Product Documentation

XenMobile Service

The Citrix Cloud XenMobile Service is a Unified Endpoint Management (UEM) environment for managing devices, apps, and users. With XenMobile, you manage device and app policies and deliver any app to users on any device or operating system. Your business information stays protected with strict security for identity, devices, apps, data, and networks.

Citrix hosts the Cloud environment in data centers located throughout the world to deliver high performance, rapid response, and support. With XenMobile Service, you pay a subscription fee instead of purchasing and managing licenses.

Citrix Cloud Operations handles various infrastructure and monitoring tasks. As a result, you can focus on the user experience and on managing devices, apps, and policies.

Citrix responsibilities:

  • XenMobile Server nodes
  • NetScaler Gateway initial integration and configuration
  • NetScaler Load Balancer
  • Database
  • Cloud Connector software configuration
  • SAML authentication integration with ShareFile
  • XenMobile site monitoring: Instance, database, enterprise connectivity (LDAP), VPN tunnel (if applicable), public SSL certificate, XenMobile licensing

Customer responsibilities

  • NetScaler Gateway management and updates
  • Machines where Cloud Connectors are installed
  • LDAP/Active Directory
  • DNS
  • ShareFile: Initial ShareFile configuration, on-premises StorageZone Controller installation, ShareFile updates
  • XenMobile configuration: Devices, policies, apps, delivery groups, actions, and client certificates

You connect to XenMobile Service through Cloud Connector. Cloud Connector serves as a channel for communication between Citrix Cloud and your resource locations. Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels.

Resource locations contain the resources required to deliver services to your subscribers. For XenMobile Services, resource locations are your NetScaler Gateway, LDAP, DNS, and PKI servers.

Diagram of resource locations

For more information about Cloud Connector and resource locations, see About XenMobile Service.

Integration with Microsoft Intune/EMS

XenMobile integrates with Microsoft Enterprise Mobility + Security (EMS)/Intune. That integration adds the value of Citrix XenMobile micro VPN to Microsoft Intune aware apps, such as Microsoft Managed Browser. With the integration, you can:

  • Wrap your own line of business apps with Intune and Citrix to provide micro VPN capabilities inside an Intune mobile app management (MAM) container.
  • Manage and deliver Office 365 apps, line of business apps, and Citrix Secure Mail in one container. This management method provides ultimate security and productivity.

Use XenMobile MDM or Intune MDM to manage devices. For more information, see XenMobile integration with Microsoft Intune/EMS.

Get started with XenMobile Service


If you’re using XenMobile Server on premises, our XenMobile Migration Service can get you started with Citrix Cloud XenMobile Service. For more information, contact your local Citrix salesperson, Systems Engineer, or Citrix Partner. These blogs discuss the XenMobile Migration Service:

New XenMobile Migration Service

Making the Case for XenMobile in the Cloud

When you are evaluating or purchasing XenMobile Service, the XenMobile Service Operations team provides ongoing onboarding help. The Operations team also communicates with you to ensure that the core XenMobile Services are running and configured correctly. This figure shows the onboarding steps.

Diagram of onboarding workflow

To sign up for a Citrix account and request a XenMobile Service trial, contact your Citrix Sales Representative. When you’re ready to proceed, go to

For a quick overview of XenMobile Service onboarding and configuration, watch this video.

Video icon

Want to learn more before starting? Try these resources:

XenMobile Service documentation: Provides full XenMobile Service documentation, from getting started to administration concepts and procedures. A “What’s new” article describes new features and fixes. Citrix notifies you when that article is available for a new release.

Citrix Cloud XenMobile Service Onboarding Handbook: Consolidates all the available information around XenMobile Service, so you can proceed in smoothly enabling and onboarding XenMobile Service. You can use the document to record changes for your internal processes and to document your high-level and functional designs.

XenMobile Deployment Handbook: Planning a XenMobile deployment involves many considerations. The handbook includes recommendations, common questions, and use cases for your XenMobile environment.

Video: Citrix Cloud Connector: Provides an overview of the service and how to install it.

Video: How to set up Netscaler Gateway for a XenMobile Service Migrated Site: Demonstrates how to export your settings and configure for XenMobile Service.

SalesIQ: More resources for our Citrix Partners.

Mobile platform support

After you make a request for a XenMobile Service instance, you can begin preparing to support Android, iOS, Windows, Chrome, and other platforms. As you complete the steps that apply to your environment, record the information for reference. You need the information when you configure XenMobile console settings.

These requirements are part of the overall communication and port requirements that make up the XenMobile Service onboarding process. For details, see Onboarding and resource setup.



  • Configure G Suite for Chrome OS device enrollment from your G Suite account. For details, see Chrome OS devices.


  • Create an Apple ID and developer account. For details, see the Apple Developer Program website.
  • Create an Apple Push Notification Service (APNs) certificate. If both of the following conditions are true, an Apple APNs certificate is required:

    • You plan to manage iOS devices with your XenMobile Service deployment.
    • You plan to use push notification for your Secure Mail deployment.

For details about obtaining Apple APNs certificates, see the Apple Push Certificates Portal. For more information about XenMobile and APNs, see APNs certificates and Push Notifications for Secure Mail for iOS.


  • Ensure that you have a public SSL certificate available if you plan to use XenMobile autodiscovery for your Windows Phone enrollment. For details, see XenMobile Autodiscovery Service.

Workspace hub

Citrix Ready workspace hub, as an IoT edge device, adds to Citrix IoT solutions. For more information about Citrix Ready workspace hub, see this Citrix blog post.

You can manage Citrix Ready workspace hub devices from your XenMobile Service console. For information, see Workspace hub device management.

For more details about the unified endpoint management (UEM) and data protection benefits of XenMobile Service, see this use case on the Citrix website.

XenMobile MDX Toolkit and MDX Service

The MDX Service and MDX Toolkit are app wrapping technologies that prepare enterprise apps for secure deployment with XenMobile. For information about XenMobile MDX Service, our cloud tool, see XenMobile MDX Service. For information about XenMobile MDX Toolkit, the traditional MDX wrapping process, see MDX Toolkit.

The XenMobile console

The XenMobile Service solution uses the same web console as an on-premises XenMobile deployment. In this way, day-to-day administration of your Cloud solution, occurs in a similar way as an on-premises XenMobile deployment.

Some configuration changes to XenMobile Server require a restart of the server nodes. Typically, the XenMobile console lets you know when a restart is needed. To request a restart of the server nodes, contact technical support at

XenMobile device enrollment

For information about XenMobile enrollment options for the different device platforms, see User accounts, roles, and enrollments.

XenMobile support

For details on how to access supported related information and tools in the XenMobile console, see Monitor and support.

Rolling updates to the XenMobile Service release occur approximately every two weeks. To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize availability.

If you are a XenMobile Service customer, you also receive XenMobile Service updates and communications directly from the XenMobile Cloud Ops Team. Those updates keep you current with new features, known issues, fixed issues, and so on.

XenMobile maintains the XenMobile Service environments with the latest XenMobile rolling patches by the Cloud Operations team. To obtain specific patches or fixes that are required before the rolling patch, contact Citrix Technical Support.

If you have any issues with your environment, contact Citrix Technical Support or your Citrix Account Team. Such issues might include mobile device enrollment, XenMobile console access, or Secure Mail issues.

If you need any integration or changes made on the NetScaler in the Cloud or XenMobile Server, submit a request through Citrix Technical Support.

Examples of changes that you might request are:

  • ShareFile integration with NetScaler in the Cloud
  • Change NetScaler Gateway authentication type
  • Validate connectivity to customer data center resources
  • Change split tunnel configuration for micro VPN
  • Restart XenMobile components due to server configuration change

Service Level Goal

The XenMobile Service (the Service) design uses industry best practices to achieve cloud scale and a high degree of service availability.

The Citrix goal is to maintain at least 99.9% availability in any 30 calendar day period. You can monitor service interruptions and scheduled maintenance on an ongoing basis at


The calculation of this Service Level Goal doesn’t include loss of availability from the following causes:

  • Customer failure to follow configuration requirements for the service documented on
  • Caused by any component not managed by Citrix including, but not limited to the following:

    • Customer controlled physical and virtual machines
    • Customer installed and maintained operating systems
    • Customer installed and controlled networking equipment or other hardware
    • Customer defined and controlled security settings, group policies, and other configuration policies
    • Public cloud provider failures, ISP failures, or other failures external to the control of Citrix.
    • Service disruption because of reasons beyond the control of Citrix, including natural disaster, war, acts of terrorism, or government action.