The most typical deployment configuration for AppController is to locate AppController in the secure network. Users can connect to AppController to access applications, as well as ShareFile data and documents.

The key features of AppController are:

• Access to web and SaaS applications that includes:
  • Federated support for SAML 1.1 and SAML 2.0 applications
  • Password storage and formfill support for password-based web applications
  • User account management from Active Directory group membership for SaaS applications
  • User account management workflows that allow users to request application accounts and for individuals in your organization to approve the requests
• Access to Android and iOS mobile applications that includes:
  • The ability to publish Android and iOS applications that users can download and install on their mobile devices from Citrix Receiver, including @WorkMail™ and @WorkWeb™
  • Security controls for Android and iOS applications to ensure application and data security
  • Management of mobile applications on user devices through Receiver which enables you to control the mobile applications without managing the mobile device
• Access to ShareFile that includes:
  • Creation and deletion of user accounts within ShareFile by using Active Directory rules
  • Seamless data access for authorized users from Receiver
  • Choice of storage location per folder: ShareFile-managed cloud storage or an on-premises Storage Zone, enabling you to optimize performance and address data sovereignty and compliance requirements
  • Centralized device listing for users that allows you to erase application and ShareFile data on lost or stolen devices
• Device inventory that includes:
  • The ability to view all devices that have connected to AppController
  • The ability to erase and stop erasing data on the user device
  • The ability to lock and unlock the user device
  • The ability to remove devices from the list

AppController 2.5 supports the following new features:

• Active Directory synchronization and filtering. When AppController synchronizes with Active Directory, AppController only looks for changes made in Active Directory instead of synchronizing with the entire directory. This process results in a much faster performance from earlier versions of AppController. If your Active Directory database is large, you can configure multiple Base DNs that AppController binds to and that the server searches through to find user objects.
• Administrator logging. You can log all administrative actions in AppController. When you make changes in the management console, the changes appear in the log. This new logging feature provides an audit trail for AppController.
• App Preparation Tool. The App Preparation Tool for mobile apps now supports Android-based mobile apps in addition to iOS-based apps.
• Dashboard. The AppController dashboard enables you to click on icons representing CloudGateway components, including Receiver, connected users, and connections to applications, to obtain detailed information about your deployment. You can change AppController configuration settings from the dashboard and from the Settings tab. When you click the icon for Total Logons, you can view how many users are connected and the Receiver type, such as Receiver for Android or Receiver for Windows. When you click the icon forConnected Sessions, you can view the components in your CloudGateway deployment and the connection paths. When you click the icon for Apps Used, you can view how many Android- and iOS-based apps, and web and SaaS apps users have started, as well as the number of Web links and ShareFile connections they have made. You can see additional details by clicking one of the links for an app type.
• Device inventory. You can view a list of connected devices in AppController. You can maintain an inventory of user devices from theDevices tab. You can lock user devices, erase application data and documents from user devices, and remove devices from the inventory list in AppController.
• Managing applications. If you need to make changes to an application, you can put the app in maintenance mode. When you put an app in this mode, when users open Receiver, the application is disabled. After you make updates to the application, you can then enable the app and users can start the app from Receiver.
• Mobile App Suite. Citrix provides @WorkMail™ and @WorkWeb™ for iOS- and Android-based devices that let users easily access their email, calendar, and contacts, as well as intranet web sites. You upload the mobile apps to AppController and users subscribe to these two apps from Receiver.
• Policies for mobile apps. Mobile app policies contain MDX policies with additional settings that are not available for web and SaaS apps. You can configure device security, networks, and the ways apps interact with documents and web sites. You can also limit or block device functions, such as copy and paste, the camera, and GPS location services. Policies in iOS and Android apps, including @WorkMail™ and @WorkWeb™, are determined when you wrap the app by using the App Preparation Tool. When you upload mobile apps to AppController, you can then change some policy settings.
• Policies for web and SaaS applications. You can configure policies for each web and SaaS application you add to AppController. You can configure device security for iOS and Android devices. You can also specify the networks to which users can connect. You can configure device security for compromised devices and the networks to which users can connect. Among the policies you can configure are policies that support the blocking of compromised devices, wireless network settings, the requirement for users to connect to an internal network to access apps, and the ability for users to have network access. You can also configure how often Citrix Receiver checks for policy changes in the app.
• Proxy server configuration. You can now configure a web proxy server from the AppController command-line console to allow access to the Internet from AppController. To configure the web proxy server, you configure the IP address, port, and optionally, a non-proxy host list, user name, and password. When you commit the changes, AppController restarts. After you configure the web proxy server, when you use the AppController management console to manage user accounts from the Apps & Docs tab for web and SaaS apps or ShareFile, AppController uses the proxy server settings for outbound connections.
  Note: This feature does not work for the following applications when proxy is configured with authentication: Google Apps or Salesforce.
• Provisioning File Settings. You can email a file to users that configures Receiver for them. The CR (.cr) file contains all the settings that Receiver needs to connect to AppController.
• ShareFile Storage Zones. The ShareFile Storage Center feature enables you to configure private, on-premises Storage Zones. Storage Zones define locations where data is stored. Storage Zones are useful if you want to optimize performance by locating data storage close to users or if you need to control storage for compliance purposes. In addition, ShareFile configuration now appears on the Apps & Docs tab in the management console.
• Snapshots. You can take a snapshot of the AppController configuration at a given point of time. You can export snapshots to your computer and you can import snapshots to AppController. You can use Release Management in Settings in the management console to import and export snapshots.
• Workflow management. You can configure workflows by using the Workflows tab in the management console. You can create multiple workflows before you add applications. When you configure applications, you can then select the appropriate workflow. All web and SaaS applications support workflows. You can also delete workflows that you no longer need.