SlideShare uma empresa Scribd logo

Fronting XenMobile MDM with NetScaler

Nuno Alves
Nuno Alves

Fronting XenMobile MDM with NetScaler This article focuses on the integration of our MDM and NetScaler product lines Placing a NetScaler appliance in-front of your device manager will allow for a flexible and secure delivery platform for an optimal MDM solution http://blogs.citrix.com/2013/03/12/fronting-xenmobile-mdm-with-netscaler/

1 de 18
Baixar para ler offline
ARCHITECTURE | XenMobile Reference Architecture: XenMobile with NetScaler Configuration Guide for Establishing NS Load Balancing Front End www.citrix.com
Table of Contents Table of Contents .............................................................................................................................................. 2 Introduction ........................................................................................................................................................ 3 Network Flow Diagram .................................................................................................................................... 4 XenMobile Port Table....................................................................................................................................... 4 Load Balancing Configuration on NetScaler ................................................................................................. 7 Conclusion ........................................................................................................................................................17 Additional Links ...............................................................................................................................................17 Key Contributors .............................................................................................................................................17 Disclaimer .........................................................................................................................................................18 XenMobile on NetScaler Reference Architecture Page |2
Introduction Citrix Systems’ offering of XenMobile is a comprehensive solution portfolio designed to enable customers to experience the benefits of Mobile Device Management while maintaining secure access to applications and desktops. The purpose of this document is to provide reference architecture to place a NetScaler in front of your XenMobile MDM solution. This will allow the XenMobile Device Manager (XDM) to be placed within the walls of your datacenter leaving the NetScaler appliance in the DMZ. This will allow for a secure and scalable rollout of your MDM solution. We will walk through several diagrams to prepare us for the configuration steps near the conclusion of this document. This document covers configuration of the load balancing VIPs and not the overall setup of the NetScaler. For additional resources around the NetScaler and other configurations, please visit the “Additional links” section at the end of this document. Below (Diagram 1.1) is a basic architecture of the XenMobile environment before the addition of the NetScaler. Diagram 1.1 XenMobile on NetScaler Reference Architecture Page |3
Network Flow Diagram In the basic diagram below, we are showing the key ports within the function of the MDM solution. A full description of the ports required for the solution is laid out in the ports table. A quick summary of the current diagram is that port 80 and 443 are used by iOS, Android and Windows devices for communication. With regards to port 8443, Apple iOS uses this for over-the-air registration of the device with the XDM. The use of the server FQDN will also make use of this port. This FQDN is key, as this has been registered with the Apple Push Notification Service. Diagram 1.2 INTERNET ZONE CORPORATE DMZ ZONE CORPORATE LAN ZONE /S Active Directory/LDAP P A LD 6) 63 9/ 38 P C (T TCP 80 TCP 80 TCP 1433 TCP 443 TCP 443 TCP 8443 NetScaler LB TCP 8443 XenMobile Device MS SQL Server H TT Manager P S 44 3 Microsoft CA or PKI Entity Diagram 1.2: A basic diagram of the network flow for NetScaler and XenMobile XenMobile Port Table This table is designed to guide the XenMobile Administrator and Network Administrator through the TCP/IP Port requirements for the Device Manager Server and mobile device agent connections. XenMobile Device Manager Firewall Port Requirements TCP Description Source Destination Port By default, the XDM SMTP configuration of XenMobile 25 the Notification Service uses port 25. However, if Corporate SMTP Server Device your corporate SMTP server uses a different port, Manager make sure that your corporate firewall does not XenMobile on NetScaler Reference Architecture Page |4
block that port. Server Over-the-Air (OTA) Enrollment and Agent Internet Setup (Android and Windows Mobile) XenMobile Device Over-the-Air (OTA) Enrollment and Agent Corporate Manager Server Setup (Android and Windows Mobile), ZDM Web LAN and Console, ZDM Remote Support Client Wi-Fi 80 ZDM Server Enterprise App Store connection to XenMobile Apple iTunes App Store (ax.itunes.apple.com). Apple iTunes Device Used for publishing recommended iTunes App App Store Manager Store apps from the available iOS applications (ax.itunes.apple.com) Server within the Web Console and iOS Agent XenMobile 80 or XenMobile Device Manager Nexmo SMS Device Nexmo SMS Relay 443 Notification Relay outbound connection Manager server Server LDAP/LDAPS connection from ZDM Server to XenMobile 389 or Directory Service Host (Active Directory Global Device LDAP / Active 636 Catalog server or equivalent LDAP directory service Manager Directory Services host) Server SSL OTA Enrollment/Agent Setup (Android and Windows Mobile), All Device-related traffic and data Internet connections (iOS, Android and Windows Mobile) XenMobile Device 443 SSL OTA Enrollment/Agent Setup (Android and Corporate Manager Server Windows Mobile), All Device-related traffic and data LAN and connections (iOS, Android and Windows Mobile), Wi-Fi ZDM Web Console XenMobile Remote database server connection to separate SQL Device 1433 SQL Server Server (Optional) Manager Server Apple APNS (Push Notification Service) outbound XenMobile Internet (Apple APNS 2195 connection to gateway.push.apple.com, used for Device Service Hosts on public iOS device notifications and device policy push Manager IP network17.0.0.0/8) XenMobile on NetScaler Reference Architecture Page |5
Apple APNS (Push Notification Service) outbound Server 2196 connection to feedback.push.apple.com, used for iOS device notifications and device policy push iOS device Apple APNS (Push Notification Service) outbound on Wi-Fi 5223 connection from iOS devices connected via Wi-Fi network network to *.push.apple.com service Internet Over-the-Air (OTA) Enrollment for iOS Devices Corporate XenMobile Device 8443 only LAN and Manager Server Wi-Fi Mobile App Tunnel Ports (Android and Windows App Mobile) to destination internal Application Server Application Server via Tunnel via the ZDM Server (All ports are individually Internet XenMobile Device defined for each Mobile AppTunnel used by a Ports Device through a ZDM Device Configuration Manager Server Policy) 1 Corporate LAN traffic outbound to DMZ and the Internet is assumed to be allowed. PLEASE NOTE: When using Remote Support or Mobile App tunnel (Android and Windows Mobile), the following traffic needs to be open at the firewall: TCP Description Source Destination Port Remote Support Console default server inbound Remote Support XenMobile Device 8081 connection (depending on the Remote Support Tunnel Console Manager Server definition) 80 or Remote Support Console access to ZDM to Remote Support XenMobile Device 443 retrieve device list. Console Manager Server Tunnel Mobile Application Tunnel access to Application XenMobile Device Internal Application port Server (port configured in the tunnel definition) Manager Server Server XenMobile on NetScaler Reference Architecture Page |6
Load Balancing Configuration on NetScaler This section covers the required load balancing configuration on the NetScaler for use with XenMobile. For other links to other possible configurations, please see the Additional Links section at the end of this document. To begin configuration, the first step of this process will be to create the “Servers” entry in the load balancing section of the NS console. Add the name of the server and the internal IP address that the NetScaler will be routing the traffic. Create your “XenMobile Server” that you are load balancing After you have created the entry for the XenMobile server, create your services for the 3 major ports as depicted in the Diagram 1.2. The screen shots below have incorporated the port number into the name for easy reference. All three services will be pointing to the same server. The screen shots only show tabs with information that has been edited. XenMobile on NetScaler Reference Architecture Page |7
Create our Services: Here is the basic setup for the services over port 80. Basic information for the port 80 monitor, all other tabs are configured as default; XenMobile on NetScaler Reference Architecture Page |8
Basic setup of the services for port 443: Configure the monitor for port 443, and all other tabs are configured as default: XenMobile on NetScaler Reference Architecture Page |9
Basic setup of services for port 8443: Configure the services for port 8443, and all tabs are configured as default: The final step will be to create the Virtual Servers using the Load Balancing Services and Server(s) that were previously configured. We have named the Virtual Server with the proper task in line from the port table from above. Configure your virtual servers: XenMobile on NetScaler Reference Architecture Page |10
For the enrollment Virtual Server (port 443), we place a check box next to the proper service that was setup. We then set the “Method and Persistence” tab for “Least Connection” and “SSLSESSION” with a timeout of 2 minutes. The IP address listed will be the address accessible in the DMZ address space. This IP address will be registered with DNS, please verify that devices on the corporate LAN environment can be routed to this virtual server. Configure your XenMobile_Enroll (443) virtual server with your external/DMZ IP address: XenMobile on NetScaler Reference Architecture Page |11
Configure the Method and Persistence as before: The same process will be followed for the creation of the Virtual Server for ports 8443 and 80. XenMobile on NetScaler Reference Architecture Page |12
Configure 8443 (profiles for iOS) with same external IP: XenMobile on NetScaler Reference Architecture Page |13
Configure Profiles, Method and Persistence: XenMobile on NetScaler Reference Architecture Page |14
Configure the Virtual Server for port 80 (Console) settings: XenMobile on NetScaler Reference Architecture Page |15
Configure Console, Method and Persistence: XenMobile on NetScaler Reference Architecture Page |16
Conclusion This completes the configuration for front ending the XenMobile MDM environment with NetScaler. Load Balancing of all essential ports for the XenMobile server is complete Additional Links Below is a list of additional links for other configurations: Citrix XenMobile Solutions: http://support.citrix.com/proddocs/topic/cloudgateway/xmob-landing-page-con.html XenMobile MDM eDocs: http://support.citrix.com/proddocs/topic/cloudgateway/xmob-mdm-landing-page-con.html Deploying Mobility Solutions Bundle Components: http://support.citrix.com/proddocs/topic/clg-deployment/clg-deployment-cloudgateway-options- con.html Key Contributors Josh Fleming, Senior Systems Engineer Author Jon Eugenio, Senior Systems Engineer Content Contributor and Reviewer Florin Lazurca, Senior Architect Content Contributor XenMobile on NetScaler Reference Architecture Page |17
Disclaimer THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Copyright © 2013 Citrix Systems Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Citrix Systems Inc. is strictly forbidden. For more information, contact Citrix Systems. Citrix, the Citrix logo, and the Citrix badge are trademarks of Citrix Systems Inc. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. INTERNAL TRACKING LAST EDIT: 12-MAR-2013 JF/JCE XenMobile on NetScaler Reference Architecture Page |18

Recomendados

vdocuments.net_sp420-technical-description (1).pdf
vdocuments.net_sp420-technical-description (1).pdfvdocuments.net_sp420-technical-description (1).pdf
vdocuments.net_sp420-technical-description (1).pdfgebreyesusweldegebri2
 
Mpls concepts. Time to Certify
Mpls concepts. Time to CertifyMpls concepts. Time to Certify
Mpls concepts. Time to CertifyJose Antonio Omedes
 
Mips Assembly
Mips AssemblyMips Assembly
Mips AssemblyNguyen Chien
 
Lab 1) rad installation
Lab 1) rad installationLab 1) rad installation
Lab 1) rad installationtechbed
 
Seaside News
Seaside NewsSeaside News
Seaside NewsESUG
 
067868
067868067868
067868guest2dfc87
 
z/OS 2.3 HiperSockets Converged Interface (HSCI) support
z/OS 2.3 HiperSockets Converged Interface (HSCI) supportz/OS 2.3 HiperSockets Converged Interface (HSCI) support
z/OS 2.3 HiperSockets Converged Interface (HSCI) supportzOSCommserver
 
Shared Memory Communications-Direct Memory Access (SMC-D) Overview
Shared Memory Communications-Direct Memory Access (SMC-D) OverviewShared Memory Communications-Direct Memory Access (SMC-D) Overview
Shared Memory Communications-Direct Memory Access (SMC-D) OverviewzOSCommserver
 

Recomendados

vdocuments.net_sp420-technical-description (1).pdf
vdocuments.net_sp420-technical-description (1).pdfvdocuments.net_sp420-technical-description (1).pdf
vdocuments.net_sp420-technical-description (1).pdfgebreyesusweldegebri2
 
Mpls concepts. Time to Certify
Mpls concepts. Time to CertifyMpls concepts. Time to Certify
Mpls concepts. Time to CertifyJose Antonio Omedes
 
Mips Assembly
Mips AssemblyMips Assembly
Mips AssemblyNguyen Chien
 
Lab 1) rad installation
Lab 1) rad installationLab 1) rad installation
Lab 1) rad installationtechbed
 
Seaside News
Seaside NewsSeaside News
Seaside NewsESUG
 
067868
067868067868
067868guest2dfc87
 
z/OS 2.3 HiperSockets Converged Interface (HSCI) support
z/OS 2.3 HiperSockets Converged Interface (HSCI) supportz/OS 2.3 HiperSockets Converged Interface (HSCI) support
z/OS 2.3 HiperSockets Converged Interface (HSCI) supportzOSCommserver
 
Shared Memory Communications-Direct Memory Access (SMC-D) Overview
Shared Memory Communications-Direct Memory Access (SMC-D) OverviewShared Memory Communications-Direct Memory Access (SMC-D) Overview
Shared Memory Communications-Direct Memory Access (SMC-D) OverviewzOSCommserver
 
ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP Network Node Manager i ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP Network Node Manager i Protect724manoj
 
Socket programming
Socket programmingSocket programming
Socket programmingPadmavathione
 
Socket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaSocket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaiDhawalVaja
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081 ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081 Protect724manoj
 
6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRF6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRFDr Sandeep Kumar Poonia
 
Bcsrvcommsx
BcsrvcommsxBcsrvcommsx
BcsrvcommsxFaina Fridman
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practiceDocker, Inc.
 
ArcSight Logger Forwarding Connector for HP Operations Manager
ArcSight Logger Forwarding Connector for HP Operations Manager ArcSight Logger Forwarding Connector for HP Operations Manager
ArcSight Logger Forwarding Connector for HP Operations Manager Protect724manoj
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with DockerDaniel Finneran
 
CV-05.02.2017
CV-05.02.2017CV-05.02.2017
CV-05.02.2017Tanzeem Md Zillu
 
Telelab 2
Telelab 2Telelab 2
Telelab 2Avinash Pathak
 
Network programming in Java
Network programming in JavaNetwork programming in Java
Network programming in JavaTushar B Kute
 
2232016 Sample Implementation Plan1.htmlfileCUsers.docx
2232016 Sample Implementation Plan1.htmlfileCUsers.docx2232016 Sample Implementation Plan1.htmlfileCUsers.docx
2232016 Sample Implementation Plan1.htmlfileCUsers.docxeugeniadean34240
 
Puertos utilizados sap
Puertos utilizados sapPuertos utilizados sap
Puertos utilizados sapricardopabloasensio
 
Java Networking
Java NetworkingJava Networking
Java NetworkingSunil OS
 
MySQL Replication
MySQL ReplicationMySQL Replication
MySQL ReplicationMark Swarbrick
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementationFreddy Buenaño
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
E g innovations overview
E g innovations overviewE g innovations overview
E g innovations overviewNuno Alves
 
Citrix virtual desktop handbook (7x)
Citrix virtual desktop handbook (7x)Citrix virtual desktop handbook (7x)
Citrix virtual desktop handbook (7x)Nuno Alves
 

Mais conteúdo relacionado

Semelhante a Fronting XenMobile MDM with NetScaler

ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP Network Node Manager i ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP Network Node Manager i Protect724manoj
 
Socket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaSocket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaiDhawalVaja
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingDocker, Inc.
 
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081 ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081 Protect724manoj
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practiceDocker, Inc.
 
ArcSight Logger Forwarding Connector for HP Operations Manager
ArcSight Logger Forwarding Connector for HP Operations Manager ArcSight Logger Forwarding Connector for HP Operations Manager
ArcSight Logger Forwarding Connector for HP Operations Manager Protect724manoj
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with DockerDaniel Finneran
 
Network programming in Java
Network programming in JavaNetwork programming in Java
Network programming in JavaTushar B Kute
 
2232016 Sample Implementation Plan1.htmlfileCUsers.docx
2232016 Sample Implementation Plan1.htmlfileCUsers.docx2232016 Sample Implementation Plan1.htmlfileCUsers.docx
2232016 Sample Implementation Plan1.htmlfileCUsers.docxeugeniadean34240
 
Java Networking
Java NetworkingJava Networking
Java NetworkingSunil OS
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementationFreddy Buenaño
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 

Semelhante a Fronting XenMobile MDM with NetScaler (20)

ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP Network Node Manager i ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP Network Node Manager i
 
Socket programming
Socket programmingSocket programming
Socket programming
 
Socket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaSocket Programming by Rajkumar Buyya
Socket Programming by Rajkumar Buyya
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081 ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
 
6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRF6. The grid-COMPUTING OGSA and WSRF
6. The grid-COMPUTING OGSA and WSRF
 
Bcsrvcommsx
BcsrvcommsxBcsrvcommsx
Bcsrvcommsx
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
ArcSight Logger Forwarding Connector for HP Operations Manager
ArcSight Logger Forwarding Connector for HP Operations Manager ArcSight Logger Forwarding Connector for HP Operations Manager
ArcSight Logger Forwarding Connector for HP Operations Manager
 
Network Design patters with Docker
Network Design patters with DockerNetwork Design patters with Docker
Network Design patters with Docker
 
CV-05.02.2017
CV-05.02.2017CV-05.02.2017
CV-05.02.2017
 
Telelab 2
Telelab 2Telelab 2
Telelab 2
 
Network programming in Java
Network programming in JavaNetwork programming in Java
Network programming in Java
 
2232016 Sample Implementation Plan1.htmlfileCUsers.docx
2232016 Sample Implementation Plan1.htmlfileCUsers.docx2232016 Sample Implementation Plan1.htmlfileCUsers.docx
2232016 Sample Implementation Plan1.htmlfileCUsers.docx
 
Puertos utilizados sap
Puertos utilizados sapPuertos utilizados sap
Puertos utilizados sap
 
Java Networking
Java NetworkingJava Networking
Java Networking
 
MySQL Replication
MySQL ReplicationMySQL Replication
MySQL Replication
 
25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation25.3.10 packet tracer explore a net flow implementation
25.3.10 packet tracer explore a net flow implementation
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow Controller
 

Mais de Nuno Alves

E g innovations overview
E g innovations overviewE g innovations overview
E g innovations overviewNuno Alves
 
Citrix virtual desktop handbook (7x)
Citrix virtual desktop handbook (7x)Citrix virtual desktop handbook (7x)
Citrix virtual desktop handbook (7x)Nuno Alves
 
Citrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design: Designing XenServer Network ConfigurationsCitrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design: Designing XenServer Network ConfigurationsNuno Alves
 
Deploying the XenMobile 8.5 Solution
Deploying the XenMobile 8.5 SolutionDeploying the XenMobile 8.5 Solution
Deploying the XenMobile 8.5 SolutionNuno Alves
 
Cloudbridge video delivery
Cloudbridge video deliveryCloudbridge video delivery
Cloudbridge video deliveryNuno Alves
 
XenApp 6.5 - Event Log Messages
XenApp 6.5 - Event Log MessagesXenApp 6.5 - Event Log Messages
XenApp 6.5 - Event Log MessagesNuno Alves
 
Citrix cloud platform 4.2 data sheet
Citrix cloud platform 4.2 data sheetCitrix cloud platform 4.2 data sheet
Citrix cloud platform 4.2 data sheetNuno Alves
 
Cloud portal business manager product overview
Cloud portal business manager product overviewCloud portal business manager product overview
Cloud portal business manager product overviewNuno Alves
 
Reference architecture dir and es - final
Reference architecture dir and es - finalReference architecture dir and es - final
Reference architecture dir and es - finalNuno Alves
 
Provisioning server high_availability_considerations2
Provisioning server high_availability_considerations2Provisioning server high_availability_considerations2
Provisioning server high_availability_considerations2Nuno Alves
 
Xd planning guide - storage best practices
Xd planning guide - storage best practicesXd planning guide - storage best practices
Xd planning guide - storage best practicesNuno Alves
 
Introduction to storage technologies
Introduction to storage technologiesIntroduction to storage technologies
Introduction to storage technologiesNuno Alves
 
Xen server storage Overview
Xen server storage OverviewXen server storage Overview
Xen server storage OverviewNuno Alves
 
XenDesktop 7 Blueprint
XenDesktop 7 BlueprintXenDesktop 7 Blueprint
XenDesktop 7 BlueprintNuno Alves
 
Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)Nuno Alves
 
New eBook! Citrix howto build an all star app desktop virtualization team
New eBook! Citrix howto build an all star app desktop virtualization teamNew eBook! Citrix howto build an all star app desktop virtualization team
New eBook! Citrix howto build an all star app desktop virtualization teamNuno Alves
 
Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1
Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1
Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1Nuno Alves
 
Citrix Store front planning guide
Citrix Store front planning guideCitrix Store front planning guide
Citrix Store front planning guideNuno Alves
 
Microsoft by the Numbers
Microsoft by the NumbersMicrosoft by the Numbers
Microsoft by the NumbersNuno Alves
 
NetScaler Deployment Guide for XenDesktop7
NetScaler Deployment Guide for XenDesktop7NetScaler Deployment Guide for XenDesktop7
NetScaler Deployment Guide for XenDesktop7Nuno Alves
 

Mais de Nuno Alves (20)

E g innovations overview
E g innovations overviewE g innovations overview
E g innovations overview
 
Citrix virtual desktop handbook (7x)
Citrix virtual desktop handbook (7x)Citrix virtual desktop handbook (7x)
Citrix virtual desktop handbook (7x)
 
Citrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design: Designing XenServer Network ConfigurationsCitrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design: Designing XenServer Network Configurations
 
Deploying the XenMobile 8.5 Solution
Deploying the XenMobile 8.5 SolutionDeploying the XenMobile 8.5 Solution
Deploying the XenMobile 8.5 Solution
 
Cloudbridge video delivery
Cloudbridge video deliveryCloudbridge video delivery
Cloudbridge video delivery
 
XenApp 6.5 - Event Log Messages
XenApp 6.5 - Event Log MessagesXenApp 6.5 - Event Log Messages
XenApp 6.5 - Event Log Messages
 
Citrix cloud platform 4.2 data sheet
Citrix cloud platform 4.2 data sheetCitrix cloud platform 4.2 data sheet
Citrix cloud platform 4.2 data sheet
 
Cloud portal business manager product overview
Cloud portal business manager product overviewCloud portal business manager product overview
Cloud portal business manager product overview
 
Reference architecture dir and es - final
Reference architecture dir and es - finalReference architecture dir and es - final
Reference architecture dir and es - final
 
Provisioning server high_availability_considerations2
Provisioning server high_availability_considerations2Provisioning server high_availability_considerations2
Provisioning server high_availability_considerations2
 
Xd planning guide - storage best practices
Xd planning guide - storage best practicesXd planning guide - storage best practices
Xd planning guide - storage best practices
 
Introduction to storage technologies
Introduction to storage technologiesIntroduction to storage technologies
Introduction to storage technologies
 
Xen server storage Overview
Xen server storage OverviewXen server storage Overview
Xen server storage Overview
 
XenDesktop 7 Blueprint
XenDesktop 7 BlueprintXenDesktop 7 Blueprint
XenDesktop 7 Blueprint
 
Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)Citrix virtual desktop handbook (5 x)
Citrix virtual desktop handbook (5 x)
 
New eBook! Citrix howto build an all star app desktop virtualization team
New eBook! Citrix howto build an all star app desktop virtualization teamNew eBook! Citrix howto build an all star app desktop virtualization team
New eBook! Citrix howto build an all star app desktop virtualization team
 
Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1
Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1
Wp intelli cache_reduction_iops_xd5.6_fp1_xs6.1
 
Citrix Store front planning guide
Citrix Store front planning guideCitrix Store front planning guide
Citrix Store front planning guide
 
Microsoft by the Numbers
Microsoft by the NumbersMicrosoft by the Numbers
Microsoft by the Numbers
 
NetScaler Deployment Guide for XenDesktop7
NetScaler Deployment Guide for XenDesktop7NetScaler Deployment Guide for XenDesktop7
NetScaler Deployment Guide for XenDesktop7
 

Fronting XenMobile MDM with NetScaler

  • 1. ARCHITECTURE | XenMobile Reference Architecture: XenMobile with NetScaler Configuration Guide for Establishing NS Load Balancing Front End www.citrix.com
  • 2. Table of Contents Table of Contents .............................................................................................................................................. 2 Introduction ........................................................................................................................................................ 3 Network Flow Diagram .................................................................................................................................... 4 XenMobile Port Table....................................................................................................................................... 4 Load Balancing Configuration on NetScaler ................................................................................................. 7 Conclusion ........................................................................................................................................................17 Additional Links ...............................................................................................................................................17 Key Contributors .............................................................................................................................................17 Disclaimer .........................................................................................................................................................18 XenMobile on NetScaler Reference Architecture Page |2
  • 3. Introduction Citrix Systems’ offering of XenMobile is a comprehensive solution portfolio designed to enable customers to experience the benefits of Mobile Device Management while maintaining secure access to applications and desktops. The purpose of this document is to provide reference architecture to place a NetScaler in front of your XenMobile MDM solution. This will allow the XenMobile Device Manager (XDM) to be placed within the walls of your datacenter leaving the NetScaler appliance in the DMZ. This will allow for a secure and scalable rollout of your MDM solution. We will walk through several diagrams to prepare us for the configuration steps near the conclusion of this document. This document covers configuration of the load balancing VIPs and not the overall setup of the NetScaler. For additional resources around the NetScaler and other configurations, please visit the “Additional links” section at the end of this document. Below (Diagram 1.1) is a basic architecture of the XenMobile environment before the addition of the NetScaler. Diagram 1.1 XenMobile on NetScaler Reference Architecture Page |3
  • 4. Network Flow Diagram In the basic diagram below, we are showing the key ports within the function of the MDM solution. A full description of the ports required for the solution is laid out in the ports table. A quick summary of the current diagram is that port 80 and 443 are used by iOS, Android and Windows devices for communication. With regards to port 8443, Apple iOS uses this for over-the-air registration of the device with the XDM. The use of the server FQDN will also make use of this port. This FQDN is key, as this has been registered with the Apple Push Notification Service. Diagram 1.2 INTERNET ZONE CORPORATE DMZ ZONE CORPORATE LAN ZONE /S Active Directory/LDAP P A LD 6) 63 9/ 38 P C (T TCP 80 TCP 80 TCP 1433 TCP 443 TCP 443 TCP 8443 NetScaler LB TCP 8443 XenMobile Device MS SQL Server H TT Manager P S 44 3 Microsoft CA or PKI Entity Diagram 1.2: A basic diagram of the network flow for NetScaler and XenMobile XenMobile Port Table This table is designed to guide the XenMobile Administrator and Network Administrator through the TCP/IP Port requirements for the Device Manager Server and mobile device agent connections. XenMobile Device Manager Firewall Port Requirements TCP Description Source Destination Port By default, the XDM SMTP configuration of XenMobile 25 the Notification Service uses port 25. However, if Corporate SMTP Server Device your corporate SMTP server uses a different port, Manager make sure that your corporate firewall does not XenMobile on NetScaler Reference Architecture Page |4
  • 5. block that port. Server Over-the-Air (OTA) Enrollment and Agent Internet Setup (Android and Windows Mobile) XenMobile Device Over-the-Air (OTA) Enrollment and Agent Corporate Manager Server Setup (Android and Windows Mobile), ZDM Web LAN and Console, ZDM Remote Support Client Wi-Fi 80 ZDM Server Enterprise App Store connection to XenMobile Apple iTunes App Store (ax.itunes.apple.com). Apple iTunes Device Used for publishing recommended iTunes App App Store Manager Store apps from the available iOS applications (ax.itunes.apple.com) Server within the Web Console and iOS Agent XenMobile 80 or XenMobile Device Manager Nexmo SMS Device Nexmo SMS Relay 443 Notification Relay outbound connection Manager server Server LDAP/LDAPS connection from ZDM Server to XenMobile 389 or Directory Service Host (Active Directory Global Device LDAP / Active 636 Catalog server or equivalent LDAP directory service Manager Directory Services host) Server SSL OTA Enrollment/Agent Setup (Android and Windows Mobile), All Device-related traffic and data Internet connections (iOS, Android and Windows Mobile) XenMobile Device 443 SSL OTA Enrollment/Agent Setup (Android and Corporate Manager Server Windows Mobile), All Device-related traffic and data LAN and connections (iOS, Android and Windows Mobile), Wi-Fi ZDM Web Console XenMobile Remote database server connection to separate SQL Device 1433 SQL Server Server (Optional) Manager Server Apple APNS (Push Notification Service) outbound XenMobile Internet (Apple APNS 2195 connection to gateway.push.apple.com, used for Device Service Hosts on public iOS device notifications and device policy push Manager IP network17.0.0.0/8) XenMobile on NetScaler Reference Architecture Page |5
  • 6. Apple APNS (Push Notification Service) outbound Server 2196 connection to feedback.push.apple.com, used for iOS device notifications and device policy push iOS device Apple APNS (Push Notification Service) outbound on Wi-Fi 5223 connection from iOS devices connected via Wi-Fi network network to *.push.apple.com service Internet Over-the-Air (OTA) Enrollment for iOS Devices Corporate XenMobile Device 8443 only LAN and Manager Server Wi-Fi Mobile App Tunnel Ports (Android and Windows App Mobile) to destination internal Application Server Application Server via Tunnel via the ZDM Server (All ports are individually Internet XenMobile Device defined for each Mobile AppTunnel used by a Ports Device through a ZDM Device Configuration Manager Server Policy) 1 Corporate LAN traffic outbound to DMZ and the Internet is assumed to be allowed. PLEASE NOTE: When using Remote Support or Mobile App tunnel (Android and Windows Mobile), the following traffic needs to be open at the firewall: TCP Description Source Destination Port Remote Support Console default server inbound Remote Support XenMobile Device 8081 connection (depending on the Remote Support Tunnel Console Manager Server definition) 80 or Remote Support Console access to ZDM to Remote Support XenMobile Device 443 retrieve device list. Console Manager Server Tunnel Mobile Application Tunnel access to Application XenMobile Device Internal Application port Server (port configured in the tunnel definition) Manager Server Server XenMobile on NetScaler Reference Architecture Page |6
  • 7. Load Balancing Configuration on NetScaler This section covers the required load balancing configuration on the NetScaler for use with XenMobile. For other links to other possible configurations, please see the Additional Links section at the end of this document. To begin configuration, the first step of this process will be to create the “Servers” entry in the load balancing section of the NS console. Add the name of the server and the internal IP address that the NetScaler will be routing the traffic. Create your “XenMobile Server” that you are load balancing After you have created the entry for the XenMobile server, create your services for the 3 major ports as depicted in the Diagram 1.2. The screen shots below have incorporated the port number into the name for easy reference. All three services will be pointing to the same server. The screen shots only show tabs with information that has been edited. XenMobile on NetScaler Reference Architecture Page |7
  • 8. Create our Services: Here is the basic setup for the services over port 80. Basic information for the port 80 monitor, all other tabs are configured as default; XenMobile on NetScaler Reference Architecture Page |8
  • 9. Basic setup of the services for port 443: Configure the monitor for port 443, and all other tabs are configured as default: XenMobile on NetScaler Reference Architecture Page |9
  • 10. Basic setup of services for port 8443: Configure the services for port 8443, and all tabs are configured as default: The final step will be to create the Virtual Servers using the Load Balancing Services and Server(s) that were previously configured. We have named the Virtual Server with the proper task in line from the port table from above. Configure your virtual servers: XenMobile on NetScaler Reference Architecture Page |10
  • 11. For the enrollment Virtual Server (port 443), we place a check box next to the proper service that was setup. We then set the “Method and Persistence” tab for “Least Connection” and “SSLSESSION” with a timeout of 2 minutes. The IP address listed will be the address accessible in the DMZ address space. This IP address will be registered with DNS, please verify that devices on the corporate LAN environment can be routed to this virtual server. Configure your XenMobile_Enroll (443) virtual server with your external/DMZ IP address: XenMobile on NetScaler Reference Architecture Page |11
  • 12. Configure the Method and Persistence as before: The same process will be followed for the creation of the Virtual Server for ports 8443 and 80. XenMobile on NetScaler Reference Architecture Page |12
  • 13. Configure 8443 (profiles for iOS) with same external IP: XenMobile on NetScaler Reference Architecture Page |13
  • 14. Configure Profiles, Method and Persistence: XenMobile on NetScaler Reference Architecture Page |14
  • 15. Configure the Virtual Server for port 80 (Console) settings: XenMobile on NetScaler Reference Architecture Page |15
  • 16. Configure Console, Method and Persistence: XenMobile on NetScaler Reference Architecture Page |16
  • 17. Conclusion This completes the configuration for front ending the XenMobile MDM environment with NetScaler. Load Balancing of all essential ports for the XenMobile server is complete Additional Links Below is a list of additional links for other configurations: Citrix XenMobile Solutions: http://support.citrix.com/proddocs/topic/cloudgateway/xmob-landing-page-con.html XenMobile MDM eDocs: http://support.citrix.com/proddocs/topic/cloudgateway/xmob-mdm-landing-page-con.html Deploying Mobility Solutions Bundle Components: http://support.citrix.com/proddocs/topic/clg-deployment/clg-deployment-cloudgateway-options- con.html Key Contributors Josh Fleming, Senior Systems Engineer Author Jon Eugenio, Senior Systems Engineer Content Contributor and Reviewer Florin Lazurca, Senior Architect Content Contributor XenMobile on NetScaler Reference Architecture Page |17
  • 18. Disclaimer THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Copyright © 2013 Citrix Systems Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Citrix Systems Inc. is strictly forbidden. For more information, contact Citrix Systems. Citrix, the Citrix logo, and the Citrix badge are trademarks of Citrix Systems Inc. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. INTERNAL TRACKING LAST EDIT: 12-MAR-2013 JF/JCE XenMobile on NetScaler Reference Architecture Page |18