Use Citrix Content Collaboration with XenMobile

XenMobile has two options for integrating with Citrix Content Collaboration: Citrix Files and storage zone connectors. Integration with Citrix Files or storage zone connectors requires XenMobile Enterprise Edition.

Citrix Files

If you have XenMobile Enterprise Edition, you can configure XenMobile to provide access to your Citrix Files account. That configuration:

• Gives mobile users access to the full Enterprise feature set, such as file sharing, file sync, and storage zone connectors.
• Can provide Citrix Files with single sign-on authentication of XenMobile App users and comprehensive access control policies.
• Provides Citrix Files configuration, service level monitoring, and license usage monitoring through the XenMobile console.

For more information about configuring XenMobile for Citrix Files, seeSAML for single sign-on with Citrix Files.

Storage zone connectors

You can configure XenMobile to provide access only to storage zone connectors that you create through the XenMobile console. That configuration:

• Provides secure mobile access to existing on-premises storage repositories, such as SharePoint sites and network file shares.
• Doesn’t require that you set up a Citrix Content Collaboration subdomain or host Citrix Files data.
• Provides users with mobile access to data through the Citrix Files mobile productivity apps for iOS and Android. Users can edit Microsoft Office documents. Users can also preview and annotate Adobe PDF files from mobile devices.
• Complies with security restrictions against leaking user information outside of the corporate network.
• 提供简单的设置的存储区连接器through the XenMobile console. If you later decide to use the full Citrix Files functionality with XenMobile, you can change the configuration in the XenMobile console.
• Requires XenMobile Enterprise Edition.

For a XenMobile integration with storage zone connectors only:

• Citrix Content Collaboration uses your single sign-on configuration to Citrix Gateway to authenticate with storage zones controller.
• XenMobile doesn’t authenticate through SAML because the Citrix Files control plane isn’t used.

The following diagram shows the high-level architecture for XenMobile use with storage zone connectors.

Requirements

• Minimum component versions:
  • XenMobile Server 10.5 (on-premises)
  • ShareFile for iOS (MDX) 5.3
  • ShareFile for Android (MDX) 5.3

  • Storage zones controller 5.0

    This article contains instructions for how to configure storage zones controller 5.0

• Ensure that the server to run storage zones controller meets the system requirements. For requirements, seeSystem requirements.

The requirements for storage zones for Citrix Files Data and for Restricted storage zones don’t apply to a XenMobile integration with storage zone connectors only.

XenMobile doesn’t support Documentum connectors.

• To run PowerShell scripts:
  • Run the scripts in the 32-bit (x86) version of PowerShell.

Installation tasks

Complete the following tasks, in the order presented, to install and set up storage zones controller. These steps are specific to XenMobile integration with storage zone connectors only. Some of these articles are in the storage zones controller documentation.

1. Configure Citrix ADC for storage zones controller

   You can use Citrix ADC as a DMZ proxy for storage zones controller.

2. Install an SSL certificate

   A storage zones controller that hosts standard zones requires an SSL certificate. A storage zones controller that hosts restricted zones and uses an internal address doesn’t require an SSL certificate.

3. Prepare your server

   IIS and ASP.NET setup is required for storage zone connectors.

4. Install storage zones controller

5. Prepare storage zones controller for use with storage zone connectors-only

6. Specify a proxy server for storage zones

   The storage zones controllers console enables you to specify a proxy server for storage zones controllers. You can also specify a proxy server using other methods.

7. Configure the domain controller to trust the storage zones controller for delegation

   Configure the domain controller to support NTLM or Kerberos authentication on network shares or SharePoint sites.

8. Join a secondary storage zones controller to a storage zone

   To configure a storage zone for high availability, connect at least two storage zones controllers to it.

Install storage zones controller

1. Download and install the storage zones controller software:

   1. Go to//m.giftsix.com/downloads. Search forShareFileand then download the latest storage zones controller installer.

   2. Installing storage zones controller changes the default website on the server to the installation path of the controller. EnableAnonymous Authenticationon the default website.

2. On the server where you want to install storage zones controller, run StorageCenter.msi.

   The storage zones controller Setup wizard starts.

3. Respond to the prompts:

   • In the目标文件夹page, if Internet Information Services (IIS) is installed in the default location, leave the defaults. If not, browse to the IIS installation location.
   • When installation is complete, clear the check box forLaunch Storage Zones Controller Configuration Pageand then clickFinish.

   

4. When prompted, restart the storage zones controller.

5. To test that the installation was successful, navigate tohttps://localhost/. If the installation is successful, the Citrix Files logo appears.

   If the Citrix Files logo does not appear, clear the browser cache and try again.

   Important:

   If you plan to clone the storage zones controller, capture the disk image before you proceed with configuring the storage zones controller.

Prepare storage zones controller for use with storage zone connectors-only

For an integration only with storage zone connectors, you don’t use the storage zones controller administrative console. That interface requires a Citrix Files administrator account, which isn’t necessary for this solution. As a result, you run a PowerShell script to prepare the storage zones controller for use without the Citrix Files control plane. The script does the following:

• Registers the current storage zones controller as a primary storage zones controller. You can later join secondary storage zones controllers to the primary controller.
• Creates a zone and sets the passphrase for it.

1. From your storage zone controller server, download the PsExec tool: Navigate to MicrosoftWindows Sysinternalsand then clickDownload PsTools. Extract the tool to the root of the C drive.

   

2. Run the PsExec tool: Open the Command Prompt as the Administrator User and then type the following:

   cd c:\pstools PsExec.exe -i -u "NT AUTHORITY\NetworkService" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 

   

3. When prompted, clickAgreeto run the Sysinternals tool.

   

   A PowerShell widow opens.

4. In the PowerShell window, type the following:

   Import-Module "C:\inetpub\wwwroot\Citrix\StorageCenter\Tools\SfConfig\SfConfig.dll" New-Zone -Passphrase passphrase -ExternalAddress https://szcfqdn.com 

   Where:

   Passphrase:Is the passphrase you want to assign to the site. Make a note of it. You cannot recover the passphrase from the controller. If you lose the passphrase, you cannot reinstall storage zones controller. Join more storage zones controllers to the storage zone, or recover the storage zone if the server fails.

   ExternalAddress:Is the external fully qualified domain name of the storage zones controller server.

   

   Your primary storage zones controller is now ready.

   Before you log in to XenMobile to create storage zone connectors: Complete the following configuration, if applicable:

   Specify a proxy server for storage zones

   Configure the domain controller to trust the storage zones controller for delegation

   Join a secondary storage zones controller to a storage zone

   To create storage zone connectors, seeDefine storage zones controller connections in XenMobile.

Join a secondary storage zones controller to a storage zone

To configure a storage zone for high availability, connect at least two storage zones controllers to it. To join a secondary storage zones controller to a zone, install storage zones controller on a second server. Then join that controller to the zone of the primary controller.

1. Open a PowerShell window on the storage zones controller server that you want to join to the primary server.

2. In the PowerShell window, type the following:

   Join-Zone -Passphrase \ -PrimaryController \

   For example:

   Join-Zone -Passphrase secret123 -PrimaryController 10.10.110.210

Define storage zones controller connections in XenMobile

Before you add storage zone connectors, you configure connection information for each storage zones controller enabled for storage zone connectors. You can define storage zones controllers as described in this section, or when you add a connector.

On your first visit to theConfigure > ShareFilepage, the page summarizes the differences between using XenMobile for Enterprise accounts and storage zone connectors.

ClickConfigure Connectorsto continue with the configuration steps in this article.

1. InConfigure > ShareFile, clickManage StorageZones.

   

2. InManage StorageZones, add the connection information.

   

   • Name:A descriptive name for the StorageZone, used to identify the StorageZone in XenMobile. Don’t include a space or special characters in the name.
   • FQDN and Port:The fully qualified domain name and port number for a storage zones controller that is reachable from the XenMobile Server.
   • Secure Connection:If you use SSL for connections to storage zones controller, use the default setting, ON. If you don’t use SSL for connections, change this setting to OFF.
   • Administrator user nameandAdministrator password:An administrator service account user name (in the form domain\admin) and password. Alternatively, a user account with read and write permissions on the storage zones controllers.

3. ClickSave.

4. To test the connection, verify that XenMobile Server can reach the fully qualified domain name of the storage zones controller on port 443.

5. To define another storage zones controller connection, click theAddbutton inManage StorageZones.

   To edit or delete the information for a storage zones controller connection, select the connection name inManage StorageZones. Then, clickEditor删除.

Add a storage zone connector in XenMobile

1. Go toConfigure > ShareFileand then clickAdd.

   

2. On theConnector Infopage, configure these settings:

   

   • Connector Name:A name that identifies the storage zone connector in XenMobile.
   • Description:Optional notes about this Connector.
   • Type:Choose eitherSharePointorNetwork.
   • StorageZone:Choose the storage zone associated with the Connector. If the storage zone isn’t listed, clickManage StorageZonesto define the storage zones controller.
   • Location:For SharePoint, specify the URL of the SharePoint root-level site, site collection, or document library, in the formhttps://sharepoint.company.com. For a network share, specify the fully qualified domain name of the Uniform Naming Convention (UNC) path, in the form \\server\share.

3. On theDelivery Group Assignmentpage, optionally assign the Connector to delivery groups. Alternatively, you can associate connectors to delivery groups usingConfigure > Delivery Groups.

1. On theSummarypage, you can review the options you configured. To adjust the configuration, clickBack.

2. ClickSaveto save the Connector.

3. Test the connector:

   1. When you wrap the Citrix Files clients, do the following:

      • Set the Network access policy toTunneled to the internal network.

      In this mode of operation, the XenMobile MDX framework intercepts all network traffic from the Citrix Files client. The traffic redirects through Citrix Gateway by using an app-specific micro VPN.

      • Set the Preferred VPN mode policy toTunneled - Web SSO.

      In this mode of tunneling, the MDX framework terminates SSL/HTTP traffic from an MDX app. MDX then initiates new connections to internal connections on behalf of the user. This policy setting enables the MDX framework to detect and respond to authentication challenges issued by web servers.

   2. Add the Citrix Files clients to XenMobile. For details, seeIntegrating and delivering Citrix Files for Endpoint Management clients.

   3. From a supported device, verify single sign-on to Citrix Files and connectors.

   In the following samples, SharefileDev is the name of a connector.

   

   

Filter the storage zone connectors list

You can filter the list of storage zone connectors by Connector type, assigned delivery groups, and storage zone.

1. Go toConfigure > ShareFileand then clickShow filter.

   

2. Expand the filter headings to make selections. To save a filter, clickSave This View, type the filter name, and clickSave.

   

3. To rename or delete a filter, click the arrow icon beside the filter name.

   

Switch to Citrix Files

After integrating storage zone connectors with XenMobile, you can later switch to the full Enterprise feature set. Use of the Citrix Files feature set requires XenMobile Enterprise Edition. XenMobile retains your existing storage zone connector integration settings.

Go toConfigure > ShareFile, click theStorageZone Connectorsdrop-down menu, and then clickConfigure ShareFile Enterprise.

For information about configuring Citrix Files, seeSAML for single sign-on with Citrix Files.