Home > All, Citrix, CloudGateway, MobileSolutions, Receiver, StoreFront, XenDesktop, XenMobile > #Citrix #XenMobile 8.5 MAM upgrade! Part 1 – #StoreFront, #AppController, #NetScaler

#Citrix #XenMobile 8.5 MAM upgrade! Part 1 – #StoreFront, #AppController, #NetScaler

In this little blog series series you’ll follow a little upgrade process to XenMobile 8.5 for Mobile Application Management (previously known as CloudGateway).

Ok, I don’t exactly know where to begin. I must first say that Citrix is THE master when it comes to renaming products, updating/changing the architecture, changing consoles (claiming to reducing the number of them like every year but at the same time introduce new ones).

How hard can it be to make crystal clear documentation and upgrade processes that works and are easy? I feel already that my tone in this blog post is “a bit” negative… but I think that Citrix actually deserves it this time.

I must now take a step back and calm down and point out that Citrix is delivering some MAJOR changes and good news/features in the new XenMobile 8.5 release though! It’s great (when you’ve got it up and running) and I must say that I don’t see anyone that is near them in delivering all these capabilities in a nice end-to-end  delivery!! 🙂

Have a look at everything that is new, deployment scenarios etc. here before you even start thinking to upgrade or change your current NetScaler, StoreFront and AppController environment!

Once you’ve started to read the different design scenarios you’ll see that App Controller can be placed in front of StoreFront, in the back of StoreFront or totally without StoreFront… all the options just make your head spin! Because Citrix doesn’t really make it clear on how all of this should work with a Receiver and Worx Home depending if the device is on the internal network, external through NetScaler or what the capabilities that you need are supported in the different scenarios in a simple way, just text that explains it. And I find the pictures and text a bit misleading:

You can include StoreFront in your deployment, which allows users access to published applications from XenApp and virtual desktops from XenDesktop, along with apps configured in App Controller. When users log on with Citrix Receiver, all of their apps appear in the store. The following figure shows how you can deploy NetScaler Gateway, App Controller, and StoreFront in your network.

Deploying App Controller with StoreFront and NetScaler Gateway

As you see above the App Controller is added as a “Farm” just as in 2.6, but is that the truth now in version 2.8 of App Controller?

If you have a look at the text from this page it’s getting even more confusing:

NetScaler Gateway in the DMZ and StoreFront for authentication. You can configure remote connections to route through NetScaler Gateway in the DMZ and then to an application running on a server in your network. In this release, you can also configure this deployment, but also enable StoreFront to act as the authentication server. In this way, Receiver routes a connection through App Controller, which proxies the connection to StoreFront for authentication. Next, the connection is proxied through NetScaler Gateway, which finally routes the request to App Controller.

Wow, let’s break it down! SO, in this case the NetScaler will do the authentication from remote Receivers/Worx Home clients, then SSO to App Controller over clientless VPN that just proxies the connection to StoreFront to do authentication, and then the Receiver/Worx Home client uses clientless VPN connectivity to talk to App Controller that then talks to StoreFront for XenApp/XenDesktop resource aggregation….? Or am I missing something.. seems to me then that the AppController is the more “fronting component” then (a part from the authentication that StoreFront does)…. hmmmm..

Now let’s take a look at this text:

XenDesktop and XenApp integration. When users connect to App Controller, they can view their web, SaaS, MDX and WorX mobile apps, in addition to their XenDesktop and XenApp applications and desktops. Users can view these apps in either the Web Interface or in Receiver if the Windows-based apps are delivered from StoreFront. When you configure StoreFront in front of App Controller and you configure Receiver to communicate with StoreFront, users continue to have a seamless experience.

Now we’re “back” to that StoreFront has to sit IN FRONT OF App Controller for users to have a seamless integration… Let’s now look at the migration PDF that Citrix has published here.

Here there are some CLEAR statements! Yeah!! Now let’s read and see if that makes things more clearer than the info in edocs does! Here is a nice little picture that shows how things could look like before migration:


This shows that App Controller 2.6 is behind StoreFront just as we’re used to it being! 🙂 Great, let’s continue and look at what they show after the migration:


Wow, it’s now SUPER CLEAR! App Controller SHALL be in FRONT of StoreFront! Or wait, what did the text in edocs say?

When you configure StoreFront in front of App Controller and you configure Receiver to communicate with StoreFront, users continue to have a seamless experience.

Come on Citrix, how are you gonna have it? Or is it only a seamless experience if you put StoreFront in front of App Controller when you use the Receiver? Is it seamless with the “new” architecture and App Controller in front if you use Worx Home?

I must say that documentation is not the strongest part of XenMobile and especially the App Controller side of things…

There are so many questions that now popped up in my head, how are we going to ensure that App Controller can handle the load if that is the one in front of multiple StoreFront servers? Ok, here Citrix has a clustering approach, but still haven’t found any scalability figures yet. But having the option is great!

Figure 1. Deploying App Controller with NetScaler in a Cluster

Deploying App Controller in a Cluster

One nice thing about the new Worx apps and App Controller 2.8 is the Worx App Gallery and all the apps that are beginning to popup that already are MDX capable and ready to be distributed. But remember that you have to implement and use Worx Home in order to use them!

Another important note to consider if you’re integrating App Controller with ShareFile is this one:

Important: You must create a role before you configure ShareFile settings. The role should contain the same number of members for which you obtain licenses. For example, if you have 100 licenses, the role should contain the same amount of users. If you use the AllUsers role, which might have more Active Directory accounts than licenses, synchronizing accounts in ShareFile and App Controller might fail. If you previously selected the AllUsers role or a role with too many Active Directory accounts, you must manually remove the role from ShareFile and then add the new role.

Of course you should also have a look at the reference architecture Citrix have posted: http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/reference-architecture-for-mobile-device-and-app-management.pdf 

So how does the process then look like and more important: does it work when upgrading your NetScalers, StoreFront and App Controllers just following their steps? And how easy is it if you have tons of apps and devices already in there? That’s the sole purpose of Part 2 of this blog post series, so stay tuned! 😉


  1. xdguy
    September 2, 2013 at 09:30

    Citrix documentation on this release is atrocious – no-one including Citrix Support seems to know how to properly set this up. And don’t get me started on needing the Legacy PNA option for AppController to talk to StoreFront!

  2. PatrickN
    September 2, 2013 at 19:04

    In all honesty, thanks for the frank critique. Even though it’s bitter medicine, it’s medicine we need. We are listening (pubs, information experience teams) and we are working to make the documentation better. Stay tuned for a new and improved deployment guide for the end to end enterprise solution, plus a major overhaul on the doc content across client and server pieces of XenMobile.

  3. Mike
    December 11, 2013 at 22:38

    You sound bitter 🙂

  4. December 12, 2013 at 13:03

    Hi, not really bitter but as Patrick mentioned I think they have some things to improve. And some has been approved but I’d still recommend to find a Steve jobs kind of thinker and hire him/her! 😉 Cheers!

  1. September 8, 2013 at 20:06
  2. September 9, 2013 at 06:35

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: