Citrix

Produktdokumentation



Ganzes Dokument herunterladen

Reference Architecture for On-Premises Deployments

Jan. 12, 2017

The figures in this article illustrate the reference architectures for the XenMobile deployment on premises. The deployment scenarios include MDM-only, MAM-only, and MDM+MAM as the core architectures, as well as those that include components, such as XenMobile NetScaler Connector, XenMobile Mail Manager, and XenApp and XenDesktop. The figures show the minimal components required for XenMobile.

Use this chart as a general guide for your deployment decisions.

localized image

In the figures, the numbers on the connectors represent ports that you must open to allow connections between the components. For a complete list of ports, see Port requirements in the XenMobile documentation.

Core MDM-Only Reference Architecture

Deploy this architecture if you plan to use only the MDM features of XenMobile. For example, you need to manage a corporate-issued device through MDM in order to deploy device policies, apps and to retrieve asset inventories and be able to carry out actions on devices, such as a device wipe.

localized image

Core MAM-Only Reference Architecture

Deploy this architecture if you plan to use only the MAM features of XenMobile without having devices enroll for MDM. For example, you want to secure apps and data on BYO mobile devices; you want to deliver enterprise mobile apps and be able to lock apps and wipe their data. The devices cannot be MDM enrolled.

localized image

Core MAM+MDM Reference Architecture

Deploy this architecture if you plan to use MDM+MAM features of XenMobile. For example, you want to manage a corporate-issued device via MDM; you want to deploy device policies and apps, retrieve an asset inventory and be able to wipe devices. You also want to deliver enterprise mobile apps and be able to lock apps and wipe the data on devices.

localized image

Reference Architecture with XenMobile NetScaler Connector

Deploy this architecture if you plan to use XenMobile NetScaler Connector with XenMobile. For example, you need to provide secure email access to users who use native mobile email apps. These users will continue accessing email via a native app or you may transition them over time to Citrix Secure Mail. Access control needs to occur at the network layer before traffic hits the Exchange Active Sync servers. Even though the diagram shows XenMobile NetScaler Connector deployed in a MDM and MAM architecture, you can also deploy XenMobile NetScaler Connector in the same manner as part of an MDM-only architecture.

localized image

Reference Architecture with XenMobile Mail Manager

Deploy this architecture if you plan to use XenMobile Mail Manager with XenMobile. For example, you want to provide secure email access to users who use native mobile email apps. These users will continue accessing email via a native app or you may transition users over time to Secure Mail. You can achieve access control on the Exchange ActiveSync servers. Although the diagram shows XenMobile Mail Manager deployed in a MDM and MAM architecture, you can also deploy XenMobile Mail Manager in the same manner as part of an MDM-only architecture.

localized image

Reference Architecture with External Certificate Authority

A deployment that includes an external certificate authority is recommended to meet one or more of the following requirements:

  • You require user certificates for user authentication to NetScaler Gateway (for intranet access).
  • You require Secure Mail users to authenticate to Exchange Server by using a user certificate.
  • You need to push certificates issued by your corporate Certificate Authority to mobile devices for WiFi access, for example.

Although the diagram shows an external certificate authority deployed in an MDM+MAM architecture, you can also deploy an external Certificate Authority in the same manner as part of an MDM-only or MAM-only architecture.

localized image

Reference Architecture with XenApp and XenDesktop

Deploy this architecture if you plan to integrate XenApp and XenDesktop with XenMobile. For example, you need to provide a unified app store to mobile users for all types of applications (mobile, SaaS and Windows). Although the diagram shows XenDesktop deployed in a MDM and MAM architecture, you can also deploy XenDesktop in the same manner as part of a MAM-only architecture.

localized image

Reference Architecture with XenMobile in the Internal Network

You can deploy an architecture with XenMobile in the internal network to meet one or more of the following requirements:

  • You do not have or are not allowed to have a hypervisor in the DMZ.
  • Your DMZ can only contain network appliances.
  • Your security requirements require the use of SSL Offload.

localized image

Reference Architecture with ShareFile

Deploy this architecture if you want to integrate ShareFile with XenMobile. For example, you need to meet one or more of the following requirements:

  • You need an IDP to give users single sign-on (SSO) to ShareFile.com.
  • You need a way to provision accounts into ShareFile.com.
  • You have on-premises data repositories that need to be accessed from mobile devices.

Although the diagram shows ShareFile deployed in a MDM+MAM architecture, you can also deploy ShareFile in the same manner as part of a MAM-only architecture.

localized image

Back to Top