Citrix XenMobile Mobile Device Management (2014)
Chapter 5. XenMobile App Controller Deployment
The XenMobile App Controller delivers web-, SaaS-, Android-, and iOS-based apps, and ShareFile-integrated data and documents to end users. App Controller uses either Citrix Receiver or Receiver for the Web available in Worx Home to deliver these resources. This chapter will help you learn and understand the following topics:
· Downloading XenMobile App Controller
· Importing the virtual appliance
· Configuring XenMobile App Contoller
· Configuring certificates
· Configuring App Controller with NetScaler Gateway
· Configuring App Controller and Device Manager
Downloading XenMobile™ App Controller
In this section, we will download the XenMobile App Controller software from the Citrix Web Portal. To download the XenMobile components, we need to go to the Citrix Downloads portal, which can be found at http://www.citrix.com/downloads.html. To download the XenMobile App Controller, perform the following steps:
1. Click on My Account and log in.
2. Click on Downloads.
3. Select XenMobile as the Product and Product Software as the Download Type. Click on Find.
4. Click on XenMobile 8.6 App Edition from the list.
5. Download the appropriate App Controller virtual image to install on XenServer, VMware, or Hyper-V (in our case, we will be using VMware).
Importing the virtual appliance
After we have successfully downloaded the XenMobile App Controller build, we need to import it to the hypervisor. In case of VMware-based hypervisor, you should have the file named App Controller_2.8.0.162000.vmware.ova, available after download.
The steps to import the software into the hypervisor are as follows:
1. Log in to the VMware VSphere client.
2. Click on File and then choose Deploy OVF Template.
3. Click on Browse and locate the file App Controller_2.8.0.162000.vmware.ova.
4. Click on Open and then select Next. Agree to accept the terms of the licenses and click on Next.
5. Enter a Name for the virtual machine and click on Next.
6. Select a Datastore value to store the Deployed OVF template and click on Next.
7. Choose the Network Adapter you want to allot to the virtual machine and click on Next.
8. Verify the information and click on Finish. The OVF Deployment progress bar should appear.
Once the import procedure is completed, the XenMobile App Controller appliance should appear on the VSphere client. This completes the import procedure for the virtual appliance.
Configuring XenMobile™ App Controller
In this section, we will configure the virtual appliance that we imported into the Hypervisor in the last section. The XenMobile App Controller comes preconfigured with some default settings for management purposes, listed as follows:
|
Default |
Value |
|
IP address |
10.20.30.40 |
|
Subnet Mask |
255.255.0.0 |
|
Root Username |
Administrator |
|
Root Password |
password |
To proceed further, we need to ensure we have the following details in hand:
· XenMobile App Controller IP Address: The XenMobile App Controller IP address is used for managing the App Controller virtual appliance. Reserve a static IP address to be assigned to the XenMobile App Controller virtual appliance.
· Netmask: The subnet mask of the IP address assigned to XenMobile App Controller virtual appliance.
· Default Gateway: A Default Gateway: It passes traffic from local subnets to devices on different subnets. It helps in managing the XenMobile App Controller from devices that belong to a different subnet. Write down the Default Gateway for the IP address assigned to the XenMobile App Controller virtual appliance.
Now, let's proceed with the configuration of the XenMobile App Controller virtual appliance.
Command-line-based configuration
We can use the command line to configure the App Controller on a basic level by assigning the server an IP address, subnet mask, and its DNS server. The steps to configure the App Controller server through the command line are as follows:
1. Power on the virtual appliance (The installation of the XenMobile App Controller is automatically done as soon as you power on the virtual machine.) Refer to the following screenshot:
2. At the Login prompt, enter the default credentials as mentioned in the preceding table.
3. After a successful log in, we should be greeted with the following screenshot:
4. Press 0 for Express Setup.
5. Now, press 1 for IP Address, Subnet Mask.
6. Similarly, select options 2, 3, and 4 for Default Gateway, DNS Servers, and NTP Server, respectively.
7. Select option 5 to Commit Changes and press Y to reboot the server.
Once the server boots up, you can log on to the App Controller web console from a system in the same subnet.
Graphical user interface-based configuration
In this section, we will configure detailed settings on the XenMobile App Controller server using a graphical user interface. To do so, perform the following steps:
1. Log on to a system in the same subnet as the App Controller server and open a web browser pointing to https://ipaddress.of.App controller: 4443/controlpoint (for example, https://10.10.10.90:4443/controlpoint)
2. Enter the default Username and Password (refer to the preceding default table):
After logging in, the next screen requires the following additional configuration:
· Configure the Administrator password: Change the default password here:
· Configure System Settings: Here, we can change the settings we made while in the command-line interface:
· The Active Directory integration: Here, we will have to enter in Active Directory settings to integrate App Controller with LDAP.
Tip
It's recommended to create a separate service account for App Controller and also for other XenMobile components.
The following screenshot consists of the Active Directory integration settings:
· NTP & DNS configuration: In this section, we will configure the Network Time Protocol server and the Domain Name System server. In our case, we have taken our DC to be the NTP server:
· Email Service settings: In this section, we will enter in the settings for our Mail Server and provide credentials for a user who will receive workflow notifications. Workflows are used to manage the creation and removal of user accounts:
3. Once we have entered all the aforementioned settings, we can verify them on the Summary screen shown as follows and finally, click on Save:
4. Once we click on Save, we will get a prompt to log off for changes to take effect. Click on Yes. Once done, you can re-log on with the new password.
Configuring certificates
App Controller requires certificates to ensure secure communication with the App Controller Management console applications and StoreFront. There are three SSL certificates that are required by the App Controller server for communicating with the Management console and StoreFront. These SSL certificates are used for user account-management, and SAML-based applications.
The SSL certificates need to be signed by a certificate authority such as VeriSign and Entrust, and then uploaded to the App Controller server.
1. Log in to the App Controller Management console and click on the Settings tab.
2. Go to System Configuration and then select Certificates.
3. Click on Import and then select Server (.pem) for a root CA-signed server certificate or Trusted (.pem) to import a CA-signed root certificate.
4. In the Upload section, select Browse, navigate to the certificate, and click on Open.
5. Once we have added the certificate, click on Make Active. This will log us out from the console. We need to log back in; the new certificate should be successfully added now.
Configuring App Controller with NetScaler® Gateway
We have seen many applications that are internal to an organization. Sometimes, users connect to these applications from the Internet. In this case, we can publish such an app in the App Controller and route the connections of the app to the end user device through NetScaler Gateway. This will in turn provide us with secure access control management and granular application and data-level controls. For this, we need to set up trust settings between the App Controller and the NetScaler Gateway. In this section, we will learn to set up this trust between these two XenMobile components. To configure App Controller with NetScaler Gateway, perform the following steps:
1. Log in to the App Controller Management console and click on Settings.
2. Go to System Configuration and select Deployment.
3. Select NetScaler Gateway and click on Edit.
4. Under the Enable section, select Yes.
5. Under Display Name, enter the NetScaler Gateway server name.
6. Under Callback URL and the External URL, type the NetScaler Gateway web address. For example, https://nsvpx.teamxchange.in or https://nsvpx.teamxchange.in:443.
7. We can also configure the following optional Logon type for users when accessing applications through NetScaler Gateway:
· Domain only: Users need to use their Active Directory credentials
· Security token only: Users need to enter security token-based codes for authentication
· Domain and security token: Users in this logon type need to enter their AD credentials and security token codes
8. We can also check Do not require passwords to disable any password policy.
9. Click on Save
Publishing access to an app through NetScaler® Gateway
In order to allow an app to use NetScaler Gateway connection for access management, you need to perform the following steps:
1. Log on to the App Controller web console.
2. Navigate to App & Docs and then the application type (web, SaaS, Android or iOS). For demonstration purposes, we will be using a Web & SaaS app.
3. Click on Web & SaaS and then click on the + icon to select an app.
4. Check the box beside App is hosted in internal network to use the NetScaler Gateway connection.
5. Further, we can configure the app as per our requirement, and click on Save for the settings to take effect.
Configuring App Controller and Device Manager
In this section, we will configure the App Controller to communicate with the Device Manager. In order to ensure the communication between both the components is secure, Citrix recommends to install a publically trusted certificate on both the components as communication can be initiated from either App Controller or the Device Manager, where it first tries to validate the certificate installed. The communication handshake will fail if either of the components is unable to validate the certificate installed on the other one.
Configuring Device Manager
The XenMobile Device Manager configuration will allow the server to communicate with the App Controller server. To do so, perform the following steps:
1. Log on to the XenMobile Device Manager web console.
2. Go to Options and select Modules Configuration.
3. Go to AppC Webservice API.
4. Enter Hostname of the App Controller server and Shared Key (a password), which we will also enter in App Controller server to authenticate.
5. Check the box for Enable App Controller.
6. At this point, we are half way done with configuration. Click on Check the Connection; we should receive an error as the configuration on the App Controller server needs to be completed before testing the connection.
7. Click on Close and select Yes to save the modifications.
Configuring App Controller
The App Controller configuration will allow the server to communicate with the XenMobile Device Manager server.
1. Log on to the App Controller server and navigate to the Settings tab.
2. Select XenMobile MDM and click on Edit on the Settings section.
Fill the following section:
· Host: Type the hostname or the FQDN of the XenMobile DM server.
· Port: Leave it set to the default port as: 80.
· Shared Key: Enter the shared key that we entered while configuring the Device Manage server.
· Allow secure access: If selected, communications between both the components will default to secure port 443. We will leave this option unchecked in our scenario.
· Require Device Manager enrollment: If selected, then all devices need to be enrolled and managed by the Device Manager server. We will leave this option unchecked in our scenario
3. Once we have entered these settings, we will click on Test Connection and should get the Connection was successful prompt if the settings were entered correctly.
4. Click on Close and hit Save.
Now, we will go back to the Device Manager console and hit Check the Connection; it should successfully communicate with the App Controller server.
Summary
As discussed in this chapter, we have successfully installed the App Controller server and integrated it with XenMobile Device Manager and NetScaler Gateway to ensure a secure communication. We also configured certificates and integrated Active Directory and the e-mail server with the App Controller server.
In the next chapter, we will learn how to manage applications with the XenMobile Device Manager and App Controller.