XenMobile

Jaan Feldmann

Sergei Sokolov

XenMobile and ShareFile

Magic Quadrant for Mobile Device Management Software

How Mobile Feels Today

User Needs Freedom to access all their apps and data

from any of their devices

For Enterprise IT,

mobile presents big challenges

IT Needs to meet security and compliance requirements

But the needs of users and IT must be balanced

The problem:

requires more than one tool.

Solving this

A complete set of tools

IT Needs to meet security and compliance requirements

Complete EMM

Solution to

Mobilize Your

Business

A complete stack for

managing and

securing apps, data,

and devices

App Management

Device Management

Data Management

The Mobile

Solutions Bundle

5 Key Features

Enterprise MDM

Secure email, browser and data sharing

Mobile app containers

Unified app store

Identity management, SSO and scenario-

based access control

Enterprise Grade MDM

Give users device choice

whether corporate issued or BYO

Manage the device

throughout lifecycle

Mail

Browser

Docs

Sandboxed Mail, Docs, and Browser

combined with a great user experience.

MDX Vault MDX Access MDX Interapp

Users can access

the apps they love

IT meets compliance

requirements

Disable Camera

Disable iCloud use

Disable printing

Disable sending email Disable sending SMS

Disable Copy/Paste

Restrict outbound URL

Disable Open-In Data protection

settings that allow IT

to take a granular, yet

measured approach Encrypt app and data

Any app. Any device. Emphasis on ANY.

Unified App Store

Available on 3B+ devices

Mobile apps native on device

Windows, datacenter and web apps delivered via Receiver

Any device smartphone, tablet, PC and Mac

Simple access for users

Simple provisioning,

revocation, and control for IT

Identity Management, SSO, and

Scenario-based Access

App Management

Device Management

Data Management

Device Management

Data Management

Secure Mail

Productivity and Collaboration

Ap

p M

an

ag

em

ent

Business Apps

The Mobile

Solutions Bundle

Deployment Mobile First Adoption

XenMobile MDM Edition Mobile Device Management

MDM Client

XM ActiveSync Controller

Complete Mobility Infrastructure Apps, Data, and Devices

Native Mail Encryption

Mobile Device Management

XM Device Manager

TMG

D M Z

XenMobile Device Manager

Actively manage policy and configuration for iOS, Android, Windows Mobile/CE and Symbian

Deploy and administer mobile applications Functionality varies by app and platform

Control data access with DLP add-on

Receives connections directly from mobile devices

Makes connections to: Database Server (MS SQL Server or Postgres) Directory Server (AD or any other LDAP based system)

XenMobile MDM Pre-requisites

Windows Server (Standard or Enterprise) 2003 64 bit, 2008 64 bit, or 2008 R2 64 bit

Service Accounts Installation account must be local admin of server Does not require SQL rights directly Account with database creation permissions in SQL

Intended MDM server does not need to be a member of the domain

Do not install IIS. Uninstall IIS if it exists on this server

External DNS record for the MDM server (ex. Mobile.yourcompany.com)

Apple APNS certificate required during the install, obtained using the XenMobile APNS Certificate Setup Guide

Java SE 7

Java Cryptography Extension (JCE) files Unlimited Strength Jurisdiction Policy Files copy local_policy.jar and US_export_policy.jar to /Java/jdk1.6.0_x/jre/lib/security

Software License

XM MDM Directory Services

Real-time access to LDAP (AD, Domino, etc..) source

Can configure multiple connections to multiple servers

Supports LDAP and LDAPS with certificate management

Wizard driven configuration

XM MDM Role Based Access Control

Roles can be created as desired For example, multiple helpdesk tiers, devices managed by business units, etc..

Access is granular by admin function or group

Roles are selected by group Groups can be defined locally or referenced from AD

Zenprise Security at the Network Secure Mobile Gateway

ZDM Secure Mobile Gateway Mail

Normal traffic flow 1

Rules, Device,

User Properties,

Applications

2 3G / 4G

Monitored traffic

flow 4

Blacklisted App

Install

X

3

Block on blacklisted apps, rooted devices, unmanaged devices, user/group

Internal

Resources

Block User from

Intranet

5

Device Support

Citrix XenMobile MDM allows you to manage the following mobile device platforms:

Apple handheld devices (iPhone, iPad) using iOS 5.0 or higher

Android handheld devices using 2.2 or higher

Microsoft Windows 8 Phone and Windows 8 Tablet Windows Mobile and its derivatives, including Smartphone and PocketPC Windows Mobile 5.x or 6.x (PocketPC or Smartphone Edition) Pocket PC 2003 Windows CE 4.x, 5.x or 6.x

BlackBerry handheld devices using BlackBerry OS versions 5.x, 6.x, and 7.x

Symbian

BB10

Feature

Mobile Windows 8 Windows 8 Phone

Dashboard --

Enhanced Enrollment Modes (OTP, Multifactor, Invitation-based)

-- -- -- -- --

Invitation Client Download -- -- -- -- --

Email Attachment Encryption -- -- -- -- --

App Lock ('Kiosk Mode') -- -- -- -- -- --

App Tunnels -- -- -- --

Mobile SSL VPN

Device Functionality Matrix (1 of 4)

Feature


Storage Card Encryption Policy

--

-- --

-- --

Auto discovery Logon -- -- -- --

Automated Actions --

Notifications -- -- --

Agent Notification -- -- -- -- --

Enterprise App Store -- -- -- -- --

Locate Device -- -- --


Feature


Geo-Tracking, Geo-Fencing

-- --

-- --

Secure SharePoint -- -- -- -- --

Remote client installation (OTA)

-- -- --

Provisioning of devices & users

-- -- --

Hardware Inventory --

Software Inventory --

Security Jailbreak detection

-- -- -- -- --


Feature


Remote Wipe & Lock

(limited)

Software download & install

-- --

File transfer --

Device Remote Control -- -- -- --

Roaming Management -- -- --

Reports (activity & devices inventory)

--

Local device data encryption (option)

-- -- -- --


MDM Policies Device specific configuration and restriction

policies

Application Tunnels Automated Actions Server Groups

XenMobile Policies Application access policies (black/white lists) XM SDK enabled app control DLP configuration MyWeb configuration

Policy Types

The passcode policy is the #1 feature used by our customers Deployed in 62% of instances

Common requirements (in order) 1. Have a passcode defined 2. Disallow simple passcodes 3. Set auto-lock time 4. Set maximum password age 5. Set maximum password length

Lock Screens

Passcode Policy - iOS

Configure the settings you wish to apply as your Corporate passcode policy for iOS devices Note: Turning on a passcode on an iOS device will by default, turn on hardware encryption.

Click on Policies > iOS | Configurations > New Configuration > Passcode to configure a Passcode policy for iOS devices

This is the #3 most popular policy type Deployed in 39% of instances

A location services policy must be pushed to a device in order to track the device or use the geofencing functionality

Location services policies only apply to iOS devices currently

Location Services

Geotracking results

Once enabled, ZDM can store up to 6 hours of movement for each device

XenMobile Mobility Bundle MDX Technologies & Mobile Application Management

Netscaler

MDM Client

Access

Gateway

Receiver

XM ActiveSync Controller

Complete Mobility Infrastructure Apps, Data, and Devices

XM AppController

Web & SaaS Mobile Apps Secure Data

Native Mail Encryption

Mobile Device Management

XM Device Manager

TMG

D M Z

Citrix Mobile App Management

Full support for both personal and corporate usage (BYOD) Corporate apps and data secure even on employee-owned devices New consumer-driven devices supported immediately

No risk of corporate data loss or compliance exceptions when: Device is lost or stolen or employee leaves organization Collaboration / file sharing apps used on the device

Governance is built-in Policies can be updated on hundreds of apps with no requirement to change source

code

No requirement for developers to change the way they develop apps or learn mobile security standards

MDX

App Vault

Secure container

that enables app and

data containment,

wipe and lock

MDX

Access

Secure access to

Intranet resources

MDX

InterApp

Trusted application

communication

fabric

MDX

Controller

private data

Citrix Receiver MDX InterApp

MDXVault

XenMobile

Native Mobile Apps

Deny SMS Disable iCloud Disable screenshots Force authentication Block jailbroken device

MDX Policies during app wrapping

app private data vault

app private data vault

MDXInterapp

XenMobile

private data


Open with

Deny access to in-secure applications

MDXAccess

private data


MDXAccess

private data


SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101

SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101

Access Gateway

C-VPN Mode

XenMobile

SaaS

Web

Mobile

Data

Data Containment Preliminary iOS Policies

AppWrapper

Mobile App Wrap tool runs on Mac OS X

Mobile App Wrap tool for Android Beta Available

Takes a pre-compiled iOS native application bundle (.IPA) as input

Produces repackaged iOS application bundle with Citrix app wrapper logic inserted (.MDX)

Recertifies the repacked app with using a customer provided enterprise distribution profile

App Preparation Process

Upload app to XenMobile

Push App via ZP Client

QuickOffice.ipa

Secure app with App Preparation

Tool

App available as a secure,

managed app

App is visible on iOS home screen

QuickOffice Enterprise QuickOffice Enterprise

QuickOffice

Me@Work mobile apps

Citrix @WorkWeb

Secure Browsing

@WorkMail Email, calendar

& contacts

ShareFile Follow-me

Data

GoToMeeting Integrated

Collaboration

Podio Social Team

Collaboration

Me@Work mobile app family

MDX

App Vault

MDX

InterApp

MDX

Policy

Allow Camera

iCloud Backup

Disable printing

Require Authentication Trusted Network Only

Enable DLP


InterApp Sharing

Offline lease period 24 h

MDX

Policy

Allow Camera

iCloud Backup

Disable printing

Require Authentication Trusted Network Only

Enable DLP


InterApp Sharing

Offline lease period 24 h

Secure app containers

Micro VPN

Lock and wipe

Inter-app controls

Conditional access policies

@WorkWeb @WorkMail

Secure browser

Internal web app access

Full inter-app integration

Consumer experience

MDX-secured

Mail, calendar, contacts

Enterprise class security

Beautiful native experience


MDX-secured

@WorkWeb

@WorkMail

Secure Exchange

connectivity

No new messaging

infrastructure

Connected/ disconnected

access

Any intranet site access

Native browser experience

@Work Mail

@WorkMail

Mail, calendar, contacts

Enterprise class security

Beautiful native experience


MDX-secured

Secure email body and attachment

Open in control to provide data leak

protection

NO Exchange server exposure to internet

Send email with ShareFile attachments

Integrated calendars and Exchange GAL

@WorkMail Internet

@Work Mail - Topology

Firewall

Client Access Server (CAS) Micro VPN NetScaler/

Access Gateway

@Work Web

60

@WorkWeb

Secure browser

Internal web app access


Consumer experience

MDX-secured

iOS and Android device intranet web

browsing

Easy accesst to SharePoint, Intranet Portal etc

Similar look/ feel as native browser

Safari on iOS; Chrome on Android

Single sign-on via NetScaler

Respond to HTTP 401

Internet

@Work Web - Topology

Firewall

Micro VPN NetScaler/

Access Gateway

@WorkWeb

Mobile Application Policies

ShareFile Enterprise

Consumerization of IT My Workspace My Device(s) My Apps ? My Data

Users Demand Instant file and data access from any device

File sharing (with anyone)

Easy and familiar (love Dropbox)

IT Wants Security

Control

no data leakage (hate Dropbox)

ShareFile Enterprise

Empower users with Instant access to data, synced across all devices

Improve collaboration and productivity through secure file sharing

Meet corporate security and compliance standards with a secure service

Deliver an enterprise-class service that meets workflow and productivity needs

Enable IT to retain control and deliver a managed service

Access data wherever its stored, on/off-premises, and existing data platforms

ShareFile Workspaces and ShareFile Sync

ShareFile Workspaces

Internal and external sharing

Large file support (up to 100 GB)

Custom Branding

ShareFile Sync

Sync data across all devices

Sync user data and team folders

Offline Access

Team Folders - File Distribution to Any Device

Latest file versions pushed to user devices

Restrict access to download only

ShareFile Enables Mobile Workstyles

Access, share and sync files from any device

Apps for mobile devices

Mobile-optimized ShareFile web site

Offline access and editing

Built-in Mobile Content Editor

Automatically sync folder contents

for offline editing

Offline editing of Microsoft Word,

Excel and PowerPoint documents

Mark up PDF documents with text,

arrows, shapes and drawings

Restrict use of unauthorized

content editing tools

Workflow Integration with Microsoft Outlook

Attachment conversion

Unclog mail servers Overcome

file size

restrictions

Better control and visibility

Request large files

Plug-ins for Windows Explorer and Mac Finder Integration

that provides an intuitive user experience

Windows Explorer and Mac Finder Integration

Choose where your data is stored

ShareFile with StorageZones

Citrix-managed StorageZone (AWS)

Customer-managed StorageZone (example)

Choose where your data is stored

Designated zones in public clouds

Manage StorageZones on-premises

On-Demand Sync

+

Optimized for Virtual Desktops

Instant access, share and sync Reduce storage costs

Secure by Design

Robust Security

Features

Reporting and auditing

Secure sharing

Device security

Remote wipe

Device lock

Poison pill

Passcode lock

Encryption through passcode lock

Restrict jailbroken devices

Secure Citrix Managed StorageZones

SSAE 16 audited data centers

256 bit SSL Encryption in transit

Files stored with AES 256-bit encryption at rest

All uploaded files scanned for viruses

All ShareFile servers protected by dedicated firewalls

All files are backed up and mirrored in real time

Reporting and Audit Trails

Audit trails

ShareFile Architecture

Why StorageZones?

Legal compliance with geographic storage requirements

Alignment with organizational policies

Files and folders in closer proximity to users

File access performance optimization

Compliance Performance

Citrix- Managed StorageZones

Storage Center (EC2)

S3

Authorization

*.sharefile.com Sharefile.eu.

DB

Client

Control Plane

Web Application Reporting

StorageZones

Storage centers Backend storage Various locations WW

Windows

phone

Storage Center (EC2)

S3

Customer- Managed StorageZones

Storage Center (Windows IIS)

NAS

Customer Datacenter

Client

Windows

phone

*.sharefile.com Sharefile.eu

Authorization

DB

Control Plane

StorageZones

Web Application Reporting

Storage centers Backend storage Various locations WW NAS

User Home Folder Root Folder-level

Using StorageZones

StorageZones can be set on

Using StorageZones

StorageZones can be set on User Home Folder Root Folder-level

ShareFile StorageZone Connectors

86

ShareFile Personal Folder ShareFile Team Folder

ShareFile Team Folder

Corp Governance SharePoint Library

Existing Network Share

SharePoint Doc Library (coming soon)

For Follow-me Data

Light Demo

App Management

Device Management

Data Management

Device Management

Data Management

Secure Mail

Productivity and Collaboration

Ap

p M

an

ag

em

ent

Business Apps

The Mobile

Solutions Bundle

Access Your Apps, Data and Desktops From Any Device

http://www.gartner.com/technology/reprints.do?id=1-1FRIMH0&ct=130523&st=sb

http://www.pqr.com/downloadformulier

http://www.citrix.com/products/xenmobile/try.html?ntref=header_try

http://www.sharefile.com

References

TakeAway

Testige Citrix XenMobile MDM vi XenMobile Enterprise Juunis Juulis

Korraldame kohtumise teiega testimiseks ja testitulemuste arutamiseks

Kingituseks: Segway sit kahele Tallinna Vanalinnas + Restorani kinkekaart

PS: ks kingitus ettevtte kohta

Kohtumiste korraldamiseks vtke palun hendust aadressil: [email protected]

Work better. Live better.

Licensing & Pricing On Prem & CSP

Mobile Solutions XenMobile MDM Edition Mobile Solutions Bundle

User Device User

Perpetual License $105 $80 $185

Perpetual SW Maintenance* (SA + Support) $24/yr. $17/yr $40/yr.

Annual License $45 $33 $74

Annual SW Maintenance* (SA + Support) $10 $7 $16

CSP Monthly (per calendar month) $4.81 $3.67 $8.48

* SWM required with perpetual and annual license model

Licensing & Pricing Cloud Hosted

XenMobile MDM Edition User Device

No HA HA No HA HA

Hosted 1 year $67 $91 $52 $70

Hosted 2 years $121 $165 $94 $127

Hosted 3 years $151 $205 $117 $158

NOTE:

HA is a customer decision at the time of purchase of the service and cannot be added on

ShareFile Enterprise: SKUs and Pricing

Packaging Options for Citrix-managed StorageZones

Citrix Confidential Subject to NDA

Packaging Options for Customer-managed StorageZones (on-premises)

Product Name Storage Entitlement

SRP (Per Year)

Software Maintenance

(Per Year)

ShareFile Enterprise Perpetual - 0 GB storage 0 GB per user $150 $33

ShareFile Enterprise Annual - 0 GB storage 0 GB per user $83/per year N/A

Product Name Storage Entitlement SRP (Per Year)

ShareFile Enterprise Annual - 20 GB storage 20 GB per user $198

ShareFile Enterprise Annual - 1 GB storage 1 GB per user $100

ShareFile Enterprise with 100 GB storage pack 100GB pooled $1500

XenMobile

Documents

Transcript of XenMobile