More and more companies are looking at BYOD solutions and want to be able to deliver their corporate (mobile) applications to any device without compromising security. XenMobile does just that. Recently some of my readers, and customers as well, asked me about the various XenMobile editions and features available. I thought this might be a good moment to have a look and sum up some of the differences between previous editions and the recently introduced XenMobile App and Enterprise edition. See my previous Blogs on XenMobile MDM and the CloudGateway for more detailed information on the technologies used.
Before I take-off a short word on some of the most common abbreviations used when referring to Mobile management, which can be confusing at times. These are not specific to Citrix per see but are used in general when referring to Mobile device, application and data management:
- MDM = Mobile Device Management
- MAM = Mobile Application Management
- MIM = Mobile Information Management
- EMM = Enterprise Mobility Management
MDM pretty much speaks for itself, it manages your mobile devices. There are multiple vendors out there offering some kind of MDM solution, one better than the other. The same goes for MAM which is turning into the preferred standard, or so it seems, when it comes to Mobile management. This is where the Citrix Worx Mobile Application suite combined with Citrix’s MDX technology comes in, a unique concept. MIM applies to Citrix’s ShareFile, securely access and modify your data from anywhere on every device. And finally EMM which covers the whole package combining the above technologies.
So, what’s new..? Well a few things actually. To start let’s have a look at the editions available. A few months ago we had 2 editions: XenMobile MDM and the Mobile Solutions Bundle. Ok… we also had the Mobile Solutions Bundle with XD & XA integration, basically the same as the ‘normal’ Bundle but with StoreFront (1.2 back then) integrated. Since StoreFront is free for XenApp & XenDesktop customers anyway it doesn’t really count.
XenMobile MDM is primarily focused on mobile device management (duh…) and pretty much supports all major vendors out there. It’s primarily made up out of dozens, perhaps hundreds even, of configurable policies aimed specifically at (physical) mobile devices with Android and iOS OS’s leading the pack. It can also detect jail broken devices and offers remote wipe capabilities, but it doesn’t end there. For more (detailed) information see my previous Blog on XenMobile MDM here The Mobile Solutions Bundle focuses on mobile application management or MAM in short, introducing the AppController but it also includes the functionality of XenMobile MDM.
The theory behind The Mobile Solutions Bundle with XD & XA integration is based on, or includes, the Citrix CloudGateway which consists of the Citrix NetScaler Access Gateway, StoreFront and the AppController, the same goes for the ‘normal’ Mobile Solutions Bundle except that it doesn’t include StoreFront, so no XD and or XA integration as mentioned earlier. I wrote a detailed Blog on the CloudGateway, read it here
The CloudGateway is no more. I mean, the technology is still very much alive it’s just that CloudGateway as a separate ‘brand’ is discontinued and is now part (its components) of the XenMobile App and Enterprise edition as we will see shortly. Below is an overview on the ‘old’ editions. As you can see, both of the Mobile Solution Bundle editions include and support ShareFile.
Today we have three separate editions offering you more granularity (and of-course the marketing team did their job as well) Fist we have XenMobile MDM, we already had this one. It hasn’t changed much except for the ‘one-click live chat and support feature as part of the new Worx Home app (more on this in a minute) and the integration of a secure mobile web browser providing you with the ability to push bookmarks, home pages and to blacklist and or whitelist URLs. Secondly we now have the XenMobile App edition. It’s comparable to the Mobile Solutions Bundle but without the MDM capabilities and no ShareFile included. It does include StoreFront 2.0 providing you with Multi-factor single sign-on (also needs to be configured on the AppController which can be done on a per application basis), unified corporate app stores and seamless Windows app integration. A note from Citrix: XenMobile MDM and App Edition version 8,5 include ShareFile Standard capabilities for content security and collaboration through Microsoft SharePoint and network file system integration.
Last but not least is the XenMobile Enterprise edition. This basically merges the XenMobile MDM and App editions and adds ShareFile (Enterprise edition) functionality. The App-specific micro VPN feature is only available if you implement NetScaler Access Gateway, which is always optional and not a necessity, it does offer some great feature though. The same goes for StoreFront, you can use just AppController (has its own app stores) but it will limit you in functionality by doing so. Although not mentioned in the overview above this is also true for the older Mobile Solution Bundle editions. I’ll discuss some of the newly added features below, first an overview on the editions available today.
Yesterday (24-07-2013) Citrix announced the general availability of XenMobile 8.5. Most of its new features I already highlighted in this Blog except for these. More information / documentation can be found on the E-Docs web site.
- New first-time administrator wizard for the XenMobile Device Manager admin portal
- Enhancements to role-based access controls for the XenMobile admin Portal
- Enhanced policy support and app delivery to Windows Phone 8
- Support for Windows PowerShell and Office 365 ActiveSync
- Support for Samsung Knox container and security policies
There are two license models available, per user and per device. Both models are based on the total number of users or devices that access the software regardless of whether or not they use the software simultaneously. User licenses are best used when people use more than one device, its one license per user and unlimited devices. Device licenses are best used when people only use one device. One license per device but unlimited users. Citrix has different programs available, have a look at Citrix.com
Worx Mobile Apps
Formerly known as @Work, have a look here, applications. As part of the XenMobile App and Enterprise edition, but also separately available, Citrix developed the Worx Mobile Apps suite. Worx enabled (MDX) applications offer any developer or administrator the ability to add enterprise capabilities such as data encryption, password authentication or an application-specific micro VPN. They are configured and managed from the AppController. Simply put, Worx enabled applications can only interact with other Worx enabled applications (also called MDX Interapp communication) and are kept in a secure container on the mobile device, also made possible by Citrix’s MDX technology. Not new, but improved to say the least. Some more info on MDX can be found here (scroll down).
Depending on the edition you buy you get four (App edition) or five (Enterprise edition) Citrix Worx Mobile App (suite) applications to start with, although two of them are publically available from the iOS and Google App Stores, free of charge. The first is used to enroll your mobile device into XenMobile MDM (downloadable from the App Store) simplifying the process, it’s called Worx Enroll (it has no other use, so I wouldn’t really count it as an app). Note that this is only the case when using an iOS device, Android works slightly different. The second one is Worx Home and can be downloaded and installed automatically from MDM when your (iOS) device enrolment has successfully finished, you’ll need to configure this within your MDM environment.
When enrolling an Android device you’ll only need to download Worx Home from the Google App Store and use that to enroll your device, nothing more. In both cases, Android and iOS, Worx Home, from then on, is used to communicate with XenMobile. Employees use this app to access their unified corporate app store(s) and live support services. XenMobile communicates with Worx Home to deliver MDM and Worx-enabled applications and their accompanying policies. It (Worx Home) also includes a (support) button with which live support Helpdesk services can be initiated, you can use GoToAssist (one license is included with the Enterprise edition) chat, e-mail or just use your (voice) phone. A cool new feature.
Note that the June 2013 release of Worx Home only supports the launch of Mobile, SaaS and Web applications, no matter if you are using Android or iOS. It communicates with the AppController (through StoreFront if available) which has its own app store. If you want to use (start) your Windows apps and (VDI) desktops you will need Receiver on your device as well, although this also depends on your underlying infrastructure and AppController configuration. It is possible to use only Worx Home or Citrix receiver to enumerate and start all your applications, Windows applications and or desktops included, give the Citrix E-Docs website a browse. Don’t worry, this will be taken care of in the next release of Worx Home in which Windows apps and desktops will also be supported. So when enrolling your devices I would recommend to automatically push Citrix Receiver to your devices (configurable from MDM) as well. In the case of an iOS device you’ll push Worx Home together with the Receiver. Remember that it’s also possible to use MDM or App Edition as seperate products, you don’t need to mix and match perse.
The third and fourth Worx apps are Worx Mail and Web, obvious right? Both are specifically designed for Android and iOS operating systems. As mentioned all apps are installed and operate in a secure container on the mobile device not being able to ‘talk’ with other applications. This way you completely separate and manage your business applications from your personal applications, the way to go if you ask me. By the way… the fifth app is ShareFile (yep, no name change) but only comes with the Enterprise edition.
The Citrix ready Worx program
Next to the mobile Worx Apps developed by Citrix (Worx Enroll, Home, Web, Mail, ShareFile) a whole bunch (over 65 already) of other software vendors including big names like Adobe software, IBM and Cisco (yes, they do software as well :-) also showed their support towards the Worx Program and have committed to join the community by making their mobile applications Worx enabled giving them the exact same capabilities as the Citrix Worx Mobile App suite discussed earlier.
A quote from Citrix ‘Citrix introduced the Citrix Ready Worx Verified program to make it simple for ISVs, System Integrators and enterprise developers to extend enterprise-grade management and security in any existing mobile application’.
Worx App SDK
So how do mobile apps get Worx enabled? Citrix developed the Worx App SDK (this comes from Citrix.com) a simple and powerful SDK that Worx-enables any mobile app. It leverages Citrix MDX app container technology to add features like data encryption, password authentication, secure lock and wipe, inter-app policies and micro VPNs to mobile apps. This MDX library can be embedded into any app with a single line of code. Developers can also opt to wrap their apps post-development without adding any code to their app. Here a link to Citrx’s SDK page.
Worx App Gallery
Soon customers will be able to download a broad array of fully secure and enterprise ready Worx Enabled mobile apps from the new Citrix Worx App Gallery. Over 65 leading mobile app vendors already announced their support for the Citrix Ready Worx Verified program. Have a look here for an overview on participating vendors. Soon to be released.
XenMobile integrates with NetScaler offering several new security features. We already had the secure application Micro VPN’s and HDX remote Access providing us with granular access control, checking the client device for security compliance before setting up the connection. It now also supports ActiveSync filtering for the secure delivery of E-mail. To finalize here’s an high level architectural overview on all components working together, just imagine StoreFront being in between NetScaler and XenMobile.
Cloud Based E-Mail
I’m not that familiar with Office 365, I use it and that’s where it ends, but you can now use your native e-mail client in conjunction with Office 365 including improved security for out of compliance devices.
No deep dives, just a global overview on what’s out there. Since Citrix is keen on name change every once and a while it does tend to confuse people. Having said that, XenMobile can be complex to set up and configure, it’s great, but not ‘easy’. I tried to keep it as simple as possible explaining the editions available and their newly added or improved features, hopefully it helped. If you have any questions, let me know and I’ll do my best to answer them.
Bas van Kaam ©
Reference materials used: Citrix.com, Training.Citrix.com and the E-Docs website.