Just four months after Citrix released XenMobile 8.5 they’re now on the verge of launching version 8.6, I know, it’s hard to keep up. During this Blog I’d like to point out some of the new features and possibilities that version 8.6 will bring to the table, as announced by Citrix. At the same time I’d like to spend a minute discussing the device enrolment process when using MDM and have a closer look at the Worx enabled apps concept as well, including the MDX technology involved, since this tends to confuse people from time to time.
Yes! Next to the XenMobile MDM and App edition (as of version 8.5) the Enterprise edition is now available as a cloud service as well. It offers us the exact same features as its on-premises counterpart (this goes for all three editions). Providing us with low(er) infrastructure costs, and, as Citrix likes to call it, ‘peace of mind’. I haven’t seen any prizes yet, but this is definitely another step forward. Some notes from Citrix, XenMobile cloud provides:
AES 256 bit encryption of data at rest & in transit; SSL encryption for traffic data # Infinite scalability on Citrix highly available, globally redundant infrastructure # Daily backups for 1 month, plus monthly backups for a min. of 24 mos. # Monitoring and reporting for real time troubleshooting and optimization # Hosting facilities are both SOC1/SSAE16 and ISO27001 certified # Regular penetration testing and vulnerability scanning # Availability 24 hours per day, 7 days per week # Multi tenancy with secure, dedicated instances # 99.5 % uptime Service Level Agreements. # Automated and manual disaster recovery
Already (partly) supported in 8.5 but again improved. It now offers over 60 additional app level policies, including blocking copy and paste actions between secured and unsecured applications, control app level usage based on WiFi networks and backward compatibility with other / older iOS versions.
To enhance overall productivity, Citrix’s GoToMeeting and Cisco’s Webex online collaboration services have been more tightly integrated into the XenMobile, offering its users one touch launch and join functionality built into existing mail and calendar services. By simply touching a calendar appointment, or the ‘join meeting button’ on their mobile device users will automatically launch and join GoToMeeting and Webex sessions, easy as that. Your device will automatically dial the number associated with the meeting and enter the participant code.
Instead of using Active Directory (which is used in most cases) based (complex) passwords to launch applications and to access other corporate resources, It’s now possible to use a simple 4 or 5 digit PIN number, including SSO capabilities. The PIN works in conjunction with a digital certificate installed on the end users mobile device which holds the users (Active Directory) credentials. The PIN number is basically used as a form of two factor authentication, complementing the certificate. When somebody leaves the company, or the device gets lost or stolen, IT can delete the digital certificate remotely, which basically leaves the device useless. Even if the PIN number is know it won’t work without the certificate. Another option would be to either remotely wipe the entire device or selectively wipe only the business related apps and data, which will probably be done anyway.
Citrix also states that they’ve simplified the device enrolment process when it comes to MDM, although I’m unable to find any more information on this, I do want to share the current enrolment process (as of version 8.5) with you since this tends to be unclear to some people. It’s relatively simple, if you want to enrol an Android device you download Citrix Worx Home en go from there. If you want to enrol an iOS device then you’ll need to download the Citrix Enrol app from the apple store. Once enrolled, in the case of iOS, you will also need to download, or push it from MDM during enrolment, at least Worx Home to be able to connect to AppController to start using your Web, Mobiles and SaaS or HTML based applications.
Now for the tricky part. Depending on how your underlying architecture is set up you can either use Worx Home, Citrix receiver or a combination of both to access / launch your resources, Windows applications and or desktops included. Have a look here It mainly depends on if StoreFront is enabled and if you enable or disable authentication on your AppController, as explained in the E-Docs article.
Note that although by using Worx Home you’ll be able to access Windows applications and desktops, again, depending on your setup, once launched, it will still leverage Citrix receiver in the background to actually start the (Windows based) application(s) and or desktop(s) (you won’t have to do a thing), of course it (receiver) needs to installed for this to work. I’m just wondering, has anybody had the change to test some of the above scenario’s, can someone confirm that receiver is still needed? Or can Worx Home handle (do the actual launch) it all, given the proper setup?
MDX and Worx enabled applications
It’s known by most that XenMobile App edition uses some sort of sandbox technology keeping all of your business related applications and data separated from the rest of the device. They’re put in a secure vault, completely isolated. The thing most people don’t get is how they’ve accomplished to do this, especially when Citrix mixes up different terms and technologies it only adds to the confusion. I already explained some of this during one of my previous Blogs, but this time I’ll try and throw in some more details.
For one, applications that are ‘published’ or ‘made available’ using AppController are called; Worx enabled applications. They all share a set of common characteristics; they reside in a vault automatically separating them from any personal apps and or data that might reside on the same device as well, they can only communicate with other apps in the vault, but only if we want and allow them to. We also have Micro VPN’s, in combination with Citrix NetScaler, that we can use to set up a secure connection between the endpoint device and the application running in the datacenter. Worx enabled applications also enable us to completely manage each application on an individual basis, giving IT total control and flexibility.
So how do these applications get Worx enabled? This is done by applying a technology called MDX, which stand for Mobile Device Experience. All applications, before they get provisioned using AppController, need to get the MDX bits and bytes applied making them Worx enabled. They all need to be ‘Wrapped’ as Citrix likes to call it, adding a MDX layer on top of each application giving the application the shared characteristics mentioned earlier. These characteristics, on their turn, have separate names as well, they’re called; MDX App Vault, MDX Access and MDX InterApp, see below. Citrix developed a special Worx App SDK which can be used to ‘Wrap’ your mobile applications, applying the specific MDX bits and bytes.
A word from Citrix: It (the SDK) leverages the Citrix MDX app container technology to add in features like data encryption, password authentication, secure lock and wipe, interapp policies and micro VPNs to mobile apps (all configurable per application). The MDX library can be embedded into any app with a single line of code. Developers can also opt to wrap their apps post-development without adding any code to their app. Here’s a link to Citrix’s SDK page. I hope this gives you a general idea on how this is done. Just remember that a Worx enabled application is ‘Wrapped’ with the MDX technology adding in all of the above capabilities.
The Citrix ready Worx program
Next to the mobile Worx enabled application suite developed by Citrix, which consists of; Worx Enroll, Home, Web, Mail, ShareFile, available separately and offered as part of the XenMobile App and Enterprise editions, more information can be found here a whole bunch (over 65 already) of other software vendors including big names like Adobe software, IBM and Cisco (yes, they do software as well :-) also showed their support towards the Worx Program and have committed to join the community by making their mobile applications Worx enabled giving them the exact same capabilities, and shared characteristics mentioned above. A quote from Citrix ‘Citrix introduced the Citrix Ready Worx Verified program to make it simple for ISVs, System Integrators and enterprise developers to extend enterprise-grade management and security in any existing mobile application’.
Worx App Gallery
Customers are now able to download (some apps are free of charge, others are not) a broad array of fully secure and enterprise ready Worx Enabled mobile applications from the new Citrix Worx App Gallery. Over 65 (and the number is still growing) leading mobile app vendors already announced their support for the Citrix Ready Worx Verified program. Have a look here for an overview on participating vendors.
To wrap things up… XenMobile now also supports Amazon Kindle Fire, OS 7 and Samsung KNOX management API’s, have a look at this post from Jack Madden for some more info on this. Some other enhancements include; simplified enrolment (highlighted earlier), setup and configuration of XenMobile in general, including (easier) management for multiple locations within the MDM user console, unfortunately, for now anyway, there’s not a lot more I can tell or show you.
Bas van Kaam ©
Reference materials used: Citrix.com and the Citrix E-Docs website.