-
Architecture
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Architecture
The device and app management requirements of your organization determine the XenMobile components in your XenMobile architecture. The components of XenMobile are modular and build on each other. For example, your deployment includes Citrix Gateway:
- Citrix Gateway gives users remote access to mobile apps and tracks user device types.
- XenMobile is where you manage those apps and devices.
Deploying XenMobile components: You can deploy XenMobile to enable users to connect to resources in your internal network in the following ways:
- Connections to the internal network. If your users are remote, they can connect by using a VPN or micro VPN connection through Citrix Gateway. That connection provides access to apps and desktops in the internal network.
- Device enrollment. Users can enroll mobile devices in XenMobile so you can manage the devices in the XenMobile console that connect to network resources.
- Web, SaaS, and mobile apps. Users can access their web, SaaS, and mobile apps from XenMobile through Secure Hub.
- Windows-based apps and virtual desktops. Users can connect with Citrix Receiver or a web browser to access Windows-based apps and virtual desktops from StoreFront or the Web Interface.
To achieve any of those capabilities for an on-premises XenMobile Server, Citrix recommends deploying XenMobile components in the following order:
- Citrix Gateway. You can configure settings in Citrix Gateway to enable communication with XenMobile, StoreFront, or the Web Interface by using the Quick Configuration wizard. Before using the Quick Configuration wizard in Citrix Gateway, you must install one of the following components to set up communications: XenMobile, StoreFront, or the Web Interface.
- XenMobile. After you install XenMobile, you can configure policies and settings in the XenMobile console that allow users to enroll their mobile devices. You can also configure mobile, web, and SaaS apps. Mobile apps can include apps from the Apple App Store or Google Play. Users can also connect to mobile apps you wrap with the MDX Toolkit and upload to the console.
-
MAM SDK or MDX Toolkit. The MDX wrapping technology is scheduled to reach end of life (EOL) in July 2023. To continue managing your enterprise applications, you must incorporate the MAM SDK.
The Mobile Application Management (MAM) SDK provides MDX functionality that isn’t covered by the iOS and Android platforms. You can MDX-enable and secure iOS or Android apps. You make those apps available in either an internal store or public app stores. See MDX App SDK.
- StoreFront (optional). You can provide access to Windows-based apps and virtual desktops from StoreFront through connections with Receiver.
- Citrix Files (optional). If you deploy Citrix Files, you can enable enterprise directory integration through XenMobile, which acts as a Security Assertion Markup Language (SAML) identity provider. For more information about configuring identity providers for ShareFile, see the ShareFile support site.
XenMobile provides device management and app management through the XenMobile console. This section describes the reference architecture for the XenMobile deployment.
In a production environment, Citrix recommends deploying the XenMobile solution in a cluster configuration for both scalability and server redundancy. Also, using the Citrix ADC SSL Offload capability can further reduce the load on the XenMobile Server and increase throughput. For more information about how to set up clustering for XenMobile by configuring two load-balancing virtual IP addresses on Citrix ADC, see Clustering.
For more information about configuring XenMobile for a disaster recovery deployment, see the Deployment Handbook Disaster Recovery article. That article includes an architecture diagram.
The following sections describe different reference architectures for the XenMobile deployment. For reference architecture diagrams, see the XenMobile Deployment Handbook articles, Reference Architecture for On-Premises Deployments and Architecture. For a complete list of ports, see Port requirements (on-premises) and Port requirements (cloud).
Mobile device management (MDM) mode
Important:
If you configure MDM mode and later change to ENT mode, be sure to use the same (Active Directory) authentication. XenMobile doesn’t support changing the authentication mode after user enrollment. For more information, see Upgrade from XenMobile MDM Edition to Enterprise Edition.
XenMobile MDM Edition provides mobile device management. For platform support, see Supported device operating systems. If you plan to use only the MDM features of XenMobile, you deploy XenMobile in MDM mode. For example, if you want to do the following.
- Deploy device policies and apps.
- Retrieve asset inventories.
- Carry out actions on devices, such as a device wipe.
In the recommended model, the XenMobile Server is positioned in the DMZ with an optional Citrix ADC in front, which provides more protection for XenMobile.
Mobile app management (MAM) mode
MAM, also called MAM-only mode, provides mobile app management. For platform support, see Supported device operating systems. If you plan to use only the MAM features of XenMobile without having devices enroll for MDM, you deploy XenMobile in MAM mode. For example, if you want to do the following.
- Secure apps and data on BYO mobile devices.
- Deliver enterprise mobile apps.
- Lock the apps and wipe their data.
The devices cannot be MDM enrolled.
In this deployment model, XenMobile Server is positioned with Citrix Gateway in front, which provides more protection for XenMobile.
MDM+MAM mode
Using MDM and MAM modes together provides mobile app and data management and mobile device management. For platform support, see Supported device operating systems. If you plan to use the MDM+MAM features of XenMobile, you deploy XenMobile in ENT (enterprise) mode. For example, if you want to:
- Manage a corporate-issued device by using MDM
- Deploy device policies and apps
- Retrieve an asset inventory
- Wipe devices
- Deliver enterprise mobile apps
- Lock apps and wipe the data on devices
In the recommended deployment model, the XenMobile Server is positioned in the DMZ with Citrix Gateway in front, which provides more protection for XenMobile.
XenMobile in the internal network: Another deployment option is to position an on-premises XenMobile Server in the internal network, rather than in the DMZ. This deployment is used if your security policy requires that only network appliances can be placed in the DMZ. In this deployment, the XenMobile Server is not in the DMZ. Therefore, there is no requirement to open ports on the internal firewall to allow access to SQL Server and PKI servers from the DMZ.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.