARTNER PRIJATELJI KONFERENCIJE GENERALNI SPONZOR GENERALNI MEDIJSKI SPONZOR GLAVNI SPONZORI MEDIJSKI PARTNERI SPONZORI
  4. 4. Agenda  XenMobile  editions  scenarios  features  WorxApps  NetScaler  integration  deployment  tips  resources
  5. 5. XenMobile provides...  unified management of devices & applications  corporate app store  mobile device and app management  unified access getaway & SSO  workflow-driven productivity apps  military-grade (FIPS) security  mobile content management  broad platform support
  6. 6. Editions...  XenMobile MDM  mobile device management (MDM)  allow IT Administrators to enroll and enforce restriction policies to corporate-owned or BYO devices  XenMobile Advanced  mobile device and application management (MDM + MAM)  adds support for IT Admins to create enterprise app store for mobile, web/SaaS and Windows apps with MDX capabilities (securing data and network resources)  XenMobile Enterprise  enterprise mobile management (EMM) solution  adds ShareFile capability for data mobility management
  7. 7. Scenarios: XenMobile MDM  mobile device management  jailbreak detection  selective or full wipe  geolocation tracking  passcode enforcement  pushing applications  native mail client access control  Wi-Fi & VPN access control  access to local documents/files for editing
  8. 8. Scenarios: XenMobile Advanced  all MDM edition use scenarios  federated single sign-on (SSO)  secure email  secure browsing  automated account provisioning  workflows  policy-based interapp security  app specific microVPN tunnels  unified corporate app store  access to local documents/files for editing
  9. 9. Scenarios: XenMobile Enterprise  all XenMobile Advanced edition use scenarios  secure document sharing, syncing & editing (ShareFile Enterprise)
  10. 10. Features  single administrative experience with RBAC  unified XenMobile server (Linux appliance)  simplified deployment and configuration  designed for 100,000 user environments (with 150,000+ devices)  integrated enterprise store with ratings, screenshots and app reviews  cross-platform app & policy definitions  single sign-on for MDX apps  FIPS 140-2 support  connectivity checks & support bundle  integrated Worx productivity apps
  11. 11. The „big picture”
  12. 12. Worx apps (1)  WorxHome  authenticates users (AD with certificates, tokens and other second factors)  permits lock/wipe of corporate data/apps on selected devices  SSO for all managed apps (hosted (HDX) apps and desktops, web/SaaS apps, MDX managed mobile apps)  access to the MDX apps (determines policies and app entitlements and controls data exchange)  provides gateway tickets for microVPN access, certificates for protected websites, SAML tokens for ShareFile access, ...
  13. 13. Worx apps (2)  WorxWeb  HTML5-compatible browser  whitelist/blacklist URLs, set bookmarks and home page  leverages microVPN (full tunnel) or SecureBrowse (client-side rewrite)  https://bramwolfs.com/2012/08/24/cloud-gateway-a-wrap-up-so-far- part-2/  WorxMail  ActiveSync mail/calendar/contacts client  microVPN or STA to sync email from Exchange or Office 365
  14. 14. Worx apps (3)  WorxEdit  open, view, create or edit Microsoft Office documents  view PDF files  track changes from multiple reviewers  local storage for offline copy editing  WorxNotes  create, sync and share notes  create notes from WorxMail messages  ShareFile integration for storage and sync  integrated with Exchange server (email and calendar)
  15. 15. Worx apps (4)  WorxTasks  securely manage tasks  integration with Outlook tasks and WorxMail  WorxDesktop  secure „VDI like” access to physical desktop  access work files and apps  ShareFile  secure enterprise file share and sync  mobile content editing  SharePoint & network files integration
  16. 16. Zagreb, 29.09.2016. DEMO Worx apps
  17. 17. NetScaler  hardware (MPX, SDX) or software appliance (VPX)  provides content switching and load balancing for MDM, MAM or EMM  manages the complete lifecycle of the request/response transaction  supports connection reuse (reduces TCP overhead on web servers)  communicates with XenMobile (better together)  built-in monitor for XenMobile  built-in diagnostic tools for XenMobile  supports microVPN (MDX) technology in XenMobile
  18. 18. NetScaler addresses  NSIP  NetScaler IP (IP of the appliance)  management IP  SNIP  subnet IP  communication to backend services like XenMobile, AD, database, ... („points of presence” in different subnets)  VIP  virtual IP  IP address of a virtual server (client-side access)
  19. 19. The „big picture”
  20. 20. Deployment of EMM (1)  prerequisites:  firewall ports  http://docs.citrix.com/en-us/xenmobile/10-3/xmob-system- requirements/xmob-deploy-component-port-reqs-con.html  hypervisor of choice  SQL Server 2012+  XenMobile license  service accounts (DB creator, AD reader)  4 free IP Addresses in the DMZ  2 free public IP addresses  2 SSL certificates (or a wildcard certificate)  Apple Push Notification Services certificate (APNS)  for managing Apple devices  NetScaler Gateway  NetScaler Standard or higher supports Load Balancing  SMTP server (optional)
  21. 21. Deployment of EMM (2)  steps:  XenMobile  import the XenMobile appliance(s)  initial configuration from CLI (IP, database, NTP, ...)  additional configuration from console (SSL, NSGW, LDAP, ...)  create additional appliance(s)/enable clustering  update the environment (for WM10)  integration with NetScaler  import the NetScaler appliance(s)  initial configuration from CLI (NSIP)  additional configuration from console (license, SSL, ...)  XenMobile integration wizard  create additional appliance(s)/enable HA mode
  22. 22. Zagreb, 29.09.2016. DEMO XenMobile Enterprise deployment and NetScaler integration
  23. 23. Tips...  XenMobile  don’t install and upgrade the first node and later try to add another one (hint: database schema upgrades... sometimes )  use VM cloning for multiplication of nodes  RBAC – can’t add a group to Support role  create another role, tailored to your wishes  restart appliances to pick up certificates & updates  NetScaler  4K certificates limitation on VPX  only hardware appliances support 4K certificates  vCPU limitation on Hyper-V (intentional!)  limited to two vCPUs (use VMware instead )  bug with AD authentication in GUI  if you password contains special characters, beware... 
  24. 24. Conclusion  complete enterprise mobility management solution  three „flavours” – MDM, MDM+MAM, EMM  end-to-end security, easy deployment and great user experience  integration with NetScaler appliance is easy and preferred  nice built-in productivity apps  fast deployment
  25. 25. Resources  https://www.citrix.com/products/xenmobile/  http://docs.citrix.com/en-us/xenmobile/10/xmob-about.html  https://www.citrix.com/downloads/xenmobile.html  https://www.citrix.com/content/dam/citrix/en_us/documents/pr oducts-solutions/xenmobile-security-understanding-the- technology-used-by-xenmobile.pdf  http://www.robinhobo.com/how-to-setup-citrix-xenmobile-10- including-configuring-netscaler/  http://www.carlstalhood.com/netscaler-gateway-11-ldap- authentication/  http://www.ingmarverheij.com/one-content-switch-to-rule- them-all/
  26. 26. Ankete Popunite ankete i osvojite vrijedne nagrade! Ankete su dostupne na: a) Mobilnim uređajima (Android, Apple, Windows) b) Web-u http://www.mobilityday.com PIN za pristup se nalazi na poleđini akreditacije i u vašem on-line profilu.
  27. 27. Zagreb, 29.09.2016. HVALA!

×