Product Documentation

XenMobile Solution Pre-Installation Checklist

May 07, 2015

You can use this checklist to note the settings and prerequisites for installing NetScaler Gateway, Device Manager, and App Controller. Each task or note includes a column indicating the component or components for which the requirement applies. The checklist has an extra column that you can use to check off each task as you complete it and to record information.

For installation instructions for each XenMobile component, see the following:

Basic Network Connectivity

The following are the network settings you need for the XenMobile Solution.

Prerequisite description Configure on component Note the setting

Note the fully qualified domain name (FQDN) to which remote users connect.

NetScaler Gateway

Device Manager

 

Note the public and local IP address.

You need these IP addresses to configure the firewall to set up network address translation (NAT).

Device Manager

NetScaler Gateway

App Controller

 

Note the subnet mask.

Device Manager

NetScaler Gateway

App Controller

Note the DNS IP addresses.

Device Manager

NetScaler Gateway

App Controller

 

Write down the WINS server IP addresses (if applicable).

NetScaler Gateway

 

Identify and write down the NetScaler Gateway host name.

Note: This is not the FQDN. The FQDN is contained in the signed server certificate that is bound to the virtual server and to which users connect. You can configure the host name by using the Setup Wizard in NetScaler Gateway.

NetScaler Gateway

 

Note the App Controller FQDN.

App Controller

 

Note the IP address of App Controller.

Reserve one IP address if you install one instance of App Controller.

Reserve three IP addresses if you configure high availability on App Controller. There is one virtual IP address and an IP address for each node. If you configure a cluster, note all of the IP addresses you need.

App Controller

 

Note the IP address or FQDN of the Network Time Protocol (NTP) server.

NetScaler Gateway

App Controller

 
  • One public IP address configured on NetScaler Gateway
  • One external DNS entry for NetScaler Gateway

NetScaler Gateway

 

Note the web proxy server IP address, port, proxy host list, and the administrator user name and password. These settings are optional if you deploy a proxy server in your network (if applicable).

Note: You can user either the sAMAccountName or the User Principal Name (UPN) when configuring the user name for the web proxy.

App Controller

NetScaler Gateway

 

Write down the default gateway IP address.

App Controller

NetScaler Gateway

Device Manager

 

Write down the system IP (NSIP) address and subnet mask.

NetScaler Gateway

 

Write down the subnet IP (SNIP) address and subnet mask.

NetScaler Gateway

Write down the NetScaler Gateway virtual server IP address and FQDN from the certificate.

If you need to configure multiple virtual servers, write down all of the virtual IP addresses and FQDNs from the certificates.

NetScaler Gateway

 

Write down the internal networks that users can access through NetScaler Gateway.

Example: 10.10.0.0/24

Enter all internal networks and network segments that users need access to when they connect with Worx Home or the NetScaler Gateway Plug-in when split tunneling is set to On.

NetScaler Gateway

 

Licensing

XenMobile requires you to purchase licensing options for NetScaler Gateway and Device Manager. For more information about obtaining your license files, see The Citrix Licensing System.

Prerequisite description Configure on component Note the location

Obtain Universal licenses from the Citrix web site. For details about installing NetScaler Gateway licenses, see Installing NetScaler Gateway Licenses.

NetScaler Gateway

 

Obtain perpetual, annual, or hosted cloud-based server licensing. For details about Device Manager licensing, see Installing Device Manager.

Device Manager

 

Certificates

Device Manager, App Controller, and Device Manager require certificates to enable connections with other Citrix products and applications and from user devices. For more information about certificates, see the following topics:

Note: For Device Manager, you need to install the required Java components, as noted later in this checklist, before you install the APNS certificate.
Prerequisite description Configure on component Note the setting

Obtain and install required certificates.

You can create Certificate Signing Requests (CSRs) by using Windows Server and Internet Information Services (IIS). You can also create CSRs in NetScaler Gateway and App Controller.

App Controller

Device Manager

NetScaler Gateway

Ports

You need to open ports to allow communication with the XenMobile components. For a complete list of all ports you need to open for the XenMobile Solution, see Opening Ports for the XenMobile Solution.

Prerequisite description Configure on component Note the setting

Open ports for the XenMobile Solution

App Controller

Device Manager

NetScaler Gateway

 

Active Directory Settings

Important: When you add users in Active Directory for App Controller, you must enter the first name, last name, and email in the user properties. If you do not configure users in Active Directory with this information, App Controller cannot synchronize these individuals. When users attempt to start an app, users receive a message that they are not authorized to use the app.
Prerequisite description Configure on component Note the setting

Note the Active Directory IP address and port.

If you use port 636, install a root certificate from a CA on Device Manager.

If you use port 636, install a root certificate from a CA on App Controller.

App Controller

Device Manager

NetScaler Gateway

 

Note the Active Directory domain name.

App Controller

Device Manager

NetScaler Gateway

 

Note the Active Directory service account.

The Active Directory service account is the account that App Controller and Device Manager uses to query Active Directory.

App Controller

Device Manager

NetScaler Gateway

 

Note the Base DN.

This is the directory level under which users are located; for example, cn=users,dc=ace,dc=com. NetScaler Gateway, App Controller, and Device Manager use this to query Active Directory.

Note: If your Active Directory database is large, you can configure multiple Base DNs to which App Controller or Device Manager binds and in which the server searches to find user objects. For example, you can use the following: ou=Finance,dc=ace,dc=com; ou=Sales,dc=ace,dc=com

App Controller

Device Manager

NetScaler Gateway

 

Note the Group Base DN.

This is the directory level under which users are located. You can use the same value that you used for Base DN.

NetScaler Gateway, App Controller, and Device Manager use this to query Active Directory.

App Controller

Device Manager

NetScaler Gateway

Note a user account for testing.

This is an Active Directory account that you can use to log on and test single sign-on (SSO).

App Controller

Device Manager

NetScaler Gateway

 

Database Requirements for Device Manager

Prerequisite description Configure on component Note the setting

Note the SQL Server user accounts.

Configure a service account with administrator rights to SQL Server, including the following access rights: Creator, Owner, and Read/Write permissions.

Device Manager

Note the Windows Service Account.

This account is for the Device Manager Server and the database. The account must be a Local Administrator of the computer on which you install Device Manager Server.

Device Manager

Note the SQL Server FQDN or IP address.

Device Manager

Connections Between App Controller, Device Manager, and NetScaler Gateway

You can configure Device Manager and App Controller to connect. Complete the following tasks that are indicated for Device Manager if you deploy App Controller in your internal network. If users connect to App Controller from an external network, such as the Internet, users must connect to NetScaler Gateway before accessing mobile, web, and SaaS apps. If that is the case, complete the following tasks that are indicated for NetScaler Gateway.

Note: Configure App Controller settings on Device Manager first. Then, you can configure Device Manager settings in App Controller.
Prerequisite description Configure on component Note the setting

Note the Device Manager host name.

App Controller

Note the Device Manager port (80 or 443).

App Controller

Note the shared key from Device Manager.

Enter the same shared key in Device Manager and App Controller.

App Controller

Device Manager

Note if you want mobile devices to enroll in Device Manager as a requirement before connecting to App Controller.

App Controller

Note the App Controller host name.

Device Manager

Write down the FQDN or IP address of App Controller.

NetScaler Gateway

 

Identify web, SaaS, and mobile iOS or Android applications users can access.

NetScaler Gateway

 

Note the Callback URL to allow communication between App Controller and NetScaler Gateway

App Controller

User Connections: Access to XenDesktop, XenApp, the Web Interface, or StoreFront

In NetScaler Gateway, you need to create two virtual servers. One virtual server allows user connections to App Controller from Worx Home. Citrix recommends that you use the Quick Configuration wizard in NetScaler Gateway to configure these settings.

You create a second virtual server to enable user connections from Receiver and web browsers to connect to Windows-based applications and virtual desktops in XenApp and XenDesktop. Citrix recommends configuring the virtual server, session and clientless access policies by using the NetScaler Gateway Policy Manager. For more information, see Configuring Access to StoreFront Through NetScaler Gateway.

Prerequisite description Configure on component Note the setting

Note the NetScaler Gateway host name and external URL.

The external URL is the web address with which users connect.

App Controller

 

Note the NetScaler Gateway callback URL.

App Controller

 

Note the IP addresses and subnets masks for the virtual servers.

NetScaler Gateway

Note the path for Program Neighborhood Agent or a XenApp Services site.

NetScaler Gateway

App Controller

 

Note the FQDN or IP address of the XenApp or XenDesktop server running the Secure Ticket Authority (STA) (for ICA connections only).

NetScaler Gateway

 
Note the public FQDN for Device Manager.

NetScaler Gateway

Note the public FQDN for Worx Home.

NetScaler Gateway

Devices

XenMobile MDM supports the following device platforms: iOS, Android, Windows Phone 8 and Windows Tablet, Windows Mobile, and Symbian. For a list of platforms versions and the Device Manager features supported for each platform, see Feature Support by Device Platform.

Prerequisite description Configure on component Note the devices

Note the mobile device platforms in your organization.

Device Manager