I don’t know about you, but I love my iPhone. In thinking about why, it shouldn’t be any surprise it is because of the apps. I can get an app for anything I want to do, whether it is finding my friends on a Friday night or quickly getting my RSA token on the go. Apps enable us to do what we want, when we want to, quickly.

And the corporate world is catching on. More and more we are hearing of enterprises adding mobile applications to their application portfolios to help their workers accomplish tasks quickly. For example, one organization I spoke with added an app to their library the helps employees book conference rooms on their mobile device instead of requiring them to be on the VPN in Outlook. Another organization was looking to add an app that would allow managers to quickly approve expense reports. In all, this is showing a move toward micro apps that help workers do quick tasks, easily, from anywhere. And thankfully (I say this with my “employee” hat on), analyst firm IDC predicts that there will be a 200% increase in these mobile and SaaS apps by 2016!

This is why the new mobile application management capabilities in CloudGateway 2 are so exciting. With CloudGateway, organizations can now wrap any iOS app (or Android app in the very near future), add the appropriate use policies and deliver the app down to mobile devices for native execution. For those who want to geek out with me for a second, here is how it works (otherwise, skip to the bottom):

  • App Wrapping. In order to add a native application to the list of applications managed by CloudGateway, the application must be first prepared by the Citrix App Preparation Tool. This tool adds an application library wrapper that assists in applying managed policies. The native application is inputted as an .ipa file (or .apk for Android) and the resultant wrapped application is returned as a .cma file (“Citrix Mobile Application”). The .cma file contains the contents of the original .ipa, along with a manifest file that is used by CloudGateway in the mobile app publishing workflow (i.e. when the prepared app is uploaded). The tool also allows entry of a few metadata fields, including a descriptive summary of the application and excluded device list.
  • Enterprise certificate. A key part of the preparation process is re-signing by a customer-provided enterprise distribution profile. This is a necessary step to ensure the integrity of the modified application and works with Apple’s existing security restrictions.
  • CloudGateway distribution. Once the application is wrapped and has the required enterprise certificate, it is now ready to be imported into CloudGateway for distribution. As part of the distribution process, administrators can set many different policies regarding the use of the app, such as:
  • Require Logon either just the first time or every time they start the app during a session.
  • Require specific types of connectivity such as a specific Wi-Fi or a connection to an internal network
  • Check for jailbroken devices and take specific actions if a device has been compromised
  • Lock and/or wipe business data on devices upon a specified number of failed logon attempts
  • …etc. You get the idea!
    Once the appropriate policies have been set, administrators can choose which users, based on Active Directory groups, should have access to the app and then push the app to workers.
  • App use. The application library wrapper we discussed above now intercepts key application events and applies the necessary policies created above before the app can be launched by the user. For example, when the application is first run, the wrapper will kick off the authentication process to make sure the end-user is entitled to app and then check to make sure the device is not jailbroken before allowing access.
  • These mobile application management capabilities are part of the new MDX mobile experience technologies delivered in CloudGateway. MDX was designed to meet the needs of organizations that are pushing forward with their mobility initiatives as they will now have the tools they need to distribute mobile apps and enforce app policy on mobile devices. At Citrix, we believe these app policies, or MDX Policy Orchestration, are one of the keys to enabling secure mobility to employees who are bringing in their own mobile devices and require a way to be productive. If organizations can control the use of the app and the environments in which it can run, controlling the device no longer matters.

    All of this is great for me, an employee at Citrix, who uses my own mobile devices (laptop, tablet and smartphone) to access to all the great new business mobile apps available that make me productive on the go – it really is like having my cake and eating it too.