Blog, Citrix, Clustering, XenMobile

XenMobile 10 – Configuration Series Part 4: Cluster Configuration

Long story short – how to create XenMobile 10 Cluster fast!

Documentation for XenMobile 10 clustering hasn’t been released yet (12/3/2015), so here is the steps to add second node quickly into XenMobile Cluster configuration. In XenMobile 10, clustering the XenMobile virtual appliances has been really simplified.

After you have configured your first XenMobile servers, you need to enable Clustering if you didn’t on First Time Use Mode configuration phase.

1. Log in to your XenMobile server console and enable Clustering:

In Main Menu choose [1] Clustering -> [2] Enable/Disable cluster -> press y and enter to enable clustering and reboot virtual appliance.

2. Log in back to the console and open firewall port 80:

In Main Menu choose [0] Configuration-> [2] Firewall -> press y when asked HTTP Service Enable Access. Press enter to all the other settings to accept default choices.

3. Shut down your XenMobile server to make a clone of it.

4. Depending what virtualisation vendor/product you’re using, choose to create full clone of your XenMobile Server. When the clone process is completed, start the new cloned virtual appliance.  Make sure to leave the initial virtual appliance powered off.

5. Go to the Network settings and change IP address and reboot virtual appliance.

6. Power up another XenMobile server as well and wait until both are up.

7. Check the cluster status.

8. Check the Hazelcast cluster status. (yes, console has a typing error 🙂 If other node is not visible on the Hazelcast cluster status, reboot the node and check back again.

9. Log in the XenMobile Web Console, the IP address can be either of the cluster members.

10. Click the wrench icon next to the username to get Support site open.


11. Click Cluster Information and check Cluster Members and Hazelcast Cluster Information and you’re done!





Views: 2454

Read More
APNS, Apple, Blog, certificate, Citrix, XenMobile

XenMobile 10 – Configuration Series Part 3: Requesting an APNS Certificate

In order to enroll and manage iOS devices with Device Manager, you need to set up and create an Apple Push Notification Service (APNS) certificate from Apple. This guide shows basic steps for requesting the APNS certificate:

– Use a Windows 2008 R2 Server and Microsoft Internet Information Server (IIS) to generate a certificate signing request (CSR).
– Request an APNS certificate from Apple.
– Import the certificate to XenMobile 10.


Create a Certificate Signing Request (CSR) by using Microsoft IIS


1. Log in to a Windows Server where IIS is installed and in the Server Certificates window, click Create Certificate Request.

2. Type the appropriate Distinguished Name (DN) information and then click Next.

3. Select Microsoft RSA SChannel Cryptographic Provider for the Cryptographic Service Provider and 2048 for bit length and then click Next.

4. Enter a file name and specify a location to save the CSR and then click Finish.

Submit the CSR to Citrix for signing

1. Go to the Website URL: and log in using your MyCitrix credentials.

2. Follow the instructions to upload your CSR file.

3. Press Sign.

4. Download and save your Citrix Signed CSR file.

Submit the signed CSR to Apple to obtain the APNS certificate

1. Go to the Website URL: and log in using your Apple ID credentials.

2. Click Create a Certificate.

3. Accept Terms of Use.

4. Choose your Citrix signed CSR file and Upload it.

5. Download and save APNS certificate.

Convert the .pem certificate file to the .p12 format

1. Log in back to a Windows Server where IIS is installed and in the Server Certificates window, click Complete Certificate Request. Choose the APNS certificate file and fill the details and press OK.

2. Choose APNS certificate and click Export.

3. Select place to save certification file and choose new password to import certificate into XenMobile 10 in next step.

Import an APNS certificate into XenMobile 10

1. Log in to the XenMobile Web Console. Go to the Configure -> Settings -> Certificates and choose Import to upload APNS certificate into XenMobile. Fill the details as in the fig above and press Import.

2. Press OK and you’re done!


Views: 4543

Read More
Blog, Citrix, Licensing, XenMobile

XenMobile 10 – Configuration Series Part 2: Configuring Remote Licensing


XenMobile 10 uses Citrix Licensing to manage licenses. XenMobile comes with an evaluation license valid 30 days. If you decide to use your Citrix license, you can configure it at any time. You can install licenses locally or use Citrix License Server. I will show how to configure Citrix license on the remote license server.

Important: If you intend to use cluster nodes, or instances of XenMobile, you need to use Citrix Licensing on a remote server.

More information see:



– Citrix License Server installed.
Download link: 

– Citrix XenMobile license downloaded from Citrix and imported into License Server.
More info how to obtain license file:


Configuring licensing:

1. Log in to the XenMobile Web Console and choose Configure -> Settings -> Licensing


2. Change License type: Remote license
3. Type License server name or IP address
4. Choose license server Port (default 27000) and press Test Connection


5. After successfully connection to the License Server valid license should be visible.


6. Optionally you can configure License Expiration notification. Press Next.


7. All done, press Finish. 🙂





Views: 2112

Read More
Blog, certificate, Citrix, FIPS, XenMobile

XenMobile 10 – Configuration Series Part 1: Installing in FIPS 140-2 Compliance Mode

The latest version of XenMobile includes FIPS 140-2 compliant encryption for mobile apps, ensuring government and enterprise workers can access critical documents and apps securely. XenMobile 10 expands FIPS 140-2 support by encrypting connections from the network to the server and connections to the console. This is in addition to the existing client-side FIPS 140-2 that came with XenMobile 9.

This guide helps you go thru how to install XenMobile 10 in FIPS Compliance Mode.


What is FIPS?

The Federal Information Processing Standard (FIPS), issued by the US National Institute of Standards and Technologies (NIST), specifies the security requirements for cryptographic modules used in security systems. FIPS 140-2 is the second version of this standard.

More detailed information about FIPS and NIST see links:


XenMobile 10 – Installation


– Microsoft SQL Server ready for the XenMobile database.
– SSL certificate installed on the MS SQL and encrypted connections enabled on it.
– Root Certificate exported.

Important: You can enable XenMobile FIPS mode only during initial installation.


Configuring XenMobile 10 for the First Time Use:

After you have downloaded and imported XenMobile 10 virtual appliance into hypervisor, start the virtual machine and open console view.

1. Enter new password for the Admin (CLI) user.


2. Provide Network settings and commit by pressing y and hit Enter.


3. Type y to increase security by generating a random passphrase. The passphrase is used as part of the protection of the encryption keys used to secure your sensitive data.


4. There we are! Type y and hit Enter to enable FIPS mode configuration.

Important: FIPS mode only supports an SSL encrypted remote database connection.


5. Hit Enter to accept the default mi for Microsoft SQL.

6. To enable a secure connection you must copy or import a Root certificate. Hit Enter to accept the default y to upload a root certificate.

7. Type i or c depending can you copy-paste Root Certificate on your console or as in my case it needs to be copied from the IIS server, because I’m using VMWare Fusion and copy-paste won’t work.

8. Enter http URL to import Root Certificate and hit Enter.


9. Enter Database server FQDN and hit Enter.

10. Hit Enter to choose default Database TCP port.

11. Enter Database db_creator credentials.

12. Choose new XenMobile Database name and commit all settings pressing y and hit Enter.


13. Type y to enable Cluster and hit Enter. (not needed yet, but it’s safe to enable already)


13. Type XenMobile FQDN hostname and commit settings pressing y and hit Enter.


14. Hit Enter to choose all default communication ports and commit settings pressing y and hit Enter.


2015-02-23 12_39_23-2015-02-19_1648-2.png - Windows Photo Viewer

15. Enter y to use same password for the all PKI certificates and commit settings pressing y and hit Enter.


16. Hit Enter to choose default username for the Web Console admin account, or change it whatever you want. Enter new password for it can commit settings pressing y and hit Enter.


17. Hit Enter not to upgrade from previous release and you’re done!


18. Notice XenMobile Web Console access URL.


19. Login to the CLI and you’ll see that XenMobile is now configured as in FIPS Compliant Mode.


20. After configuration has finished you should be able to login to the XenMobile Web Console via web browser.




Views: 3226

Read More
Citrix, News, XenMobile

XenMobile 10 – 3 Things you should know

Three things you should know about XenMobile 10


  1. Citrix will provide upgrade tools for existing customers to help automate the upgrade process to XenMobile 10 while minimizing the impact to production environments.  Please check with your Citrix Account Representative for the availability and delivery schedule for the various upgrade tools and use cases.
  1.  XenMobile 10 supports V6 licensing only.  Citrix has been providing customers with both V6 and legacy Zenprise licenses since XenMobile 8.7.  If you require an upgrade please check your Citrix account under the “MyLicesning” tab to retrieve the V6 licenses.  Please contact Citrix Support for additional information.
  1.  With XenMobile 10, MDM reporting will initially be supported via CSV file downloads.  The scripts will be available on your Citrix customer download page on in early March 2015.  XenMobile 10 will support the same reports as XenMobile 9.  In Q2 2015, XenMobile will deliver new and improved reporting capabilities that are fully integrated and viewable through the XenMobile administrative console.


Where can I download the new components?


All new component updates will be available for download at  Citrix ID required.  The XenMobile download page has been restructured and flattened to provided easier access to client and server downloads. The XenMobile 10 tab will take you to the server download components.  Worx Apps and MDX Toolkit tab will take you to the Worx client components.





Views: 1007

Read More
1 2 3 4 5 8