Feb, 2015

Citrix XenMobile v10 SSL Offload

A quick description regarding SSL Offload in Citrix XenMobile V9 and Citrix XenMobile v10

Robin Hobo and Anton van Pelt have already published great guides on how to install and configure XenMobile v10. I would like to contribute with my own experience and will explain the differences between Citrix XenMobile v9 and v10 regarding the SSL Offload Part.
Some time ago Citrix published a CTX Article about SSL Offload in Citrix XenMobile v9. In Citrix XenMobile v10 and Citrix NetScaler v10.5 the process is basically the same. Some menu items have been replaced which I want to show you.
Step 1 in CTX200063 Article is to gather the Devices Certificate and also the Root Certificate. Since Citrix moved both parts into one appliance you can´t access the file system. But you will find the certificate under Configure -> Settings -> Certificate.

Citrix XenMobile v10 SSL Offload

Citrix XenMobile v10 SSL Offload

You will have to export the cacerts.pem Certificate and download it to your computer. If you open the file with your favorite text editor you will see that it contains both certificates which are mentioned in the CTX Article. You can follow the Citrix guide’s instructions to the end if you are using a version of NetScaler below 10.5. If you are using 10.5, you can follow the CTX Article up to step 8 where you bind your device and Root Ca to your Load Balancer (Groß?). This option is named slightly different.

Citrix XenMobile v10 SSL Offload

Citrix XenMobile v10 SSL Offload

Citrix XenMobile v10 SSL Offload

Citrix XenMobile v10 SSL Offload


On those Screenshots you can see where you have to bind both Certificates to your Load Balancer.

About Jens

My name is Jens Trendelkamp. I currently work as an IT Consultant at sepago GmbH. My fields of specialty are Application Delivery, SBC\VDI Solutions and Enterprise Mobility based on Products from Microsoft and Citrix.

Citrix XenMobile licensing

Technical deep dive into Citrix XenMobile licensing

Recently I was asked by a customer what will happen to their XenMobile Device Manager Servers if the Citrix License Server will be unavailable. Especially if there is any impact for users which would be a huge problem. So I checked the eDocs from Citrix where I found the following statement regarding grace periods:

“The grace period is set by Citrix. It is typically 30 days but can vary depending upon the product. The Windows Event Log, and other in-product messages, indicate if the product has entered the grace period, the number of hours remaining in the grace period. If the grace period runs out, the product stops accepting connections. After communication is re-established between the product and the License Server, the grace period is reset.”

To be honest this is not a really satisfying answer. Particularly the “depending upon the product” gave us headaches. So I tested it in my lab environment and got to the following results. As soon as you connect your Device Manager v9 (haven´t had the chance to test v10 yet) to your Citrix License Server the Device Manager will somehow import the license. And from here on you are completely independent from the License Server. At least as far as i can tell. You can shutdown the License Server for the lifetime of your license if you want too. Only if your license is near of its lifetime you will get the typically Nag screen. But until then you don´t have to worry about this.

About Jens

My name is Jens Trendelkamp. I currently work as an IT Consultant at sepago GmbH. My fields of specialty are Application Delivery, SBC\VDI Solutions and Enterprise Mobility based on Products from Microsoft and Citrix.

Microsoft Intune: New Features with the February update

Last week, Microsoft announced some changes coming to the standalone version of Intune.

See this link to check when your tenant will be updated. Your current Service Settings can be found in the Intune Administration Console.

The new features include:

– Management of Microsoft Office Apps for Android (Word, Excel and PowerPoint). This include the ability to restrict the usage of cut, copy and paste from managed to unmanaged apps.

– Management of the Microsoft OneNote App on iOS Devices. Let’s hope this possibility will quickly be added to the Android Version as well 🙂

– It is now possible to install applications from the Company Portal on Windows Phone 8.1 devices.

– Support for per-app VPN with Cisco AnyConnect on iOS devices.

– Option to make device encryption mandatory on Windows 8.1 devices.

–  WiFi profiles can now be deployed via XML import for Windows Devices, or via OMA URI for Windows Phone devices.

Microsoft also announced their plans to add conditional access control with Intune for SharePoint Online and OneDrive for Business. After seeing this option for Microsoft Exchange, I can’t wait to get my hands on this feature.

About Jens

My name is Jens Trendelkamp. I currently work as an IT Consultant at sepago GmbH. My fields of specialty are Application Delivery, SBC\VDI Solutions and Enterprise Mobility based on Products from Microsoft and Citrix.

How to configure a Software Raid with XenServer 6.5

A quick Tutorial how to configure a Software Raid with XenServer 6.5

even Citrix does not support a Software Raid with XenServer anymore i would assume that there a a few how are running their lab server with XenServer by using a Software Raid. And since the old Tutorials how to configure a Software Raid with XenServer 6.2 won´t apply to XenServer 6.5 i wrote down the necessary steps. I assume you have a clean XenServer 6.5 installation and you also didn´t create any SR while installing. Let´s start 🙂

sgdisk –zap-all /dev/sdb
sgdisk –mbrtogpt –clear /dev/sdb
sgdisk -R/dev/sdb /dev/sda #
sgdisk –typecode=1:fd00 /dev/sdb
sgdisk –typecode=2:fd00 /dev/sdb
sgdisk –typecode=3:fd00 /dev/sdb
modprobe md_mod
mdadm –create /dev/md0 –level=1 –raid-devices=2 –metadata=0.90 /dev/sdb1 missing
mdadm –create /dev/md1 –level=1 –raid-devices=2 –metadata=0.90 /dev/sdb2 missing
mdadm –create /dev/md2 –level=1 –raid-devices=2 –metadata=0.90 /dev/sdb3 missing
mkfs.ext3 /dev/md0
mount /dev/md0 /mnt
cp -xR –preserve=all / /mnt
sed -i ‘s/LABEL=[a-zA-Z\-]*/\/dev\/md0/’ /mnt/etc/fstab
mount –bind /dev /mnt/dev
mount -t sysfs none /mnt/sys
mount -t proc none /mnt/proc
chroot /mnt /sbin/extlinux –install /boot
dd if=/mnt/usr/share/syslinux/gptmbr.bin of=/dev/sdb
chroot /mnt
mdadm –detail –scan > /mnt/etc/mdadm.conf
mkinitrd -v -f –theme=/usr/share/splash –without-multipath /boot/initrd-`uname -r`.img `uname -r`
sed -i ‘s/LABEL=[a-zA-Z\-]*/\/dev\/md0/’ /mnt/boot/extlinux.conf
cd /mnt && extlinux –raid -i boot/
sgdisk /dev/sdb –attributes=1:set:2
cd && umount /dev/md0
sync
reboot

Make sure to boot from sdb now!

sgdisk -R/dev/sda /dev/sdb
sgdisk /dev/sda –attributes=1:set:2
mdadm -a /dev/md0 /dev/sda1
mdadm -a /dev/md1 /dev/sda2
mdadm -a /dev/md2 /dev/sda3

You can watch the build process with the following command: watch “mdadm –detail /dev/md* | grep rebuild”

 

About Jens

My name is Jens Trendelkamp. I currently work as an IT Consultant at sepago GmbH. My fields of specialty are Application Delivery, SBC\VDI Solutions and Enterprise Mobility based on Products from Microsoft and Citrix.

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close