Upload
nancy-gallagher
View
222
Download
1
Tags:
Embed Size (px)
Citation preview
November, 2013
XenMobile 8.6 App EditionMobile Application Management
Adolfo Montoya, Karen Sciberras, George Ang and Andrew Sandford
Lead Support Readiness Specialist
© 2013 Citrix | Confidential – Do Not Distribute3
Objectives
At the end of this course, you will be able to :
• Module 1: Deploy WorxMail 1.3 ᵒ Configure and test some of the new WorxMail 1.3 features on iOS or Android devices
• Module 2: Deploy WorxWeb 1.3 ᵒ Configure and verify ability to create blacklist/whitelist of URLsᵒ Configure and verify ability to set a Homepage for WorxWeb
• Module 3: Deploy Native iOS (.IPA) or Android (.APK) appsᵒ Configure and verify ability to upload .IPA or .APK files to XenMobile App Controllerᵒ Verify mobile users can access and download native apps from XenMobile App
Controller
© 2013 Citrix | Confidential – Do Not Distribute4
Objectives
• Module 4: Deploy Public Stores apps to iOS and Android devicesᵒ Configure and verify ability to publish iOS free and paid apps available from the App
Storeᵒ Configure and verify ability to publish Android free and paid apps available from the
Google Play
• Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environmentᵒ Configure XenMobile App Controller to authenticate users from two independent
Windows domainsᵒ Configure and test NetScaler Gateway 10.1.e to allow remote users access
resources from either domain
© 2013 Citrix | Confidential – Do Not Distribute5
Objectives
• Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gatewaysᵒ Configure and test XenMobile App Controller with multiple NetScaler Gateways (2)
to allow remote users access resources from either Gateway
© 2013 Citrix | Confidential – Do Not Distribute6
Assessment
There would be an assessment at the end of the course, covering the following modules:
• Module 1: Deploy WorxMail 1.3
• Module 2: Deploy WorxWeb 1.3
• Module 3: Deploy Native iOS (.IPA) or Android (.APK) apps
• Module 4: Deploy Public Stores apps to iOS and Android devices
• Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environment
• Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gateways
© 2013 Citrix | Confidential – Do Not Distribute
What is WorxMail?
Mail, calendar, contactsEnterprise class security
Beautiful native experienceFull inter-app integration
MDX-secured
• ActiveSync email client for iOS/Android• Secure email body and attachment• “Open in” control to provide data leak
protection• No Exchange server exposure to internet• Send email with ShareFile attachments• Integrated calendars and Exchange GAL
© 2013 Citrix | Confidential – Do Not Distribute
ActiveSync Policy Support
• Control Sync settings for WorxMailᵒ Limit email sizeᵒ Allow Direct Push when roamingᵒ Allow attachments to be downloadedᵒ Allow HTML-formatted emailsᵒ Define maximum attachment size
© 2013 Citrix | Confidential – Do Not Distribute
Fast Join and Fast Dial
• Join GoToMeeting sessions right from WorxMail
• Dial-in right from the event details
• Running late option to quickly notify attendees via email
© 2013 Citrix | Confidential – Do Not Distribute
Out of Office
• Out of Office option
• Configure time period
• Configure inside/outside my organization
© 2013 Citrix | Confidential – Do Not Distribute
WorxWeb
Secure browserInternal web app accessFull inter-app integration
Consumer experienceMDX-secured
• iOS and Android device intranet web
browsingo Easy access to SharePoint, Intranet Portal etc
• Similar look/ feel as native browsero Safari on iOS; Chrome on Android
• Single sign-on via NetScalero Respond to HTTP 401
© 2013 Citrix | Confidential – Do Not Distribute
Secure Mobile Web Browser
• Full-featured consumer-like browser
• Secure access to internal, external and HTML5 web apps
• URL whitelisting and blacklisting
• Access to enterprise resources with a Micro VPN
WorxWeb
© 2013 Citrix | Confidential – Do Not Distribute
What’s New in 1.3 ?
• iOS 7 Support
• New policies supportᵒ Homepageᵒ Hide function (URL, Toolbar, etc)ᵒ Web links filtering
© 2013 Citrix | Confidential – Do Not Distribute
.IPA and .APK file support
• Support to publish both .ipa and .apk applications
© 2013 Citrix | Confidential – Do Not Distribute
.IPA and .APK file support
• Support to publish both .ipa and .apk applications
• Applications are not in .mdx format, no policies are applied
• Only details tab available in “edit” properties of applicationᵒ Cannot be included as part of a workflow
© 2013 Citrix | Confidential – Do Not Distribute
.IPA and .APK file support
• Support to publish both .ipa and .apk applications
• Applications are not in .mdx format, no policies are applied
• Only details tab available in “edit” properties of applicationᵒ Cannot be included as part of a workflow
• No distinction between .ipa/.apk files and .mdx files in Apps/Docs view
© 2013 Citrix | Confidential – Do Not Distribute
.IPA and .APK file support
• Support to publish both .ipa and .apk applications
• Applications are not in .mdx format, no policies are applied
• Only details tab available in “edit” properties of applicationᵒ Cannot be included as part of a workflow
• No distinction between .ipa/.apk files and .mdx files in Apps/Docs view
• Available as part of Worx store
© 2013 Citrix | Confidential – Do Not Distribute28
Features
• Publish iOS apps from App Store ᵒ FREE appsᵒ Paid apps
• Publish Android apps from Google Play store ᵒ FREE appsᵒ Paid apps
© 2013 Citrix | Confidential – Do Not Distribute30
Public Store – iOS apps
• Publish iOS App Store links on XM App Controller
• XM App Controller will automatically determine if app is free or paid
• XM App Controller downloadsᵒ App nameᵒ Descriptionᵒ Icon
© 2013 Citrix | Confidential – Do Not Distribute31
Public Store – iOS apps
• Publish iOS App Store links on XM App Controller
• XM App Controller will automatically determine if app is free or paid
• XM App Controller downloadsᵒ App nameᵒ Descriptionᵒ Icon
© 2013 Citrix | Confidential – Do Not Distribute32
Public Store – Android apps
• Publish Android apps links from Google Play store on XM App Controller
• XM App Controller will not automatically determine if app is free or paid
• IT Admin needs to enter app infoᵒ App nameᵒ Descriptionᵒ Paid or freeᵒ Image (icon)
© 2013 Citrix | Confidential – Do Not Distribute
Multiple Domain Support
• First domain specified in initial configuration is default domainᵒ Default domain cannot be deleted
• The domains may belong to different forestsᵒ As long as service account can access base DN
• In forest deployment each domain will need to specified as separate instanceᵒ Internal relationship between domains will not be consideredᵒ Trusts between domains will not be considered
• Nested groups will not be supported ᵒ Only users in specified group will be included in roleᵒ Users in a group within a specified group will not be included in role
© 2013 Citrix | Confidential – Do Not Distribute
App Controller Configuration
• Modify Domain settingᵒ Configuration data can be edited by Administratorᵒ Changes to user/group DN will require AppC to re-syncᵒ No further configuration changes can be completed during a re-sync
© 2013 Citrix | Confidential – Do Not Distribute
App Controller Configuration
• Modify Domain settingᵒ Configuration data can be edited by Administratorᵒ Changes to user/group DN will require AppC to re-syncᵒ No further configuration changes can be completed during a re-sync
• When multiple domains are configured on AppCᵒ Direct login only allowed for default domain usersᵒ All other domain authentication only supported through NetScaler Gateway
• Group membership across domainsᵒ Global or Universal groups are not supported
© 2013 Citrix | Confidential – Do Not Distribute
Master User List
• Master user list may be used to confirm that the additional domains synchronized correctly
© 2013 Citrix | Confidential – Do Not Distribute
NetScaler Gateway Configuration
• To support authentication from multiple domains, users need to gain access through NetScaler Gateway
• Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration
© 2013 Citrix | Confidential – Do Not Distribute
NetScaler Gateway Configuration
• To support authentication from multiple domains, users need to gain access through NetScaler Gateway
• Add LDAP policy for each additional domain to Authentication tab within Enterprise gateway configuration
• Same priority can be given to all the LDAP policies configured
• Within each LDAP policy, Server Logon Name is configured to UserPrincipalName
© 2013 Citrix | Confidential – Do Not Distribute
Problem with XenMobile 8.5
• For XenDesktop deployment in multiple sites, one NSG is involved in each site
• App Controller supported only a single NSG to be configured
• App Controller needs to handle when all the NSGs use the same FQDN in GSLB case
© 2013 Citrix | Confidential – Do Not Distribute
How it worked previouslyAppController 2.8 and lower
Enable• Gateway in front of AppC
Callback URL
External URL• VIP on the NetScaler
Logon type• Domain only• Security token only• Domain & Security token
© 2013 Citrix | Confidential – Do Not Distribute
Approach
• ControlPoint allows multiple NSGs to be configured
• Each NSG has its own configurationsᵒ FQDN (for Account Service Record)ᵒ Callback URL (for AGESSO)
• App Controller AuthService uses two headers to reach back to the right NSGᵒ X-Citrix-Via (indicating NSG FQDN)ᵒ X-Citrix-Via-VIP (indicating NSG VIP)
© 2013 Citrix | Confidential – Do Not Distribute
Multi-NSG
AppController
NetScaler GW 2
NetScaler GW 1
NetScaler GW 3
X-Citrix-Via: NSG1_FQDNX-Citrix-Via-VIP: NSG1_VIP
X-Citrix-Via: NSG2_FQDNX-Citrix-Via-VIP: NSG2_VIP
X-Citrix-Via: NSG3_FQDNX-Citrix-Via-VIP: NSG3_VIP
AGESSO Callback
© 2013 Citrix | Confidential – Do Not Distribute
Detail
• ControlPointᵒ NSG configuration table where each row represents one NSG
• For GSLB NSGs, only a single row is configured• Otherwise there could be multiple rows
• AuthServiceᵒ If X-Citrix-Via-VIP header is present in the request
• Use X-Citrix-Via value as the SSL endpoint (for certificate validation against FQDN)• Use X-Citrix-Via-VIP as TCP endpoint
ᵒ If X-Citrix-Via-VIP header is not present• Use current behaviour by doing callback to X-Citrix-Via value• If there is a static host entry for that NSG FQDN, use it instead of doing DNS lookup
(OPTIONAL but requested by customers)
© 2013 Citrix | Confidential – Do Not Distribute
Multiple Callback URLs
• Each NetScaler Gateway will support multiple callback URLs (compared to before, it supported only one)
• Can have zero, one, or many callback URLs for each NetScaler Gateway
• When there are one or more callback URLs defined, AppController will choose the first URL on the list and failover to the next only if the first try times out and so on
© 2013 Citrix | Confidential – Do Not Distribute
Piggy Back Features
• Internal Beacon configurationᵒ Currently App Controller uses its own FQDN as the internal beacon and it is not
modifiableᵒ Making this field modifiable makes it easier to enforce clients to always go through
NSG
• (Optional) External Beacon configurationᵒ Currently App Controller uses the NSG it is configured with for external beaconᵒ If possible, we should also make these modifiable
© 2013 Citrix | Confidential – Do Not Distribute55
Review
• Module 1: Deploy WorxMail 1.3 ᵒ Configure and test some of the new WorxMail 1.3 features on iOS or Android devices
• Module 2: Deploy WorxWeb 1.3 ᵒ Configure and verify ability to create blacklist/whitelist of URLsᵒ Configure and verify ability to set a Homepage for WorxWeb
• Module 3: Deploy Native iOS (.IPA) or Android (.APK) appsᵒ Configure and verify ability to upload .IPA or .APK files to XenMobile App Controllerᵒ Verify mobile users can access and download native apps from XenMobile App
Controller
© 2013 Citrix | Confidential – Do Not Distribute56
Review
• Module 4: Deploy Public Stores apps to iOS and Android devicesᵒ Configure and verify ability to publish iOS free and paid apps available from the App
Storeᵒ Configure and verify ability to publish Android free and paid apps available from the
Google Play
• Module 5: Deploy XenMobile App Controller in a Multi-Windows Domain Environmentᵒ Configure XenMobile App Controller to authenticate users from two independent
Windows domainsᵒ Configure and test NetScaler Gateway 10.1.e to allow remote users access
resources from either domain
© 2013 Citrix | Confidential – Do Not Distribute57
Review
• Module 6: Deploy XenMobile App Controller with Multiple NetScaler Gatewaysᵒ Configure and test XenMobile App Controller with multiple NetScaler Gateways (2)
to allow remote users access resources from either Gateway