Earlier this year at Citrix Summit 2017, we announced the integration of XenMobile Service with Citrix Cloud. Our Product Manager, Rob Sterry, penned a blog post about this last week, explaining what this integration was all about.

In this post, I am going to share some details about the most interesting feature of this integration: XenMobile Service using Cloud Connector for enterprise connectivity.

If you’ve worked with XenMobile, you may know that XenMobile provides deep integration with key enterprise services:

  • With Active Directory: so that you can assign policies and apps to users/groups in your enterprise directory and more importantly enabling users to use their known password for authentication.
  • With PKI services: so that you can push client certificates to devices that can be used for authenticating to WiFi, Exchange or even for micro-VPN.
  • With XenApp/XenDesktop: enabling you to provide a unified enterprise app store to your end-users within SecureHub.

Until now, integration with any of these services has required setting up an IPsec tunnel.  Well, not anymore!

Cloud Connector provides the ability to integrate the XenMobile Service with all of the above services in fast and self-service manner (in minutes).


Beyond the obvious benefits of using Cloud Connector (i.e., not opening any inbound ports, no public IP address assignments, no certificate management, evergreen appliance), there are quite a few benefits of using Cloud Connector with the XenMobile Service.

1)      Cloud Connectors can be shared across services. So, if you already have one setup  – say for XenDesktop Service, you can use it for XenMobile as well (and vice versa).

2)      Makes it very easy to integrate XenMobile service with multiple datacenters that you may have – each providing separate enterprise services and/or redundancy). All you need to do is define one Resource Location corresponding to each datacenter and deploy a Cloud Connector (actually a pair for high-availability). Compare this to the complexity that existed earlier of setting up multiple IPsec tunnels and configuring BGP routes.

3)      Accessing Active Directory over Cloud Connector is easy and secure: Within the XenMobile console, you just select one or more AD domains that have been advertised by Cloud Connector (way easier than having to fill out a long form with LDAP details). Also because Cloud Connector uses its machine identity for accessing AD, you don’t need to create a service-account credential for XenMobile to use.

PKI and XenApp/XenDesktop integration: Cloud Connector enables XenMobile service to integrate with one or more instances of PKI or XenApp/XenDesktop sites that you may be managing. As shown in the figure below, when configuring these services, you can specify a Resource Location where these exist. Furthermore, you can specify a white-list of URLs that the XenMobile service is allowed to access. The enforcement is done by the Cloud Connector residing in your datacenter.


In summary, using Cloud Connector you can integrate XenMobile with the needed enterprise services in minutes. Check out XenMobile Service and its integration with the Cloud Connector by signing-up for Citrix Cloud and requesting a trial!