XenMobile - Enterprise Mobility Management

Posted by ewilliamson on July 21, 2015

Citrix is pioneering the most complete, integrated mobile solution that unites apps data and services so that they can be seamlessly and securely delivered to any user, on any device over any network or cloud.

• It’s all the apps you need for secure access to – windows, web, SaaS, mobile – unified and simply and intuitively accessible from your app store
• It’s the data – files, information – that you can easily store, share and sync from anywhere
• It’s the ability to collaborate with people and work in share workspaces on common projects
• It’s any device you choose for whatever task you are performing – mobile, tablet, laptop, PC or Mac
• It’s wherever you are – untethered from the desk
• Its’ your workspace wherever you take it
• The first key building block of any EMM solution is device level management. Some customers deploy many device level policies and controls while others minimize device level controls (BYOD).
• From a feature perspective many MDM vendors have a similar feature set because MDM is largely dependent on the APIs that are provided by the device and OS manufacturers. MDM vendors can only manage what the manufacturers allow them to manage.
• How does Citrix differentiate at the MDM layer? Differentiation on MDM alone is difficult. Most vendors support the same policies. However, not all vendors offer a similar set of policies and controls across multiple device types. This is a strength for Citrix. BYOD requires IT to support all device types. Whether it’s an iOS device, Android, Windows Phone, Windows OS (tablet) or even the new Amazon Fire Phone, Citrix allows IT to offer a consistent level of management across all of these device types.

XenMobile Server 10.1 is the latest offering of XenMobile

xen1.jpg  xen2.jpg

The XenMobile components you deploy are based on the device or app management requirements of your organization. The components of XenMobile are modular and build on each other. For example, you want to give users in your organization remote access to mobile apps and you need to track the device types with which users connect. In this scenario, you would deploy XenMobile with NetScaler Gateway. XenMobile is where you manage apps and devices, and NetScaler Gateway enables users to connect to your network.


The EMM technical stack consists of 4 different layers.

• Mobile Device Management (MDM)
• Mobile Application Management (MAM)
• Mobile Content Management (MCM) or Data Management – Think file sharing
• Productivity and Collaboration – Mobile Apps working together to promote productivity

Mobile Device Management Control Tier

xen4.jpg  xen5.jpg

XenMobile MDM provides full mobile device lifecycle management.

The device lifecycle consists of the following:

Configure device settings, email and applications, policies, and device and application restrictions.
Provision simply and rapidly by enabling user self-service device enrollment and distributing configuration, policy, and application packages in an automated, role-based way over-the-air.
Secure devices, applications, the network, and data by setting authentication and access policies, blacklisting and whitelisting applications, enabling application tunnels, enforcing security policies at the gateway, enabling content- and context-aware Mobile DLP, and providing Mobile Security Intelligence.
Support users by remotely locating, locking, and wiping devices in the event of loss or theft, as well as remotely troubleshooting device and service issues.
Monitor devices, infrastructure, service, and telecom expenses.
Decommission devices by identifying inactive devices and wiping or selectively wiping devices upon employee departure.

With XenMobile MDM, IT can

• Auto-configure, locate and secure devices
• Deploy internal and 3rd party mobile apps
• Real-time Active Directory integration for role-based configuration

Mobile Application Management Control Tier

xen6.jpg  xen7.jpg

• Moving up the EMM stack is App Management.

• App Management is about delivering secure apps, and securing the apps rather than the device. MDX allows you put a secure container around the business apps, and then you can determine which apps can and cannot communicate with each other, essentially allowing you to separate business and personal apps on the same device.

• Similar to device management, app management (MAM) provides IT with a common library of security policies that can be applied to any mobile application.

It’s the idea of taking unsecure apps and making them secure. A typical EMM deployment will use both MDM and MAM technologies

• Mobile Application Management (MAM) is the process of apply a set of policies and controls to the application rather than the device. This is done in one of two primary ways.

• 1. App wrapping – Adding a single line of code in front of any unsecure mobile app and redeploying that app in a corporate app store as a secure app. It can be as simple as adding password enforcement to an app such as Evernote that typically doesn’t require that.

• 2. SDK – Citrix allows provides application developers with an SDK too which allows them the ability to build the policies into the app rather than wrapping the app post compile.

• Both methods use the same library of policies.

• Citrix also has the WorxApp Gallery. This is a gallery of pre-wrapped third party applications that are ready for immediate deployment.

• The apps that you’ll find in the Worx App Gallery, whether they are 3rd party developed apps or those created by Citrix, have all been Worx-enabled through the Worx App SDK. What this means is that developers have added a single line of code to their apps that acts like conduit to app controls that have been enabled by the developer. When a Worx-enabled app runs it’s always looking for the presence of the Worx Home app on the device. The minute it sees Worx Home it knows that it must answer to the controls put in place by IT through XenMobile. An important distinction for those commercials apps that can be found in the Worx App Gallery is that unless Worx Home is present, the app acts like it normally would. Only Worx Home can activate the Worx-enabled functionality.

• Worx App SDK, an SDK that Worx-enables any mobile app

• SDK leverages MDX to add features like data encryption, password authentication, secure lock and wipe, inter-app policies and micro VPNs to mobile apps.

• Worx-enabled apps can be found in the Worx App Gallery  

Mobile Data Management Control Tier

xen8.jpg  xen9.jpg

• Moving further up through the EMM stack is Data Management

• The Data Management layer is one of the fastest growing layers of the EMM stack. This layer, also referred to Mobile Content Management (MCM) or Enterprise File Sync and Share (EFSS). This layer is about documents. Managing documents, sharing documents and accessing documents from any device.

• The tablet has changed everything. Reading and editing documents on a smart phone is somewhat difficult and not a very common practice but tablets are a different story. With tablets, users can easily view and edit documents.

• ShareFile Enterprise helps IT embrace user mobility requirements by offering a solution that enables employees to work and collaborate from anywhere, on any device. ShareFile offers apps specifically designed for providing a brilliant and intuitive experience on mobile devices and provides a mobile-optimized web site as alternative way to access data. The offline access feature allows users to access and edit their data on the go without interrupting workflow productivity. Single sign on access to apps and data provides users the ability to view, sync and now edit their data as they roam between devices.

• StorageZone Connectors enable mobile access to existing network shares and SharePoint without the need for data migration.

• Unique built-in Mobile Content Editor for rich content editing of Microsoft Word, Excel, PowerPoint documents or annotate PDFs on-the-go

Worx Productivity Apps

xen10.jpg  xen11.jpg

XenMobile industry leading integrated apps for productivity. These apps have grown in popularity due to the product integration between the applications. The ability to join online meetings with a single touch from your calendar app. The ability to attach multiple ShareFile files directly from WorxMail. The ability to open a secure intranet link directly from WorxMail without ever having to enter VPN credentials.

Mobile users are now able to complete more complex workflows from the mobile device. Ultimately the mobile user should be able to do everything they do from the office from their mobile device.

Citrix Worxspace Suite unites apps data and services so that they can be seamlessly and securely delivered to any user, on any device over any network or cloud.

xen12.jpg  xen13.jpg

Citrix is the ONLY vendor to be recognized as a leader in both EMM and EFSS Gartner Magic Quadrant reports.


I believe Citrix has developed the XenMobile platform tremendously ever since the acquisition from Zenprise and the scale that the solution has reached definitely makes it the best Enterprise Mobility Management in my eyes. Citrix have really focused on Security which is the main concern of any Networking and Security team and XenMobile supports Two Factor authentication which is definitely lacking with various other mobility platforms. I look forward to seeing the developments for this platform in the future.

As with most products the first step in successfully implementing XenMobile is to set up a PoC environment. This way you can get a feel of the product, play around with it a little bit and see what it is capable of in practice.
Make sure you check all the boxes, as you would expect all pre installation checks are required to guarantee a successful installation / implementation.

I cannot begin to stress how important it is to prepare for the solution to be implemented. Make sure you spend enough time on the pre-requisites and the actual scope of the project. Factor in Change control lead time as this can interfere with your schedule based upon my experience.

Author: Chris Larman, EUC Technical Consultant

Chris Larman is a EUC Technical Consultant for CDW Ltd and works mainly within the Citrix and Microsoft technical stack. He is a certified Expert in both arenas and has a number of certifications. Chris specialises in XenMobile, has designed and delivered various flavours of the solution ever since the acquisition of Device Manager from Zenprise.

Explore Our Partners