Published on October 1, 2016
1. 29.09.2016. Zagreb Hotel Antunović
2. Zagreb, 29.09.2016. XenMobile: Enterprise mobile management solution Tomica Kaniški firstname.lastname@example.org | http://blog.kaniski.eu/
3. POKROVITELJI AKADEMSKI PARTNERI DIGITALNI PARTNER PRIJATELJI KONFERENCIJE GENERALNI SPONZOR GENERALNI MEDIJSKI SPONZOR GLAVNI SPONZORI MEDIJSKI PARTNERI SPONZORI
4. Agenda XenMobile editions scenarios features WorxApps NetScaler integration deployment tips resources
5. XenMobile provides... unified management of devices & applications corporate app store mobile device and app management unified access getaway & SSO workflow-driven productivity apps military-grade (FIPS) security mobile content management broad platform support
6. Editions... XenMobile MDM mobile device management (MDM) allow IT Administrators to enroll and enforce restriction policies to corporate-owned or BYO devices XenMobile Advanced mobile device and application management (MDM + MAM) adds support for IT Admins to create enterprise app store for mobile, web/SaaS and Windows apps with MDX capabilities (securing data and network resources) XenMobile Enterprise enterprise mobile management (EMM) solution adds ShareFile capability for data mobility management
7. Scenarios: XenMobile MDM mobile device management jailbreak detection selective or full wipe geolocation tracking passcode enforcement pushing applications native mail client access control Wi-Fi & VPN access control access to local documents/files for editing
8. Scenarios: XenMobile Advanced all MDM edition use scenarios federated single sign-on (SSO) secure email secure browsing automated account provisioning workflows policy-based interapp security app specific microVPN tunnels unified corporate app store access to local documents/files for editing
9. Scenarios: XenMobile Enterprise all XenMobile Advanced edition use scenarios secure document sharing, syncing & editing (ShareFile Enterprise)
10. Features single administrative experience with RBAC unified XenMobile server (Linux appliance) simplified deployment and configuration designed for 100,000 user environments (with 150,000+ devices) integrated enterprise store with ratings, screenshots and app reviews cross-platform app & policy definitions single sign-on for MDX apps FIPS 140-2 support connectivity checks & support bundle integrated Worx productivity apps
11. The „big picture”
12. Worx apps (1) WorxHome authenticates users (AD with certificates, tokens and other second factors) permits lock/wipe of corporate data/apps on selected devices SSO for all managed apps (hosted (HDX) apps and desktops, web/SaaS apps, MDX managed mobile apps) access to the MDX apps (determines policies and app entitlements and controls data exchange) provides gateway tickets for microVPN access, certificates for protected websites, SAML tokens for ShareFile access, ...
13. Worx apps (2) WorxWeb HTML5-compatible browser whitelist/blacklist URLs, set bookmarks and home page leverages microVPN (full tunnel) or SecureBrowse (client-side rewrite) https://bramwolfs.com/2012/08/24/cloud-gateway-a-wrap-up-so-far- part-2/ WorxMail ActiveSync mail/calendar/contacts client microVPN or STA to sync email from Exchange or Office 365
14. Worx apps (3) WorxEdit open, view, create or edit Microsoft Office documents view PDF files track changes from multiple reviewers local storage for offline copy editing WorxNotes create, sync and share notes create notes from WorxMail messages ShareFile integration for storage and sync integrated with Exchange server (email and calendar)
15. Worx apps (4) WorxTasks securely manage tasks integration with Outlook tasks and WorxMail WorxDesktop secure „VDI like” access to physical desktop access work files and apps ShareFile secure enterprise file share and sync mobile content editing SharePoint & network files integration
16. Zagreb, 29.09.2016. DEMO Worx apps
17. NetScaler hardware (MPX, SDX) or software appliance (VPX) provides content switching and load balancing for MDM, MAM or EMM manages the complete lifecycle of the request/response transaction supports connection reuse (reduces TCP overhead on web servers) communicates with XenMobile (better together) built-in monitor for XenMobile built-in diagnostic tools for XenMobile supports microVPN (MDX) technology in XenMobile
18. NetScaler addresses NSIP NetScaler IP (IP of the appliance) management IP SNIP subnet IP communication to backend services like XenMobile, AD, database, ... („points of presence” in different subnets) VIP virtual IP IP address of a virtual server (client-side access)
19. The „big picture”
20. Deployment of EMM (1) prerequisites: firewall ports http://docs.citrix.com/en-us/xenmobile/10-3/xmob-system- requirements/xmob-deploy-component-port-reqs-con.html hypervisor of choice SQL Server 2012+ XenMobile license service accounts (DB creator, AD reader) 4 free IP Addresses in the DMZ 2 free public IP addresses 2 SSL certificates (or a wildcard certificate) Apple Push Notification Services certificate (APNS) for managing Apple devices NetScaler Gateway NetScaler Standard or higher supports Load Balancing SMTP server (optional)
21. Deployment of EMM (2) steps: XenMobile import the XenMobile appliance(s) initial configuration from CLI (IP, database, NTP, ...) additional configuration from console (SSL, NSGW, LDAP, ...) create additional appliance(s)/enable clustering update the environment (for WM10) integration with NetScaler import the NetScaler appliance(s) initial configuration from CLI (NSIP) additional configuration from console (license, SSL, ...) XenMobile integration wizard create additional appliance(s)/enable HA mode
22. Zagreb, 29.09.2016. DEMO XenMobile Enterprise deployment and NetScaler integration
23. Tips... XenMobile don’t install and upgrade the first node and later try to add another one (hint: database schema upgrades... sometimes ) use VM cloning for multiplication of nodes RBAC – can’t add a group to Support role create another role, tailored to your wishes restart appliances to pick up certificates & updates NetScaler 4K certificates limitation on VPX only hardware appliances support 4K certificates vCPU limitation on Hyper-V (intentional!) limited to two vCPUs (use VMware instead ) bug with AD authentication in GUI if you password contains special characters, beware...
24. Conclusion complete enterprise mobility management solution three „flavours” – MDM, MDM+MAM, EMM end-to-end security, easy deployment and great user experience integration with NetScaler appliance is easy and preferred nice built-in productivity apps fast deployment
25. Resources https://www.citrix.com/products/xenmobile/ http://docs.citrix.com/en-us/xenmobile/10/xmob-about.html https://www.citrix.com/downloads/xenmobile.html https://www.citrix.com/content/dam/citrix/en_us/documents/pr oducts-solutions/xenmobile-security-understanding-the- technology-used-by-xenmobile.pdf http://www.robinhobo.com/how-to-setup-citrix-xenmobile-10- including-configuring-netscaler/ http://www.carlstalhood.com/netscaler-gateway-11-ldap- authentication/ http://www.ingmarverheij.com/one-content-switch-to-rule- them-all/
26. Ankete Popunite ankete i osvojite vrijedne nagrade! Ankete su dostupne na: a) Mobilnim uređajima (Android, Apple, Windows) b) Web-u http://www.mobilityday.com PIN za pristup se nalazi na poleđini akreditacije i u vašem on-line profilu.
27. Zagreb, 29.09.2016. HVALA!