Server properties are global properties that apply to operations, users, and devices across an entire XenMobile instance. Citrix recommends that you evaluate for your environment the server properties covered in this article. Be sure to consult with Citrix before changing other server properties.
Be aware that a change to some server properties requires a restart of each XenMobile server node. XenMobile notifies you when a restart is required.
Some server properties help improve performance and stability. For details, see Tuning XenMobile Operations.
Block Enrollment of Rooted Android and Jailbroken iOS Devices: When this property is True, XenMobile blocks enrollments for rooted Android devices and jailbroken iOS devices. Default is True. Recommended setting is True for all security levels.
Enrollment required: This property, which applies only when the XenMobile Server Mode is ENT, specifies whether you require users to enroll in MDM. The property applies to all users and devices for the XenMobile instance. Requiring enrollment provides a higher level of security; however, that decision depends on whether you want to require MDM. By default, enrollment is not required.
When this property is False, users can decline enrollment, but may still access apps on their devices through the XenMobile Store. When this property is True, any user who declines enrollment is denied access to apps.
If you change this property after users enroll, the users must re-enroll.
For a discussion about whether to require MDM enrollment, see Device Management and MDM Enrollment.
XenMobile MDM Self Help Portal console max inactive interval (minutes): This property name reflects the older XenMobile versions. The property controls the XenMobile console max inactive interval. That interval is the number of minutes after which XenMobile logs an inactive user out of the XenMobile console. A time-out of 0 means an inactive user remains logged in. Default is 30.
Inactivity Timeout in Minutes: The number of minutes after which XenMobile logs out an inactive user who used the XenMobile server Public API to access the XenMobile console or any third-party app. A time-out value of 0 means an inactive user remains logged in. For third-party apps that access the API, remaining logged in is typically necessary. Default is 5.
iOS Device Management Enrollment Install Root CA if Required: When this property is True, XenMobile checks if the user has the root CA installed on the device and, if the root certificate is missing, installs it. A third-party public certificate trusted by iOS is required. Default is True.
If you are using trusted certificates and the iOS device trusts the issuer, setting this property to False improves the MDM user enrollment experience because Secure Hub doesn’t prompt the user to install another certificate and enter their PIN. However, we don’t recommend setting the property to False if you are using a self-signed SSL Listener certificate on the XenMobile server.
VPP baseline interval: The VPP baseline interval sets the minimum interval that XenMobile re-imports VPP licenses from Apple. Refreshing license information ensures that XenMobile reflects all changes, such as when you manually delete an imported app from VPP. By default, XenMobile refreshes the VPP license baseline a minimum of every 720 minutes.
If you have a large number of VPP licenses installed (for example, more than 50,000), Citrix recommends that you increase the baseline interval to reduce the frequency and overhead of importing licenses. If you expect frequent VPP license changes from Apple, Citrix recommends that you lower the value to keep XenMobile updated with the changes. The minimum interval between two baselines is 60 minutes. Because the cron job runs in the background every 60 minutes, if the VPP baseline interval is 60 minutes, the interval between baselines could be delayed up to 119 minutes.