We conclude with this last document of the deployment of Citrix XenMobile in our infrastructure, where we will end up carrying out a basic configuration such as the integration of the solution with Active Directory, we will also associate a corporate application with mobile devices and see how it behaves from the user's side!

We start by accessing the XenMobile Device Manager administration console, for this, using a browser at http://XENMOBILE_SERVER/zdm, we will log in with the administrative account created during the setup wizard.

User Configuration,

We can work by creating local users, from the 'Users' tab’ we will manage them, as well as the groups. Or, as will be most common, we will link it to an Active Directory via LDAP.

To do this,, We will click on “Options” > “Access Control” > “LDAP Configuration” and we will create a new LDAP configuration against which we will authenticate, “New…”,

We select LDAP or LDAPS depending on how our domain controllers are connected,

We enter the type of Directory, In our case, it will be a 'Microsoft Active Directory'; We indicate at least one of the DCs; We specify the 'root context'’ As the domain root (dc=tundra-it, dc=local); We will add the OU for users and groups to filter by them; Additionally, we need to add a user with search permissions in this AD & Your password; We add an alias to the domain and ensure that 'User Search By'’ Is set to 'sAMAccountName', Click on “Check” To confirm that all the information is correct.

“OK”, Successful test!

Click on “Next” With the attributes it will bring by default,

We will associate the corresponding roles to the user and administrator groups, “Next”,

We confirm in the summary that everything is correct and “Finish”,

“Close”,

Application management,

If we want, podremos agregar aplicaciones corporativas a la lista, que será lo más normal, podremos asociar aplicaciones para iOS, Android y Windows Mobile. En este documento utilizaremos las de iOS, por lo que pulsaremos en la pestaña de “Applications” and “New” > “New external iOS app…”

Para conseguir las aplicaciones de Android y poder subir el archivo ‘.apk’ podremos utilizar el reposito APKTOP.

Para poder enlazar con las apps de iOS, bastará con copiar la URL de la aplicación en cuestión dentro del Apple Store e introducirla en la “URL” que nos solicitan, Click on “Go” y confirmamos que se trata de la app correcta. En este caso utilizaremos el cliente de PINsafe, una solución con las tres BBB de Buenam Bonita y Barata que nos permitirá factores de doble autenticación en múltiples tipos de app. Well, Click on “Add” to add it,

Lo siguiente será publicar la aplicación creando el paquete correspondiente, from the “Deployment” > “New iOS Package…”

Le indicamos un nombre para el paquete que estamos generando, “Next”,

Seleccionaremos los grupos de los usuarios que recibirán las aplicaciones, “Next”,

Debemos seleccionar en ‘Available resources’ la aplicación que queramos desplegar a nuestros usuarios, estará en ‘Enterprise Application Store’, como vemos a parte de aplicaciones corporativas, podremos desplegar a los dispositivos móviles configuraciones, políticas de acceso, políticas de delegación, Passwords…

We will indicate the deployment date, we will schedule it or the action will be immediate, “Next”,

We can, if we want, create deployment rules, by default for everyone, “Next”,

We confirm that the summary is correct & “Finish”.

We will be able to see the status of our deployment where we will see that all devices are pending installation.

If we want, The deployment can be forced by clicking on “Deploy” and confirming that it may affect system performance in case we have a fairly large deployment, “Yes”,

And that's it!! corporate app deployed!

Device management,

As we can see in this image, from the “Devices” we will have the ability to monitor all connected mobile devices. We will see all associated devices and whether they are jailbroken or not, their serial number, IMEI or MEID, Wi-Fi MAC, Bluetooth MAC, connection data, associated user, its operating system, maker, device model… In addition, for each device, a series of tasks can be performed, which will normally include: locking the device with a new PIN that we set from centralized management, unlocking it, resetting it to factory settings completely, performing cleaning only on corporate data by deleting it, locating it immediately or performing tracking to view the device's route on the map, or in case of theft/loss, being able to find it as quickly as possible.

View from the user's side,

In this final section, we will visualize what a user sees from their mobile device, In this example, we will continue with an iOS device 7.0, where the user must first register the iPad/iPhone in the organization and finally will receive the previously created configurations.

When we access the URL of our XenMobile Device Manager from a mobile device (in the example: https://xenmobile.tundra-it.com) it will indicate that we need to download a small software to link our device to the corporation. To do this,, we will click on the link corresponding to our operating system (ios, Android, Samsung SAFE, Windows Mobile, Symbian or Windows tablets 8) and we continue!

From the Apple Store in this case we will need to install “Citrix Mobile Enroll”, es una aplicación gratuita que nos permitirá conectarnos a las aplicaciones o datos de nuestra organización.

Una vez instalada, We open it…

Ya nos indica de debemos inscribir nuestro móvil o tableta para poder acceder a los recursos de nuestro trabajo, le daríamos a “Inscribe”,

Deberíamos instroducir nuestro usuario del dominio, el servidor de XenMobile externo y nuestra contraseña,

El primer paso será instalar el perfíl de la empresa (o certificado).

Click on “Install”,

El paso 2 será instalar el perfíl del dispositivo,

Click on “Install”,

Y por último pulsamos en el paso 3 Completar la inscripción.

We confirm with “Install” que el administrador podrá realizar todas las operativas sobre mi dispositivo móvil (borrar datos remotamente, añadir y eliminar cuentas y restricciones, recopiar datos personales y ver, instalar y gestionar las aplicaciones).

… esperamos mientras obtiene información de nuestro XenMobile…

When accessing, si tenemos ya aplicaciones asignadas, se nos comenzarán a instalar las apps en cuestión.

Una de las apps que nos instalará XenMobile, será la Worx Store, que no será más que un repositorio oficial de las aplicaciones corporativas de nuestra empresa, para que opcionalmente nos agregemos si nos interesase alguna app.

As we can see, este iPhone ya tiene apps instaladas, algunas nos las hemos instalado de forma manual y otras tantas se desplegaron desde la central de forma obligatoria. From now on, el dpto. IT dispone del control absoluto de los datos y aplicaciones corporativas en los dispositivos personales de los usuarios de nuestra organización, therefore, tendremos seguridad absoluta entre otros beneficios del BYOD!!!