Reference Architecture: XenMobile with NetScaler

Similar documents
Using Dell Repository Manager to Update Your Local Repository

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing, Deploying and Managing Citrix XenMobile Solutions. Version: Demo

Citrix Exam 1Y0-371 Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions Version: 6.0 [ Total Questions: 143 ]

Exam Questions 1Y0-371

1Y0-371.exam. Number: 1Y0-371 Passing Score: 800 Time Limit: 120 min. Citrix 1Y0-371

1Y0-371 Q&As. Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions. Pass home 1Y0-371 Exam with 100% Guarantee

Installation Guide. McAfee Enterprise Mobility Management 10.1


Sophos Mobile Control SaaS startup guide. Product version: 6.1

Pre-Installation ZENworks Mobile Management 2.7.x August 2013

Citrix 1Y0-371 Exam. Exam: 1Y Title : Designing, Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Sophos Mobile Control SaaS startup guide. Product version: 7

XenMobile 8.5 Migration Whitepaper

Citrix.Certkey.1Y0-370.v by.JAMIE.60q. Exam Code: 1Y Exam Name: Designing, Deploying and Managing Citrix XenMobile Solutions


CUSTOMER SAP Afaria Overview

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Configuration Guide. BlackBerry UEM. Version 12.9

Maintaining High Availability for Enterprise Voice in Microsoft Office Communication Server 2007

Sophos Mobile SaaS startup guide. Product version: 7.1

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Customer Name. Citrix Cloud XenMobile Service Onboarding Handbook

Sophos Mobile in Central

BlackBerry UEM Configuration Guide

Managing Windows 8.1 Devices with XenMobile

Sophos Mobile as a Service

Product Guide. McAfee Enterprise Mobility Management (McAfee EMM ) 9.6

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Dell Management Console Best Practices

1Y Citrix. Designing Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

ipad in Business Mobile Device Management

ShareFile Technical Presentation

ISEC7 - B*Nator EMM Suite. Check Before Installation Guide

NetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led

VMware Enterprise Systems Connector Installation and Configuration

App Orchestration 2.6

Sophos Mobile Control installation prerequisites form. Product version: 7


CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

XenMobile Service Citrix Systems, Inc. All rights reserved. p.1

OVERVIEW... 3 WHAT'S NEW... 3 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX SSO... 5

Using Dell Repository Manager to Manage Your Repositories Efficiently

Cloud Link Configuration Guide. March 2014

QuickStart Guide for Mobile Device Management. Version 8.7

Planning, Deploying, and Monitoring Mobility Microsoft Lync Server 2010

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)


Sophos Mobile in Central

akkadian Global Directory 3.0 System Administration Guide

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Citrix 1Y Designing Citrix XenDesktop 7.6 Solutions. Download Full Version :

Sophos Mobile Control startup guide. Product version: 7

Dell PowerVault NX1950 configuration guide for VMware ESX Server software

App Orchestration 2.0

PRINTED 13 APRIL 2018 NETWORK PORTS IN VMWARE HORIZON 7

Nubo on premise POC requirements for VMWare ESXi

Sophos Mobile Control Installation guide

Scheduled Automatic Search using Dell Repository Manager

1 About this document System environment Communication between devices and push servers Technical support...

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Configuration Guide. BlackBerry UEM Cloud

Citrix SSO for Mac OS X. User Guide

RSA NetWitness Logs. Citrix XenMobile EMM Suite Last Modified: Wednesday, January 25, Event Source Log Configuration Guide

Dell Wyse Datacenter for VMware Horizon View Cloud Pod Architecture

Sophos Mobile. server deployment guide. Product Version: 8.1

Sophos Mobile. startup guide. Product Version: 8.1

Sophos Mobile. server deployment guide. product version: 8.6

Azure MFA Integration with NetScaler

VMware Enterprise Systems Connector Installation and Configuration. Modified 29 SEP 2017 VMware AirWatch VMware Identity Manager 2.9.

Parallels Mac Management for Microsoft SCCM. Deployment Guide and Pre-Install Checklist. v6.1


VMware EUC a competitor to Citrix? 2010 VMware Inc. All rights reserved

XenApp 7.x on Oracle Cloud Infrastructure

Sophos Mobile Control Installation prerequisites form

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Sophos Mobile as a Service

Goliath Service Accounts & Firewall Settings

Dell Compellent Storage Center

DIGIPASS Authentication to Citrix XenDesktop with endpoint protection

Overview of Dell AIM Integration with Microsoft System Center 2012

Citrix NetScaler LLB Deployment Guide

MindLink Mobile. Technical Overview. Version 3.11

KillTest ᦝ䬺 䬽䭶䭱䮱䮍䭪䎃䎃䎃ᦝ䬺 䬽䭼䯃䮚䮀 㗴 㓸 NZZV ]]] QORRZKYZ PV ٶ瀂䐘މ悹伥濴瀦濮瀃瀆ݕ 濴瀦

Understanding of basic networking concepts (routing, switching, VLAN, firewall functionality)

Dell Client Manager 2.0 FAQ

McAfee Enterprise Mobility Management 12.0 Software

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

HySecure Quick Start Guide. HySecure 5.0

Parallels Remote Application Server

Patch Management using Dell Management Console v1.0

Sophos Mobile. server deployment guide. product version: 9

Citrix Cloud Resource Locations

XenApp, XenDesktop and XenMobile Integration

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

StorageZones Controller 3.3

Citrix 1Y Deploying Citrix XenDesktop 7 Solution. Download Full Version :

Transcription:

ARCHITECTURE XenMobile Reference Architecture: XenMobile with NetScaler Configuration Guide for Establishing NS Load Balancing Front End www.citrix.com

Table of Contents Table of Contents... 2 Introduction... 3 Network Flow Diagram... 4 XenMobile Port Table... 4 Load Balancing Configuration on NetScaler... 7 Conclusion... 17 Additional Links... 17 Key Contributors... 17 Disclaimer... 18 XenMobile on NetScaler Reference Architecture Page 2

Introduction Citrix Systems offering of XenMobile is a comprehensive solution portfolio designed to enable customers to experience the benefits of Mobile Device Management while maintaining secure access to applications and desktops. The purpose of this document is to provide reference architecture to place a NetScaler in front of your XenMobile MDM solution. This will allow the XenMobile Device Manager (XDM) to be placed within the walls of your datacenter leaving the NetScaler appliance in the DMZ. This will allow for a secure and scalable rollout of your MDM solution. We will walk through several diagrams to prepare us for the configuration steps near the conclusion of this document. This document covers configuration of the load balancing VIPs and not the overall setup of the NetScaler. For additional resources around the NetScaler and other configurations, please visit the Additional links section at the end of this document. Below (Diagram 1.1) is a basic architecture of the XenMobile environment before the addition of the NetScaler. Diagram 1.1 XenMobile on NetScaler Reference Architecture Page 3

Network Flow Diagram In the basic diagram below, we are showing the key ports within the function of the MDM solution. A full description of the ports required for the solution is laid out in the ports table. A quick summary of the current diagram is that port 80 and 443 are used by ios, Android and Windows devices for communication. With regards to port 8443, Apple ios uses this for over-the-air registration of the device with the XDM. The use of the server FQDN will also make use of this port. This FQDN is key, as this has been registered with the Apple Push Notification Service. Diagram 1.2 INTERNET ZONE CORPORATE DMZ ZONE CORPORATE LAN ZONE (TCP 389/636) LDAP/S Active Directory/LDAP TCP 80 TCP 80 TCP 1433 TCP 443 TCP 443 TCP 8443 NetScaler LB TCP 8443 XenMobile Device Manager HTTPS 443 MS SQL Server Microsoft CA or PKI Entity Diagram 1.2: A basic diagram of the network flow for NetScaler and XenMobile. Note the open internal ports of 80, 443 and 8443. XenMobile Port Table This table is designed to guide the XenMobile Administrator and Network Administrator through the TCP/IP Port requirements for the Device Manager Server and mobile device agent connections. XenMobile Device Manager Firewall Port Requirements TCP Port Description Source Destination 25 By default, the XDM SMTP configuration of the Notification Service uses port 25. However, if your corporate SMTP server uses a different port, XenMobile Device Manager Corporate SMTP Server XenMobile on NetScaler Reference Architecture Page 4

make sure that your corporate firewall does not block that port. Server 80 Over-the-Air (OTA) Enrollment and Agent Setup (Android and Windows Mobile) Over-the-Air (OTA) Enrollment and Agent Setup (Android and Windows Mobile), XDM Web Console, XDM Remote Support Client XDM Server Enterprise App Store connection to Apple itunes App Store (ax.itunes.apple.com). Used for publishing recommended itunes App Store apps from the available ios applications within the Web Console and ios Agent Internet Corporate LAN and Wi-Fi XenMobile Device Manager Server XenMobile Device Manager Server Apple itunes App Store (ax.itunes.apple.com) 80 or 443 XenMobile Device Manager Nexmo SMS Notification Relay outbound connection XenMobile Device Manager Server Nexmo SMS Relay server 389 or 636 LDAP/LDAPS connection from XDM Server to Directory Service Host (Active Directory Global Catalog server or equivalent LDAP directory service host) XenMobile Device Manager Server LDAP / Active Directory Services 443 SSL OTA Enrollment/Agent Setup (Android and Windows Mobile), All Device-related traffic and data connections (ios, Android and Windows Mobile) SSL OTA Enrollment/Agent Setup (Android and Windows Mobile), All Device-related traffic and data connections (ios, Android and Windows Mobile), XDM Web Console Internet Corporate LAN and Wi-Fi XenMobile Device Manager Server 1433 2195 Remote database server connection to separate SQL Server (Optional) Apple APNS (Push Notification Service) outbound connection to gateway.push.apple.com, used for ios device notifications and device policy push XenMobile Device Manager Server XenMobile Device Manager SQL Server Internet (Apple APNS Service Hosts on public IP network17.0.0.0/8) XenMobile on NetScaler Reference Architecture Page 5

2196 Apple APNS (Push Notification Service) outbound Server connection to feedback.push.apple.com, used for ios device notifications and device policy push 5223 Apple APNS (Push Notification Service) outbound connection from ios devices connected via Wi-Fi network to *.push.apple.com ios device on Wi-Fi network service Internet 8443 Over-the-Air (OTA) Enrollment for ios Devices only Corporate LAN and Wi-Fi XenMobile Device Manager Server Mobile App Tunnel Ports (Android and Windows App Mobile) to destination internal Application Server Tunnel via the XDM Server (All ports are individually defined for each Mobile AppTunnel used by a Ports Device through a XDM Device Configuration Policy) Internet Application Server via XenMobile Device Manager Server 1 Corporate LAN traffic outbound to DMZ and the Internet is assumed to be allowed. PLEASE NOTE: When using Remote Support or Mobile App tunnel (Android and Windows Mobile), the following traffic needs to be open at the firewall: TCP Port Description Source Destination 8081 Remote Support Console default server inbound connection (depending on the Remote Support Tunnel definition) Remote Support Console XenMobile Device Manager Server 80 or 443 Remote Support Console access to XDM to retrieve device list. Remote Support Console XenMobile Device Manager Server Tunnel port Mobile Application Tunnel access to Application XenMobile Device Server (port configured in the tunnel definition) Manager Server Internal Application Server XenMobile on NetScaler Reference Architecture Page 6

Load Balancing Configuration on NetScaler This section covers the required load balancing configuration on the NetScaler for use with XenMobile. For other links to other possible configurations, please see the Additional Links section at the end of this document. To begin configuration, the first step of this process will be to create the Servers entry in the load balancing section of the NS console. Add the Server Name and the internal IP address that the NetScaler will be routing the traffic to. Create your XenMobile Server that you are load balancing After you have created the entry for the XenMobile server, create your services for the 3 major ports as depicted in the Diagram 1.2. The screen shots below have incorporated the port number into the name for easy reference. All three services will be pointing to the same server. The screen shots only show tabs with information that has been edited. XenMobile on NetScaler Reference Architecture Page 7

Create our Services: Here is the basic setup for the services over port 80. Basic information for the port 80 monitor, all other tabs are configured as default; XenMobile on NetScaler Reference Architecture Page 8

Basic setup of the services for port 443: Configure the monitor for port 443, and all other tabs are configured as default: XenMobile on NetScaler Reference Architecture Page 9

Basic setup of services for port 8443: Configure the services for port 8443, and all tabs are configured as default: The final step will be to create the Virtual Servers using the Load Balancing Services and Server(s) that were previously configured. We have named the Virtual Server with the proper task in line from the port table from above. Configure your virtual servers: XenMobile on NetScaler Reference Architecture Page 10

For the enrollment Virtual Server (port 443), we place a check box next to the proper service that was set up. We then set the Method and Persistence tab for Least Connection and SSLSESSION with a timeout of 2 minutes. The IP address listed will be the address accessible in the DMZ address space. This IP address will be registered with DNS. Please verify that devices on the corporate LAN environment can be routed to this virtual server. Configure your XenMobile_Enroll (443) virtual server with your external/dmz IP address: XenMobile on NetScaler Reference Architecture Page 11

Configure the Method and Persistence as before: The same process will be followed for the creation of the Virtual Server for ports 8443 and 80. XenMobile on NetScaler Reference Architecture Page 12

Configure 8443 (profiles for ios) with same external IP: XenMobile on NetScaler Reference Architecture Page 13

Configure Profiles, Method and Persistence: XenMobile on NetScaler Reference Architecture Page 14

Configure the Virtual Server for port 80 (Console) settings: XenMobile on NetScaler Reference Architecture Page 15

Configure Console, Method and Persistence: XenMobile on NetScaler Reference Architecture Page 16

Conclusion This completes the configuration for front ending the XenMobile MDM environment with NetScaler. Load Balancing of all essential ports for the XenMobile server is complete Additional Links Below is a list of additional links for other configurations: Citrix XenMobile Solutions: http://support.citrix.com/proddocs/topic/cloudgateway/xmob-landing-page-con.html XenMobile MDM edocs: http://support.citrix.com/proddocs/topic/cloudgateway/xmob-mdm-landing-page-con.html Deploying Mobility Solutions Bundle Components: http://support.citrix.com/proddocs/topic/clg-deployment/clg-deployment-cloudgateway-optionscon.html Key Contributors Josh Fleming, Senior Systems Engineer Jon Eugenio, Senior Systems Engineer Florin Lazurca, Senior Architect Author Content Contributor and Reviewer Content Contributor XenMobile on NetScaler Reference Architecture Page 17

Disclaimer THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Copyright 2013 Citrix Systems Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Citrix Systems Inc. is strictly forbidden. For more information, contact Citrix Systems. Citrix, the Citrix logo, and the Citrix badge are trademarks of Citrix Systems Inc. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. INTERNAL TRACKING LAST EDIT: 13-MAR-2013 JCE/JF Change: M.S. Edits XenMobile on NetScaler Reference Architecture Page 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback