How To: XenMobile MDM 8.5 Deployment Part 1: Installation

In late 2012 Citrix announced they had purchased a 7-year-old startup company called Zenprise that was a hot player in the mobile device security market. Up until that time, Citrix was positioning for that sector with its CloudGateway Enterprise product and focusing mostly on apps and data management..not really the device. Zenprise helped them flesh out their offering, which is now known as “XenMobile”. Although it’s gone through a few iterations it has finally reached a final “form” if you will of three editions: MDM, App, and Enterprise.

The purpose of this article series will be to walk through the installation and basic setup of the MDM (Mobile Device Management) Edition which focuses almost exclusively on managing the device, and not necessarily so much the data or apps. Although it is capable of application pushes and the like… a feature comparison can be found on Citrix’ website HERE. I encourage you to view that. One major difference to note is MDM does not sandbox apps/data, but App Edition does, and Enterprise Edition can.

In researching this product for some internal training we are currently going through it became pretty apparent there is very little information out there on it, and if there is its unfortunately outdated because the product has been rapidly evolving over the first half of the year. In this series of blog articles I will go over how to deploy a single instance of XenMobile 8.5 MDM on an internal network, configure basic policies and rules, and apply them to your devices.

If you would like to read the other parts in this article series please go to:

This, unfortunately is the most boring part of MDM which is the install…but I would be remiss by not going over it for some of you that “have to see” it. So lets get to it so we can get on to the more exciting stuff!

First: Pre-req’s. All of this is straight from eDocs, I’m not reinventing the wheel here.

  • MDM 8.5 needs to go on a 2008 R2 or 2012 server.
  • Setup an active directory service account and make it a local admin on the MDM server
  • Disable IPv6 (not via registry, just uncheck the box)
  • UAC disabled
  • Firewall disabled (this is my preference..I disable server firewalls but you’re welcome to do as you wish)
  • Your service account needs permissions creator/owner/read/write on your SQL server. I will not be using PostgreSQL.
  • SQL 2005/2008/R2/2012 in your environment (Reference Architecture recommends SQL for production deployments, not PostgreSQL. See HERE)
  • Java SE 7 JDK Update 11 or later installed on the server
  • Java Cryptography Extension (JCE) USJP 7 on the server
    • To install the Java Cryptography Extension
      • Install Java SE 7u11
      • Open the JCE zip file and copy local_policy.jar and US_export_policy.jar to your computer desktop.
      • Navigate to the folder /java/jdk1.7.0_x/jre/lib/security and copy the files from Step 2 to this folder.
  • External DNS record such as mobile.mydomain.com
  • **UPDATE: You have to open a support case now for APNS signing.**Obtain an Apple APNS certificate. Again, full guide in eDocs.
    • Note: If you have issues completing this certificate on import back into IIS, try loading the Apple Root Certificates into the local computer Trusted Root/Certificates store.
  • Get your XenMobile license file. No license, no play. Note this does not come like a normal Citrix license you allocate on the portal, it gets sent to you after purchase.
  • Open 80/443/8443 to MDM through your firewall
For the purposes of this How To series I am using MS Server 2012 Standard Edition in a 2008 R2 Domain, ultimately front-ended by a NetScaler VPX 1000 on v10.1.119.7 codebase. Backend SQL service is being provided by SQL 2008 R2 SP2. All virtual machines are running on vSphere 5.1 Enterprise Plus. Also, all the above pre-req’s are complete.
Step 1: Navigate to your XenMobileDeviceManager-8.5.x executable and double-click it to launch the install.
 MDM10000
Step 2. Select Your respective language
MDM10001
Step 3. Click “Next”
MDM10002
Step 4. Agree if you want this to go any further.
MDM10003
Step 5. We’re going to do a custom install, and uncheck the PostgreSQL portion. We will use SQL, as we would in a production deployment. Click “Next”
MDM10004
Step 6. Click “Install”
MDM10005
Step 7. Click “Next”
MDM10006
Step 8. Enter in your SQL details here, including Auth type, domain, host name, and credentials. Once done click “Check the Connection”
MDM10007
Step 9. Click “Create”
MDM10008
Step 10. Click “OK”
MDM10009
Step 11. Click “Next”
MDM10012
Step 12. Accept the defaults by clicking “Next”
MDM10013
Step 13. Accept the defaults by clicking “Next”
MDM10014
Step 14. Accept the defaults by clicking “Next”
MDM10015
Step 15. Enter in a keystone password, fill in the Org Unit and Organization. Click “Next”
MDM10016
Step 16. Repeat
MDM10017
Step 17. Repeat
MDM10018
Step 18. Enter in a keystore password and enter in the FQDN you’ll be using.  Click “Next”
MDM10019
Step 19. Input the path to your APNS certificate in pfx format and the private key password. Click “Next”
MDM10020
Step 20. Click “Next”
MDM10021
Step 21. Enter a name and password for an an account to be used to login to the console. Click “Next”
MDM10022
Step 22. Click “Finish”, Finally!
MDM10023
Step 23. Click “Close” once everything is complete.
MDM10024
Step 24. At this point you’ll notice another window also open behind what you were working on, click “Next”
MDM10025
Step 25. Click “Finish”
MDM10026
Step 26. Open up a web browser and (if you already did your internal DNS entry) navigate to http://mobile.yourdomain.com/zdm and you should see the below login page. Enter the username and password you configured for management and click “Sign In”
MDM10028
Step 27. Congratulations, you have a functional, but not yet configured instance of Citrix XenMobile Mobile Device Manager (MDM) 8.5 now installed and ready to rock and roll!
MDM10029
So at this point you have XM MDM 8.5 installed, the SQL backend database is configured, you successfully loaded your Apple Push certificate, your DNS is all configured and you can successfully open the console. In my next article we’ll go over some basic configuration within the console to start getting this usable!
Hope this helps someone out there! Please leave a comment, I do read them!

10 thoughts on “How To: XenMobile MDM 8.5 Deployment Part 1: Installation

  1. Pingback: How To: #XenMobile #MDM 8.5 Deployment Part 1 and 2: Installation – via @AdamInTheCloud | The IT Melting Pot!

    • You are correct, XenMobile NetScaler Connector is a large piece to actively control ActiveSync and I plan on covering that lightly in part 7, I actually have it slated in a separate series though on configuring NS for XNC. Things have just been extremely busy with work lately so its slowing down my blog postings, but hang in there and thanks for posting! 🙂
      -Adam

      • Hey Adam
        Ok thanks looking forward to some XNC -NS configure to do step by step….IS Device manager i way to controll the apps in manage devices ? like when they go into appstore on ipads they will only see the apps i publish from device manager ? and if i need to create my own Company apps i need Appcontroller ?

        Kim

      • Hi Kim,

        Great questions. With the MDM version, no they will continue to have a fully functional AppStore on their device. MDM allows you to push an EAS (Enterprise App Store) to the device that they can access and pick and subscribe to company published applications. However, with MDM edition your limited to just apps that are already publicly available from the native App Store. AppController opens up the door to application wrapping and your own internal company apps being available via the EAS.

        Hope that answers your questions,
        -Adam

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s