Product Documentation

XenMobile Service

Mar 22, 2018

The Citrix Cloud XenMobile Service is a Unified Endpoint Management (UEM) environment for managing devices, apps, and users. With XenMobile, you manage device and app policies and deliver any app to users on any device or operating system. Your business information stays protected with strict security for identity, devices, apps, data, and networks.

Citrix hosts the Cloud environment in data centers located throughout the world to deliver high performance, rapid response, and support. With XenMobile Service, you pay a subscription fee instead of purchasing and managing licenses.

Citrix Cloud Operations handles various infrastructure and monitoring tasks, freeing you to focus on the user experience and on managing devices, apps, and policies.

Citrix responsibilities:

  • XenMobile Server nodes
  • NetScaler Gateway initial integration and configuration
  • NetScaler Load Balancer
  • Database
  • Cloud Connector software configuration
  • SAML authentication integration with ShareFile
  • XenMobile site monitoring: Instance, database, enterprise connectivity (LDAP), VPN tunnel (if applicable), public SSL certificate, XenMobile licensing

Customer responsibilities

  • NetScaler Gateway management and updates
  • Machines where Cloud Connectors are installed
  • LDAP/Active Directory
  • DNS
  • ShareFile: Initial ShareFile configuration, on-premises StorageZone Controller installation, ShareFile updates
  • XenMobile configuration: Devices, policies, apps, delivery groups, actions, and client certificates

You connect to XenMobile Service through Cloud Connector. Cloud Connector serves as a channel for communication between Citrix Cloud and your resource locations. Cloud Connector enables cloud management without requiring any complex networking or infrastructure configuration such as VPNs or IPsec tunnels.

Resource locations contain the resources required to deliver services to your subscribers. For XenMobile Services, resource locations are your NetScaler Gateway, LDAP, DNS, and PKI servers.

For more information about Cloud Connector and resource locations, see About XenMobile Service.

localized image

Integration with Microsoft Intune/EMS

XenMobile integrates with Microsoft Enterprise Mobility + Security (EMS)/Intune. That integration adds the value of Citrix XenMobile micro VPN to Microsoft Intune aware apps, such as Microsoft Managed Browser. With the integration, you can:

  • Wrap your own line of business apps with Intune and Citrix to provide micro VPN capabilities inside an Intune mobile app management (MAM) container.
  • Manage and deliver Office 365 apps, line of business apps, and Citrix Secure Mail in one container, for ultimate security and productivity.

Use XenMobile MDM or Intune MDM to manage devices. For more information, see XenMobile integration with Microsoft Intune/EMS.

Get started with XenMobile Service


If you're using XenMobile Server on premises, our XenMobile Migration Service can get you started with Citrix Cloud XenMobile Service. For more information, contact your local Citrix salesperson, Systems Engineer, or Citrix Partner. These blogs discuss the XenMobile Migration Service:

New XenMobile Migration Service

Making the Case for XenMobile in the Cloud

When you are evaluating or purchasing XenMobile Service, the XenMobile Service Operations team provides ongoing onboarding help. The Operations team also communicates with you to ensure that the core XenMobile Services are running and configured correctly. 

The basic steps are to:

1. Sign up for a Citrix account and request a XenMobile Service trial.

2. Discuss integration requirements with Citrix.

3. Complete settings in the XenMobile Service portal. 

To sign up for a Citrix account and request a XenMobile Service trial, contact your Citrix Sales Representative. When you're ready to proceed, go to

For a quick overview of XenMobile Service onboarding and configuration, watch this video.

Want to learn more before starting? Try these resources:

XenMobile Service documentation: This documentation currently focuses on getting you started with onboarding and resource setup. A "What's new" article describes new features and fixes. Citrix notifies you when that article is available for a new release. For information about configuration concepts and procedures, see the XenMobile Server documentation. Unless otherwise indicated, the XenMobile Server articles also apply to XenMobile Service.

Citrix Cloud XenMobile Service Onboarding Handbook: Consolidates all the available information around XenMobile Service, so you can proceed in a smooth enablement and onboarding to XenMobile Service. You can use the document to record changes for your internal processes and to document your high-level and functional designs.

XenMobile Deployment Handbook: Planning a XenMobile deployment involves many considerations. Includes recommendations, common questions, and use cases for your XenMobile environment, including reference architecture diagrams for XenMobile Service.

Mobile platform support

After you make a request for a XenMobile Service instance, you can begin preparing to support Android, iOS, Windows, Chrome and other platforms. As you complete the steps that apply to your environment, keep the information handy so you can use it when configuring settings in the XenMobile console.

These requirements are a subset of the overall communication and port requirements that make up the XenMobile Service onboarding process. For details, see Onboarding and resource setup.




  • Create an Apple ID and developer account. For details, see the Apple Developer Program website.
  • Create an Apple Push Notification Service (APNs) certificate. If both of the following conditions are true, an Apple APNs certificate is required:
    • You plan to manage iOS devices with your XenMobile Service deployment.
    • You plan to use push notification for your Secure Mail deployment.

For details about obtaining Apple APNs certificates, see the Apple Push Certificates Portal. For more information about XenMobile and APNs, see APNs certificates and Push Notifications for Secure Mail for iOS.


Workspace hub

You can manage Citrix Ready workspace hub devices from your XenMobile Service console. Citrix Ready workspace hub, as an IoT edge device, adds to Citrix IoT solutions. For more information about Citrix Ready workspace hub, see this Citrix blog post. For more details about the unified endpoint management (UEM) and data protection benefits of XenMobile Service, see this use case on the Citrix website.

XenMobile MDX Toolkit and MDX Service

The MDX Service and MDX Toolkit are app wrapping technologies that prepare enterprise apps for secure deployment with XenMobile. For information about XenMobile MDX Service, our cloud tool, see XenMobile MDX Service. For information about XenMobile MDX Toolkit, the traditional MDX wrapping process, see MDX Toolkit.

The XenMobile console

The XenMobile Service solution uses the same web console as an on-premises XenMobile deployment. In this way, day-to-day administration of your Cloud solution, such as policy, app, and device management, occurs in a similar way as an on-premises XenMobile deployment. For information about managing apps and devices in the XenMobile console, see Getting started workflows.

Some configuration changes to XenMobile Server require a restart of the server nodes. Typically, the XenMobile console lets you know when a restart is needed. To request a restart of the server nodes, contact technical support at

XenMobile device enrollment

For information about XenMobile enrollment options for the different device platforms, see User accounts, roles, and enrollments.

XenMobile support

For details on how to access supported related information and tools in the XenMobile console, see Monitor and support.

Rolling updates to the XenMobile Service release approximately every three weeks. To you, the customer, this process is transparent. Initial updates are applied to Citrix internal sites only, and are then applied to customer environments gradually. Delivering updates incrementally in waves helps to ensure product quality and to maximize availability.

If you are a XenMobile Service customer, you also receive XenMobile Service updates and communications directly from the XenMobile Cloud Ops Team. Those updates keep you current with new features, known issues, fixed issues, and so on.

XenMobile maintains the XenMobile Service environments with the latest XenMobile rolling patches by the Cloud Operations team. Citrix sends your designated contact a notification about the time and date for maintenance and the level of impact it has on the environment. To obtain specific patches or fixes that are required before the rolling patch, contact Citrix Technical Support.

If you have any issues with your environment, contact Citrix Technical Support or your Citrix Account Team. Such issues might include mobile device enrollment, XenMobile console access, or Secure Mail issues.

If you need any integration or changes made on the NetScaler in the Cloud or XenMobile Server, submit a request through Citrix Technical Support.

Examples of changes that you might request are:

  • ShareFile integration with NetScaler in the Cloud
  • Change NetScaler Gateway authentication type
  • Validate connectivity to customer data center resources
  • Change split tunnel configuration for micro VPN
  • Restart XenMobile components due to server configuration change

Service Level Goal

The XenMobile Service (the Service) design uses industry best practices to achieve cloud scale and a high degree of service availability.

The Citrix goal is to maintain at least 99.9% availability in any 30 calendar day period. You can monitor service interruptions and scheduled maintenance on an ongoing basis at


The calculation of this Service Level Goal doesn't include loss of availability from the following causes:

  • Customer failure to follow configuration requirements for the service documented on
  • Caused by any component not managed by Citrix including, but not limited to the following:
    • Customer controlled physical and virtual machines
    • Customer installed and maintained operating systems
    • Customer installed and controlled networking equipment or other hardware
    • Customer defined and controlled security settings, group policies, and other configuration policies
    • Public cloud provider failures, ISP failures, or other failures external to the control of Citrix.
  • Service disruption because of reasons beyond the control of Citrix, including natural disaster, war, acts of terrorism, or government action.