Citrix

Produktdokumentation



Ganzes Dokument herunterladen

Plan

Oct. 08, 2015

As you plan to deploy App Controller, you should take the following considerations into account:

  • App Controller network settings, including the IP address, default gateway, DNS servers, NTP servers, web proxy, and Active Directory.
  • The deployment of web, SaaS, Android, and iOS applications that users need to access, including applications that you host in your internal network or applications that reside on the Internet. The applications include WorxMail and WorxWeb.
  • The deployment of App Controller only, in which users can connect to their web, SaaS, and mobile Android and iOS apps directly from App Controller.
  • The deployment of App Controller for high availability, in which you deploy two App Controller virtual machines (VMs) to fail over if one VM fails.
  • The deployment of App Controller with StoreFront that allows user access to Windows-based applications from XenApp and to virtual desktops from XenDesktop.
  • The deployment of NetScaler Gateway with App Controller and StoreFront that allows remote users to connect to network resources.
  • An App Controller configuration that includes ShareFile to allow users to easily view, edit, synchronize, and share files from any devices with document-level control. For more information, see the ShareFile documentation in Citrix eDocs.

This topic includes a checklist that helps you define the information you need about the following:

  • Active Directory settings
  • Applications for single sign-on (SSO)
  • Authentication through StoreFront
  • Clustering AppController virtual machines
  • Deployment settings for NetScaler Gateway and StoreFront
  • High availability
  • Mobile apps, including WorxMail and WorxWeb
  • Network connectivity
  • Ports
  • Role and category names
  • ShareFile settings
  • User devices

App Controller Pre-Installation Checklist

This checklist lists the tasks you should complete and the configuration values you should note before you install App Controller 2.8.

Citrix recommends that you print and complete this checklist. The checklist has an extra column that you can use to check off each task as you complete it and to record information.

For instructions about installing and configuring App Controller, see Installing App Controller 2.8.

App Controller Basic Network Connectivity

Note the App Controller host name.

Configure up to two DNS servers.

 

Note the IP address of App Controller.

Reserve one IP address if you install one instance of App Controller.

Reserve three IP addresses if you configure high availability on App Controller.

 

Note the IP address for the Network Time Protocol (NTP) server.

 

If your deployment supports remote access to App Controller through NetScaler Gateway, note the following:

  • One public IP address configured on NetScaler Gateway
  • One external DNS entry for NetScaler Gateway
    Note: You only need an external DNS entry if you deploy NetScaler Gateway in your network.

    App Controller resides in the internal network. If users connect to applications in the secure network from the Internet, NetScaler Gateway must reside in the DMZ.

 

Note the default gateway IP address.

 

Note the web proxy server IP address, port, proxy host list, and the administrator user name and password.

Note: You can user either the sAMAccountName or the User Principal Name (UPN) when configuring the user name for the web proxy.
 

Certificates

App Controller requires secure server, root, and SAML certificates for communication with other Citrix products and SAML applications. When you configure App Controller for the first time, you can add or create certificates on the Active Directory page in the initial settings wizard in order to communicate with secure LDAP.

Create a Certificate Signing Request (CSR) and submit to a Certificate Authority (CA) for signing.

 

Install a signed, secure SSL server certificate that is used for secure connections to the management console and for communicating with XenMobile MDM Edition, NetScaler Gateway, StoreFront, and Web Interface.

Note: This certificate requires a private key. App Controller creates the private key when you run the CSR.
 

Install a secure SSL server certificate for communicating between App Controller and applications that require an SSL certificate for user account management. This is for secure LDAP communication with App Controller.

 

Install a secure SAML certificate for communication between App Controller and SAML applications that require an SSL certificate, such as GoogleApps. You can install one SAML certificate on App Controller.

 

Communication

Open the following ports to allow communication with App Controller.

Active Directory uses port 389.

Open port 636 if you use secure LDAP.

Open port 3268 for an LDAP connection to the Microsoft Global Catalog.

Open port 3269 for a secure LDAP connection to the Microsoft Global Catalog.

 

Open the following ports to allow administrator and server access:

Administration ports

  • App Controller command-line console, port 22. Open this port if you use Secure Shell (SSH) to connect to the command line.
  • App Controller management console, port 4443.

Server connections

  • Remote connections through NetScaler Gateway, port 443
  • DNS name resolution, port 53
  • SMTP mail server connection, port 25
 

Active Directory Settings

You use Active Directory to obtain groups. When you obtain groups, you can create roles and then assign applications to the role. By default, the AllUsers role in App Controller maps to the Everyone group in Active Directory.

Note the Active Directory IP address and port.

If you use port 636, install a root certificate from a CA on App Controller.

 

Note the Active Directory domain name.

 

Note the Active Directory service account.

The Active Directory service account is the account that App Controller uses to query Active Directory.

 

Note the Base DN.

This is the directory level under which users are located; for example, cn=users,dc=ace,dc=com.

Note: If your Active Directory database is large, you can configure multiple Base DNs to which App Controller binds and in which the server searches to find user objects. For example, you can use the following: ou=Finance,dc=ace,dc=com; ou=Sales,dc=ace,dc=com
 

Note the Group Base DN

This is the directory level under which users are located. You can use the same value that you used for Base DN.

Note a user account for testing.

This is an Active Directory account that you can use to log on and test SSO.

 

Device Management

You can configure App Controller to connect to XenMobile Device Manager.

Note: Before you configure settings in App Controller, configure App Controller settings on Device Manager.

You can also use App Controller to manage user devices. You can lock and erase data in App Controller.

Note the Device Manager host name.

Note the Device Manager port.

Note the shared key from Device Manager.

Note if devices require enrollment in Device Manager before connecting to App Controller.

Mail Server Settings

You can configure a mail server on App Controller through which App Controller can send notification emails. Typically, App Controller uses these emails during a workflow to secure approvals or to notify users of new accounts and passwords that you configure App Controller to create for them. You configure the mail server settings when you first install App Controller and configure network settings in the management console. You can change workflow email settings at any time by using the Settings tab in the management console.

Note the email server name, such as mail.mycompany.com.

 

Note the SMTP port number.

 

Note the email address from which App Controller sends emails.

 

Store Settings

You can configure user credentials and the device ID for the Google Play Store. Users need to download the application Device ID from the Play Store to obtain the device ID.

Note the user name for the Google Play Store.

Note the password.

Note the device ID.

Roles

Roles in App Controller represent a set of one or more groups in Active Directory. You can control the list of applications that users can view based on their group membership in Active Directory. When adding a role, you select the groups from Active Directory to include in the role. Then, you can add applications to the roles to provide access to a specific group of users. When you configure applications in App Controller, you select the role. If you do not select a role for the app, App Controller uses the default role AllUsers.

Important: You must create a role before you configure ShareFile settings. The role should contain the same number of members for which you obtain licenses. For example, if you have 100 licenses, the role should contain the same amount of users. If you use the AllUsers role, which might have more Active Directory accounts than licenses, synchronizing accounts in ShareFile and App Controller might fail. If you previously selected the AllUsers role or a role with too many Active Directory accounts, you must manually remove the role from ShareFile and then add the new role.

List the names of roles you want to add in App Controller.

 

Categories

You can group applications into categories, such as Finance, Sales, and Marketing. Users see the categories when they log on with Worx Home or Citrix Receiver for Windows or Mac computers. Users can add or subscribe to their applications from the category that appears in Worx Store.

List the category names you want to create for Worx Home or Receiver.

 

Application Information

You can configure single sign-on (SSO) to applications in App Controller.

List the names of SAML applications for your organization.

 

List the names of Formfill applications for your organization.

 

List the names of mobile apps to upload to App Controller, including WorxMail and WorxWeb apps.

 

Note the logon web address of applications that do not have a default web address, such as Google Apps.

 

Use test credentials to test SSO to applications.

 

SAML Application Information

You can use the following table to enter information for your SAML applications.

Note the name of your SAML apps.

 

Note the supported SAML version.

 

Note the ACS URL.

 

Note the Entity ID.

 

Note the RelayState URL.

 

Note any additional parameters (and values expected) required as part of the SAML assertion.

 

Mobile App Management for iOS Apps

You can use the following guidelines for preparing MDX apps for iOS. You wrap mobile apps with the MDX Toolkit available from the Citrix Downloads page.

You must use a Mac OS X computer running Version 10.7 or 10.8 for iOS apps.

 

Obtain the Citrix MDX Toolkit available from the Citrix Downloads page.

 

Obtain an Apple account from the Apple developer registration site.

 

Obtain a Distribution Certificate from Apple.

 

Obtain the iOS Distribution Provisioning Profile from the Apple Developer web site.

 

Install the Xcode command line tools from the Apple Xcode web site.

Mobile App Management for Android Apps

You can use the following guidelines for preparing MDX apps for Android.

You must use a Mac OS X computer running Version 10.7 or 10.8 for Android apps.

 

Obtain and install the Java Development Kit (JDK) minimum Version 1.7.

 

Obtain and install the Android Software Development Kit (SDK).

 

Obtain the Citrix MDX Toolkit available from the Citrix Downloads page.

 

Obtain a digitally signed certificate with a private key that is held by the application's developer. For more information about the certificate, see Signing Your Applications on the Android Developers web site.

 

Mobile Links

You can configure mobile links to retrieve the name and description of apps from Google Play or the Apple App Store. When you configure mobile links, the apps appear in Worx Home with the Google Play or App Store name.

List the mobile apps for which you want to retrieve information from Google Play or the App Store.  

Web Links

You can configure web addresses in App Controller. The links can be to Internet sites, or to intranet sites in the internal network. The links appear in Worx Home when users log on.

List the web sites to which you want to allow user access.  

Data Management

You can configure ShareFile in App Controller to provide user access to documents and data. In previous App Controller versions, when you configured ShareFile, the domain sharefile.com was automatically appended to the domain name. In this release, the domain sharefile.com does not automatically append to the ShareFile domain name. You must enter the entire ShareFile domain name.

Note the full ShareFile domain name.

 

Note the roles from Active Directory that provide user access.

 

Note the ShareFile administrator account user name and password for user management.

 

High Availability

You can configure two App Controller VMs for high availability. If the primary App Controller fails, the secondary App Controller can accept user connections. Each App Controller VM must be in the same subnet. You can configure high availability by using the command line on the Console tab in XenCenter.

For more information about configuring high availability, see Configuring High Availability.

Identify the primary App Controller IP address and subnet.

 

Identify the secondary App Controller IP address and subnet.

 

Configure a virtual IP address on NetScaler Gateway.

 

Configure the SSL handshake between App Controller VMs.

 

Clustering

You can form an App Controller cluster by grouping virtual machines (VM) together. One VM acts as the cluster head and connects to the database. The other VMs in the cluster communicate with the cluster head to obtain data. You can create, join, or leave a cluster. Citrix recommends deploying two App Controller VMs in a high availability pair first and then configure both VMs in the high availability pair as cluster heads. Then, you can add additional App Controller VMs as service nodes.

Note the cluster head IP address

Note the cluster head shared key.

Note the IP addresses of other App Controller VMs in the cluster.

Note: You add the shared key from the cluster head to these VMs.

Connect Users

You can configure App Controller to authenticate users. When users connect by using Worx Home, Citrix Receiver to App Controller, they receive the mobile, web, and SaaS apps you configure in App Controller. Users can also connect to StoreFront which provides the additional capability of access to published applications in XenApp and virtual desktops. If users need to connect to apps hosted in your internal network from a remote location, you can route user connections through NetScaler Gateway. In App Controller 2.8, StoreFront must reside behind App Controller. You must also enable legacy mode in StoreFront or in the Web Interface.

Note the access method, App Controller, StoreFront, or NetScaler Gateway for user connections.

 

Note the StoreFront URL and legacy path.

 

Note the NetScaler Gateway host name and external URL.

The external URL is the web address with which users connect.

 

Note the NetScaler Gateway callback URL.

Logging

You can configure a syslog server or transfer the logs to a server in the internal network.

Note the IP address or fully qualified domain name (FQDN) and port of the syslog server.

 

Note the server name to which you want to transfer logs.

 

Note the user name and password of the server to which you want to transfer logs.

 

Note the directory path where you store the logs.

Icons in the App Controller Management Console

The App Controller management console includes icons that users click to perform different tasks. The following table defines each icon.
Icon Icon name Definition
Click to enable app.

Enable

Indicates that an app is disabled. When clicked, enables the app.

Click to disable app.

Disable

Indicates that an app is enabled. When clicked, disables the app.

Edit app.

Edit

Used to edit a role or application.

Delete app.

Remove

Used to remove an application, remove an application from a role, or to remove a category, workflow, or user device.

Sync app.

Sync

Used to synchronize application users with Active Directory for accounts that are configured for user account management. Also opens a Storage Zone dialog box in Roles to enable you to find a particular storage zone and provide credentials.

Upgrade app

Upgrade

Used to upgrade a mobile application with a new version.

Details icon.

Role details

In Roles, you can view the Active Directory groups that belong to a configured role or you can delete the role.

Lock a user device.

Lock

Used to lock a user device.

Unlock user device.

Unlock

Used to unlock a user device after you have locked it.

Wipe a user device.

Erase

Used to erase data and documents from a device.

Restore data and docs.

Stop erasing

Used to stop the process of erasing data and documents from the device.

Apps associated with workflow

Apps

In Workflows, shows the apps with which the workflow is associated, if any.

Workflow details

Workflow details

In Workflows, lets you view the levels of manager approval and additional approvers for a configured workflow.

User icon

User

In Roles, lets you view members of the Active Directory groups.

Back to Top