Skip to main content

Citrix VDI-in-a-box 5.3

Citrix have released a new version of VDI-in-a-box 5.3 lets cover whats new in this article.

VDI-in-a-Box 5.3 provides you with full Windows 8 support, improved supportability, and an enhanced IT experience.

Full Windows 8 support

Windows 8 support is enriched to include:

  • HDX connection to Windows 8 desktops, with DirectX support and video improvements. Smooth-motion video is now available on any device, over any network connection. Windows 8 is also supported on VDI-in-a-Box 5.2, but only through RDP.
  • Windows 8 personal desktop support. End users can now install applications, change their desktop settings, and store data on their Windows 8 virtual desktops.
  • Full support for Windows Server 2012 VHDX format (in VDI-in-a-Box 5.2, VHDX files are automatically converted to VHD).

Supportability improvements

Use VDI-in-a-Box even more effectively with these improvements in supportability:

  • Single sign-on for remote users connecting through Access Gateway from the VDI-in-a-Box web interface. For details of how to configure single sign-on, seeConfigure secure remote access using Citrix Access Gateway.
  • More specific error messages for end users using the VDI-in-a-Box web interface.
  • Improved image distribution troubleshooting tool.
  • Logging improvements, including centralized log collection for multi-server grids. For details of how to configure centralized log collection, see Collect logs.

Enhanced IT experience

Use VDI-in-a-Box more easily with the following enhancements:

  • Wizard-based SSL certificate installation and management. For details of how to install and manage certificates, see Manage SSL certificates.
  • Support for Citrix XenServer 6.2, which provides increased VM density per server and other performance and scalability enhancements.
  • VDI-in-a-Box now works with XenMobile (Enterprise or App edition). Citrix App Controller provides a single point of access to all your business resources, including virtual desktops, mobile apps, SAAS apps, and data. For more details, see Use Citrix App Controller with VDI-in-a-Box.
  • If you need to update your hypervisor address, you can enter the new address through the server configuration settings in the VDI-in-a-Box user interface. For more details, see Update hypervisor addresses.
  • The Citrix Universal Print Server package (already supported in previous releases of VDI-in-a-Box) is now available directly from the VDI-in-a-Box product download page. Using the Universal Print Server means you do not need to install printer drivers on your images. For further details about printing with VDI-in-a-Box, see Manage printing.
  • End User License Agreement (EULA) now integrated into the setup wizard.


Download Citrix VDI-in-a-box 5.3 here (Require MyCitrix ID)

Citrix Mobile Solutions

Citrix have released a new product called Citrix Mobile Solution which are the components of Zenprise now called XenMobile combined with Citrix CloudGateway (AppController, app prep tool+access gateway). Citrix have done a great job combining the two technologies into 1 product. I saw how the new XenMobile MDM & @WorkMail app for iOS worked at a Citrix Disti Bootcamp that was held 25-25th February  at Citrix Systems in Stockholm, and it looks really awesome and fast too, so its a ready product but i doesn’t communicate with the local contact phone list, and let you abstract the informations from the local phone book to the @WorkMail, which some mights wants this functionality. Lets digg in.

Mobile Solutions

Citrix Mobile Solutions is an enterprise mobility management solution that provides mobile device, app and data freedom for employees by giving users access to all their mobile, web and Windows apps and data from a unified app store. Mobile Solutions includes the following components:

  • CloudGateway that includes AppController, the App Preparation Tool, and Access Gateway.
  • XenMobile MDM contains Device Manager, Secure Mobile Gateway, and the Multi-Tenant Console.

The Citrix Mobile Solutions Bundle, is comprised of XenMobile MDM and CloudGateway. Employees have quick, single-click access to all their mobile, web, SaaS and Windows apps from a unified app store, including secure productivity apps that seamlessly integrate to offer a great user experience.

The Mobile Solutions Bundle provides identity-based provisioning and control for all apps, data and devices, policy-based controls, such as restriction of application access to authorized users, automatic account de-provisioning for terminated employees and selective wipe of device, apps or data stored on lost devices. With the Mobile Solutions Bundle, IT can give users device choice while giving IT the ability to prevent data leakage and protect the internal network from mobile threats.

mobile solutions architecture

Mobile Solutions Bundle is composed of the components below

  1. AppController – A Linux based virtual machine available for both XenServer and VMware® based hosts, providing the central administrative point for configuration of all native mobile apps, Web/ SaaS apps, and ShareFile data.
  2. Gateway services – Delivered through the Citrix Access Gateway, either standalone, or as a feature of the NetScaler MPX, VPX and SDX platforms.
  3. App Preparation Tool – MDX technology provides encapsulated iOS and Android applications with security, encryption, and control.
  4. @Work Applications – @WorkMail and @WorkWeb applications for secure Exchange mail and secure Web.
  5. Mobile Device Management – Allows IT to manage mobile devices, set mobile policies and compliance rules, gain visibility to the mobile network, provide control over mobile apps and data, and shield the corporate network from mobile threats

xenmobile device manager

AppController 2.6, whats new

  • Certificate support. When you log on to AppController for the first time in the web-based management console to configure the initial settings, you can add or create certificates on the Active Directory settings page. This option appears only when configuring settings in the management console the first time you log on. When you log on subsequently to the management console, you can configure certificates by using theCertificates link on the Settings tab.
  • Microsoft Hyper-V support. You can install the AppController 2.6 virtual machine on Windows Server 2012 with Hyper-V enabled or on Microsoft Hyper-V Server 2012.
  • Migration support to AppController 2.6. You can upgrade to AppController 2.6 from AppController 2.0 or from AppController 2.5.
  • Secure connections to Active Directory. When you log on to AppController for the first time in the management console to configure the initial settings, you can configure secure connections to Active Directory on the Active Directory settings page. When you log on subsequently to the management console, you can change Active Directory settings by using the Active Directory link on the Settings tab.
  • ShareFile updates. In previous AppController versions, when you configured ShareFile, the domain was automatically appended to the domain name. In this release, the domain does not automatically append to the ShareFile domain name. You must enter the entire ShareFile domain name.
  • Support for mobile links. You can configure mobile links to retrieve the name and description of apps automatically from the Apple App Store. For apps available through the Google Play Store, you enter the name, description and URL of the app. When you configure mobile links, links appear in Receiver with the Play Store or App Store name.
  •  Web proxy user name format. When you configure the web proxy, you can use either the SAMAccount format or the User Principal Name (UPN) as the user name.


Download Citrix Mobile Solutions bundle here (Require MyCitrix) 
The new version of the AppController 2.6 & App preparation tool for iOS and Android are located in above link + XenMobile components.

edocs of Citrix Mobile Solutions

Architecture of the Citrix Mobile solutions bundle

Citrix XenMobile MDM

Citrix have released a new product Citrix XenMobile MDM, which is the collaboration of the acquirement of company Zenprise, which is the leading company on MDM solutions (Mobile Device Management). This is the missing piece for Citrix and brings the management of Mobile devices together with Citrix portfolio.


What is Citrix XenMobile MDM

XenMobile MDM is a robust mobile device management solution that delivers role-based management, configuration, and security for both corporate and employee-owned devices. Upon user device enrollment, IT can provision policies and apps to devices automatically, blacklist or whitelist apps, detect and protect against jailbroken or rooted devices, and wipe or selectively wipe a device that is lost, stolen, or out of compliance. Users can use any device they choose, while IT can ensure compliance of corporate assets and secure corporate content on the device. With XenMobile MDM, you can do the following:

  • Configure device settings, email and applications, policies, and device and application restrictions.
  • Provision devices simply and rapidly by enabling user self-service enrollment and by distributing configuration, policy, and application packages in an automated, role-based manner over-the-air.
  • Secure devices, applications, the network, and data by setting authentication and access policies, blacklisting and whitelisting applications, enabling application tunnels, and enforcing security policies at the gateway.
  • Support users by remotely locating, locking, and wiping devices in the event of loss or theft, as well as remotely troubleshooting device and service issues.
  • Monitor devices, infrastructure, service, and telecom expenses.
  • Decommission devices by identifying inactive devices and wiping or selectively wiping devices upon employee departure.

XenMobile MDM contains the following products:

  •  XenMobile Device Manager allows you to manage mobile devices, set mobile policies and compliance rules, gain visibility to the mobile network, provide control over mobile apps and data, and shield your network from mobile threats. With a “one-click” dashboard, simple administrative console, and real-time integration with Microsoft Active Directory and other enterprise infrastructure like PKI and Security Information and Event Management (SIEM) systems, Device Manager simplifies the management of mobile devices.
  •  The Secure Mobile Gateway provides access control for email and calendar services. You can configure Secure Mobile Gateway to allow or block access to connection requests from devices based on device status, app blacklists or whitelists and a host of other compliance conditions. The status of requests blocked by Secure Mobile Gateway can be immediately viewed on the Device Manager dashboard so that you can take appropriate action.
  •  XenMobile Multi-Tenant Console is a web console that enables service providers and organizations to administer several physical servers running Device Manager from a single site.
  • XenMobile Remote Support application provides several tools to assist in the inspection, troubleshooting, and modification of remotely controlled handheld devices.
  • XenMobile ZSM Lite is a component that enables access to query Blackberry and ActiveSync environments and provides the device and user information to Device Manager through the XenMobile Mobile Service Provider.

XenMobile MDM edition licensing

XenMobile MDM Edition offers customers per-user or per-device licensing models with on-premises and cloud deployment options. Per-user licensing is based on the total number of users that access the software, regardless of the number of devices they are using. Per-device licensing is based on the total number of devices that access the software. Both licensing models are available with a perpetual license or an annual license.

User Licensing

Best when people use more than one device.

  • One license per user
  • Unlimited devices

Device Licensing

Best when people use only one device.

  • Unlimited users
  • One license per device

Lets look at whats new in the components.

Device Manager 8.0.1 for Citrix XenMobile

xenmobile device manager

XenMobile Device Manager contains the following new features:

  •  Citrix Mobile Enroll for iOS. Allows you to enroll your iOS devices and users into Device Manager. (This is a separate app designed for iOS users and is installed on their mobile devices.)
  • Citrix Mobile Connect. Provides access to your organization’s SharePoint server, allowing you to save documents and files locally, such as secure email attachments, intranet sites, and SharePoint documents, as well as the ability to publish local documents to your SharePoint server. You can configure a wide range of SharePoint access policies for company documents.
  • Certificate Management. Enables Device Manager to renew or revoke certificates that are issued by XenMobile.
  • SAML Authentication Support for iOS and Android. You can configure Device Manager (and cloud deployment of XenMobile) to connect with your SAML service and identity providers to enable authentication capabilities that are not dependent on Active Directory.
  • XenMobile NAC REST API (Cisco ISE Enablement). The XenMobile implementation of Cisco ISE capabilities provides a robust set of REST APIs that enable you to control access to your network by unapproved mobile devices. The REST API queries user devices to execute actions on devices, such as wipe and lock, as well as send notification to devices.
  • Network Access Control. If you have a Network Access Control (NAC) appliance set up in your network (such as a Cisco ISE), you can enable filters to set devices as compliant or not compliant for network access control based on rules or properties. If a XenMobile managed device does not meet the specified criteria and is marked as Not Compliant, the device will be blocked on your network by the NAC appliance.
  • Secure Local Docs on Device from SharePoint. The XenMobile DLP solution now supports download and markup SharePoint documents and files on your device in the Documents folder. You can check files out for local view, and then check them back in at a later time.
  • SharePoint DLP Personal Folder Support. Allows access of a user’s personal folder (based on user name) on their SharePoint server. If you allow SharePoint allows personal folders, then you can provide can access to those folders on the user device.

  • App Tunnels for SharePoint Connections. You can create secure App Tunnels and deploy the tunnels to your SharePoint connections. App Tunnels allow you to create a secure connection to a network resource on a per-app basis. App tunnels define proxy parameters between the user component of mobile apps and the app server component.
  • Secure Email Attachments.. Secure email attachments enable you to securely view encrypted email attachments securely through SharePoint DLP and email attachment document control policies. This new feature allows you to set policies for restricting access of email attachments for viewing only within designated XenMobile secure apps, so you can prevent printing and copying or pasting email attachments, and provides the ability to remove or wipe email attachments. With email attachment policies you can:
    • Control access and reading of selected file types (.doc, .PDF, .txt, audio, or video to name a few) as encrypted email attachments by using the XenMobile Secure App Container. When you open an attachment that is secured by Device Manager, the attachment is encrypted and secure. If you try to open or view the attachment in any other application or web site on any other device, it is decrypted and rendered unreadable, which protects your sensitive data.
    • Restrict or allow the file from being saved locally or opened and read in any other local apps.
    • Allow specific file types from being encrypted to allow for viewing, saving, forwarding, and uploading files that do not pose a security risk.
    • Restrict attachment viewing so the user cannot copy and paste, print, or email attachments.
    • Prevent attached documents from being viewed if the user emails the file to other users or uploads the attachment to a file sharing web site such as Box or Dropbox. Files removed from the XenMobile secure app container become encrypted and unreadable by other users.
    • Enable remote selective wipe of email attachment data on a device in the event a user leaves the company or the device is lost or stolen.
    • Customize the email subject heading and message to indicate secure nature of attachments.
    • Deploy secure email attachment document control policies easily as a standard XenMobile SharePoint DLP policy package.
  • Role Base Access Controls for Software Inventory and Location Services. Role-based access controls allow you to manage your software inventory for devices and the device location services.These permissions allow the main features to function, but allow you to block (de-selected) or allow (selected) users viewing the information. For example, you can block a user from viewing software inventory, but you can block the device by using Secure Mobile Gateway if the users installs a blocked app on the device. You can also block users from viewing location service data but the device can still be geo-fenced or geolocated. Device Manager can also generate reports based on this information.

New Features for Android in Device Manager

  • Samsung Certificate Integration. This feature enables you to deploy email, virtual private network (VPN), and Wi-Fi policies to Samsung devices by using two-factor authentication (user name/password + certificate). You can notify and renew certificates automatically without disruption, as well as revoke the certificates and policies of a decommissioned or lost device.The following new features are provided for your Samsung devices managed by Device Manager:
    • Encryption
    • Remote Support
    • VPN for Samsung Android (including certificates)
    • Certificates for Touchdown, Wi-Fi
  • Enhanced Android Device Enrollment. You can enroll Android devices by using MDM server discovery, email or SMS notifications and multiple modes for user authentication (password and PIN-based). Your Android device users can enroll by receiving a message, clicking a URL, and then launching the agent installation process to become enrolled. You can choose from several enrollment modes, each of which provides varying degrees multi-factor credentialed security.
  •  Agent Notification on Android. Device Manager supports sending push notifications to your Android devices.
  •  HTC MDM Integration. This release provides support for the following policies on Android HTC devices:
  •  Exchange ActiveSync. Allows you to remotely configure email by using HTC Home APIs.

Windows 8 Tablet Support

Device Manager supports the following features for the Windows 8 Tablet:

  • Device enrollment
  • Registry configuration
  • Device lock
  • Selective device wipe

Windows 8 Phone Support

Device Manager support the following features for the Windows 8 phone:

  • Device enrollment
  • Hardware inventory
  • PIN-code configuration
  • Policy-based device configuration for:
    • Storage Card: Require Device Encryption and Storage Card Disable/Enable
    •  Password Policy Configuration
    •  Exchange ActiveSync: Configure Exchange ActiveSync server, synchronization settings (email, calendar, contact, frequency), logging.
    •  Custom XML configuration abilities
  • Remote Wipe

Secure Mobile Gateway 8.0.1 for XenMobile MDM

Secure Mobile Gateway 8.0.1 provides the following capabilities:

  • Filter-based rules to allow or block access. A particular client request is evaluated against the organization’s rules. The end result is a binary state of allowed, in which the client is permitted to contact the CAS server, or blocked, in which the client request is dropped and access to the CAS is not permitted. Paired with settings in the Device Manager console, administrators can prevent Exchange ActiveSync email access to device users based on compliance criteria, such as when a black listed app is installed on the device, if the device is jailbroken, and so on).
  • A two-tiered filter model. The first tier parses the incoming HTTP requests based on path-specific information, and the second tier filters based on user and/or device specific information. Both tiers are configurable.
  • Filter rules stored in configuration files. Specific filter rules pertaining to the user accounts and devices in your organization are stored in the gateway’s XML configuration files.
  • Encryption of email attachments for clients that use the ActiveSync protocol. Attachment encryption is selective based on the properties of the device and file types of attachments.

Multi-Tenant Console 8.0.1 for XenMobile MDM

XenMobile Multi-Tenant Console is a web console that enables service providers and organizations to administer several physical servers running XenMobile Device Manager from a single site. Each server can run multiple instances (also called tenants) of Device Manager. The servers are then logically independent from each other.

Remote Support 8.0.1 for XenMobile MDM

Remote Support is a software program installed on a Windows-based computer that allows support personnel to take remote control of the Windows Mobile devices. With Remote Support, you can:

  • Display a list of all connected devices within one or more Device Manager servers.
  • Display system information including device model, operating system level, International Mobile Station Equipment Identity (IMEI) and seria number, memory and battery status, and connectivity.
  • Run the device task manager where you can display and end active processes and restart the mobile device.
  • Run the remote file transfer that includes bidirectional file transfer between mobile devices and a central file server.
  • Download and install software programs as a batch to one or more mobile devices.
  • Configure remote registry key settings on the device.
  • Optimize response time over low bandwidth cellular networks by using real-time device screen remote control.
  • Display device skin with support of most of the mobile device brands and models and a skin editor to add new device models with mapping of physical keys.
  • Enable device screen capture, record and replay with the ability to capture a sequence of interactions on the device that creates a video AVI file.
  • Conduct live meetings by using a shared whiteboard, VoIP-based voice communications and chat between mobile users and support personnel.

ZSM Lite 6.1.8 for XenMobile MDM

ZSM Lite is a component that enables access to query Blackberry and ActiveSync environments and provides the device and user information to Device Manager via the XenMobile Mobile Service Provider (ZMSP). ZMSP offers Web Services for Device Manager to query BES users, AS devices and control operations like wipe and lock.


Overview of the Citrix XenMobile MDM

Read the documentation of the XenMobile MDM on the edocs here

XenMobile MDM edition licensing

Download Citrix Mobile MDM here (Require MyCitrix ID)