Embed Size (px)
Citation preview
29.09.2016.ZagrebHotel Antunović
Zagreb, 29.09.2016.
XenMobile: Enterprise mobile management solution
Tomica Kaniš[email protected] | http://blog.kaniski.eu/
POKROVITELJI
AKADEMSKI PARTNERI DIGITALNI PARTNER PRIJATELJI KONFERENCIJE
GENERALNI SPONZOR GENERALNI MEDIJSKI SPONZOR GLAVNI SPONZORI
MEDIJSKI PARTNERI
SPONZORI
Agenda XenMobile editions scenarios features WorxApps NetScaler integration deployment tips resources
XenMobile provides... unified management of devices & applications corporate app store mobile device and app management unified access getaway & SSO workflow-driven productivity apps military-grade (FIPS) security mobile content management broad platform support
Editions... XenMobile MDM
mobile device management (MDM) allow IT Administrators to enroll and enforce restriction policies
to corporate-owned or BYO devices XenMobile Advanced
mobile device and application management (MDM + MAM) adds support for IT Admins to create enterprise app store for
mobile, web/SaaS and Windows apps with MDX capabilities (securing data and network resources)
XenMobile Enterprise enterprise mobile management (EMM) solution adds ShareFile capability for data mobility management
Scenarios: XenMobile MDM mobile device management jailbreak detection selective or full wipe geolocation tracking passcode enforcement pushing applications native mail client access control Wi-Fi & VPN access control access to local documents/files for editing
Scenarios: XenMobile Advanced all MDM edition use scenarios federated single sign-on (SSO) secure email secure browsing automated account provisioning workflows policy-based interapp security app specific microVPN tunnels unified corporate app store access to local documents/files for editing
Scenarios: XenMobile Enterprise all XenMobile Advanced edition use scenarios secure document sharing,
syncing & editing (ShareFileEnterprise)
Features single administrative experience with RBAC unified XenMobile server (Linux appliance) simplified deployment and configuration designed for 100,000 user environments (with 150,000+ devices) integrated enterprise store with ratings, screenshots and app
reviews cross-platform app & policy definitions single sign-on for MDX apps FIPS 140-2 support connectivity checks & support bundle integrated Worx productivity apps
The „big picture”
Worx apps (1) WorxHome
authenticates users (AD with certificates, tokens and other second factors)
permits lock/wipe of corporate data/apps on selected devices
SSO for all managed apps (hosted (HDX) apps and desktops, web/SaaS apps, MDX managed mobile apps)
access to the MDX apps (determines policies and app entitlements and controls data exchange)
provides gateway tickets for microVPN access, certificates for protected websites, SAML tokens for ShareFile access, ...
Worx apps (2) WorxWeb
HTML5-compatible browser whitelist/blacklist URLs, set bookmarks and home page leverages microVPN (full tunnel) or SecureBrowse (client-side
rewrite) https://bramwolfs.com/2012/08/24/cloud-gateway-a-wrap-up-so-far-par
t-2/
WorxMail ActiveSync mail/calendar/contacts client microVPN or STA to sync email from Exchange or Office 365
Worx apps (3) WorxEdit
open, view, create or edit Microsoft Office documents view PDF files track changes from multiple reviewers local storage for offline copy editing
WorxNotes create, sync and share notes create notes from WorxMail messages ShareFile integration for storage and sync integrated with Exchange server (email and calendar)
Worx apps (4) WorxTasks
securely manage tasks integration with Outlook tasks and WorxMail
WorxDesktop secure „VDI like” access to physical desktop access work files and apps
ShareFile secure enterprise file share and sync mobile content editing SharePoint & network files integration
Zagreb, 29.09.2016.
DEMOWorx apps
NetScaler hardware (MPX, SDX) or software appliance (VPX) provides content switching and load balancing for MDM,
MAM or EMM manages the complete lifecycle of the request/response
transaction supports connection reuse (reduces TCP overhead on web
servers) communicates with XenMobile (better together)
built-in monitor for XenMobile built-in diagnostic tools for XenMobile
supports microVPN (MDX) technology in XenMobile
NetScaler addresses NSIP
NetScaler IP (IP of the appliance) management IP
SNIP subnet IP communication to backend services like XenMobile, AD,
database, ... („points of presence” in different subnets)
VIP virtual IP IP address of a virtual server (client-side access)
The „big picture”
Deployment of EMM (1) prerequisites:
firewall ports http://docs.citrix.com/en-us/xenmobile/10-3/xmob-system-requirements/xmob-deploy-co
mponent-port-reqs-con.html hypervisor of choice SQL Server 2012+ XenMobile license service accounts (DB creator, AD reader) 4 free IP Addresses in the DMZ 2 free public IP addresses 2 SSL certificates (or a wildcard certificate) Apple Push Notification Services certificate (APNS)
for managing Apple devices NetScaler Gateway
NetScaler Standard or higher supports Load Balancing SMTP server (optional)
Deployment of EMM (2) steps:
XenMobile import the XenMobile appliance(s) initial configuration from CLI (IP, database, NTP, ...) additional configuration from console (SSL, NSGW, LDAP, ...) create additional appliance(s)/enable clustering update the environment (for WM10)
integration with NetScaler import the NetScaler appliance(s) initial configuration from CLI (NSIP) additional configuration from console (license, SSL, ...) XenMobile integration wizard create additional appliance(s)/enable HA mode
Zagreb, 29.09.2016.
DEMOXenMobile Enterprise deployment and NetScaler integration
Tips... XenMobile
don’t install and upgrade the first node and later try to add another one (hint: database schema upgrades... sometimes )
use VM cloning for multiplication of nodes RBAC – can’t add a group to Support role
create another role, tailored to your wishes restart appliances to pick up certificates & updates
NetScaler 4K certificates limitation on VPX
only hardware appliances support 4K certificates vCPU limitation on Hyper-V (intentional!)
limited to two vCPUs (use VMware instead ) bug with AD authentication in GUI
if you password contains special characters, beware...
Conclusion complete enterprise mobility management solution three „flavours” – MDM, MDM+MAM, EMM end-to-end security, easy deployment and great user
experience integration with NetScaler appliance is easy and
preferred nice built-in productivity apps fast deployment
Resources https://www.citrix.com/products/xenmobile/ http://docs.citrix.com/en-us/xenmobile/10/xmob-about.html https://www.citrix.com/downloads/xenmobile.html https://www.citrix.com/content/dam/citrix/en_us/documents/pr
oducts-solutions/xenmobile-security-understanding-the-technology-used-by-xenmobile.pdf
http://www.robinhobo.com/how-to-setup-citrix-xenmobile-10-including-configuring-netscaler/
http://www.carlstalhood.com/netscaler-gateway-11-ldap-authentication/
http://www.ingmarverheij.com/one-content-switch-to-rule-them-all/
AnketePopunite ankete i osvojite vrijedne nagrade!Ankete su dostupne na:a) Mobilnim uređajima (Android, Apple, Windows)b) Web-u http://www.mobilityday.comPIN za pristup se nalazi na poleđini akreditacije i u vašem on-line profilu.
Zagreb, 29.09.2016.
HVALA!
