After installing and configuring the XenMobile MDM server it’s time for the step-by-step blog about XenMobile App Controller. In this blog I will install (upload) the Citrix XenMobile App Controller 2.9 to the Citrix XenServer. After that I will configure the basic settings from the console and run the configuration wizard from the administrator web console. I will also create a server certificate for the App Controller, connect the XenMobile MDM server to the App Controller and publish an application.
XenMobile and the NetScaler
The Citrix NetScaler (10.1) now includes a XenMobile setup deployment wizard. With this wizard you can configure XenMobile MDM, App Controller, MS Exchange with Email Filtering and ShareFile at once. For the App Controller the wizard will create a NetScaler Gateway. Make sure you enter the correct Gateway FQDN (App Controller URL) and that you configure the correct certificate (for the external DNS name).
For the Citrix XenMobile App Controller installation/configuration you have to do the following preparations;
- Open these ports in your network environment
- Create an external DNS record for the XenMobile App Controller
- Install and Configure Citrix NetScaler 10.1 (but then with running the XenMobile wizard)
- (Optional) Install and Configure XenMobile MDM
- Have an internal Certificate Authority (CA) up and running
- Have a Microsoft Exchange server up and running
Active Directory Requirements
Fill in (at least) the following fields in the user account properties;
- User Logon Name (and not only the pre-Windows 2000 one)
- First Name
- Last Name
Downloading and Uploading the XenMobile App Controller to the XenServer
For this installation I will download “App Controller 2.9 Virtual appliance for XenServer” from the Citrix website.
After downloading the XenMobile App Controller, open XenCenter, open the File menu and choose the option Import…
Browse to the downloaded App Controller and click Next
Select your XenServer and click Next
Select the storage you want to upload the App Controller to and click Import
Select the network interface you want to use for the App Controller and click Next
Configuring the XenMobile App Controller
Start the XenMobile App Controller and go to the Console tab of the virual machine (XenCenter). Login with the default admin account (account name: Admin, Password: password).
Type 0 to start the Express Setup
Type 1 to configure the IP Address
Enter the IP Address you want to assign to the App Controller
Enter the correct Netmask
Type 2 to configure the Default Gateway
Enter the correct Default Gateway IP address
Type 3 to configure the DNS Server(s)
Enter the correct IP Address of the DNS server(s)
Type 4 to configure the NTP Server
Enter the correct IP Address of the NTP server
Type 5 to commit the changes
Type y to reboot the App Controller
Open a web browser and type the following address: https://<ip of appcontroller>:4443/ControlPoint. Login with username: administrator (NOT admin !) password: password.
When logging on for the first time, a Configuration Wizard will be appear. The first step is to change the default administrator password. Fill in the default password (password) and enter a new one (twice). Click Next
Enter a hostname. In my case I will use appcontroller.hobo.lan. NOTE: you must create an inernal DNS record for this hostname manually.
Enter the requested Active Directory information. Leave “Use secure connection” unselected for now. We will configure the certificates for the secure connection later. Click Next.
Configure the correct Time Zone and DNS suffixes. Click Next
Enter the requested mail server settings and click Next
Creating and Installing a server certificate
The Citrix XenMobile App Controller requires the root and a server certificate to communicate between the App Controller and the Management console, Applications and StoreFront. Note: this is not the SSL certificate for use with the external DNS record, that certificate must be trusted by an external CA and must be installed on the NetScaler.
For the creation of the server certificate I will use Internet Information Services (IIS). Go to Server Certificates and click Create Domain Certificate
Enter the requested information and click Next
Select the correct (intern) Certification Authority (CA), enter a Friendly name and click Finish
Right click the certificate and click Export
Export the certificate to an .pfx file and set an password. Click Ok
Open an MMC console and add the Certificates snap-in (My User Account)
Browse to Certificates – Current User > Personal > Certificates. Right click Certificates and browse to All Tasks > Import
Browse to the certificate and click Next
Type the password for the private key and select Mark this key as exportable. This will allow you to back up or transport your keys at a later time. Click Next.
Right click the certificate and browse to All Taks > Export
Make sure you select Include all certificates in the certification path if possible and click Next
Set a password and click Next
Browse to the path you want to save the certificate to and click Next
Logon to the XenMoble App Controller web console and go to Settings, Certificates
Go to Import and select Server (.pfx)
Enter the password you set while exporting the certificate and click OK
Select the certificate and click Make Active. Note that the root CA is also imported automatically and is added to the Certificate Chain.
You can now browse to the AppController Admin Console via HTTPS
Allow the XenMobile MDM server to communicate with the XenMobile App Controller
To allow the XenMobile MDM server to communicate with the XenMobile App Controller configure the following;
Logon to the XenMobile MDM admin console and go to Options
Go to App Controller. Enter the Host Name and a Shared Key (anything you like without special characters) and click Close
Open the XenMobile App Controller admin console, go to Settings, XenMobile MDM and click Edit
Enter the requested information and click Test Connection
Go back to the XenMobile MDM Console and click Check connection
Publish an Application
Within the Citrix XenMobile App Controller you can deploy a lot of different types of applications including Android Apps (APK files or MDX files for wrapped), iOS Apps (IPA files or MDX files for wrapped), Web & SaaS, Web Links or Apps directly from iTunes or the Google Play store. For this blog I show you how to publish a SaaS application.
Logon to the App Controller administrator panel and go to the tab Apps & Docs
Go to Web & SaaS and click on the big green plus sign
For this example I will use the LinkedIn SaaS app, click Add
You can define Workflows within the App Controller if, for example, approval is required from a manager. In this case I let everything default. Click Next
The LinkedIn application is now published from the App Controller
To see if it works, open a web browser and enter the App Controller URL
Click on the plus sign to add the LinkedIn application
Select the LinkedIn application
Click on the LinkedIn icon
The App Controller will save the credentials for the user.
It is also possible to add XenApp / XenDesktop application and desktops by connecting StoreFront to the App Controller.