So this is an interesting tidbit I heard today. The Receiver for iPhone which came out in May does something really neat. It reports a unique device name to the XenApp server when it attempts to connect to applications. The name always starts with Xen_iPhone and is quickly proceeded by what appears to be a random number. This is similar to connections from Web Interface (Receiver for Web) where all connections through there begin with WI_.
In our case, if you are using XenApp for application virtualization and allowing users to access server-hosted applications using their iPhone (via Citrix Receiver for iPhone), then you can apply device policies that prevent these users from doing certain things or to change the user experience. With Receiver for iPhone users only have access to your apps, not directly to the network so if you control access to apps then you control access to the network.
For example, I can change encryption settings for devices whose names begin with Xen_iPhone. I can have a dedicated server with just the applications I want these folks to be able to access and prevent iPhones from connecting to anything but that dedicated server and the apps available from it.
First, you would create a policy in the Policies pane of the Advanced Configuration Tool (aka Citrix Management Console). Then do the following:
- In the left pane of the Advanced Configuration tool, select Policies.
- From the Contents tab, select the policy you want to apply.
- From the Actions menu, select Policy > Apply this policy to.
- In the Policy Filters dialog box, select Client Name.
- Select Filter based on client name.
- Select Add to add specific client names. Type Xen_iPhone* and enter. Make sure Allow is selected in the Client Name filters window.
Here are some example of things you can change, control and optimize for iPhone users:
- Remove Visual Effect like wallpaper
- Control session limits (e.g. virtual channel controls for clipboard, sound, com, display, etc.)
- Control client devices (Audio, drives, ports, etc.)
- Control encryption
- Assign a service level
Now, bear in mind… I haven’t played with this extensively so some of these settings may not even affect the iPhone user simply because the feature is not available for Receiver for iPhone (e.g. some SpeedScreen/HDX settings). It doesn’t hurt to turn some of these off though and experiment. And the ultimate of course is controlling encryption and security settings. Also, once we release our next rev of the Receiver for iPhone which will have improved support for Access Gateway, I am hoping it will allow the assignment of policies based on Access Gateway connections. So at that point you can filter applications for iPhone users as well as control the experience they have with applications when they connect to a XenApp server.