Citrix

Product Documentation



Download full document

XenMobile Service

Jan. 25, 2017

The Citrix Cloud XenMobile Service, previously called XenMobile Cloud, offers a XenMobile enterprise mobility management (EMM) environment for managing apps and devices as well as users or groups of users. With XenMobile Service, Citrix handles the configuration and maintenance of the infrastructure onsite through the Citrix Cloud Operations group. This separation lets you focus exclusively on the user experience and on managing devices, policies, and apps. XenMobile Service also replaces the need to purchase and manage licenses with a subscription fee.

Cloud Operations administrators handle maintenance and configuration of the network connectivity, as well as the integration of NetScaler and ShareFile. Citrix hosts the Cloud environment in datacenters located throughout the world to deliver high performance, rapid response, and support.

XenMobile Deployment Handbook: Planning a XenMobile deployment involves many considerations. For recommendations, common questions, and use cases for your end-to-end XenMobile environment, including reference architecture diagrams for XenMobile Service, see the XenMobile Deployment Handbook.

Note

  • The Remote Support client is not available in XenMobile Service versions 10.x for Windows CE and Samsung Android devices.
  • XenMobile Service server-side components are not FIPS 140-2 compliant.
  • Citrix does not support syslog integration in XenMobile Service with an on-premises syslog server. Instead, you can download the logs from the Support page in the XenMobile console. When doing so, you must click Download All to get system logs. For details, see View and analyze log files in XenMobile.

Resource locations

Resource locations contain the resources required to deliver services to your subscribers. Resource locations include Citrix NetScaler, StoreFront servers, Microsoft Exchange servers, and Microsoft Active Directory domains.

Place resource locations where they best meet your business needs, such as in a public cloud, in a branch office, private cloud, or a data center. Factors that determine the choice of location include:

  • Proximity to subscribers
  • Proximity to data
  • Scale requirements
  • Security attributes

You can build any number of resource locations. For example, you could:

  • Build a resource location in your data center for the head office based on subscribers and applications that need to be close to the data.
  • Add a separate resource location for your global users in a public cloud. Alternatively, build separate resource locations in branch offices to provide the applications best served close to the branch workers.
  • Add a further resource location on a separate network that provides restricted applications. This provides restricted visibility to other resources and subscribers without the need to adjust the other resource locations.

XenMobile Service connection options

You can connect to XenMobile Service through Cloud Connector or through an IPsec tunnel, which serve as a channel for communication between Citrix Cloud and your resource locations.

Cloud Connector

Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels. Cloud Connector authenticates and encrypts all communication between Citrix Cloud and your resource locations. Cloud Connector establishes connections to Citrix Cloud. Cloud Connector doesn't accept incoming connections.

If you require a micro-VPN, you must use an on-premises NetScaler with Cloud Connector.

Cloud Connector, along with NetScaler Gateway and your servers for Exchange, web apps, Active Directory, and PKI reside in your data center. Mobile devices communicate with XenMobile Service and your on-premises NetScaler Gateway. The following diagram shows the basic architecture when using Cloud Connector with XenMobile Service. For more information, see Cloud Connector.

localized image

IPsec

If Cloud Connector doesn't meet your specific enterprise integration requirements, IPsec connectivity is available. A member of the XenMobile Service Operations team can advise you about whether to use IPsec.

For IPsec connectivity, your servers for Exchange, web apps, Active Directory, and PKI reside in your data center. Mobile devices communicate with XenMobile Service and NetScaler Gateway. The following diagram shows the basic architecture when using IPsec with XenMobile Service. For more information, see IPsec.

localized image

Onboarding

The following figure shows the onboarding steps. When you are evaluating or purchasing XenMobile Service, the XenMobile Service Operations team provides ongoing onboarding help and communication to ensure that the core XenMobile services are running and configured correctly.

localized image

To request a XenMobile Service trial, go to https://onboarding.cloud.com. After you sign up for a Citrix account and log in, a screen similar to the following appears. Next to XenMobile Service, click Request Trial

localized image


The button then changes to Trial Requested. You will receive an email to notify you when your trial becomes available.

While waiting for the trial, be sure to prepare for your XenMobile Service deployment by reviewing Cloud Connector or IPsec. Although Citrix hosts and delivers your XenMobile Service solution, some communication and port requirements are required to connect the XenMobile Servoce infrastructure to corporate services, such as Active Directory.

After you are authorized to access the trial, the button for XenMobile Service changes to Manage, which opens a wizard. Follow the instructions in that wizard to configure your connection to XenMobile Service.

The following diagram shows the first screen you see when starting a trial if you chose to connect to the cloud through Cloud Connector. 

localized image

To complete the setup for Cloud Connector, you need:

  • An available subnet address for the XenMobile Service network.
  • At least two Windows Server 2012 R2 or Windows Server 2016 machines that are joined to your Active Directory domain. The wizard guides you through installing Cloud Connector on those machines.

For more information, see Cloud Connector.

The following diagram shows the first screen you see when starting a trial if you chose to connect to the cloud through IPsec.

localized image

To complete the setup for IPsec, you will need the following information:

  • An available subnet address for the XenMobile Service network
  • DNS server addresses and domain suffixes
  • Subnet addresses for application servers
  • IPsec appliance vendor, platform, software version, and public IP address
  • NetScaler Gateway authentication type
  • Active Directory domain information

For more information, see IPsec.

Back to Top