User Licensing Best when people use more than one device. One license per user Unlimited devices

Device Licensing Best when people use only one device. Unlimited users One license per device

Lets look at whats new in the components.

Device Manager 8.0.1 for Citrix XenMobile

XenMobile Device Manager contains the following new features:

•  Citrix Mobile Enroll for iOS. Allows you to enroll your iOS devices and users into Device Manager. (This is a separate app designed for iOS users and is installed on their mobile devices.)
• Citrix Mobile Connect. Provides access to your organization’s SharePoint server, allowing you to save documents and files locally, such as secure email attachments, intranet sites, and SharePoint documents, as well as the ability to publish local documents to your SharePoint server. You can configure a wide range of SharePoint access policies for company documents.
• Certificate Management. Enables Device Manager to renew or revoke certificates that are issued by XenMobile.
• SAML Authentication Support for iOS and Android. You can configure Device Manager (and cloud deployment of XenMobile) to connect with your SAML service and identity providers to enable authentication capabilities that are not dependent on Active Directory.
• XenMobile NAC REST API (Cisco ISE Enablement). The XenMobile implementation of Cisco ISE capabilities provides a robust set of REST APIs that enable you to control access to your network by unapproved mobile devices. The REST API queries user devices to execute actions on devices, such as wipe and lock, as well as send notification to devices.
• Network Access Control. If you have a Network Access Control (NAC) appliance set up in your network (such as a Cisco ISE), you can enable filters to set devices as compliant or not compliant for network access control based on rules or properties. If a XenMobile managed device does not meet the specified criteria and is marked as Not Compliant, the device will be blocked on your network by the NAC appliance.
• Secure Local Docs on Device from SharePoint. The XenMobile DLP solution now supports download and markup SharePoint documents and files on your device in the Documents folder. You can check files out for local view, and then check them back in at a later time.
• SharePoint DLP Personal Folder Support. Allows access of a user’s personal folder (based on user name) on their SharePoint server. If you allow SharePoint allows personal folders, then you can provide can access to those folders on the user device.

• App Tunnels for SharePoint Connections. You can create secure App Tunnels and deploy the tunnels to your SharePoint connections. App Tunnels allow you to create a secure connection to a network resource on a per-app basis. App tunnels define proxy parameters between the user component of mobile apps and the app server component.
• Secure Email Attachments.. Secure email attachments enable you to securely view encrypted email attachments securely through SharePoint DLP and email attachment document control policies. This new feature allows you to set policies for restricting access of email attachments for viewing only within designated XenMobile secure apps, so you can prevent printing and copying or pasting email attachments, and provides the ability to remove or wipe email attachments. With email attachment policies you can:
  • Control access and reading of selected file types (.doc, .PDF, .txt, audio, or video to name a few) as encrypted email attachments by using the XenMobile Secure App Container. When you open an attachment that is secured by Device Manager, the attachment is encrypted and secure. If you try to open or view the attachment in any other application or web site on any other device, it is decrypted and rendered unreadable, which protects your sensitive data.
  • Restrict or allow the file from being saved locally or opened and read in any other local apps.
  • Allow specific file types from being encrypted to allow for viewing, saving, forwarding, and uploading files that do not pose a security risk.
  • Restrict attachment viewing so the user cannot copy and paste, print, or email attachments.
  • Prevent attached documents from being viewed if the user emails the file to other users or uploads the attachment to a file sharing web site such as Box or Dropbox. Files removed from the XenMobile secure app container become encrypted and unreadable by other users.
  • Enable remote selective wipe of email attachment data on a device in the event a user leaves the company or the device is lost or stolen.
  • Customize the email subject heading and message to indicate secure nature of attachments.
  • Deploy secure email attachment document control policies easily as a standard XenMobile SharePoint DLP policy package.
• Role Base Access Controls for Software Inventory and Location Services. Role-based access controls allow you to manage your software inventory for devices and the device location services.These permissions allow the main features to function, but allow you to block (de-selected) or allow (selected) users viewing the information. For example, you can block a user from viewing software inventory, but you can block the device by using Secure Mobile Gateway if the users installs a blocked app on the device. You can also block users from viewing location service data but the device can still be geo-fenced or geolocated. Device Manager can also generate reports based on this information.

Secure Mobile Gateway 8.0.1 for XenMobile MDM

Secure Mobile Gateway 8.0.1 provides the following capabilities:

• Filter-based rules to allow or block access. A particular client request is evaluated against the organization’s rules. The end result is a binary state of allowed, in which the client is permitted to contact the CAS server, or blocked, in which the client request is dropped and access to the CAS is not permitted. Paired with settings in the Device Manager console, administrators can prevent Exchange ActiveSync email access to device users based on compliance criteria, such as when a black listed app is installed on the device, if the device is jailbroken, and so on).
• A two-tiered filter model. The first tier parses the incoming HTTP requests based on path-specific information, and the second tier filters based on user and/or device specific information. Both tiers are configurable.
• Filter rules stored in configuration files. Specific filter rules pertaining to the user accounts and devices in your organization are stored in the gateway’s XML configuration files.
• Encryption of email attachments for clients that use the ActiveSync protocol. Attachment encryption is selective based on the properties of the device and file types of attachments.

Multi-Tenant Console 8.0.1 for XenMobile MDM

XenMobile Multi-Tenant Console is a web console that enables service providers and organizations to administer several physical servers running XenMobile Device Manager from a single site. Each server can run multiple instances (also called tenants) of Device Manager. The servers are then logically independent from each other.

Remote Support 8.0.1 for XenMobile MDM

Remote Support is a software program installed on a Windows-based computer that allows support personnel to take remote control of the Windows Mobile devices. With Remote Support, you can:

• Display a list of all connected devices within one or more Device Manager servers.
• Display system information including device model, operating system level, International Mobile Station Equipment Identity (IMEI) and seria number, memory and battery status, and connectivity.
• Run the device task manager where you can display and end active processes and restart the mobile device.
• Run the remote file transfer that includes bidirectional file transfer between mobile devices and a central file server.
• Download and install software programs as a batch to one or more mobile devices.
• Configure remote registry key settings on the device.
• Optimize response time over low bandwidth cellular networks by using real-time device screen remote control.
• Display device skin with support of most of the mobile device brands and models and a skin editor to add new device models with mapping of physical keys.
• Enable device screen capture, record and replay with the ability to capture a sequence of interactions on the device that creates a video AVI file.
• Conduct live meetings by using a shared whiteboard, VoIP-based voice communications and chat between mobile users and support personnel.

ZSM Lite 6.1.8 for XenMobile MDM

ZSM Lite is a component that enables access to query Blackberry and ActiveSync environments and provides the device and user information to Device Manager via the XenMobile Mobile Service Provider (ZMSP). ZMSP offers Web Services for Device Manager to query BES users, AS devices and control operations like wipe and lock.