Archive

Posts Tagged ‘DNS’

How To: #XenMobile #MDM 8.5 Deployment Part 1 and 2: Installation – via @AdamInTheCloud

September 8, 2013 1 comment

Wow, it’s like Adam read my mind, I’m doing the same kind of blog post series but for a XenMobile MAM deployment! Will post part 2 of the MAM series later tonight (once it’s done, waiting on some StoreFront issues to solve and I’m getting there!)

But in the meantime have a look at this great series by Adam! Great job Adam!!!

How To: XenMobile MDM 8.5 Deployment Part 1: Installation

n late 2012 Citrix announced they had purchased a 7-year-old startup company called Zenprise that was a hot player in the mobile device security market. Up until that time, Citrix was positioning for that sector with its CloudGateway Enterprise product and focusing mostly on apps and data management..not really the device. Zenprise helped them flesh out their offering, which is now known as “XenMobile”. Although it’s gone through a few iterations it has finally reached a final “form” if you will of three editions: MDM, App, and Enterprise.

The purpose of this article series will be to walk through the installation and basic setup of the MDM (Mobile Device Management) Edition which focuses almost exclusively on managing the device, and not necessarily so much the data or apps. Although it is capable of application pushes and the like… a feature comparison can be found on Citrix’ website HERE. I encourage you to view that. One major difference to note is MDM does not sandbox apps/data, but App Edition does, and Enterprise Edition can.

In researching this product for some internal training we are currently going through it became pretty apparent there is very little information out there on it, and if there is its unfortunately outdated because the product has been rapidly evolving over the first half of the year. In this series of blog articles I will go over how to deploy a single instance of XenMobile 8.5 MDM on an internal network, configure basic policies and rules, and apply them to your devices.

If you would like to read the other parts in this article series please go to:

This, unfortunately is the most boring part of MDM which is the install…but I would be remiss by not going over it for some of you that “have to see” it. So lets get to it so we can get on to the more exciting stuff!

First: Pre-req’s. All of this is straight from eDocs, I’m not reinventing the wheel here.

  • MDM 8.5 needs to go on a 2008 R2 or 2012 server.
  • Setup an active directory service account and make it a local admin on the MDM server
  • Disable IPv6 (not via registry, just uncheck the box)
  • UAC disabled
  • Firewall disabled (this is my preference..I disable server firewalls but you’re welcome to do as you wish)
  • Your service account needs permissions creator/owner/read/write on your SQL server. I will not be using PostgreSQL.
  • SQL 2005/2008/R2/2012 in your environment (Reference Architecture recommends SQL for production deployments, not PostgreSQL. See HERE)
  • Java SE 7 Update 11 (dk-7u4-windows-x64.exe) installed on the server
  • Java Cryptography Extension (JCE) USJP 7 on the serverExternal DNS record such as mobile.mydomain.com
    • To install the Java Cryptography Extension
      • Install Java SE 7u11
      • Open the JCE zip file and copy local_policy.jar and US_export_policy.jar to your computer desktop.
      • Navigate to the folder /java/jdk1.7.0_x/jre/lib/security and copy the files from Step 2 to this folder.
  • Obtain an Apple….

Continue reading part 1 here and part 2 here!

//Richard

Configuring Email-Based Account Discovery for #Citrix #Receiver

Check out this great blog post from Avinash Golusula:

Configuring Email-Based Account Discovery

1     Add DNS Service Location (SRV) record to enable email based discovery

During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.

To enable Citrix Receiver to locate available stores on the basis of users’ email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named “discoverReceiver” to identify a StoreFront/AppController server.

You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.

To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.

  • Log in to your DNS server
  • In DNS > Right-click your Forward Lookup Zone
  • Click on Other New Records
  • Scroll down to Service Location (SRV)
  • Configuring Email-Based Account Discovery
  • Choose Create Record

#Citrix #GSLB blog post – GeoLite City as NetScaler location database

December 3, 2012 Leave a comment

This was a good blog post! And I really like GSLB, of course there may be functionalities that you’d like to advance etc but it’s great! And this post addresses one topic of it;

You may know this problem: Your boss made you build several data centers around the globe with a bunch of NetScalers in the mix to load balance services across the various locations using GSLB (Global Server Load Balancing). But when it comes to configuring a static proximity geo IP database to help with that not too easy to understand dynamic proximity feature you notice most of these databases are commercial and you are out of budget. Luckily though, there are several free versions of geo IP databases out there, which reportedly work quite well. Before using one of those, you should carefully review the license terms. Some aren’t necessarily free for commercial use…

Moreover, these free versions are very popular, well maintained and were frequently updated (I say were because with the assignment of the last IP block by RIPE earlier in 2012 there shouldn’t be too many changes to the databases anymore) . So it’s fair to say that many of our clients who are using these databases are very satisfied with them.

Why is a database with IP addresses and address blocks necessary for such a setup? GSLB responds to DNS requests for a domain name with an IP address of a member service. Which service IP is returned is dependent on the load-balancing algorithm used, for example least connection, simple round robin or more commonly used, proximity to the client (or the clients local DNS to be precise). For proximity based GSLB, when a client sends a DNS request, the system determines the best suitable site…

Continue reading here!

//Richard

%d bloggers like this: