-
-
Configuring the VPN User Experience
-
How User Connections Work with the NetScaler Gateway Plug-in
-
Integrating the NetScaler Gateway Plug-in with Citrix Receiver
-
-
Maintaining and Monitoring the System
-
Deploying with XenMobile App Edition, XenApp, and XenDesktop
-
Accessing XenApp and XenDesktop Resources with the Web Interface
-
Configuring Additional Web Interface Settings on NetScaler Gateway
-
Configuring Access to Applications and Virtual Desktops in the Web Interface
-
Configuring Settings for Your XenMobile Environment
-
Configuring Load Balancing Servers for XenMobile or Citrix Endpoint Management
-
Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
-
Configuring XenMobile NetScaler Connector (XNC) ActiveSync Filtering
-
Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps
-
Configuring Domain and Security Token Authentication for XenMobile
-
Configuring Client Certificate or Client Certificate and Domain Authentication
-
-
NetScaler Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
Proxy Auto Configuration for Outbound Proxy support for NetScaler Gateway
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Configuring Settings for Your XenMobile Environment
The Citrix ADC for XenMobile wizard guides you through the configuration of Citrix ADC features for your XenMobile deployment. You can use the wizard to:
-
Set up a Micro VPN. In this scenario, remote users can access apps and desktops in the internal network.
-
For XenMobile MAM-only mode, you must use Citrix Gateway for authentication.
-
For MDM deployments, Citrix recommends Citrix Gateway for mobile device VPN.
-
For ENT deployments, if a user opts out of MDM enrollment, the device operates in the legacy MAM mode and enrolls using the Citrix Gateway FQDN.
-
- Configure certificate-based authentication. The default configuration for XenMobile is user name and password authentication. To add another layer of security for enrollment and access to XenMobile environment, consider using certificate-based authentication.
- Load balance XenMobile servers. Citrix ADC load balancing is required for all XenMobile device modes if you have multiple XenMobile servers or if the XenMobile is inside your DMZ or internal network (and therefore traffic flows from devices to Citrix ADC to XenMobile). In this scenario, the Citrix ADC appliance resides in the DMZ between the user device and the XenMobile servers to load balance encrypted sent data from mobile devices to the XenMobile servers.
- Load balance Microsoft Exchange servers with email filtering. In this scenario, the Citrix ADC appliance is between the user device and the XenMobile Citrix ADC Connector (XNC), and between the user device and the Microsoft Exchange CAS servers. All requests from user devices go to the Citrix Gateway appliance, which then communicates with the XNC to retrieve information about the device. Depending on the response from the XNC, the Citrix ADC appliance either forwards the request from a whitelisted device to the server in the internal network, or drops the connection from a blacklisted device.
-
Load balance ShareFile StorageZones Connectors based on the type of content requested. This scenario prompts you for basic information about your StorageZones Controller environment and then generates a configuration that does the following:
- Load balances traffic across StorageZones Controllers.
- Provides user authentication for StorageZones Connectors.
- Validates URI signatures for ShareFile uploads and downloads.
- Terminates SSL connections at the Citrix ADC appliance.
For more information about configuring ShareFile, see Configure Citrix ADC for StorageZones Controller.
Important
Before you use the XenMobile wizard, be sure to refer to these XenMobile Deployment articles for design and deployment information and recommendations:
Integrating with Citrix Gateway and Citrix ADC
SSO and Proxy Considerations for MDX Apps
You can use the Citrix ADC for XenMobile wizard only once. If you want multiple XenMobile instances, such as for test, development, and production environments, you must configure Citrix ADC for the additional environments manually. The following support articles list the commands run by the wizard and provides instructions for running them to create a new Citrix ADC instance:
Commands Generated by XenMobile Wizard on Citrix ADC - SSL Bridge
Commands Generated by XenMobile Wizard on Citrix ADC - SSL Offload
License Requirements for Citrix ADC Features
You must install licenses to enable the following Citrix ADC features:
- XenMobile MDM load balancing requires a Citrix ADC standard license.
- ShareFile load balancing with StorageZones requires a Citrix ADC standard license.
- Exchange load balancing requires a Citrix ADC license or a Enterprise license with the addition of an Integrated Caching license.
Citrix ADC for XenMobile Wizard
This section provides an example of using the Citrix ADC for XenMobile wizard to:
- Set up micro VPN access for remote user connections to XenMobile-managed resources in your internal network
- Configure certificate-based authentication. For information about obtaining and installing a public SSL certificate, see Installing and Managing Certificates.
- Configure load balancing for XenMobile servers.
To use the wizard:
-
In the configuration utility, click the Configuration tab and then click XenMobile.
- Select your XenMobile version and then click Get Started.
-
Select the checkboxes for the features you want to configure. Keep in mind that you can use this wizard only once, so you’ll need to perform subsequent configuration manually. These instructions assume that you select the following settings: Access through Citrix Gateway (for XenMobile running in ENT or MAM modes) Load Balance XenMobile Servers
-
On the Citrix Gateway Settings page, enter values for the external facing Citrix Gateway IP Address, Port, and Virtual Server Name.
-
On the Server Certificate for Citrix Gateway page, from the Certificate File drop-down menu, choose the certificate file from Local or Appliance. If your certificate is on a local machine:
If your certificate is on the appliance:
-
In the Authentication Settings page, in the Primary authentication method field, select Client Certificate.
This will automatically select Use existing certificate policy and Cert Auth in the next two fields. The following steps assume that you already have a certificate policy.
If you need to create a certificate policy, click Create certificate policy and complete the settings. On the XenMobile Certificate screen, choose an existing server certificate or install a new certificate. If you’re running multiple XenMobile servers, you will add a certificate for each one. For Server Logon Name Attribute, specify userPrincipalName or samAccountName, per your requirements.
-
a. Select Click here to change the CA certificate and then in the Browse list, navigate to the CA certificate you want.
-
b. With client certificate as your primary authentication type, you have the option of configuring LDPA (or RADIUS) as the secondary authentication type.
To use client certificate authentication only, leave Second authentication method as None and then click Continue.
To use client certificate + domain (LDAP) authentication, change Second authentication method to LDAP and configure the authentication server settings.
-
c. On the Device certificate screen, if the certificate is not already installed, you must export this certificate from the XenMobile console: From the console, click the gear icon in the upper-right corner to open the Settings screen.
-
d. Click Certificate and then choose the CA certificate from the list.
-
e. Click Export.
-
f. Return to the Citrix ADC wizard and select the certificate you exported (downloaded) to install it.
-
g. Click Continue.
The XenMobile IP addresses that you’ve configured will appear.
-
-
Configure the XenMobile App Management Settings.
- Enter the XenMobile FQDN. This is the load balancing FQDN for MAM.
- Enter a MAM-only Internal Load Balancing IP Address for the virtual server that load balances XenMobile servers. Citrix Gateway communicates with the XenMobile through this MAM load balancing virtual IP.
- This is an SSL offload deployment, so select HTTP in Communication with XenMobile Server.
- The Split DNS mode for MicroVPN field automatically sets to BOTH.
If your deployment requires split tunneling, select Enable split tunneling. You must configure Intranet Application Binding, next, if you enable split tunneling.
By default, Secure Web access is tunneled to the internal network, which means that Secure Web uses a per-application VPN tunnel back to the internal network for all network access and the Citrix ADC appliance uses split tunnel settings.
-
To configure interception rules for user connections on Citrix Gateway, you must configure Intranet Application Binding. Click + to add a binding.
-
Complete the parameters for allowing network access and then click Create.
-
Add the XenMobile certificate. This will be used for the MAM load balancing virtual server.
-
Under XenMobile Servers, click Add Server to add the XenMobile IP Address to bind to the load balancing virtual IP.
-
On the Citrix ADC dashboard, confirm that Citrix Gateway and XenMobile load balancing are configured as follows.
If you will use sAMAccount attributes in the user certificates as an alternative to User Principal Name (UPN), configure the certificate profile as described in Manually Configuring Citrix Gateway for Client Certificate Authentication.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.