Citrix have released a new product Citrix XenMobile MDM, which is the collaboration of the acquirement of company Zenprise, which is the leading company on MDM solutions (Mobile Device Management). This is the missing piece for Citrix and brings the management of Mobile devices together with Citrix portfolio.
What is Citrix XenMobile MDM
XenMobile MDM is a robust mobile device management solution that delivers role-based management, configuration, and security for both corporate and employee-owned devices. Upon user device enrollment, IT can provision policies and apps to devices automatically, blacklist or whitelist apps, detect and protect against jailbroken or rooted devices, and wipe or selectively wipe a device that is lost, stolen, or out of compliance. Users can use any device they choose, while IT can ensure compliance of corporate assets and secure corporate content on the device. With XenMobile MDM, you can do the following:
- Configure device settings, email and applications, policies, and device and application restrictions.
- Provision devices simply and rapidly by enabling user self-service enrollment and by distributing configuration, policy, and application packages in an automated, role-based manner over-the-air.
- Secure devices, applications, the network, and data by setting authentication and access policies, blacklisting and whitelisting applications, enabling application tunnels, and enforcing security policies at the gateway.
- Support users by remotely locating, locking, and wiping devices in the event of loss or theft, as well as remotely troubleshooting device and service issues.
- Monitor devices, infrastructure, service, and telecom expenses.
- Decommission devices by identifying inactive devices and wiping or selectively wiping devices upon employee departure.
XenMobile MDM contains the following products:
- XenMobile Device Manager allows you to manage mobile devices, set mobile policies and compliance rules, gain visibility to the mobile network, provide control over mobile apps and data, and shield your network from mobile threats. With a “one-click” dashboard, simple administrative console, and real-time integration with Microsoft Active Directory and other enterprise infrastructure like PKI and Security Information and Event Management (SIEM) systems, Device Manager simplifies the management of mobile devices.
- The Secure Mobile Gateway provides access control for email and calendar services. You can configure Secure Mobile Gateway to allow or block access to connection requests from devices based on device status, app blacklists or whitelists and a host of other compliance conditions. The status of requests blocked by Secure Mobile Gateway can be immediately viewed on the Device Manager dashboard so that you can take appropriate action.
- XenMobile Multi-Tenant Console is a web console that enables service providers and organizations to administer several physical servers running Device Manager from a single site.
- XenMobile Remote Support application provides several tools to assist in the inspection, troubleshooting, and modification of remotely controlled handheld devices.
- XenMobile ZSM Lite is a component that enables access to query Blackberry and ActiveSync environments and provides the device and user information to Device Manager through the XenMobile Mobile Service Provider.
XenMobile MDM edition licensing
XenMobile MDM Edition offers customers per-user or per-device licensing models with on-premises and cloud deployment options. Per-user licensing is based on the total number of users that access the software, regardless of the number of devices they are using. Per-device licensing is based on the total number of devices that access the software. Both licensing models are available with a perpetual license or an annual license.
Best when people use more than one device.
- One license per user
- Unlimited devices
Best when people use only one device.
- Unlimited users
- One license per device
Lets look at whats new in the components.
Device Manager 8.0.1 for Citrix XenMobile
XenMobile Device Manager contains the following new features:
- Citrix Mobile Enroll for iOS. Allows you to enroll your iOS devices and users into Device Manager. (This is a separate app designed for iOS users and is installed on their mobile devices.)
- Citrix Mobile Connect. Provides access to your organization’s SharePoint server, allowing you to save documents and files locally, such as secure email attachments, intranet sites, and SharePoint documents, as well as the ability to publish local documents to your SharePoint server. You can configure a wide range of SharePoint access policies for company documents.
- Certificate Management. Enables Device Manager to renew or revoke certificates that are issued by XenMobile.
- SAML Authentication Support for iOS and Android. You can configure Device Manager (and cloud deployment of XenMobile) to connect with your SAML service and identity providers to enable authentication capabilities that are not dependent on Active Directory.
- XenMobile NAC REST API (Cisco ISE Enablement). The XenMobile implementation of Cisco ISE capabilities provides a robust set of REST APIs that enable you to control access to your network by unapproved mobile devices. The REST API queries user devices to execute actions on devices, such as wipe and lock, as well as send notification to devices.
- Network Access Control. If you have a Network Access Control (NAC) appliance set up in your network (such as a Cisco ISE), you can enable filters to set devices as compliant or not compliant for network access control based on rules or properties. If a XenMobile managed device does not meet the specified criteria and is marked as Not Compliant, the device will be blocked on your network by the NAC appliance.
- Secure Local Docs on Device from SharePoint. The XenMobile DLP solution now supports download and markup SharePoint documents and files on your device in the Documents folder. You can check files out for local view, and then check them back in at a later time.
- SharePoint DLP Personal Folder Support. Allows access of a user’s personal folder (based on user name) on their SharePoint server. If you allow SharePoint allows personal folders, then you can provide can access to those folders on the user device.
- App Tunnels for SharePoint Connections. You can create secure App Tunnels and deploy the tunnels to your SharePoint connections. App Tunnels allow you to create a secure connection to a network resource on a per-app basis. App tunnels define proxy parameters between the user component of mobile apps and the app server component.
- Secure Email Attachments.. Secure email attachments enable you to securely view encrypted email attachments securely through SharePoint DLP and email attachment document control policies. This new feature allows you to set policies for restricting access of email attachments for viewing only within designated XenMobile secure apps, so you can prevent printing and copying or pasting email attachments, and provides the ability to remove or wipe email attachments. With email attachment policies you can:
- Control access and reading of selected file types (.doc, .PDF, .txt, audio, or video to name a few) as encrypted email attachments by using the XenMobile Secure App Container. When you open an attachment that is secured by Device Manager, the attachment is encrypted and secure. If you try to open or view the attachment in any other application or web site on any other device, it is decrypted and rendered unreadable, which protects your sensitive data.
- Restrict or allow the file from being saved locally or opened and read in any other local apps.
- Allow specific file types from being encrypted to allow for viewing, saving, forwarding, and uploading files that do not pose a security risk.
- Restrict attachment viewing so the user cannot copy and paste, print, or email attachments.
- Prevent attached documents from being viewed if the user emails the file to other users or uploads the attachment to a file sharing web site such as Box or Dropbox. Files removed from the XenMobile secure app container become encrypted and unreadable by other users.
- Enable remote selective wipe of email attachment data on a device in the event a user leaves the company or the device is lost or stolen.
- Customize the email subject heading and message to indicate secure nature of attachments.
- Deploy secure email attachment document control policies easily as a standard XenMobile SharePoint DLP policy package.
- Role Base Access Controls for Software Inventory and Location Services. Role-based access controls allow you to manage your software inventory for devices and the device location services.These permissions allow the main features to function, but allow you to block (de-selected) or allow (selected) users viewing the information. For example, you can block a user from viewing software inventory, but you can block the device by using Secure Mobile Gateway if the users installs a blocked app on the device. You can also block users from viewing location service data but the device can still be geo-fenced or geolocated. Device Manager can also generate reports based on this information.
New Features for Android in Device Manager
- Samsung Certificate Integration. This feature enables you to deploy email, virtual private network (VPN), and Wi-Fi policies to Samsung devices by using two-factor authentication (user name/password + certificate). You can notify and renew certificates automatically without disruption, as well as revoke the certificates and policies of a decommissioned or lost device.The following new features are provided for your Samsung devices managed by Device Manager:
- Remote Support
- VPN for Samsung Android (including certificates)
- Certificates for Touchdown, Wi-Fi
- Enhanced Android Device Enrollment. You can enroll Android devices by using MDM server discovery, email or SMS notifications and multiple modes for user authentication (password and PIN-based). Your Android device users can enroll by receiving a message, clicking a URL, and then launching the agent installation process to become enrolled. You can choose from several enrollment modes, each of which provides varying degrees multi-factor credentialed security.
- Agent Notification on Android. Device Manager supports sending push notifications to your Android devices.
- HTC MDM Integration. This release provides support for the following policies on Android HTC devices:
- Exchange ActiveSync. Allows you to remotely configure email by using HTC Home APIs.
Windows 8 Tablet Support
Device Manager supports the following features for the Windows 8 Tablet:
- Device enrollment
- Registry configuration
- Device lock
- Selective device wipe
Windows 8 Phone Support
Device Manager support the following features for the Windows 8 phone:
- Device enrollment
- Hardware inventory
- PIN-code configuration
- Policy-based device configuration for:
- Storage Card: Require Device Encryption and Storage Card Disable/Enable
- Password Policy Configuration
- Exchange ActiveSync: Configure Exchange ActiveSync server, synchronization settings (email, calendar, contact, frequency), logging.
- Custom XML configuration abilities
- Remote Wipe
Secure Mobile Gateway 8.0.1 for XenMobile MDM
Secure Mobile Gateway 8.0.1 provides the following capabilities:
- Filter-based rules to allow or block access. A particular client request is evaluated against the organization’s rules. The end result is a binary state of allowed, in which the client is permitted to contact the CAS server, or blocked, in which the client request is dropped and access to the CAS is not permitted. Paired with settings in the Device Manager console, administrators can prevent Exchange ActiveSync email access to device users based on compliance criteria, such as when a black listed app is installed on the device, if the device is jailbroken, and so on).
- A two-tiered filter model. The first tier parses the incoming HTTP requests based on path-specific information, and the second tier filters based on user and/or device specific information. Both tiers are configurable.
- Filter rules stored in configuration files. Specific filter rules pertaining to the user accounts and devices in your organization are stored in the gateway’s XML configuration files.
- Encryption of email attachments for clients that use the ActiveSync protocol. Attachment encryption is selective based on the properties of the device and file types of attachments.
Multi-Tenant Console 8.0.1 for XenMobile MDM
XenMobile Multi-Tenant Console is a web console that enables service providers and organizations to administer several physical servers running XenMobile Device Manager from a single site. Each server can run multiple instances (also called tenants) of Device Manager. The servers are then logically independent from each other.
Remote Support 8.0.1 for XenMobile MDM
Remote Support is a software program installed on a Windows-based computer that allows support personnel to take remote control of the Windows Mobile devices. With Remote Support, you can:
- Display a list of all connected devices within one or more Device Manager servers.
- Display system information including device model, operating system level, International Mobile Station Equipment Identity (IMEI) and seria number, memory and battery status, and connectivity.
- Run the device task manager where you can display and end active processes and restart the mobile device.
- Run the remote file transfer that includes bidirectional file transfer between mobile devices and a central file server.
- Download and install software programs as a batch to one or more mobile devices.
- Configure remote registry key settings on the device.
- Optimize response time over low bandwidth cellular networks by using real-time device screen remote control.
- Display device skin with support of most of the mobile device brands and models and a skin editor to add new device models with mapping of physical keys.
- Enable device screen capture, record and replay with the ability to capture a sequence of interactions on the device that creates a video AVI file.
- Conduct live meetings by using a shared whiteboard, VoIP-based voice communications and chat between mobile users and support personnel.
ZSM Lite 6.1.8 for XenMobile MDM
ZSM Lite is a component that enables access to query Blackberry and ActiveSync environments and provides the device and user information to Device Manager via the XenMobile Mobile Service Provider (ZMSP). ZMSP offers Web Services for Device Manager to query BES users, AS devices and control operations like wipe and lock.
Overview of the Citrix XenMobile MDM
Read the documentation of the XenMobile MDM on the edocs here
XenMobile MDM edition licensing
Download Citrix Mobile MDM here (Require MyCitrix ID)