Citrix transitioned our own internal Citrix XenMobile on-prem environment to Citrix Cloud XenMobile Service over a year ago and learned several lessons during the deployment.

In the first blog post in this three-part series, we looked at the genesis of the decision to make the transition and the planning that went into it.  In the second blog post, we looked at the deployment or, in other words, the execution of the plan to transition. In this, the final post in the series, we’ll look at lessons learned from some of the ongoing operational activities.

Operational Projects

Once the transition to XenMobile Service was complete Citrix IT went to work supporting operation of the environment.  Their ongoing efforts included new operational projects, maintenance, and management of the environment.

XenMobile Apps – Public App Store distribution 

One project that came up soon after the transition to the cloud was the migration of XenMobile Apps to the public App Stores. Near the end of 2016, Citrix announced the availability of Secure Mail and Secure Web, which was soon followed by Secure Notes, Secure Tasks, Secure Forms, ShareFile, QuickEdit, and ShareConnect on the public App Stores. The apps are signed by Citrix and ready for integration with MDX libraries, which means for Administrators app wrapping is no longer required for XenMobile Apps. There are several other benefits which include:


  • For users, the apps are easy to locate and fast to download through the same public app stores they are familiar with from the download of personal apps. Also, apps may be upgraded easily using the app store processes.
  • For administrators the apps are also easy to install, by downloading a zip of the .mdx from the download page and uploading them into the XenMobile server while applying MDX policies.
  • Within Secure Mail, the end-user has the ability to save and export their preferences via email. Once the new app is installed, the user simply opens their email and clicks on the attached file, which applies their previous  settings.
  • Apps include the ability to enable a “Migration Guide” to facilitate removal of the old enterprise distribution version of the app and replacement with the public app store version of the app.

Getting this project under way required good communication with users as usually is the case.  Depending on their mobile platform OS each user received a communication that informed them of:

  • When it would happen
  • What were the benefits
  • Which actions were required
  • How to get assistance

Secure Mail

Secure Mail is a leading secure mobile mail app utilized by millions of users globally and to prove it, with an upcoming change, Citrix IT will limit ActiveSync access to Secure Mail clients only.  This will ensure that all mobile email will be guarded statically within a XenMobile MDX vault with encrypted MAM container technology as well as dynamically within a MicroVPN encrypted app specific VPN facilitated by Citrix NetScaler.

generic_xncTo implement this change Citrix IT will use our XenMobile NetScaler Connector (XNC) technology.  XNC has been running on the Citrix network for several years.   It runs on Windows based servers and works in conjunction with edge NetScalers to inspect mail traffic and allow or deny it based on rules or input from XenMobile as to the compliance state of a mobile device to determine whether email sessions, based on their ActiveSync ID, should be allowed or denied.  After mobile devices discover their ActiveSync gateway, hosted on one of four NetScalers globally, responder policies bound to virtual servers continuously make a callout to the XNC server to validate session traffic.  What Citrix IT will implement in the XNC servers to enforce this change is a regular expression that identifies the Secure Mail client (formerly known as WorxMail).


See the popup box with the settings. 

MDX Service

Soon after the release of XenMobile apps on the public apps stores, which removed the burden of wrapping those apps from IT administrators, Citrix introduced the MDX Service hosted on Citrix Cloud to facilitate wrapping of other mobile apps. MDX is a powerful technology that allows mobile apps to be containerized and have any of the 70+ XenMobile MAM policies applied to securely manage app usage.  Initially wrapping apps with this technology required running the MDX Toolkit on a MacOS device, but now it can be done through a browser, from any device, with the MDX Service.  Citrix IT, along with all XenMobile administrators, can now take advantage of it to easily and rapidly containerize and deploying mobile apps securely.  The MDX Service is reachable through Citrix Cloud or from the Troubleshooting and Support section of the XenMobile console.
Operational Maintenance

As part of the move to XenMobile Service Citrix IT gained many of the built-in maintenance benefits that come with being hosted in Citrix Cloud,  yet at the same time Citrix IT, along with XenMobile Service admins, are responsible for monitoring the function of mobile data, apps, and devices.

Support Tools

Citrix IT uses many of the tools XenMobile Service provides operators to help maintain their environments directly through the Troubleshooting and Support tab in the admin console including

  • XenMobile Analyzer – provides the ability to monitor a variety of XenMobile environment details including ability to enroll
  • Citrix Insight Services – perform config & log diagnostics to identify recommended enhancements
  • XenMobile Logs – assist with identification and resolution of operational issues

smarttools_maintenanceCitrix Cloud Status

XenMobile Service hosted in Citrix Cloud provides a variety of benefits to Citrix IT and XenMobile admins to maintain an efficiently operating environment.

  • The service level agreement (SLA) guarantees 99.99% up-time
  • Provides a service health dashboard to indicate status
  • Communicate any significant operational activity such as maintenance windows

Operational Management

To verify the new XenMobile Service environment is delivering the value expected by business and IT leaders on an ongoing basis, Citrix IT measures and reports on key performance indicators such as: user adoption and satisfaction; operational performance and issues; and utilization of the system.


Citrix puts a lot of focus on our customer satisfaction and Citrix IT is no different. We have a team of specialists that regularly surveys global users regarding their satisfaction with the service and comments are reviewed by the operations and management team to identify areas for improvement.

Usage Reports

Akin to user satisfaction, utilization is a key metric regarding the value of XenMobile Service.  XenMobile Service provides a variety of reports that allow Citrix IT to monitor usage.  The Devices & Apps report lists apps deployed by XenMobile on devices.  A variety of details may be added or removed and each column provides the ability to sort or filter records.



In this blog post, we highlighted some of lessons learned through the operational phase of the Citrix IT transition to management of XenMobile Service in Citrix Cloud. We reviewed operational project, maintenance, and management activities such as migration of XenMobile Apps to the public app stores, the use of XenMobile support tools like XenMobile Analyzer, and the use of XenMobile Reports to monitor activity. Start your move to XenMobile Service in Citrix Cloud today!

Matt Brooks @tweetmattbrooks