XenMobile
-
Upload
naveen-narasimha-murthy -
Category
Documents
-
view
122 -
download
9
description
Transcript of XenMobile
-
Jaan Feldmann
Sergei Sokolov
XenMobile and ShareFile
-
Magic Quadrant for Mobile Device Management Software
-
How Mobile Feels Today
-
User Needs Freedom to access all their apps and data
from any of their devices
-
For Enterprise IT,
mobile presents big challenges
-
IT Needs to meet security and compliance requirements
-
But the needs of users and IT must be balanced
-
The problem:
requires more than one tool.
Solving this
-
A complete set of tools
IT Needs to meet security and compliance requirements
-
Complete EMM
Solution to
Mobilize Your
Business
-
A complete stack for
managing and
securing apps, data,
and devices
App Management
Device Management
Data Management
The Mobile
Solutions Bundle
-
5 Key Features
Enterprise MDM
Secure email, browser and data sharing
Mobile app containers
Unified app store
Identity management, SSO and scenario-
based access control
-
Enterprise Grade MDM
Give users device choice
whether corporate issued or BYO
Manage the device
throughout lifecycle
-
Mail
Browser
Docs
Sandboxed Mail, Docs, and Browser
combined with a great user experience.
-
MDX Vault MDX Access MDX Interapp
Users can access
the apps they love
IT meets compliance
requirements
-
Disable Camera
Disable iCloud use
Disable printing
Disable sending email Disable sending SMS
Disable Copy/Paste
Restrict outbound URL
Disable Open-In Data protection
settings that allow IT
to take a granular, yet
measured approach Encrypt app and data
-
Any app. Any device. Emphasis on ANY.
Unified App Store
Available on 3B+ devices
Mobile apps native on device
Windows, datacenter and web apps delivered via Receiver
Any device smartphone, tablet, PC and Mac
-
Simple access for users
Simple provisioning,
revocation, and control for IT
Identity Management, SSO, and
Scenario-based Access
-
App Management
Device Management
Data Management
Device Management
Data Management
Secure Mail
Productivity and Collaboration
Ap
p M
an
ag
em
ent
Business Apps
The Mobile
Solutions Bundle
-
Deployment Mobile First Adoption
-
XenMobile MDM Edition Mobile Device Management
-
MDM Client
XM ActiveSync Controller
Complete Mobility Infrastructure Apps, Data, and Devices
Native Mail Encryption
Mobile Device Management
XM Device Manager
TMG
D M Z
-
XenMobile Device Manager
Actively manage policy and configuration for iOS, Android, Windows Mobile/CE and Symbian
Deploy and administer mobile applications Functionality varies by app and platform
Control data access with DLP add-on
Receives connections directly from mobile devices
Makes connections to: Database Server (MS SQL Server or Postgres) Directory Server (AD or any other LDAP based system)
-
XenMobile MDM Pre-requisites
Windows Server (Standard or Enterprise) 2003 64 bit, 2008 64 bit, or 2008 R2 64 bit
Service Accounts Installation account must be local admin of server Does not require SQL rights directly Account with database creation permissions in SQL
Intended MDM server does not need to be a member of the domain
Do not install IIS. Uninstall IIS if it exists on this server
External DNS record for the MDM server (ex. Mobile.yourcompany.com)
Apple APNS certificate required during the install, obtained using the XenMobile APNS Certificate Setup Guide
Java SE 7
Java Cryptography Extension (JCE) files Unlimited Strength Jurisdiction Policy Files copy local_policy.jar and US_export_policy.jar to /Java/jdk1.6.0_x/jre/lib/security
Software License
-
XM MDM Directory Services
Real-time access to LDAP (AD, Domino, etc..) source
Can configure multiple connections to multiple servers
Supports LDAP and LDAPS with certificate management
Wizard driven configuration
-
XM MDM Role Based Access Control
Roles can be created as desired For example, multiple helpdesk tiers, devices managed by business units, etc..
Access is granular by admin function or group
Roles are selected by group Groups can be defined locally or referenced from AD
-
Zenprise Security at the Network Secure Mobile Gateway
ZDM Secure Mobile Gateway Mail
Normal traffic flow 1
Rules, Device,
User Properties,
Applications
2 3G / 4G
Monitored traffic
flow 4
Blacklisted App
Install
X
3
Block on blacklisted apps, rooted devices, unmanaged devices, user/group
Internal
Resources
Block User from
Intranet
5
-
Device Support
Citrix XenMobile MDM allows you to manage the following mobile device platforms:
Apple handheld devices (iPhone, iPad) using iOS 5.0 or higher
Android handheld devices using 2.2 or higher
Microsoft Windows 8 Phone and Windows 8 Tablet Windows Mobile and its derivatives, including Smartphone and PocketPC Windows Mobile 5.x or 6.x (PocketPC or Smartphone Edition) Pocket PC 2003 Windows CE 4.x, 5.x or 6.x
BlackBerry handheld devices using BlackBerry OS versions 5.x, 6.x, and 7.x
Symbian
BB10
-
Feature
Mobile Windows 8 Windows 8 Phone
Dashboard --
Enhanced Enrollment Modes (OTP, Multifactor, Invitation-based)
-- -- -- -- --
Invitation Client Download -- -- -- -- --
Email Attachment Encryption -- -- -- -- --
App Lock ('Kiosk Mode') -- -- -- -- -- --
App Tunnels -- -- -- --
Mobile SSL VPN
Device Functionality Matrix (1 of 4)
-
Feature
Mobile Windows 8 Windows 8 Phone
Storage Card Encryption Policy
--
-- --
-- --
Auto discovery Logon -- -- -- --
Automated Actions --
Notifications -- -- --
Agent Notification -- -- -- -- --
Enterprise App Store -- -- -- -- --
Locate Device -- -- --
Device Functionality Matrix (2 of 4)
-
Feature
Mobile Windows 8 Windows 8 Phone
Geo-Tracking, Geo-Fencing
-- --
-- --
Secure SharePoint -- -- -- -- --
Remote client installation (OTA)
-- -- --
Provisioning of devices & users
-- -- --
Hardware Inventory --
Software Inventory --
Security Jailbreak detection
-- -- -- -- --
Device Functionality Matrix (3 of 4)
-
Feature
Mobile Windows 8 Windows 8 Phone
Remote Wipe & Lock
(limited)
Software download & install
-- --
File transfer --
Device Remote Control -- -- -- --
Roaming Management -- -- --
Reports (activity & devices inventory)
--
Local device data encryption (option)
-- -- -- --
Device Functionality Matrix (4 of 4)
-
MDM Policies Device specific configuration and restriction
policies
Application Tunnels Automated Actions Server Groups
XenMobile Policies Application access policies (black/white lists) XM SDK enabled app control DLP configuration MyWeb configuration
Policy Types
-
The passcode policy is the #1 feature used by our customers Deployed in 62% of instances
Common requirements (in order) 1. Have a passcode defined 2. Disallow simple passcodes 3. Set auto-lock time 4. Set maximum password age 5. Set maximum password length
Lock Screens
-
Passcode Policy - iOS
Configure the settings you wish to apply as your Corporate passcode policy for iOS devices Note: Turning on a passcode on an iOS device will by default, turn on hardware encryption.
Click on Policies > iOS | Configurations > New Configuration > Passcode to configure a Passcode policy for iOS devices
-
This is the #3 most popular policy type Deployed in 39% of instances
A location services policy must be pushed to a device in order to track the device or use the geofencing functionality
Location services policies only apply to iOS devices currently
Location Services
-
Geotracking results
Once enabled, ZDM can store up to 6 hours of movement for each device
-
XenMobile Mobility Bundle MDX Technologies & Mobile Application Management
-
Netscaler
MDM Client
Access
Gateway
Receiver
XM ActiveSync Controller
Complete Mobility Infrastructure Apps, Data, and Devices
XM AppController
Web & SaaS Mobile Apps Secure Data
Native Mail Encryption
Mobile Device Management
XM Device Manager
TMG
D M Z
-
Citrix Mobile App Management
Full support for both personal and corporate usage (BYOD) Corporate apps and data secure even on employee-owned devices New consumer-driven devices supported immediately
No risk of corporate data loss or compliance exceptions when: Device is lost or stolen or employee leaves organization Collaboration / file sharing apps used on the device
Governance is built-in Policies can be updated on hundreds of apps with no requirement to change source
code
No requirement for developers to change the way they develop apps or learn mobile security standards
-
MDX
App Vault
Secure container
that enables app and
data containment,
wipe and lock
MDX
Access
Secure access to
Intranet resources
MDX
InterApp
Trusted application
communication
fabric
MDX
Controller
-
private data
Citrix Receiver MDX InterApp
MDXVault
XenMobile
Native Mobile Apps
Deny SMS Disable iCloud Disable screenshots Force authentication Block jailbroken device
MDX Policies during app wrapping
app private data vault
app private data vault
-
MDXInterapp
XenMobile
private data
Citrix Receiver MDX InterApp
Open with
Deny access to in-secure applications
-
MDXAccess
private data
Citrix Receiver MDX InterApp
-
MDXAccess
private data
Citrix Receiver MDX InterApp
SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101
SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101
Access Gateway
C-VPN Mode
XenMobile
SaaS
Web
Mobile
Data
-
Data Containment Preliminary iOS Policies
-
AppWrapper
Mobile App Wrap tool runs on Mac OS X
Mobile App Wrap tool for Android Beta Available
Takes a pre-compiled iOS native application bundle (.IPA) as input
Produces repackaged iOS application bundle with Citrix app wrapper logic inserted (.MDX)
Recertifies the repacked app with using a customer provided enterprise distribution profile
-
App Preparation Process
Upload app to XenMobile
Push App via ZP Client
QuickOffice.ipa
Secure app with App Preparation
Tool
App available as a secure,
managed app
App is visible on iOS home screen
QuickOffice Enterprise QuickOffice Enterprise
QuickOffice
-
Me@Work mobile apps
Citrix @WorkWeb
Secure Browsing
@WorkMail Email, calendar
& contacts
ShareFile Follow-me
Data
GoToMeeting Integrated
Collaboration
Podio Social Team
Collaboration
Me@Work mobile app family
-
MDX
App Vault
-
MDX
InterApp
-
MDX
Policy
Allow Camera
iCloud Backup
Disable printing
Require Authentication Trusted Network Only
Enable DLP
Restrict outbound URL
InterApp Sharing
Offline lease period 24 h
-
MDX
Policy
Allow Camera
iCloud Backup
Disable printing
Require Authentication Trusted Network Only
Enable DLP
Restrict outbound URL
InterApp Sharing
Offline lease period 24 h
Secure app containers
Micro VPN
Lock and wipe
Inter-app controls
Conditional access policies
-
@WorkWeb @WorkMail
Secure browser
Internal web app access
Full inter-app integration
Consumer experience
MDX-secured
Mail, calendar, contacts
Enterprise class security
Beautiful native experience
Full inter-app integration
MDX-secured
-
@WorkWeb
@WorkMail
Secure Exchange
connectivity
No new messaging
infrastructure
Connected/ disconnected
access
Any intranet site access
Native browser experience
-
@Work Mail
@WorkMail
Mail, calendar, contacts
Enterprise class security
Beautiful native experience
Full inter-app integration
MDX-secured
Secure email body and attachment
Open in control to provide data leak
protection
NO Exchange server exposure to internet
Send email with ShareFile attachments
Integrated calendars and Exchange GAL
-
@WorkMail Internet
@Work Mail - Topology
Firewall
Client Access Server (CAS) Micro VPN NetScaler/
Access Gateway
-
@Work Web
60
@WorkWeb
Secure browser
Internal web app access
Full inter-app integration
Consumer experience
MDX-secured
iOS and Android device intranet web
browsing
Easy accesst to SharePoint, Intranet Portal etc
Similar look/ feel as native browser
Safari on iOS; Chrome on Android
Single sign-on via NetScaler
Respond to HTTP 401
-
Internet
@Work Web - Topology
Firewall
Micro VPN NetScaler/
Access Gateway
@WorkWeb
-
Mobile Application Policies
-
ShareFile Enterprise
-
Consumerization of IT My Workspace My Device(s) My Apps ? My Data
-
Users Demand Instant file and data access from any device
File sharing (with anyone)
Easy and familiar (love Dropbox)
IT Wants Security
Control
no data leakage (hate Dropbox)
-
ShareFile Enterprise
Empower users with Instant access to data, synced across all devices
Improve collaboration and productivity through secure file sharing
Meet corporate security and compliance standards with a secure service
Deliver an enterprise-class service that meets workflow and productivity needs
Enable IT to retain control and deliver a managed service
Access data wherever its stored, on/off-premises, and existing data platforms
-
ShareFile Workspaces and ShareFile Sync
ShareFile Workspaces
Internal and external sharing
Large file support (up to 100 GB)
Custom Branding
ShareFile Sync
Sync data across all devices
Sync user data and team folders
Offline Access
-
Team Folders - File Distribution to Any Device
Latest file versions pushed to user devices
Restrict access to download only
-
ShareFile Enables Mobile Workstyles
Access, share and sync files from any device
Apps for mobile devices
Mobile-optimized ShareFile web site
Offline access and editing
-
Built-in Mobile Content Editor
Automatically sync folder contents
for offline editing
Offline editing of Microsoft Word,
Excel and PowerPoint documents
Mark up PDF documents with text,
arrows, shapes and drawings
Restrict use of unauthorized
content editing tools
-
Workflow Integration with Microsoft Outlook
Attachment conversion
Unclog mail servers Overcome
file size
restrictions
Better control and visibility
Request large files
-
Plug-ins for Windows Explorer and Mac Finder Integration
that provides an intuitive user experience
Windows Explorer and Mac Finder Integration
-
Choose where your data is stored
-
ShareFile with StorageZones
Citrix-managed StorageZone (AWS)
Customer-managed StorageZone (example)
Choose where your data is stored
Designated zones in public clouds
Manage StorageZones on-premises
-
On-Demand Sync
+
Optimized for Virtual Desktops
Instant access, share and sync Reduce storage costs
-
Secure by Design
-
Robust Security
Features
Reporting and auditing
Secure sharing
Device security
Remote wipe
Device lock
Poison pill
Passcode lock
Encryption through passcode lock
Restrict jailbroken devices
-
Secure Citrix Managed StorageZones
SSAE 16 audited data centers
256 bit SSL Encryption in transit
Files stored with AES 256-bit encryption at rest
All uploaded files scanned for viruses
All ShareFile servers protected by dedicated firewalls
All files are backed up and mirrored in real time
-
Reporting and Audit Trails
Audit trails
-
ShareFile Architecture
-
Why StorageZones?
Legal compliance with geographic storage requirements
Alignment with organizational policies
Files and folders in closer proximity to users
File access performance optimization
Compliance Performance
-
Citrix- Managed StorageZones
Storage Center (EC2)
S3
Authorization
*.sharefile.com Sharefile.eu.
DB
Client
Control Plane
Web Application Reporting
StorageZones
Storage centers Backend storage Various locations WW
Windows
phone
-
Storage Center (EC2)
S3
Customer- Managed StorageZones
Storage Center (Windows IIS)
NAS
Customer Datacenter
Client
Windows
phone
*.sharefile.com Sharefile.eu
Authorization
DB
Control Plane
StorageZones
Web Application Reporting
Storage centers Backend storage Various locations WW NAS
-
User Home Folder Root Folder-level
Using StorageZones
StorageZones can be set on
-
Using StorageZones
StorageZones can be set on User Home Folder Root Folder-level
-
ShareFile StorageZone Connectors
86
ShareFile Personal Folder ShareFile Team Folder
ShareFile Team Folder
Corp Governance SharePoint Library
Existing Network Share
SharePoint Doc Library (coming soon)
-
For Follow-me Data
-
Light Demo
-
App Management
Device Management
Data Management
Device Management
Data Management
Secure Mail
Productivity and Collaboration
Ap
p M
an
ag
em
ent
Business Apps
The Mobile
Solutions Bundle
-
Access Your Apps, Data and Desktops From Any Device
-
http://www.gartner.com/technology/reprints.do?id=1-1FRIMH0&ct=130523&st=sb
http://www.pqr.com/downloadformulier
http://www.citrix.com/products/xenmobile/try.html?ntref=header_try
http://www.sharefile.com
References
-
TakeAway
Testige Citrix XenMobile MDM vi XenMobile Enterprise Juunis Juulis
Korraldame kohtumise teiega testimiseks ja testitulemuste arutamiseks
Kingituseks: Segway sit kahele Tallinna Vanalinnas + Restorani kinkekaart
PS: ks kingitus ettevtte kohta
Kohtumiste korraldamiseks vtke palun hendust aadressil: [email protected]
-
Work better. Live better.
-
Licensing & Pricing On Prem & CSP
Mobile Solutions XenMobile MDM Edition Mobile Solutions Bundle
User Device User
Perpetual License $105 $80 $185
Perpetual SW Maintenance* (SA + Support) $24/yr. $17/yr $40/yr.
Annual License $45 $33 $74
Annual SW Maintenance* (SA + Support) $10 $7 $16
CSP Monthly (per calendar month) $4.81 $3.67 $8.48
* SWM required with perpetual and annual license model
-
Licensing & Pricing Cloud Hosted
XenMobile MDM Edition User Device
No HA HA No HA HA
Hosted 1 year $67 $91 $52 $70
Hosted 2 years $121 $165 $94 $127
Hosted 3 years $151 $205 $117 $158
NOTE:
HA is a customer decision at the time of purchase of the service and cannot be added on
-
ShareFile Enterprise: SKUs and Pricing
Packaging Options for Citrix-managed StorageZones
Citrix Confidential Subject to NDA
Packaging Options for Customer-managed StorageZones (on-premises)
Product Name Storage Entitlement
SRP (Per Year)
Software Maintenance
(Per Year)
ShareFile Enterprise Perpetual - 0 GB storage 0 GB per user $150 $33
ShareFile Enterprise Annual - 0 GB storage 0 GB per user $83/per year N/A
Product Name Storage Entitlement SRP (Per Year)
ShareFile Enterprise Annual - 20 GB storage 20 GB per user $198
ShareFile Enterprise Annual - 1 GB storage 1 GB per user $100
ShareFile Enterprise with 100 GB storage pack 100GB pooled $1500