Do you need to manage corporate or BYO android and iOS devices?  Do you need to contain corporate data?  What about data sharing with employees and clients?  How about delivering Web, SaaS, and Windows applications to Windows, OSX, iOS and Android?  It’s all possible with XenMobile today, especially if you already have XenApp or XenDesktop.

Did you know that if you own XenApp or XenDesktop platinum, you can get XenMobile MDM for the cost of maintenance?  Or that you can get the full XenMobile Enterprise Suite (MDM, Apps, ShareFile) for 20% off?  If you have any of the needs above, this can be (and should be) a very compelling story.   If you didn’t know this, then I’d strongly suggest you check out to details of the promotion.

Now that I’ve got your interest piqued, we’ll move onto the topic of today’s discussion – XenMobile Enterprise and what you need to know in order to successfully integrate it into your existing XenApp or XenDesktop environment.

First, what new servers will I need?  When deploying XenMobile enterprise, you will probably deploy a Device Manager (XDM), an App Controller (XAC or AppC), and likely a ShareFile Storage Center (SC).  So, that’s a total of 3 new virtual machines in your datacenter.  Each of these maps to their respective portion of the XenMobile Enterprise Suite.  If you’re deploying only one of the three suite components, you only need the VM associated with that bit.

When deploying the device manager it’s a pretty straight forward conversation, you can offload the SSL services on your existing NetScaler and simply build a new VIP alongside whatever else you’re using your NetScaler to support.  Make sure you’re allowing the XDM machine to communicate outbound to the internet and get your various certificates straight and you’re good to go.

Likewise ShareFile can be a pretty straight forward conversation; in fact if you choose to deploy using only cloud storage you can roll out ShareFile with absolutely no infrastructure of your own.  If you want to use your own storage, or to access your local file shares or SharePoint you’ll need to deploy a Storage Center.   Again, the SC can be pretty simple beast with a SSL VIP on your NetScaler and a cert or two.   You’ll need to decide if you want to authenticate your employees against the ShareFile user database exclusively, or if you want to leverage your own Active Directory (via ADFS) or SAML iDP or possibly even AppController.  Otherwise, ShareFile won’t touch your existing infrastructure much.  Easy as pie right?

Now AppController can be a bit more interesting.  For those who don’t know, AppController is the brains behind deploying Web and SaaS applications to Windows and OSX desktops (it originated as CloudGateway Enterprise).  It’s also the framework for deploying and managing MDX enabled mobile applications to iOS and Android devices.  When combined with XenApp and XenDesktop, AppController becomes a one-stop application portal for Mobile, Web, SaaS, and Windows apps delivered to your users regardless of where they are or what kind of device they are using. That’s no small feat.

As such, AppController is also the place where XenMobile Enterprise and your existing XenApp or XenDesktop environments will really come together for your users.  Making it the place (or step) where your existing users are going to start seeing things become different.

What happens is that the AppC will supercede your existing StoreFront or Web Interface and become the aggregation point for the Windows apps as well as Mobile and Web.  Citrix Receivers will talk to AppController in order to find out what’s available and present all four types of applications to the appropriate devices.  This means your existing session policies on your NetScaler will need to change as well since those Receivers need to be directed to AppC rather than StoreFront as well as needing to cope with the new application types.

Yes, your Web Interface or StoreFront server does still hang around; and you can continue to use it for thin clients and other similar stuff that doesn’t need (or want) more than it can provide.   However, long term you’ll want to move most Mac, Windows, and BYO devices to the AppController interface.

Related to those NetScaler polices changing, AppController really needs your NetScaler to be functioning in SmartAccess mode to be able to do all of its magic.  You may be aware that SmartAccess requires Access Gateway Universal Licenses (aka SSL Universal, aka SSL-U) on the NetScaler.  Not to worry however since your XenMobile Enterprise (or App) edition license includes these licenses as well. Just don’t forget to apply them.

A word of advice – deploy one feature at a time, get comfortable with it and what it can do, then move on to the next.

For more details on these topics and other best practices from the field, please visit my session at Synergy 2014 – SYN237 Best practices for deploying and integrating XenMobile.

Kenneth Fingerlos has been working in IT since 1996 in various roles including systems admin, IT manager and IT consultant with a focus on all aspects of datacenter and end-user computing. Kenneth currently holds certifications from VMware and Citrix and works as a systems architect with Citrix Platinum partner Lewan & Associates. Twitter: @Kfingerlos

Citrix invited the author of this blog post to present at Citrix Synergy 2014 and to participate in a related contest.  The author received an entry into the contest for submitting this Blog.