Product Documentation

XenMobile NetScaler Connector 8.5

May 08, 2015

Citrix is introducing a new solution for controlling access to corporate email, calendar and contacts from mobile devices – the XenMobile NetScaler Connector (XNC). XNC allows customers to send a list of compliant devices from the XenMobile Device Manager to NetScaler, which in turn controls which mobile devices are allowed to synch with the corporate Exchange server.

XenMobile MDM provides complete protection for your mobile applications, network, and data, and ensures end-to-end security and compliance, NetScaler optimizes, secures, and controls the delivery of all enterprise and cloud services. Together, these two products provide the ability to scale, ensure high availability for apps, and maintain security while reducing mobility deployment and management costs.

XenMobile NetScaler Connector (XNC)

The XenMobile NetScaler Connector (XNC) provides a device level authorization service of ActiveSync clients to NetScaler acting as a reverse proxy for the Exchange ActiveSync protocol. Authorization is controlled by a combination of policies defined within the XenMobile Device Manager and by rules defined locally by XNC.

Note: For information and documentation on how to deploy and configure the NetScaler for the XNC, contact your Citrix sales representative and request the document named 'NetScaler and XenMobile Solution for Enterprise Mobility Deployment Guide'.

XenMobile Device Manager provides whitelisting (approved) and blacklisting (forbidden) of devices based on compliance with high-level policies such as detection of jailbroken devices or detection of specific apps. The XNC local rules are typically are used to augment the XDM rules in cases where specific overrides are required; for example to block all devices using a specific operating system version.


NetScaler delivers an extensive portfolio of essential datacenter security capabilities that are significant for mobile users, their apps and data. NetScaler provides critically important application security, network/infrastructure security, and identity and access management, which when combined with XenMobile MDM delivers a tightly coupled solution that enables IT to support the security needs of mobile users and the enterprise.

About This Release

XenMobile NetScaler Connector 8.5 provides the following capabilities:

  • Filter-based rules to allow or block access. XenMobile NetScaler Connector evaluates a particular client request routed through NetScaler against the organization's rules. The end result is a binary state of allowed, in which the client is permitted to contact the Microsoft Exchange 2010 Client Access Server (CAS), or blocked, in which the client request is dropped and access to the Exchange CAS is not permitted. Paired with settings in the Device Manager console, you can prevent Exchange ActiveSync email access to device users based on compliance criteria, such as when a blacklisted app is installed on the device, if the device is jailbroken, and so on.
  • A two-tiered filter model. The first tier parses the incoming HTTP requests based on path-specific information. The second tier filters based on user or device specific information. You can configure both tiers.
  • Filter rules stored in configuration files. Specific filter rules pertaining to the user accounts and devices in your organization are stored in the gateway's XML configuration files.

System Requirements

Provides system requirements for XenMobile NetScaler Connector and for the XenMobile NetScaler Connector Console.


Provides deployment information for XenMobile NetScaler Connector.

Install and Setup

Provides information about how to install XenMobile NetScaler Connector on either its own server or on the same server as Device Manager.


Provides information on choosing a security model for your organization, creating block or allow policies, setting static or dynamic filters, and connecting to Device Manager. This section also provides information about enabling and understanding email attachment encryption.


Provides information about enabling XenMobile NetScaler Connector logging.

Key Features

The key features of XenMobile NetScaler Connector are:

  • Access Control of HTTP ActiveSync requests. XenMobile NetScaler Connector can control the HTTP ActiveSync requests that mobile devices make of Exchange servers. You can build filters in XenMobile NetScaler Connector that enable you to allow or block user devices based on rules and criteria that you specify. When you set the rules in XenMobile NetScaler Connector, you can turn on and off the rules in XenMobile Device Manager, which then manages the ability for devices to access email within the organization.
  • Remote configuration. Device Manager controls the baseline and delta intervals used by XenMobile NetScaler Connector.
  • Logging. On the Log tab of the XenMobile NetScaler Connector configuration utility, you can view when the encryption is enabled for a given user device at the request level, in addition to devices that are allowed or blocked. Remote configuration. Device Manager controls the baseline and delta intervals used by Secure Mobile Gateway.