Product Documentation

Propiedades de servidor

Feb 10, 2017

XenMobile has many properties that apply to server-wide operations. This article describes many of the server properties and details how to add, edit, or delete server properties.

For information about the properties typically configured, refer to Server Properties in the XenMobile virtual handbook.

Server Property Definitions

Add Device Always

If true, XenMobile adds a device to the XenMobile console, even if it fails enrollment, so you can see which devices attempted to enroll. Defaults to false.

Audit Log Cleanup Execution Time

The time to start the audit log cleanup, formatted as HH:MM AM/PM. Example: 04:00 AM. Defaults to 02:00 AM.

Audit Log Cleanup Interval (in Days)

The number of days that the XenMobile server should retain the audit log. Defaults to 1.

Audit Logger

If False, does not log user interface (UI) events. Defaults to False.

Audit Log Retention (in Days)

The number of days that the XenMobile server should retain the audit log. Defaults to 7.

Certificate Renewal in Seconds

The number of seconds before a certificate expires that XenMobile starts to renew certificates. For example, if a certificate will expire December 30 and this property is se to 30 days, XenMobile attempts to renew the certificate if the device connects between December 1 and December 30. Defaults to 2592000 seconds (30 days).

Connection Timeout to Microsoft Certification Server

The number of seconds that XenMobile waits for a response from the certificate server. If the certificate server is slow and has a lot of traffic, you can increate this to 60 seconds or more. A certificate server that doesn't respond after 120 seconds needs maintenance. Defaults to 15000 milliseconds (15 seconds).

Deploy Log Cleanup (in Days)

The number of days that the XenMobile server should retain the deployment log. Defaults to 7.

Disable SSL Server Verification

If True, disables SSL server certificate validation when all of the following conditions are met: You have enabled certificate-based authentication on your XenMobile server, the Microsoft CA server is the certificate issuer, and your certificate has been signed by an internal CA whose root is not trusted by XenMobile server. Defaults to True.

Enable Console

If true, enables user access to the Self Help Portal Console. Defaults to true.

Enable/Disable Hibernate statistics logging for diagnostics

If True, enables Hibernate statistics logging to assist with troubleshooting application performance issues. Hibernate is a component used for XenMobile connections to Microsoft SQL Server. By default, the logging is disabled because it impacts application performance. Enable logging only for a short duration to avoid creating a huge log file. XenMobile writes the logs to /opt/sas/logs/hibernate_stats.log. Defaults to False.

Enable Notification Trigger

Enables or disables Secure Hub client notifications. The value true enables notifications. Defaults to true.

Full Pull of ActiveSync Allowed and Denied Users

The number of seconds that XenMobile waits for a response from the domain when executing a PowerShell command to get a baseline of ActiveSync devices. Defaults to 28800 seconds.

Identifies if telemetry is enabled or not

Identifies if telemetry (Customer Experience Improvement Program, or CEIP) is enabled. You can opt in to CEIP when you install or upgrade XenMobile. If XenMobile has 15 consecutive failed uploads, it disables telemetry. Defaults to false.

Inactivity Timeout in Minutes

If the WebServices timeout type server property is INACTIVITY_TIMEOUT, this property defines the number of minutes after which XenMobile logs out an inactive administrator who used the XenMobile server Public API to access the XenMobile console or any third-party app. A timeout of 0 means an inactive user remains logged in. Defaults to 5.

iOS Device Management Enrollment Auto-Install Enabled

If true, this property reduces the amount of user interaction required during device enrollment. Users will need to click Root CA install (if needed) and MDM Profile install.

iOS Device Management Enrollment First Step Delayed

After a user enters their credentials during device enrollment, this property value specifies the amount of time to wait before showing a prompt to install the root CA. Citrix recommends that you don't edit this property unless you have network latency or speed issues. In that case, don't set to the value to more than 5000 millisecond (5 seconds). Defaults to 1000 millisecond (1 second).

iOS Device Management Enrollment Last Step Delayed

During device enrollment, this property value specifies the amount of time to wait between installing the MDM profile and starting the Agent on the device. Citrix recommends that you don't edit this property unless you have network latency or speed issues. In that case, don't set to the value to more than 5000 millisecond (5 seconds). Defaults to 1000 millisecond (1 second).

iOS Device Management Identity Delivery Mode

Specifies whether XenMobile distributes the MDM certificate to devices using SCEP (recommended for security reasons) or PKCS12. In PKCS12 mode, the key pair is generated on the server and no negotiation is performed. Defaults to SCEP.

iOS Device Management Identity Key Size

Defines the size of private keys for MDM identities, iOS profile service, and XeMobile iOS agent identities. Defaults to 1024.

iOS Device Management Identity Renewal Days

Specifies the number of days before the certificate expiration that XenMobile starts renewing certificates. For example, if a certificate expires in 10 days and this property is 10 days, when a device connects 9 days before expiration, XenMobile issues a new certificate. Defaults to 30 days.

iOS MDM APNS Private Key Password

This property contains the APNs password, which is required for XenMobile to push notifications to Apple servers.

iOS MDM APNS Private Key Password

This property contains the APNs password, which is required for XenMobile to push notifications to Apple servers.

MAM_MACRO_SUPPORT

Configures XenMobile server for MAM-only deployments so that users with Android or iOS devices who enroll in Secure Hub with email credentials automatically enroll in Secure Mail. This means users do not have to enter additional information or take additional steps to enroll in Secure Mail. Add this custom key and use the default value True to enable automatic email enrollment. The client properties ENABLE_CREDENTIAL_STORE and SEND_LDAP_ATTRIBUTES are also required.

On first-time use of Secure Mail, Secure Mail obtains the user's email address, domain, and user ID from Secure Hub. Secure Mail uses the email address for autodiscovery. XenMobile identifies the Exchange server by the domain and user ID, which enables Secure Mail to authenticate the user automatically. XenMobile prompts the user to enter a password if the policy is set to not pass through the password, but the user is not required to enter any additional information.

NetScaler Single Sign-On

If False, disables the XenMobile callback feature during single signon from NetScaler to the XenMobile server. XenMobile uses the callback feature to verify the NetScaler Gateway session ID, if the NetScaler Gateway configuration includes a callback URL. Defaults to False.

Number of consecutive failed uploads

Displays the number of consecutive failures during Customer Experience Improvement Program (CEIP) uploads. XenMobile increments the value when an upload fails. After 15 upload failures, XenMobile disables CEIP, also referred to as telemetry. For more information, see the server property Identifies if telemetry is enabled or not. XenMobile resets the value to 0 when an upload succeeds.

Number of Users Per Device

The maximum number of users who can enroll the same device in MDM. The value 0 means that an unlimited number of users can enroll the same device. Defaults to 0.

Pull of Incremental Change of Allowed and Denied Users

The number of seconds that XenMobile waits for a response from the domain when executing a PowerShell command to get a delta of ActiveSync devices. Defaults to 60 seconds.

Read Timeout to Microsoft Certification Server

The number of seconds that XenMobile waits for a response from the certificate server when performing a read. If the certificate server is slow and has a lot of traffic, you can increate this to 60 seconds or more. A certificate server that doesn't respond after 120 seconds needs maintenance. Defaults to 15000 milliseconds (15 seconds).

REST Web Services

Enables or disables the REST Web Service. Defaults to true.

Session Log Cleanup (in Days)

The number of days that the XenMobile server should retain the session log. Defaults to 7.

Server Mode

Determines whether XenMobile runs in MAM, MDM, or ENT (enterprise) mode, corresponding to app management, device management, or app and device management. Set the Server Mode property according to how you want devices to register, as noted in the table below. Server Mode defaults to ENT, regardless of license type.

If you have a XenMobile MDM Edition license, the effective server mode is always MDM regardless of how you set the server mode in Server Properties. If you have an MDM Edition license, you cannot enable app management by setting the server mode to either MAM or ENT.

Your licenses are this Edition

You want devices to register in this mode

Set Server Mode property to

Enterprise / Advanced

MDM mode

MDM

Enterprise / Advanced

MDM+MAM mode

ENT

MDM

MDM mode

MDM

The effective server mode is a combination of the license type and server mode. For an MDM license, the effective server mode is always MDM, regardless of the server mode setting. For Enterprise and Advanced licenses, the effective server mode matches the server mode, if the server mode is ENT or MDM. If the server mode is MAM, the effective server mode is ENT.

XenMobile adds the server mode to the server log every time a license is activated or deleted and when you change the server mode in Server Properties. For information about creating and viewing log files, see Logs and View and analyze log files in XenMobile.

Static Timeout in Minutes

If the WebServices timeout type server property is STATIC_TIMEOUT, this property defines the number of minutes after which XeMobile logs out an administrator who used the XenMobile server Public API to access the XenMobile console or any third-party app. Defaults to 60.

Trigger Agent Message Suppression

Enables or disables Secure Hub client messaging. The value false enables messaging. Defaults to true.

Trigger Agent Sound Suppression

Enables or disables Secure Hub client sounds. The value false enables sounds. Defaults to true.

Unauthenticated App Download for Android Devices

If True, you can download self-hosted apps to Android devices running Android for Work. XenMobile needs this property if the Android for Work option to provide a download URL in the Google Play Store statically is enabled. In that case, download URLs can't include a one-time ticket (defined by the XAM One-Time Ticket server property) which has the authentication token. Defaults to False.

Unauthenticated App Download for Windows Devices

Used only for older Secure Hub versions which don't validate one-time tickets. If False, you can download unauthenticated apps from XenMobile to Windows devices. Defaults to False.

Use ActiveSync ID to Conduct an ActiveSync Wipe Device

If true, XenMobile Mail Manager uses the ActiveSync identifier as an argument for the asWipeDevice method. Defaults to false.

Users only from Exchange

If true, disables user authentication for ActiveSync Exchange users. Defaults to false.

WebServices Timeout Type

Specifies how to expire an authentication token retrieved from the public API. If STATIC_TIMEOUT, XenMobile considers an authentication token as expired after the value specified in the server property Static Timeout in Minutes.

If INACTIVITY_TIMEOUT, XenMobile considers an authentication token as expired after the token is inactive for the value specified in the server property Inactivity Timeout in Minutes. Defaults to STATIC_TIMEOUT.

XAM One-Time Ticket

The number of milliseconds that a one-time authentication token (OTT) is valid for downloading an app. This property works in conjunction with the properties Unauthenticated App download for Android and Unauthenticated App download for Windows, which specify whether to allow un-authenticated app downloads. Defaults to 3600000.

XenMobile MDM Self Help Portal console max inactive interval (minutes)

The number of minutes after which XenMobile logs out an inactive user from the XenMobile Self Help Portal. A timeout of 0 means an inactive user remains logged in. Defaults to 30.

Adding, Editing, or Deleting Server Properties

In XenMobile, you can apply properties to the server. After making changes, you must restart XenMobile on all nodes to commit and activate changes.

Nota

To restart XenMobile, use the command prompt through your hypervisor.

1. In the XenMobile console, click the gear icon in the upper-right corner. The Settings page appears.

2. Under Server, click Server Properties. The Server Properties page appears. You can add, edit, or delete server properties from this page.

localized image

To add a server property

1. Click Add. The Add New Server Property page appears.

localized image

2. Configure these settings:

  • Key: In the list, select the appropriate key. Keys are case-sensitive. You must contact Citrix Support before making any changes, or to request a special key.
  • Value: Enter a value depending on the key you selected.
  • Display name: Enter a name for the new property value that appears in the Server Properties table.
  • Description: Optionally, type a description for the new server property.

3. Click Save.

To edit a server property

1. In the Server Properties table, select the server property you want to edit.

Note: When you select the check box next to a server property, the options menu appears above the server property list; when you click anywhere else in the list, the options menu appears on the right side of the listing.

2. Click Edit. The Edit New Server Property page appears.

localized image

3. Change the following information as appropriate:

  • Key: You cannot change this field.
  • Value: The property's value.
  • Display Name: The property's name.
  • Description: The property's description.

4. Click Save to save your changes or Cancel to leave the property unchanged.

To delete a server property

1. In the Server Properties table, select the server property you want to delete.

Note: You can select more than one property to delete by selecting the check box next to each property.

2. Click Delete. A confirmation dialog box appears. Click Delete again.