Product Documentation

Installing and Configuring

Apr 17, 2015
Follow these steps to install and configure XenMobile Mail Manager. Before starting, be sure you review the system requirements and prerequisites. For details, see XenMobile Mail Manager System Requirements and Prerequisites.
  1. Click the XmmSetup.msi file and then follow the prompts in the installer to install XenMobile Mail Manager.



  2. From the Start menu, open XenMobile Mail Manager.
  3. Configure the following database properties:
    1. Select the Configure > Database tab.
    2. Enter the name of the SQL Server (defaults to localhost).
    3. Keep the database as the default CitrixXmm.
    4. Select one of the following Authentication modes used for SQL:
      • Sql. Enter the user name and password of a valid SQL user.
      • Windows Integrated. If you select this option, the logon credentials of the XenMobile Mail Manager Service must be changed to a Windows account that has permissions to access the SQL Server. To do this, open Control Panel > Administrative Tools > Services, right-click the XenMobile Mail Manager Service entry and then click the Log On tab.
        Note: If Windows Integrated is also chosen for the BlackBerry database connection, the Windows account specified here must also be given access to the BlackBerry database.



    5. Click Test Connectivity to check that a connection can be made to the SQL Server and then click Save.
  4. A message prompts you to restart the service. Click Yes.



  5. Configure one or more Exchange Server:
    1. If managing a single Exchange environment, you only need a single server specified. If managing multiple Exchange environments, you need a single Exchange Server specified for each Exchange environment.
    2. Select the Configure > Exchange tab.



    3. Click Add.
    4. Select the type of Exchange Server environment: On Premise or Office 365.



    5. If you select On Premise, enter the name of the Exchange Server that will be used for Remote PowerShell commands.
    6. Enter the user name of a Windows identity that has appropriate rights on the Exchange Server as specified within the Requirements section.
    7. Enter the Password for the user.
    8. Select the schedule for running Major snapshots. A major snapshot detects every Exchange ActiveSync partnership
    9. Select the schedule for running Minor snapshots. A minor snapshot detects newly created Exchange ActiveSync partnerships.
    10. Select the Snapshot Type: Deep or Shallow. Shallow snapshots are typically much faster and are sufficient to perform all the Exchange ActiveSync Access Control functions of XenMobile Mail Manager. Deep snapshots may take significantly longer and are only needed if the Mobile Service Provider is enabled for ActiveSync; this allows XenMobile to query for unmanaged devices.
    11. Click Test Connectivity to check that a connection can be made to the Exchange Server and then click Save.
    12. A message prompts you to restart the service. Click Yes.
  6. Configure the access rules:
    1. Select the Configure > Access Rules tab.



    2. Select the Default Access: Allow, Block, or Unchanged. This controls how all devices other than those identified by explicit XenMobile or Local rules are treated. If you select Allow, ActiveSync access to all such devices will be allowed; if you select Block, access will be denied; if you select Unchanged, no change will be made.
    3. Select the ActiveSync Command Mode: PowerShell or Simulation.
      • In PowerShell mode, XenMobile Mail Manager will issue PowerShell commands to enact the desired access control.
      • In Simulation mode, XenMobile Mail Manager will not issue PowerShell commands, but will log the intended command and intended outcomes to the database. In Simulation mode, the user can then use the Monitor tab to see what would have happened if PowerShell mode was enabled.
    4. Click Save.
  7. Click the XDM Rules tab.



    1. Click Add.
    2. Enter a name for the XDM rules, such as XdmHost.



    3. Modify the URL string to refer to the XenMobile server; for example, if the server name is XdmHost, enter http://XdmHostName/zdm/services/MagConfigService.
    4. Enter an authorized user on the server.
    5. Enter the password of the user.
    6. Keep the default values for the Baseline Interval, Delta Interval, and Timeout values.
    7. Click Test Connectivity to check the connection to the server.
      Note: If the Disabled check box is checked, the XenMobile Mail Service will not collect policy from the XenMobile server.
    8. Click OK.
  8. Click the Local Rules tab.
    1. If you want to construct local rules that operate on Active Directory Groups, click Configure LDAP and then configure the LDAP connection properties.



    2. You can add local rules based on ActiveSync Device ID, Device Type, AD Group, User, or device UserAgent. In the list, select the appropriate type. For details, see XenMobile Mail Manager Access Control Rules.
    3. Enter text or text fragments in the text box. Optionally, click the query button to view the entities that match the fragment.
      Note: For all types other than Group, the system relies on the devices that have been found in a snapshot. Therefore, if you are just starting and haven’t completed a snapshot, no entities will be available.
    4. Select a text value and then click Allow or Deny to add it to the Rule List pane on the right side. You can change the order of rules or remove them using the buttons to the right of the Rule List pane. The order is important because, for a given user and device, rules are evaluated in the order shown and a match on a higher rule (nearer the top) will cause subsequent rules to have no effect. For example, if you have a rule allowing all iPad devices and a subsequent rule blocking the user “Matt”, Matt’s iPad will still be allowed because the ”iPad” rule has a higher effective priority than the “Matt” rule.
    5. To perform an analysis of the rules within the rules list to find any potential overrides, conflicts, or supplemental constructs, click Analyze.
    6. Click Save.
  9. Configure the Mobile Service Provider.
    Note: The Mobile Service Provider is optional and is necessary only if XenMobile is also configured to use the Mobile Service Provider interface to query unmanaged devices.
    1. Select the Configure > MSP tab.



    2. Set the Service Transport type as HTTP or HTTPS for the Mobile Service Provider service.
    3. Set the Service port (typically 80 or 443) for the Mobile Service Provider service.
      Note: If you use port 443, the port requires an SSL certificate bound to it in IIS.
    4. Set the Authorization Group or User. This sets the user or set of users who will be able to connect to the Mobile Service Provider service from XenMobile.
    5. Set whether ActiveSync queries are enabled or not.
      Note: if ActiveSync queries are enabled for the XenMobile server, the Snapshot type for one or more Exchange Servers must be set to Deep; this may have significant performance costs for taking snapshots.
    6. By default, ActiveSync devices that match the regular expression WorxMail.* will not be sent to XenMobile. To change this behavior, alter the Filter ActiveSync field as necessary
      Note: Blank means that all devices will be forwarded to XenMobile.
    7. Click Save.
  10. Optionally, configure one or more BlackBerry Enterprise Server (BES):
    1. Click Add.
    2. Enter the server name of the BES SQL Server.



    3. Enter the database name of the BES management database.
    4. Select the Authentication mode. If you select Windows Integrated authentication, the user account of the XenMobile Mail Manager service is the account that is used to connect to the BES SQL Server.
      Note: If you also choose Windows Integrated for the XenMobile Mail Manager database connection, the Windows account specified here must also be given access to the XenMobile Mail Manager database.
    5. If you select SQL authentication, enter the user name and password.
    6. Set the Sync Schedule. This is the schedule used to connect to the BES SQL Server and checks for any device updates.
    7. Click Test Connectivity to check connectivity to the SQL Server.
      Note: If you select Windows Integrated, this test uses the current logged on user and not the XenMobile Mail Manager service user and therefore does not accurately test SQL authentication.
    8. If you want to support remote Wipe and/or ResetPassword of BlackBerry devices from XenMobile, check the Enabled check box.
      1. Enter the BES fully qualified domain name (FQDN).
      2. Enter the BES port used for the admin web service.
      3. Enter the fully qualified user and password required by the BES service.
      4. Click Test Connectivity to test the connection to the BES.
      5. Click Save.