Added value of Citrix Endpoint Management with Microsoft EMS/Intune

Reading Time: 4 minutes

What is going on?

As you know, that if you do anything with Enterprise Mobility Management and Office365 apps for Bring Your Own Devices (BYOD) or Company Owned Devices (COD), you can hardly do anything without Microsoft EMS/ Intune these days. We all know the most popular Office365 apps: Word, Excel, Outlook and PowerPoint. Other Office 365 apps like Microsoft SharePoint of Microsoft Dynamics 365 may be less popular but are still mission critical for organizations.

I have yet to encounter an organization that only uses Microsoft Office 365 apps on mobile devices. How about you? Mobile app deployment of most enterprise organizations these days looks like this:

  • Office 365 apps.
  • Other native mobile apps.
  • Custom build apps.
  • Web and SaaS apps.
  • Virtualized apps.

So, all these corporate apps have to be delivered to the end user on their device. It also means that you, as the company, want to have an insight in what is going on in these apps. The data in these corporate apps is yours, so you want to know how your data is being handled by the app on the user device? How is the user experience, regardless of internet being slow or even not available? Or on what platform does my app run? Your IT department wants to be able to answer all these questions.

How do we do it?

This is where Citrix Endpoint Management comes in! It allows us as IT to protect and isolate corporate data and apps from personal apps and data. Do you worry about how to deliver your corporate apps to the user? Stop worrying because with Citrix Endpoint Management comes with an app store. This is a secure and private app store specifically designed for the enterprise. In this app store you can use corporate apps and public apps. You need a public app to stay on a specific version for say compliance reasons? No problemo with the app store integrated in Citrix Endpoint Management. The Citrix Endpoint Management Appstore allows you to use apps from public app stores with your corporate policy on them! How cool is that.

Citrix Endpoint Management also delivers functionality like exchanging data and documents between Office 365 apps and corporate apps. That is not all. Because Citrix Endpoint Management can deliver per-app-micro-vpn. Your IT department can guarantee how data in motion is being handled. This is where Citrix Application Delivery Controller (ADC) comes in play. Formerly known as NetScaler, ADC can provide per-app functionality for all the corporate mobile apps. See the diagram below.

Overview Citrix Gateway for micro VPN
Overview Citrix Gateway for micro VPN (Source Citrix)

Let’s say that your employee is on the other end of the world and needs access to that very important research document? No worries. ADC will make sure that the session to deliver that document to the mobile device is fully secured and encrypted. Also, when the document is on the mobile device, Citrix Endpoint Management will secure that data at rest. How cool is that!

Micro-VPN to on-premise data (Source Citrix)
Micro-VPN to on-premise data (Source Citrix)

Security nirvana does exist!

It does when you use Citrix Endpoint Management with Microsoft EMS/ Intune. I often get the question: Vikash, why do you need Citrix Endpoint Management when you have Intune? My answer then is simple: Do you want first-class security, enhanced user experience and flexibility for apps and devices? You need Citrix Endpoint Management with EMS/Intune.

Let me explain. With Citrix Endpoint Management we can see what is going on in the communications layer for every user and every session and every app. That means we can deploy access policies based on app, user or device. And with device I mean not only mobile devices but also laptops and tablets. All these devices in the end-user space can now be made fully compliant with your corporate IT security policy! Amazing.

Interaction between Office 365 apps, ShareFile and Secure Mail (Citrix mobile apps) is seamless. Citrix makes that possible, because they use Microsoft EMS SDK. The data on the device stays in the secure enclave provided by Citrix Endpoint Management. While other vendors need to make a so-called bridge to exchange data between Office 365 apps and their corporate apps, Citrix mobile apps are “Intune-enlightened”. Below is an overview of the seamless interaction.

Secure Mail with Intune App Protection (Source Citrix)
Secure Mail with Intune App Protection (Source Citrix)

I am convinced!

Let’s face it. If you have Office 365 apps running on mobile devices, then you need an EMS / Intune infrastructure! Because you want to know what happens with your corporate data on those devices right? No questions there, if you ask me. But nowadays with security being more and more a critical aspect for enterprises you want to be at your a-game. Citrix Endpoint Management enables you just to do that. Let’s talk bullet points here:

  • Do you have Exchange on-prem? Regardless you want the higher level of security with the per-app vpn option.
  • Security for data in motion and data at rest.
  • Fine grained setup of policies for Mobile Device Management and Mobile Application Management.
  • Seamless integration of all Office 365 apps with Citrix Secure Mail. It just works.
  • Single pane of glass to manage different devices and platforms.
  • Wide range of supported devices (MacOS, ChromeOS, tvOS, Raspberry Pi, Android, iOS, Windows 10).
  • Enterprise app store for all your corporate apps.

Below is an architectural overview of how Office 365 apps can be integrated with Citrix Endpoint Management.

Architectural overview (Source Citrix)
Architectural overview (Source Citrix)
Added value of Citrix Endpoint Management with Microsoft EMS/Intune Read More

Setup Citrix NetScaler Gateway for Citrix XenMobile Server 10.9

Reading Time: 9 minutesIn this blog post I will show you how to setup Citrix NetScaler Gateway for Citrix XenMobile Server 10.9. You need Citrix NetScaler for XenMobile Server if you have the following scenarios:

  • Micro VPN access for access to internal resources.
  • Use Citrix Endpoint Management with Microsoft Intune/ EMS.
  • Micro VPN access for business apps to internal application servers or data.
  • Use XenMobile Apps for iOS or Android.

In this blog I will go through all the steps needed to successfully implement Citrix NetScaler for XenMobile Server, starting with importing the NetScaler appliance on my hyper visor and ending with a completed setup on the NetScaler ready for production. Before you start you have to setup and configure Citrix XenMobile Server 10.9. Check my blog post here to setup XenMobile Server 10.9.

Before we can start you have to make sure that you have the requirements in place. Nothing is more annoying than finding out that you forgot something during installation. This is the requirement list:

  • Minimum NetScaler 10.5 build 66.9. I am using NetScaler 12.1 build 49.23.
  • Platform/Universal license.
  • Public SSL certificate.
  • Several IP addresses. I will make a list for you.
  • DNS host names (FQDNs) which are accessible from the internet.

Let’s make a list of IP addresses we will need on the NetScaler. These IP addresses are all private IP addresses in my case, but also at customers I visit. This is because the NetScaler is always placed behind a firewall which does all the NAT stuff to map external IP to internal IP. So, in the end you will need a public IP of course which you will then map on your firewall to the NetScaler. This goes beyond this post. Check your firewall documentation how to do this. Below is the IP address list I will use for my setup:

FunctionIP address
NetScaler IP192.168.1.21
Subnet IP192.168.1.22
XenMobile Gateway Virtual IP192.168.1.23
XenMobile Gateway Virtual IP for MAM192.168.1.24
XenMobile Gateway Virtual IP for MDM192.168.1.25

Import Citrix NetScaler on Citrix XenServer

Make sure you download the correct NetScaler appliance (VPX) from Citrix. I have Citrix XenServer running so I downloaded the appliance for XenServer. Let’s start by importing the virtual Citrix NetScaler on XenServer. Start Citrix XenCenter and click on File->Import.

Locate the .xva file you downloaded from Citrix website. Browse to it and select it. Click then on Next.

Select the XenServer host you will import the appliance to. I have only one XenServer host running in free-mode so I will use that. Click on Next.

Select the storage you will import the NetScaler on. Click then on Import.

Select the network interface you will use to let the NetScaler appliance communicate on the network. Click then on Next.

Review your selections and if everything is ok you can start the actual import. Check Start VM after import to continue the setup. Click here on Finish.

After the import is finished, go to the console using XenCenter. The appliance will boot and, on the command-line, will ask you to configure network settings. The IP address here is the one we reserved for the NetScaler IP (NSIP). Enter the IP and hit enter.

Enter all the network configuration information (like netmask and gateway) and choose option 4 to save. The NetScaler will now reboot. After the reboot we can continue the initial configuration using a web browser.

Initial setup Citrix NetScaler

Open a web browser and go to http://<NSIP>. I am using 192.168.1.21 for my NSIP. Login using nsroot as username and nsroot as password. Make a note for yourself to change this after you are done with the configuration. Click on Log On.

The initial configuration will automatically start, and you will be prompted to opt-in for the Citrix User Experience Improvement Program. I choose Enable but you can skip this of course.

Next step is to specify a Subnet IP. Click on Subnet IP Address.

Enter the IP you reserved to be your subnet IP. I will use 192.168.1.22. Enter the corresponding netmask and click on Done.

Next step is to configure DNS IP Address, host name and Time Zone.

Enter the information matching your environment. In my case my DNS server is 192.168.1.15. The Host Name can be anything you want, it does not matter because we are using a VPX. If you are using an MPX (physical NetScaler appliance) make sure to note the host name because then your license file is linked to the host name. In the VPX the license file is linked to the mac address the virtual network interface. That’s why the Host Name can be anything here. Select the correct time zone and click on Done.

The NetScaler will reboot now to save the settings and let the changes take effect. Click on Yes.

Wait for it to reboot and leave the browser window open :).

Configure Licenses

The next step is to configure licenses. We need certain functions which are unlocked with the correct license for NetScaler. If you are only testing, you can go for a evaluation license for 90 days. During the evaluation period all the features of NetScaler are available to you. The features you need in NetScaler which require a special license are:

  • Load Balancing.
  • NetScaler Gateway for micro VPN and access to corporate resources.

After the NetScaler has rebooted login with nsroot username and password. Go to System -> Licenses and click on Manage Licenses.

Click on the button Add New Licenses.

Choose the option Upload license file. You must allocate the license file first using the licensing tools in the Citrix website. Make sure that when you allocate the NetScaler license on the Citrix website, enter the correct Host ID. The Host ID is displayed on the right side of the window. It is the mac address of the virtual nic. If you have multiple virtual nic’s configured, it will be the mac address the nic which is first listed by in the properties view of the appliance. Click on Browse to locate the license file.

After the license file is uploaded the NetScaler needs to reboot to activate the license file and the corresponding features. Click on Reboot.

Click on Yes.

Wait for the reboot to finish. Leave your browser window open.

After you login you will see a overview of the new licensed features and the VPX version.

Import SSL certificate

Next step is to import your SSL certificate. I am using a wildcard SSL certificate. If you are not using a wildcard certificate, check my blog post about setup and configuration of XenMobile Server 10.9 here to see what hostnames (FQDNs) you need in your SSL certificate. In the past I have done a blog post and showed how to import an SSL certificate in .pfx format on the NetScaler. Check that blog post here.

After I imported my certificate this is my SSL overview on my NetScaler.

Setup NetScaler for XenMobile

Now it’s time to setup the NetScaler for XenMobile. I have setup XenMobile Server 10.9 in a previous post here. In that blog post I showed you the ins-and-outs of the setup and configuration process of XenMobile Server. And to make the XenMobile resources available to our end-users we need to integrate NetScaler and XenMobile. NetScaler supplies an authentication mechanism for remote devices to the internal network and other MAM functionality.

For my blog I will use the XenMobile wizard which is supplied with NetScaler. This wizard is very good at getting the job done (pragmatic approach) and gets better with every new version of NetScaler. Login in to NetScaler using your browser and scroll down in the left column and click on XenMobile. Then click on Get Started.

Make sure that the options Access trough Citrix Gateway and Load Balance XenMobile Servers are checked. Then click on Continue.

Enter the IP address you will use for the Virtual Server (VIP) for NetScaler Gateway. Leave the port on 443. Click on Continue.

Select the certificate you want to use for the NetScaler Gateway VIP. This is my wildcard SSL certificate which I previously imported. Click on Continue.

The next step is to add your Active Directory/LDAP configuration. This is used for by NetScaler for user authentication in your Active Directory. Make sure that you have a service account in your Active Directory configured which you will use here. Enter the information and Click on Test Connection to test the configuration. Everything should be green. Click then on Continue.

This next step will ask you the FQDN for you MAM functions. Fill in the same FQDN here that you used when setting up XenMobile according to my post here. In my case that is: xnmob01.vikash.nl. Also set the IP address you will be using for the Load Balancer. Click then on Continue.

Next, we must select the certificate for XenMobile. This has to be same certificate you are using on your XenMobile server! In my case I have a wildcard running on my XenMobile Server and the same one on my NetScaler.

Now we have to tell NetScaler where the XenMobile server is. Click on Add Server.

Specify the IP address for XenMobile Server. I have my XenMobile Server running on 192.168.1.19. Fill in the IP address and click on Add.

Now it will list the XenMobile Server. Click on Continue.

Click now on Load Balance XenMobile Servers.

This is the IP address you will use to Load Balance MDM. Specify a name and then click on Continue.

You will get an overview of the Load Balancing Virtual Server Configuration. Click on Continue.

Then click on Done and we are done!

You will be taken to the Dashboard and see the configuration you made using the wizard.

 

We can see the different components the wizard added. See below the screenshots to get an idea where they are in the NetScaler configuration.

This concludes this blog post. In following posts, I will show you how to enroll devices using XenMobile. Feel free to contact me of you have any questions or comments.

You can follow me on twitter or add the RSS feed from my blog and you will be notified when I add new posts.

 

Setup Citrix NetScaler Gateway for Citrix XenMobile Server 10.9 Read More

Setup Citrix Endpoint Management (Citrix XenMobile Server 10.9)

Reading Time: 14 minutesIn this blog I will show you how to setup Citrix Endpoint Management (Citrix XenMobile Server 10.9). The new name for Citrix XenMobile is Citrix Endpoint Management. This version was released by Citrix on the 13th of September 2018. A few things are new in this version:

  • Access to XenMobile Tools from the Console.
  • Add Google Play Store apps using a package ID.
  • New public REST API’s.

You can read all about what is new here. XenMobile Server is a complete Enterprise Mobility Management (EMM) solution that provides both Mobile Device Management (MDM) and Mobile Application Management (MAM) through a single virtual appliance. You can run the virtual appliance on XenServer, Hyper-V or VMware. It supports all the major hypervisors as you can see so you have no excuse there for not using it :). This version of XenMobile has a single management console for your devices, apps and data.

So before we can start the setup and configuration we have to make sure we meet the requirements:

  • One of the hypervisors I mentioned before.
  • 4x virtual CPUs.
  • 4GB RAM minimum. 8GB is recommended.
  • 50 GB disk space.
  • Citrix License Server 11.15.x or later.
  • MS SQL Server 2012 SP4 or higher (if you plan on using an external database).
  • SSL Certificate (with the hostnames we are going to use in this blog or you can just use a wildcard certificate).

So this will get your XenMobile server up and running. Depending on your needs you will need additional components like Citrix NetScaler or mobile applications. I will discuss this in upcoming blog posts.

Where am I running this setup? I have Citrix XenServer running in my testlab so I downloaded Citrix XenMobile virtual appliance for XenServer. In my test lab I have Active Directory running on Windows Server 2016. Nothing is redundant or high-available as this is just my test lab :).  Let’s start.

Import the virtual appliance

Locate the virtual appliance file you just downloaded.

Open Citrix XenCenter and choose File -> Import.

Click on Browse to select the virtual appliance file. Click on Next.

Select the XenServer host on which you want to import the virtual appliance. In my case I have only on host, so this is automatically selected. You might notice that there is an orange triangle displayed in front of my XenServer host. That is because I am running the free version of Citrix XenServer. The orange triangle reminds me that Citrix XenServer is running on “free-mode”. After selecting your XenServer host click on Next.

Select the storage repository on which the virtual appliance will be stored. Click then on Import to start the import process.

After the import you will be asked to select the network interface the virtual appliance will use to communicate on the network. Use the drop down in the Network column to select the network and then click on Next.

Check the information in the review window and then click on Finish. Notice that the checkbox Start VM(s) after import is selected. So, when you click on Finish here XenServer will spin up the virtual appliance.

First-time use wizard Citrix XenMobile Server 10.9

So, after the import has completed and the virtual machine has booted it is time for the first-time setup. This will be done using the virtual machine console in Citrix XenCenter. We need to setup the IP address and subnet mask, default gateway, DNS servers, and other settings for XenMobile using the command-line console in XenCenter.

The wizard will start automatically, and you will be asked to enter a new password for the user “admin”. This is the default administrator user. Enter a password and hit enter. You will be asked twice to enter the same password. Hit enter after that and the wizard will continue.

Then you will be asked to enter the network configuration. After every entry hit enter. The IP address I will use in my test lab is 192.168.1.19. When you have entered all the network information you will be asked to commit the settings. Press y if you are sure and hit enter.

Then the wizard will ask you to generate a random passphrase to secure the server data. This passphrase is then used to encrypt, and decrypt part of data stored on the appliance. Note that you cannot view the passphrase if it is automatically generated. So, if you are planning to extend you XenMobile environment in the future make sure you enter your own passphrase! For now, I choose y because one XenMobile server is enough for a testlab. In my experience one XenMobile server is enough in production as well but of course this depends on your specific situation.

The wizard will now ask you if you want to enable FIPS (Federal Information Processing Standard). You need this if you must comply by law to security requirements for cryptographic modules used in security systems. Click here if you need more details on this. I don’t need this feature, so I select n and hit enter.

Next up the wizard will ask if you want to use a remote or a locale database. I am using a remote database because I have a dedicated Microsoft SQL server running in my test lab. Choose r for remote database. Choose mi for Microsoft SQL. Using Microsoft SQL is recommended in production environments by Citrix. Enter your database connection information and then press y to commit the settings.

The wizard will ask you if you want to enable cluster setup. This is the case when you have multiple Citrix XenMobile servers in your environment. Choose the setting that applies to your situation and hit enter. In my test lab I have enabled this, but I won’t be using it here.

Next the wizard will ask you for the XenMobile Server host name. This is the host name all your users will connect to for enrollment. A common host name chosen here is “mdm.domain.name”. This is because this is the FQDN for Mobile Device Management (MDM) and it is easy to remember. In my case I am using xnmob01.vikash.nl. This name must be present in the SSL certificate you will use. If you are using a wildcard certificate you are fine. Press y and hit enter to commit the changes.

Next step is about the communication ports. I just leave this to the default ports and commit the changes by pressing y and hitting enter.

Enter the name you want to use for the device management instance. This is used to setup XenMobile Autodiscovery Service. I will set this up in a later blog. For now, I choose the default instance name zdm. Enter the instance name you want then press on y and hit enter to commit your settings.

The wizard will now setup the internal Public Key Infrastructure (PKI). It will automatically generate the required certificated (how nice is that!). Later on, we will add our own certificate. For now, choose y to use the same password on all the certificates it generates. Enter the password and then press y and hit enter to commit the settings.

The wizard will now create an administrator account for logging on to the XenMobile console using your web browser. This is the account you will use to manage the XenMobile server from a web browser. I just choose the default username here (administrator) and entered the password I want twice. Once again press y to commit your settings.

The wizard will continue with the setup and all you must do is wait.

After the wizard completes the setup you will see a logging prompt. This means that everything on the command-line is setup and we can now continue the configuration using a web browser. This screen will also tell you what the URL is for the management console. In my case this is https://192.168.1.19:4443.

Continue setup of XenMobile Server 10.9 from web browser

Next step is entering License information and adding SSL certificates. Open a web browser and go to the management console URL. In my case that is https://192.168.1.19:4443. You may get a prompt telling you that the certificate for this website is not trusted. You can safely ignore this warning. We know that this is the certificate which the setup wizard automatically generated using the internal PKI. Enter your administrator account details here and click on Sign in.

Click on Start to continue.

Configure a License for XenMobile

We must start with the license configuration. If you don’t have a license XenMobile will have a trial license for 30 days. If you have a Citrix License server running with XenMobile licenses, then click on Configure License and then choose Remote license.

Enter the information of your license server and then click on Test Connection. If you have XenMobile licenses on your Citrix License server, they should appear here. Click on Next.

Install SSL certificate

You will now be asked to import certificates. In this screen I will import my own wildcard certificate. This is the certificate I will be using for the MDM and MAM services made available using XenMobile Server. Later on in the post we will request and import the APNs certificate which is used for Apple’s Push Notification service. For now, click on import.

Now pay close attention here. The certificate you will be using for MDM and MAM, in my case my vikash.nl wildcard certificate, you must set it as the SSL listener certificate. And because I have my certificate in a .pfx format I will choose the option KeyStore as import method. I suggest you use the .pfx file format also as it makes life easy when dealing with SSL certificates. Set the KeyStore type to PKCS#12 and set Use as to SSL Listener. Then click on Browse.

Locate your .pfx file, enter the encryption password for the .pfx file and click on Import.

You will get a warning popup about replacing an existing SSL Listener certificate. Because we don’t have one in place, yet this warning can be dismissed. If you are renewing SSL certificates (like in a production environment) pay extra attention here. In that case make sure that the FQDN names are the same in the renewed SSL certificate! We can click on OK here. The Certificate window will now list your SSL certificate. In my case it is my wildcard certificate. You will see that XenMobile Server also has selected my SSL certificate as the SSL Listener and informs me that is has the private key as well. Very nice.

Install an APNs Certificate

Before we install the APNs certificate we need to request it. First, we need a Certificate Signing Request (CSR) file. I will do this using Microsoft IIS on a Windows Server 2016 webserver I have running here (named STF01). Open Internet Information Services (IIS) Manager and select Server Certificates.

Click on Create Certificate Request.

The Common name is important. You must be able to reach that later on from the internet. Fill in the information in the required fields and click on Next.

Select Microsoft RSA SChannel Cryptographic Provider for the Cryptographic Service Provider and 2048 for bit length. Then click on Next.

Specify the location and filename to save the CSR file. Click Finish. Leave the IIS manager console open in this view. We will come back to this later.

Now we must upload the CSR to Apple. Go to https://tools.xm.cloud.com/ and log in with your Citrix account. Click on Request pus notification certificate signature.

Before we upload the CSR make sure to change the file extension to .txt (or .pem) otherwise it will not sign. Then click on Upload the CSR to locate the CSR you generated in the above steps. Then click on Sign.

You will see a message that the CSR is successfully signed and you will be prompted to save the singed file (or it will be automatically saved in your browser download directory). This file will have the extension .plist.

Click on the second column on the bold and underlined text Apple Push Certificates Portal to head over to the Apple Push Certificates Portal. It will open in a new tab or window. Sign in using you Apple ID to continue.

Click on Create certificate to start.

Agree with the Terms of Use and click on Accept.

Next you will be asked to upload the signed CSR file (the .plist file). Browse to the file and then click on upload.

If everything goes well your push certificate should be created. Click Download to save it locally. The filename of the certificate you download here should something like MDM_ Zenprise_Certificate.pem.

Now we need this MDM_ Zenprise_Certificate.pem file to complete the CSR we made earlier on the webserver. This must be the same webserver you generated the CSR on! So, head back to the webserver, in my case it is STF01, to complete the certificate request. IIS Manager should still be open from previous steps in this blog so now you have to choose Complete Certificate Request from the right column.

Locate the .pem file you downloaded from Apple and specify a friendly name. This name can be anything. Then click on OK.

Next step is to export the APNs certificate with the private key, so we can import it in XenMobile. Right click the APNs certificate from IIS Manager and click on Export.

Specify a location, a filename with the extension .pfx and a password. Then click on OK.

Now let’s head over to the XenMobile web console. The wizard will start automatically after logging in and will take you to the Certificates screen. Click on Import.

Select KeyStore in the Import box. The type should then be automatically set to PKCS#12. Very important to select APNs in the Use as dropdown menu. Browse to the exported .pfx APNs file from a few steps above and also enter the same password for decryption. Then click on Import.

Click on OK in the dialog window to confirm.

The import will complete successfully, and you should now have all the appropriate certificates installed to continue the Initial Configuration. Click on Next.

XenMobile NetScaler Gateway Configuration

The next step will lead you to the configuration for NetScaler Gateway. This is of course optional. But while we are here we might as well do the configuration. The actual setup and configuration of NetScaler will be another blog post. Enter a name here for NetScaler. The External URL is important because this will be used for Mobile Application Management (MAM). Note also that this is https. I leave the logon type to Domain only for now. Click then on Next.

XenMobile LDAP Configuration

For this step to complete make sure you have a service account for XenMobile configured in your Active Directory. Make sure the password expiration is disabled for this account. Also make sure that you have setup routers and firewalls correctly to allow LDAP (or Secure LDAP) communications to and from the NetScaler. There are also other ports which I will point out in my blog post about configuring the NetScaler but for now we will only need the LDAP port. Fill in the fields according to your environment. I only have one domain controller in my test lab so I enter that in the Primary server field. Because my Active Directory is plain and simple I don’t have complex User base DN or Group base DN. Check the advanced properties of the service account using Active Directory Users and Computers management console to see what they are in your environment.

After entering all the required information, we can click on Next.

Notification Server Configuration

This is the part where you enter your mail server information so XenMobile server can sent notifications. I have Postfix running as my local mail server, so I will enter that information here. You need the IP-address of the mail server and correct port number. Like in the previous step you should make sure that XenMobile Server can communicate on the specified port with the mail server. Enter the information required and click then on Test Configuration.

A window will pop up and ask for the recipient email address. Enter a valid email address where the test mail will be delivered to. Then click on Send.

You will get a notification that the mail is sent successfully. Click OK.

You will be prompted with a summary screen. You can now click Finish in the bottom.

We will now be transported to the main XenMobile management console with a message that we now can start managing XenMobile! How cool is that :).

So now we are almost ready to enroll our devices. The next step is configuring Citrix NetScaler to make XenMobile available in a secure way to our end users. Check that blog post here where I show you how to setup and configure Citrix NetScaler for XenMobile. This concludes this blog post. Feel free to contact me of you have any questions or comments.

You can follow me on twitter or add the RSS feed from my blog and you will be notified when I add new posts.

 

Setup Citrix Endpoint Management (Citrix XenMobile Server 10.9) Read More

Upgrading Citrix StoreFront 3.15 to Citrix StoreFront 3.16

Reading Time: 4 minutesIn this blog post I will show you how to upgrade StoreFront 3.15 to version 3.16. There a few things you need to do before upgrading Citrix StoreFront 3.15 to Citrix StoreFront 3.16:

  • Make a backup of you existing StoreFront before starting the upgrade.
  • Check the issues Citrix fixed in this new release here.
  • Check the known issues here and make sure you or your end-users will not be affected by them.
  • Do this upgrade in a test environment. This enables you to test your complete configuration and specific customizations you might have.

My 3.15 version of StoreFront is empty because I just started to rebuild my test-lab and then decided to upgrade to version 3.16. You of course may have a complete production environment running on version 3.15 so you have to make sure to test your upgrade before deploying it in production. Please note that StoreFront 3.16 is only supported on Windows Server 2012 R2 and Windows Server 2016. My StoreFront 3.15 is running on Windows Server 2016.

Citrix StoreFront 3.16 is now part of the new brand new Citrix is using: Citrix Virtual Apps and Desktops 7. The new name is part of their cloud strategy branding. You can download Citrix StoreFront version 3.16 as a separate component or download the full ISO of Citrix Virtual Apps and Desktops 7. Check the download section of their website here. Let’s get to it then.

Upgrading Citrix StoreFront 3.15 to Citrix StoreFront 3.16

If you have downloaded the ISO then start by mounting it using Windows Explorer. Right-click the ISO and then click on Mount.

Browse to the mounted ISO (the DVD drive in Windows Explorer) and double-click on AutoSelect.exe.

The installer will start and automatically detect that there are Citrix components running on the server. It will present you with the option to upgrade them. Click on Upgrade.

Accept the license agreement and click on Next.

Next you will be presented with a checklist for a successful upgrade. After upgrading StoreFront you have to upgrade other components in this list as well. If you are ready check the box I’m ready to continue. Click then on Next.

The setup wizard will automatically configure the Windows Firewall. Leave the option on Automatically. Click then on Next.

The summary window will be displayed. Click on Upgrade.

When the upgrade starts you cannot cancel it. If you do this you might end up with a broken StoreFront server. Only if you are sure you are ready to continue with the upgrade click OK.

The upgrade will now start. All you have to do now is wait.

After the upgrade is finished you will be presented with the upgrade results. Check the box Open the StoreFront Management Console to continue. Click on Finish.

You can now continue to check your configuration. Mine is empty. In upcoming posts I will show how to configure StoreFront to present desktops and applications to end-users.

This concludes this blog post. In following posts I will show you how to configure StoreFront to deliver desktops and applications. I will also show you how to connect it to Citrix NetScaler so stay tuned. Feel free to contact me of you have any questions or comments.

You can follow me on twitter or add the RSS feed from my blog and you will be notified when I add new posts.

 

Upgrading Citrix StoreFront 3.15 to Citrix StoreFront 3.16 Read More

Install Citrix StoreFront 3.15

Reading Time: 4 minutesIn this blog post I will show the basic setup of Citrix StoreFront 3.15. StoreFront is the component for making your published desktops and published applications available for your end-users and devices. Citrix StoreFront is part of Citrix XenDesktop 7.18.

My environment for this basic setup:

  • Windows 2016 (stf01.vikash.nl)
  • Citrix StoreFront 3.15 setup (www.citrix.com)

In this post I only focus on a basic installation of Citrix StoreFront. Let’s start.

Install Citrix StoreFront 3.15

At this point you have downloaded the Citrix XenDesktop 7.18 installation ISO from the Citrix website. Mount the ISO using Explorer.

Double-click on AutoSelect.exe.

Click on Start button on the end of XenDesktop Delivery applications and desktops.

Select the option Citrix StoreFront.

Agree with the License Agreement and click on Next.

You will see the components which will be installed. In this case only StoreFront should be displayed here. Click on Next.

You will see the default ports for StoreFront and leave the option Automatically selected. The setup automatically configured the Windows Firewall to open the ports listed here. Click on Next.

You will see a summary of the installation. Click on Install.

The server has to be restarted before the installation can continue. Click on Close.

Windows will tell you that you will be signed out. Click on Close and wait for the server to reboot.

After the reboot login with the same account you were using when you started the installation. In my case this was the Administrator account. You will now be prompted to locate the XenDesktop installation media. Don’t close this window!

Open a new Windows explorer window and browse to the XenDesktop 7.18 installation ISO and mount in using explorer.

Go back to the XenDesktop installation media window. In the left column the virtual DVD will contain the mounted ISO. Select the DVD drive and click on Select Folder.

The installation will continue automatically.

After everything is installed you will see a summary of the installed components. Click here on Finish.

Citrix StoreFront administration console will be automatically launched. The installation is now complete and our StoreFront server is ready to be configured to deliver desktops and apps to the end user. I will show you how to do this in further blog posts.

This concludes this blog post. In following posts I will show you how to configure StoreFront to deliver desktops and applications. I will also show you how to connect it to Citrix NetScaler so stay tuned. Feel free to contact me of you have any questions or comments.

You can follow me on twitter or add the RSS feed from my blog and you will be notified when I add new posts.

Install Citrix StoreFront 3.15 Read More

Creating a site with Citrix XenDesktop 7.18

Reading Time: 3 minutesIn my previous post here I showed how to install Citrix XenDesktop 7.18 Delivery Controller. Creating a site with Citrix XenDesktop 7.18 is the next step. This process can be complicated because there is SQL database connectivity involved. The requirement for SQL is version 2008 SP3 or higher. For a complete set of requirements check this link here.

Deliverables of this post:

  • Configure a XenDesktop Site and connect it to SQL Server.

Requirements for the configuration:

  • Microsoft SQL Server.
  • Active Directory Domain.
  • Citrix XenDesktop 7.18 Delivery Controller.

Create a site using Citrix Studio

Creating a site with Citrix XenDesktop 7.18 is done using Citrix Studio. This management tool is automatically installed if you followed my post here.

Start Citrix Studio from the start menu.

Click on the first option in the middle of the console: Deliver applications and desktops to your users.

Select the option An empty, unconfigured Site. Enter the site name you want and click on Next.

Now this is the part where you have to pay attention. Check the names of the databases that are created. Three databases are created. Enter the correct SQL connection information in the Location field. Click then on Next.

Enter the name (or ip address) of your license server. Then click on Connect.

The setup wizard will connect to your license server. Because the Citrix License Server is installed with a self-signed certificate you will get a popup windows asking you if you trust the server. Select Connect me and click on Confirm.

You will now be presented with a list of available licenses on the license server. Select the appropriate one and click on Next.

Finally you will be presented with a summary screen. Double check that all the options and names are correct and then click on Finish.

After the configuration is finished you will be presented with an overview in Citrix Studio. From here you can take following steps. In upcoming posts I will show you where to take from here.

Check the database connections in Citrix Studio. Click on Configuration in the left column.

Using SQL Management Studio you can check the databases on your SQL server.

This concludes this blog post. In following posts I will show you what to do next to get your XenDesktop farm online. Feel free to contact me of you have any questions or comments.

You can follow me on twitter or add the RSS feed from my blog and you will be notified when I add new posts.

 

Creating a site with Citrix XenDesktop 7.18 Read More