Site icon Robin Hobo

How to setup Citrix XenMobile 10 (including configuring NetScaler)

On February, 17 Citrix released the long awaited XenMobile 10. The big difference with its previous versions is that the XenMobile 10 now consists of one component, the XenMobile Server (XMS), so no longer a XenMobile MDM installation on a Windows Server and configuring a separate App Controller.

The XenMobile Server is, just like the old App Controller, an Unix appliance running on XenServer, Hyper-V or a VMWare hypervisor. Because it’s now one component you need 50% less resources then in previous versions and it is much faster to implement (see blog below). And in addition to this you have one Administrator console for both MDM and MAM.

I will show you to setup Citrix XenMobile 10 in a few steps, including the NetScaler configuration. But for I begin, lets talk about the XenMobile 10 requirements.

XenMobile 10 Requirements

For publishing applications you need some more requirements, but I will talk about that in an others blog.

My Environment

First let me say something about my environment, I got the same external and internal domain name, robinhobo.com. For the Citrix XenMobile 10 setup I use a wildcard certificate. Two external DNS records have been created;

In my DMZ I have the following four free IP addresses for XenMobile 10;

 Setting up Citrix XenMobile 10

After uploading the Citrix XenMobile appliance to the hypervisor, start the virtual machine and open the command window.

Enter a new password for the command line admin account, this is another account than the Webinterface Administrator.

Fill in the following information;

IP address: <the IP address for the XMS, in my case 192.168.1.40>
Netmask: <the Netmask>
Default gateway: <IP of the default gateway in the DMZ>
Primary DNS server: <IP of the DNS server>
Secondary DNS server: <Optionally a secondary DNS server IP>

Press Y and enter to commit the settings

To generate a random passphrase, type Y and enter


Press y or n to enable FIPS mode, for this setup I press N and enter

For production environment always use an external database server. For PoC / Test environments you can use a local database for a quick setup. In my case I enter L and press enter

Enter the XenMobile Server FQDN, this must be the external MDM address. In my case mdm.robinhobo.com and press enter. Press Y to commit.

Now you have the option the change the default ports. If you don’t want to change the default ports. Hit the enter button four times and press y to commit the settings.

Press y to set the same password for all the certificates of the PKI

Then enter the new password and press y to commit the settings

Fill in the webinterface administrator information. Give up an administrator username and password. Type y to commit the settings

The last step in the command line setup is the question if you want to upgrade from a previous release. In this case I will setup a new environment. Type N and enter

After that XenMobile 10 will be configured. After a few minutes the XenMobile 10 appliance is ready for the webinterface setup. The webinterface URL is displayed above “Starting monitoring..” . It will be the XenMobile Server IP:4443. In my case HTTPS://192.168.1.40:4443

Open a browser and open the URL from previous step. Login with the configured administrator account.

Press the Start button

You can use a local or a remote License server. If you don’t upload a license you will be run in a 30 day trial period. Click Next

The next step is to upload the certificates. If you are going to manage iOS devices you need to upload a APNS certificate beside a SSL Listener certificate. Click on the Import button.

For the APNS certificate, make the following selections;

Import: Keystore
Keystore type: PKCS#12
Use as: APNs

Browse to the Keystore file (APNS .pfx file) and fill in the Password.

Click Import

Click on OK

Click on Import again

Make the following selections;

Import: Keystore
Keystore type: PKCS#12
Use as: SSL Listener

Browse to the Keystore file (SSL .pfx file) and fill in the Password.

Click Import

Click Ok

Click Next

Fill in the following information;

Name: <anything you like>
Alias: <anything you like>
External URL: <external mam adres, for example https://mam.robinhobo.com>
Logon Type: Domain only

Click Next

Fill in the following information;

Primary server: <first DC>
Secondary server: <second DC (optional)>
Port: 389 (is using unsecure LDAP)
Domain name: <domain name>
User base DN: for example dc=robinhobo,dc=com
Group base DN: for example dc=robinhobo,dc=com
User ID: <the service account @domain.name>
Password: <service account password>

Scroll down the page..

Fill in the following information;

Domain alias; <for example robinhobo.com>

Click Next

Fill in your Microsoft Exchange server / Notification Server (optional) information and click Next

Click Finish

Click Start Managing Apps and Devices

Restart the Citrix XenMobile server so the certificates will be become active.

The Citrix XenMobile server is now in basic configured. At this point you can start configure Deployment Groups, Policies, Actions and Applications.

Configuring the NetScaler for Citrix XenMobile 10

Since Citrix NetScaler 10.5 build 54.9 there is a Citrix XenMobile 10 wizard available. This wizard will create a Gateway virtual server for MAM, a Load Balancer for MDM and a Load Balancer for MAM. Therefor you need a NetScaler Standard or higher. In the following steps I will guide your through the wizard. I assume that the SSL certificates are already installed on the NetScaler.

On the left side, click on XenMobile. On the right side select XenMobile 10 and click on Get Started

On the left side select Access through NetScaler Gateway and Load Balance XenMobile Servers and click Continue

Fill in the following information;

NetScaler Gateway IP Address: <a free IP in the DMZ, in my case 192.168.1.41>
Port: 443

Click Continue

Select the MAM SSL certificate or the wildcard certificate and click Continue

Fill in the following information;

IP Address: <IP Address of your DC>
Port: 389 (if using unsecure LDAP)
Base DN: <for example dc=robinhobo,dc=com>
Service account: <your XenMobile service account>
Password: <the service account password>
Server Logon Name Attribute: userPrincipalName or samAccountName

Click Continue

Now here is the tricky part. The wizard asks for a xms.internal.net server address for MAM.. however you will need to fill in the external mdm address / XenMobile Hostname. In my case: mdm.robinhobo.com

Fill in the Load Balancing IP address for MAM, in my case 192.168.1.42. The port is 8443

Click Continue

Select the wildcard certificate and click Continue

Click Add Server

Fill in the IP address of the XenMobile server and click Add

Click Continue

Click Load Balance Device Manager Servers

Fill in the following information;

IP Address: <a free IP address in the DMZ segment, in my case 192.168.1.43>

Click Continue

Click Continue

Click Done

Exit mobile version