What’s new in XenMobile Server 10.15
Continued support for the Classic policies deprecated from Citrix ADC
Citrix recently announced the deprecation of some Classic policy based features starting with Citrix ADC 12.0 build 56.20. The Citrix ADC deprecation notices have no impact to existing XenMobile Server integrations with Citrix Gateway. XenMobile Server continues to support the Classic policies and no action is needed.
XenMobile Migration Service
If you’re using XenMobile Server on-premises, our free XenMobile Migration Service can get you started with Endpoint Management. Migration from XenMobile Server to Citrix Endpoint Management doesn’t require you to re-enroll devices.
To start migration, contact your local Citrix salesperson or Citrix partner. See XenMobile Migration Service.
For advanced notice of the Citrix XenMobile features that are being phased out, see Deprecation.
Before upgrading endpoints to iOS 14.5
Before upgrading any endpoint to iOS 14.5, Citrix recommends that you perform the following actions to mitigate app crashes:
- Upgrade Citrix Secure Mail and Secure Web to 21.2.X or higher. See Upgrade MDX or enterprise apps.
- If you use the MDX Toolkit, wrap all third-party iOS applications with MDX Toolkit 21.3.X or higher. Check the MDX Toolkit download page for the latest version.
Before you upgrade an on-premises Citrix ADC
Upgrading an on-premises Citrix ADC to certain versions can result in a single sign-on error. Single sign-on to Citrix Files or the ShareFile domain URL in a browser with the Company Employee Sign in option results in an error. The user is unable to sign in.
To work around this issue: If you haven’t already run the following command from the ADC CLI on Citrix Gateway, run it to enable global SSO:
`set vpn parameter SSO ON` `bind vpn vs <vsName> -portalTheme X1`
For more information, see:
After you complete the workaround, users can authenticate to Citrix Files or the ShareFile domain URL using SSO in a browser with the Company Employee Sign-in option. [CXM-88400]
Before you upgrade to XenMobile 10.15 (on-premises)
Some systems requirements changed. For information, see System requirements and compatibility and XenMobile compatibility.
If the virtual machine running the XenMobile Server to be upgraded has less than 8 GB of RAM, we recommend increasing the RAM to at least 8 GB.
Update your Citrix License Server to 11.17 or later before updating to the latest version of XenMobile Server 10.15.
The latest version of XenMobile requires Citrix License Server 11.17 (minimum version).
The Customer Success Services date (previously, Subscription Advantage date) in XenMobile 10.15 is November 15, 2022. The Customer Success Services date on your Citrix license must be later than this date.
You can view the date next to the license in the License Server. If you connect the latest version of XenMobile to an older License Server environment, the connectivity check fails and you can’t configure the License Server.
To renew the date on your license, download the latest license file from the Citrix Portal and upload the file to the Licensing Server. See Customer Success Services.
For a clustered environment: iOS policy and app deployments to devices running iOS 11 and later have the following requirement. If Citrix Gateway is configured for SSL persistence, you must open port 80 on all XenMobile Server nodes.
Recommendation: Before you install a XenMobile update, use the functionality in your VM to take a snapshot of your system. Also, back up your system configuration database. If you experience issues during an upgrade, complete backups enable you to recover.
With this release, XenMobile supports VMware ESXi 7.0. Ensure that you upgrade to 10.14 or later, before installing or upgrading ESXi 7.0.
You can directly upgrade to XenMobile 10.15 from XenMobile 10.14.x or 10.13.x. To perform the upgrade, download the latest binary available: Go to https://www.citrix.com/downloads. Navigate to Citrix Endpoint Management (XenMobile) > XenMobile Server > Product Software > XenMobile Server 10. On the tile for the XenMobile Server software for your hypervisor, click Download File.
To upload the upgrade, use the Release Management page in the XenMobile console. See To upgrade using the Release Management page.
After you upgrade
If functionality involving outgoing connections stop working, and you haven’t changed your connections configuration, check the XenMobile Server log for errors such as the following: “Unable to connect to the VPP Server: Host name ‘192.0.2.0’ does not match the certificate subject provided by the peer”.
- The certificate validation error means you must disable host name verification on the XenMobile Server.
- By default, host name verification is enabled on outgoing connections except for the Microsoft PKI server.
- If host name verification breaks your deployment, change the server property
true. The default value of this property is
Support for iOS 16. XenMobile Server and Citrix Mobile productivity apps are compatible with iOS 16, but don’t currently support any new iOS 16 features.
Support for Android 13. XenMobile Server supports Android Enterprise device updates to Android 13. For a summary of security and privacy benefits, see the Android documentation.
Support for Windows 11 devices. You can now use XenMobile to manage Windows 11 devices. For more information, see Operating system support list.
Configure the connection mode and network priority for macOS
In the Wi-Fi device policy, enable the Connection mode setting for macOS devices to choose how users join the network. The device can use the system credentials or credentials entered at the login window to authenticate the user. If you have multiple networks, type a number in the Priority field to set the priority of the network connection. The device chooses the network with the lowest number. For more information, see the macOS settings in Wi-Fi device policy.
Configure a priority to automatically update Android Enterprise managed apps
Specify whether Android Enterprise managed apps update automatically with a low priority or a high priority. You can also postpone automatic updates. For more information, see Automatically update managed apps device policy.
Use hardware virtualized mode (HVM) images on Citrix Hypervisor versions 8.2 CU1 and later
Citrix Hypervisor versions 8.2 CU1 and later no longer support the paravirtualized (PV) VMs. For more information, see Cumulative Update 1 for details.
From XenMobile Server versions 10.15 onward, the hardware virtualized mode (HVM) is supported. For new XenMobile Server installations, download the HVM xva image from citrix.com. For existing XenMobile Server environments, follow the steps to migrate from PV to HVM guest. The HVM guest image is available in citrix.com on XenMobile Server version 10.15 and later.
- Ensure that you enable clusters, and that the database is remote.
- As a backup, keep the old PV node, or save a snapshot. If the PV node is on XenMobile Server versions 10.14 or 10.13, back up the database too.
- Before migration, download the support bundle from the old PV node that doesn’t transfer to the new HVM node.
Steps to migrate
- Download the XenMobile Server 10.15 HVM xva image.
- Shut down the old PV guest node.
- Boot the new HVM node in the Citrix Hypervisor.
- Configure the XenMobile Server 10.15 node with the same database settings as old node, along with the server’s PKI key store password from the existing cluster.
Update Citrix Gateway settings if necessary.
If there is a failure during the migration, boot up the old PV node with the same version database.
Don’t run the command
/opt/xensource/bin/pv2hvmfor your XenMobile PV guests. It causes failure in the VM boot up.
Enable Google Analytics
To enable Google Analytics on the XenMobile Server, set the value of the server property xms.ga.enabled to True. Default is True.
Added new Restrictions policy
Added Allow copy and paste from work profile and Allow data sharing from personal profile to the Restrictions policy. Set these policies to OFF to restrict copying, pasting, and importing from a personal profile to a work profile. For more details, see Restrictions device policy.
Secure Hub APNs certificate renewal
The Secure Hub Apple Push Notification Service (APNs) certificate for XenMobile Server expired on May 7, 2022. This update renews the Secure Hub APNs certificate, which will expire on April 8, 2023.
Deprecations and removals
Deprecation of APIs by Google. Google is deprecating several APIs used for app categories and licenses in the XenMobile Server. The following changes are in effect:
- You now select apps to add rather than approve. See Managed app store apps.
- You now organize apps into collections rather than categories. See Organize apps.
- You can no longer disassociate app licenses from users. See Add apps.
Deprecated support for the Windows Information Protection policy. As per the Windows announcement, XenMobile Server has deprecated support for Windows Information Protection (WIP). Support for WIP has been deprecated by adding a server property called windows.wip.deprecation, whose value is set to True by default. For more information, see Server properties.
Deprecated support for the Mobile Service Provider (MSP) interface. Support for MSP has been deprecated by adding a new server property called deprecate.mobile.service.provider that removes the MSP interface from the console, which is set to True by default. For more information, see Server properties.
Deprecated support for Nexmo SMS gateway. Support for Nexmo SMS has been deprecated by adding a new server property called deprecate.carrier.sms.gateway, which is set to True by default. Nexmo SMS is also deprecated in the Self-Help Portal. See Notifications for details.
Deprecated support for the Allow auto-connect to WiFi Sense hotspots restriction policy for Windows 10 devices. For more information, see Windows Desktop/Tablet settings.
Enrollment invitation setup. Deprecated support for using a device IMEI, serial number, and UDID to create an enrollment invitation. When you create an enrollment invitation, configure the available settings under Manage > Enrollment Invitations in the XenMobile Server console.
Support for the following features has now been removed:
- Android - Amazon
- Android - Sony and HTC
- Custom XML on Zebra devices
- Derived credentials
- Generic, DigiCert managed, and Entrust adapter PKI entities.
- High Security enrollment mode
- RBAC role - shared and COSU devices enroller
- Samsung SAFE and Knox
- Windows phone devices
For more information, see Deprecation.
In this article
- Continued support for the Classic policies deprecated from Citrix ADC
- XenMobile Migration Service
- Deprecation announcements
- Before upgrading endpoints to iOS 14.5
- Before you upgrade an on-premises Citrix ADC
- Before you upgrade to XenMobile 10.15 (on-premises)
- To upgrade
- After you upgrade
- Platform updates
- Configure the connection mode and network priority for macOS
- Configure a priority to automatically update Android Enterprise managed apps
- Use hardware virtualized mode (HVM) images on Citrix Hypervisor versions 8.2 CU1 and later
- Enable Google Analytics
- Added new Restrictions policy
- Secure Hub APNs certificate renewal
- Deprecations and removals