Citrix Gateway connector for Exchange ActiveSync

XenMobile Citrix ADC Connector is now Citrix Gateway connector for Exchange ActiveSync. For more detail about the Citrix unified portfolio, see theCitrix product guide.

的connector for Exchange ActiveSync provides a device-level authorization service of ActiveSync clients to Citrix ADC acting as a reverse proxy for the Exchange ActiveSync protocol. Authorization is controlled by a combination of policies that you define within XenMobile and by rules defined locally by Citrix Gateway connector for Exchange ActiveSync.

For more information, seeActiveSync Gateway.

For a detailed reference architecture diagram, seeArchitecture.

的current release of Citrix Gateway connector for Exchange ActiveSync is version 8.5.2.

Important:

Starting in October 2022, the Endpoint Management and Citrix Gateway conectors for Exchange ActiveSync will no longer support Exchange Online given the authentication changes announced by Microsothere. The Endpoint Management connector for Exchange will continue to work with Microsoft Exchange Server (on-premises).

What’s new

的following sections list what’s new in the current and earlier versions of Citrix Gateway connector for Exchange ActiveSync, formerly XenMobile Citrix ADC Connector.

What’s new in version 8.5.3

• This release adds support for ActiveSync protocols 16.0 and 16.1.
• More detail has been added to the analytics sent to Google Analytics, especially concerning snapshots. [CXM-52261]

What’s new in version 8.5.2

• XenMobile Citrix ADC Connector is now Citrix Gateway connector for Exchange ActiveSync.

的following issues are fixed in this release:

• If more than one criteria is used in defining a policy rule and if one of the criteria involves the user ID, the following issue may occur: If a user has more aliases, the aliases are not also checked when applying the rule. [CXM-55355]

Note:

的following What’s New section refers to Citrix Gateway connector for Exchange ActiveSync by its former name of XenMobile Citrix ADC Connector. The name changed as of version 8.5.2.

What’s new in version 8.5.1.11

• System requirement change:的current version of Citrix ADC Connector requires Microsoft .NET Framework 4.5.

• Google Analytics support:We want to know how you use XenMobile Citrix ADC Connector so we can focus on where we can make the product better.

• Support for TLS 1.1 and 1.2:由于其削弱安全性,TLS 1.0是德precated by the PCI Council. Support for TLS 1.1 and 1.2 is added to XenMobile Citrix ADC Connector.

Monitoring Citrix Gateway connector for Exchange ActiveSync

Citrix网关交换ActiveSy连接器nc configuration utility provides detailed logging that you can use to view all traffic passing through your Exchange Server that is either allowed or blocked by Secure Mobile Gateway.

Use theLogtab to view the history of the ActiveSync requests forwarded to the connector for Exchange ActiveSync by Citrix ADC for authorization.

Also, to ensure that the Citrix Gateway connector for Exchange ActiveSync web service is running, load the following URL into a browser on the connector serverhttps:///services/ActiveSync/Version. If the URL returns the product version as a string, the web service is responsive.

To simulate ActiveSync traffic with Citrix Gateway connector for Exchange ActiveSync

You can use the Citrix Gateway connector for Exchange ActiveSync to simulate what ActiveSync traffic will look like in conjunction with your policies. In the connector configuration utility, select theSimulatortab. The results show you how your policies will apply according to the rules you have configured.

Choosing filters for Citrix Gateway connector for Exchange ActiveSync

Citrix网关交换ActiveSy连接器nc filters work by analyzing a device for a given policy violation or property setting. If the device meets the criteria, the device is placed in a Device List. This Device List is neither an allow list or a block list. It is a list of devices that meet the criteria defined. The following filters are available for the connector within XenMobile. The two options for each filter areAlloworDeny.

• Anonymous Devices:Allows or denies devices that are enrolled in XenMobile but the user’s identity is unknown. For example, this could be a user who was enrolled, but the user’s Active Directory password is expired, or a user who enrolled with unknown credentials.
• Failed Samsung KNOX attestation:Samsung devices have functionality for security and diagnostics. This filter provides confirmation that the device is setup for KNOX. For details, seeSamsung Knox.
• 被禁止的Apps:Allows or denies devices based on the Device List defined by block list policies and the presence of blocked apps.
• Implicit Allow/Deny:Creates a Device List of all devices that do not meet any of the other filter rule criteria and allows or denies based on that list. The Implicit Allow/Deny option ensures that the Citrix Gateway connector for Exchange ActiveSync status in the Devices tab is enabled and shows the connector status for your devices. The Implicit Allow/Deny option also controls all of the other connector filters that have not been selected. For example, the connector denies blocked apps yet allows all other filters because the Implicit Allow/Deny option is set toAllow.
• Inactive devices:Creates a Device List of devices that have not communicated with XenMobile within a specified period of time. These devices are considered inactive. The filter allows or denies the devices accordingly.
• Missing required apps:When a user enrolls, the user receives a list of required apps that must be installed. The missing required apps filter indicates that one or more of the apps is no longer present; for example, the user deleted one or more apps.
• Non-Suggested Apps:When a user enrolls, the user receives a list of the apps they should install. The non-suggested apps filter checks the device for apps that are not in that list.
• Noncompliant password:Creates a Device List of all devices that do not have a passcode on the device.
• Out of Compliance Devices:Allows you to deny or allow devices that meet your own internal IT compliance criteria. Compliance is an arbitrary setting defined by the device property named Out of Compliance, which is a Boolean flag that can be eitherTrueorFalse. (You can create this property manually and set the value, or you can use Automated Actions to create this property on a device if the device does or does not meet specific criteria.)
  • Out of Compliance = True. If a device does not meet the compliance standards and policy definitions set by your IT department, the device is out of compliance.
  • Out of Compliance = False.If a device does meet the compliance standards and policy definitions set by your IT department, the device is compliant.
• Revoked Status:Creates a Device List of all revoked devices and allows or denies based on revoked status.
• Rooted Android/Jailbroken iOS Devices. Creates a Device List of all devices flagged as rooted and allows or denies based on rooted status.
• Unmanaged Devices. Creates a Device List of all devices in the XenMobile database. The Mobile Application Gateway needs to be deployed in a Block Mode.

To configure a connection to Citrix Gateway connector for Exchange ActiveSync

Citrix Gateway connector for Exchange ActiveSync communicates with XenMobile and other remote configuration providers through secure web services.

1. In the connector configuration utility, click theConfig Providerstab and then clickAdd.
2. In theConfig Providersdialog box, inName, enter a user name that has administrative privileges and are used for basic HTTP authorization with the XenMobile Server.
3. InUrl, enter the web address of the XenMobile GCS, typically in the formathttps:////services/. TheMagConfigServicename is case-sensitive.
4. InPassword, enter the password that will be used for basic HTTP authorization with the XenMobile Server.
5. InManaging Host, enter the connector server name.
6. InBaseline Interval, specify a time period for when a new refreshed dynamic ruleset is pulled from Device Manager.
7. InDelta interval, specify a time period for when an update of dynamic rules is pulled.
8. InRequest Timeout, specify the server request timeout interval.
9. InConfig Provider, select if the configuration provider server instance is providing the policy configuration.
10. InEvents Enabled, enable this option if you want the connector to notify XenMobile when a device is blocked. This option is required if you are using the connector rules in any of your XenMobile Automated Actions.
11. ClickSaveand then clickTest Connectivityto test gateway-to-configuration provider connectivity. If the connection fails, check that the local firewall settings allow the connection or contact your administrator.
12. When the connection succeeds, clear theDisabledcheck box and then clickSave.

When you add a new configuration provider, Citrix Gateway connector for Exchange ActiveSync automatically creates one or more policies associated with the provider. These policies are defined by a template definition contained in config\policyTemplates.xml in the NewPolicyTemplate section. For each Policy element defined within this section, a new policy is created.

的operator may add, remove, or modify policy elements if the following is true: The policy element conforms to the schema definition and the standard substitution strings (enclosed in braces) are not modified. Next, add new groups for the provider and update the policy to include the new groups.

To import a policy from XenMobile

1. In the Citrix Gateway connector for Exchange ActiveSync configuration utility, click theConfig Providerstab and then clickAdd.
2. In theConfig Providersdialog box, inName, enter a user name that will be used for basic HTTP authorization with the XenMobile Server and that has administrative privileges.
3. InUrl, enter the web address of the XenMobile Gateway Configuration Service (GCS), typically in the formathttps:///xdm/services/. The MagConfigService name is case-sensitive.
4. InPassword, enter the password that is used for basic HTTP authorization with the XenMobile Server.
5. ClickTest Connectivityto test gateway-to-configuration provider connectivity. If the connection fails, check that your local firewall settings allow the connection or check with your administrator.
6. When a connection is successfully made, clear theDisabledcheck box and then clickSave.

7. InManaging Host, leave the default DNS name of the local host computer. This setting used to coordinate communication with XenMobile when multiple Forefront Threat Management Gateway (TMG) servers are configured in an array.

   After you save the settings, open the GCS.

Configuring Citrix Gateway connector for Exchange ActiveSync policy mode

Citrix Gateway connector for Exchange ActiveSync can run in the following six modes:

• Allow All. This policy mode grants access for all traffic passing through the connector. No other filtering rules are used.
• Deny All. This policy mode blocks access for all traffic passing through the connector. No other filtering rules are used.
• Static Rules: Block Mode. This policy mode executes static rules with an implicit deny or block statement at the end. The connector blocks devices that are not allowed or permitted via other filter rules.
• Static Rules: Permit Mode. This policy mode executes static rules with an implicit permit or allow statement at the end. Devices that are not blocked or denied via other filter rules are allowed through the connector.
• Static + ZDM Rules: Block Mode. This policy mode executes static rules first, followed by dynamic rules from XenMobile with an implicit deny or block statement at the end. Devices are permitted or denied based on defined filters and Device Manager rules. Any devices that do not match on defined filters and rules are blocked.
• Static + ZDM Rules: Permit Mode. This policy mode executes static rules first, followed by dynamic rules from XenMobile with an implicit permit or allow statement at the end. Devices are permitted or denied based on defined filters and XenMobile rules. Any devices that do not match on defined filters and rules are allowed.

Citrix网关交换ActiveSy连接器nc process permits or blocks for dynamic rules based on unique ActiveSync IDs for iOS and Windows-based mobile devices received from XenMobile. Android devices differ in their behavior based on the manufacturer and some do not readily expose a unique ActiveSync ID. To compensate, XenMobile sends user ID information for Android devices to make a permit or block decision. As a result, if a user has only one Android device, permits and blocks function normally. If the user has multiple Android devices, all the devices are allowed because Android devices cannot be differentiated. You can configure the gateway to statically block these devices by ActiveSyncID, if they are known. You can also configure the gateway to block based on device type or user agent.

To specify the policy mode, in the SMG Controller Configuration utility, do the following:

1. Click thePath Filterstab and then clickAdd.
2. In thePath Propertiesdialog box, select a policy mode from thePolicylist and then clickSave.

You can review rules on thePoliciestab of the configuration utility. The rules are processed on Citrix Gateway connector for Exchange ActiveSync from top to bottom. The Allow policies are displayed with green check mark. The Deny policies are shown as a red circle with a line through it. To refresh the screen and see the most updated rules, clickRefresh. You can also modify the ordering of rules in the config.xml file.

To test rules, click theSimulatortab. Specify values in the fields. These can also be obtained from the logs. A result message will appear specifying Allow or Block.

To configure static rules

Enter static rules with values that the ISAPI filtering of the ActiveSync connection HTTP requests reads. Static rules enable Citrix Gateway connector for Exchange ActiveSync to permit or block traffic by the following criteria:

• User. Citrix Gateway connector for Exchange ActiveSync uses the authorized user value and name structure that was captured during device enrollment. This is commonly found as domain\username as referenced by the server running XenMobile connected to Active Directory via LDAP. TheLogtab within the connector configuration utility shows the values that are passed through the connector. The values are passed if the value structure needs to be determined or is different.
• Deviceid (ActiveSyncID). Also known as the ActiveSyncID of the connected device. This value is commonly found within the specific device properties page in the XenMobile console. This value can also be screened from the Log tab in the connector configuration utility.
• DeviceType. The connector can determine if a device is an iPhone, iPad, or other device type and can permit or block based on that criteria. As with other values, the connector configuration utility can reveal all connected device types being processed for the ActiveSync connection.
• UserAgent. Contains information on the ActiveSync client that is used. In most cases, the value specified corresponds to a specific operating system build and version for the mobile device platform.

的connector configuration utility running on the server always manages the static rules.

1. In the SMG Controller Configuration utility, click theStatic Rulestab and then clickAdd.
2. In theStatic Rule Propertiesdialog box, specify the values that you want to use as criteria. For example, you can enter a user to allow access by entering the user name (for example, AllowedUser) and then clearing theDisabledcheck box.

3. ClickSave.

   的static rule is now in effect. Additionally, you can use regular expressions to define values, but you must enable the rule processing mode in the config.xml file.

To configure dynamic rules

Device policies and properties in XenMobile define dynamic rules and can trigger a dynamic Citrix Gateway connector for Exchange ActiveSync filter. The triggers are based on the presence of a policy violation or property setting. The connector filters work by analyzing a device for a given policy violation or property setting. If the device meets the criteria, the device is placed in a Device List. This Device List is not an allow list or a block list. It is a list of devices that meets the criteria defined. The following configuration options enable you to define whether you want to allow or deny the devices in the Device List by using the connector.

Note:

You must use the XenMobile console to configure dynamic rules.

1. In the XenMobile console, click the gear icon in the upper-right corner. TheSettingspage appears.

2. Under服务器, clickActiveSync Gateway. The ActiveSync Gateway page appears.

3. InActivate the following rules, select one or more rules you want to activate.

4. In Android-only, inSend Android domain users to ActiveSync Gateway, clickYESto ensure that XenMobile sends Android device information to the Secure Mobile Gateway.

   When this option is enabled, XenMobile sends Android device information to the Citrix Gateway connector for Exchange ActiveSync when XenMobile does not have the ActiveSync identifier for the Android device user.

To configure custom policies by editing the Citrix Gateway connector for Exchange ActiveSync XML file

You can view the basic policies in the default configuration on thePoliciestab of the Citrix Gateway connector for Exchange ActiveSync configuration utility. If you want to create custom policies, you can edit the connector XML configuration file (config\config.xml).

1. Find thePolicyListsection in the file and then add a newPolicyelement.
2. If a new group is also required, such as another static group or a group to support another GCP, add the newGroupelement to theGroupListsection.
3. Optionally, you can change the ordering of groups within an existing policy by rearranging theGroupRefelements.

Configuring the Citrix Gateway connector for Exchange ActiveSync XML file

Citrix网关交换ActiveSy连接器nc uses an XML configuration file to dictate the actions of the connector. Among other entries, the file specifies the group files and associated actions the filter take when evaluating HTTP requests. By default, the file is named config.xml and can be found at the following location: ..\Program Files\Citrix\XenMobile Citrix ADC Connector\config.

GroupRef Nodes

的GroupRef nodes define the logical group names. The defaults are AllowGroup and DenyGroup.

Note:

GroupRef节点的顺序出现the GroupRefList node is significant.

的ID value of a GroupRef node identifies a logical container or collection of members that are used for matching specific user accounts or devices. The action attributes specify how the filter treats a member that matches a rule in the collection. For example, a user account or device that matches a rule in the AllowGroup set will “pass.” To pass means to be allowed to access the Exchange CAS. A user account or device that matches a rule in the DenyGroup set is “rejected.” Rejected means not to be allowed to access the Exchange CAS.

When a particular user account/device or combination meets rules in both groups, a precedence convention is used to direct the request’s outcome. Precedence is embodied in the order of the GroupRef nodes in the config.xml file from top to bottom. The GroupRef nodes are ranked in priority order. Rules for a given condition in the Allow group will always take precedence over rules for the same condition in the Deny group.

Group Nodes

Additionally, the config.xml defines Group nodes. These nodes link the logical containers AllowGroup and DenyGroup to external XML files. Entries stored in the external files form the basis of the filter rules.

Note:

In this release, only external XML files are supported.

的default installation implements two XML file in the configuration: allow.xml and deny.xml.

Configuring Citrix Gateway connector for Exchange ActiveSync

You can configure Citrix Gateway connector for Exchange ActiveSync to selectively block or allow ActiveSync requests based on the following properties:Active Sync Service ID,Device type,User Agent(device operating system),Authorized user, andActiveSync Command.

的default configuration supports a combination of static and dynamic groups. You maintain static groups by using the SMG Controller Configuration utility. The static groups may consist of known categories of devices, such as all devices using a given user agent.

An external source called a Gateway Configuration Provider maintains dynamic groups. Citrix Gateway connector for Exchange ActiveSync connects the groups on a periodic basis. XenMobile can export groups of allowed and blocked devices and users to the connector.

Dynamic groups are maintained by an external source called a Gateway Configuration Provider and collected by Citrix Gateway connector for Exchange ActiveSync on a periodic basis. XenMobile can export groups of allowed and blocked devices and users to the connector.

A policy is an ordered list of groups in which each group has an associated action (allow or block) and a list of group members. A policy may have any number of groups. Group ordering within a policy is important because when a match is found the action of the group is taken, and subsequent groups are not evaluated.

A member defines a way to match the properties of a request. It can match a single property, such as device ID, or multiple properties, such as device type and user agent.

Choosing a Security Model for Citrix Gateway connector for Exchange ActiveSync

Establishing a security model is essential to a successful mobile device deployment for organizations of any size. It is common to use protected or quarantined network control to allow access to a user, computer, or device by default. This practice is not always ideal. Every organization that manages IT security may have a slightly different or tailored approach to security for mobile devices.

的same logic applies to mobile device security. Using a permissive model is a weak choice due to the multitude of mobile devices and types, mobile devices per user, and available operating system platforms and apps. In most organizations, the restrictive model will be the most logical choice.

的configuration scenarios that Citrix allows for integrating Citrix Gateway connector for Exchange ActiveSync with XenMobile are as follows:

Permissive Model (Permit Mode)

的permissive security model operates on the premise that everything is either allowed or granted access by default. Only through rules and filtering is something blocked and a restriction applied. The permissive security model is good for organizations that have a relatively loose security concern about mobile devices. The model only applies restrictive controls to deny access where appropriate (when a policy rule is failed).

Restrictive Model (Block Mode)

的restrictive security model is based on the premise that nothing is allowed or granted access by default. Everything passing through the security check point is filtered and inspected, and is denied access unless the rules allowing access are passed. The restrictive security model is good for organizations that have a relatively tight security criterion about mobile devices. The mode only grants access for use and functionality with the network services when all rules to allow access have passed.

Managing Citrix Gateway connector for Exchange ActiveSync

You can use Citrix Gateway connector for Exchange ActiveSync to build access control rules. The rules either allow or block access to ActiveSync connection requests from managed devices. Access is based on device status, app allow or block lists, and other compliance conditions.

By using the Citrix Gateway connector for Exchange ActiveSync configuration utility, you can build dynamic and static rules that enforce corporate email policies, allowing you to block users who are in violation of compliance standards. You can also set up email attachment encryption, so that all attachments that pass through your Exchange Server to managed devices are encrypted and only viewable on managed devices by authorized users.

To uninstall Citrix Gateway connector for Exchange ActiveSync

1. Run XncInstaller.exe with an administrator account.
2. Follow the onscreen instructions to complete the uninstallation.

To install, upgrade, or uninstall Citrix Gateway connector for Exchange ActiveSync

1. Run XncInstaller.exe with an administrator account to install the connector or allow for upgrade or removal of an existing connector.
2. Follow the onscreen instructions to complete the installation, upgrade, or uninstallation.

After you install the connector, you must manually restart the XenMobile configuration service and the notification service.

Installing Citrix Gateway connector for Exchange ActiveSync

You install Citrix Gateway connector for Exchange ActiveSync on its own Windows Server.

的CPU load that the connector puts on a server depends on how many devices are managed. For large numbers of devices (more than 50,000), you may need to provision more than one core if you do not have a clustered environment. The memory footprint of the connector is not significant enough to warrant more memory.

Citrix Gateway connector for Exchange ActiveSync system requirements

Citrix Gateway connector for Exchange ActiveSync communicates with Citrix ADC over an SSL bridge configured on the Citrix ADC appliance. The bridge enables the appliance to bridge all secure traffic directly to XenMobile. The connector requires the following minimum system configuration:

Component	Requirement
Computer and processor	733 MHz Pentium III 733 MHz or higher processor. 2.0 GHz Pentium III or higher processor (recommended)
Citrix ADC	Citrix ADC appliance with software version 10
内存	1 GB
Hard disk	NTFS-formatted local partition with 150 MB of available hard-disk space
Operating system	Windows Server 2016, Windows Server 2012 R2, or Windows Server 2008 R2 Service Pack 1. Must be an English-based server. Support for Windows Server 2008 R2 Service Pack 1 ends on January 14, 2020.
Other devices	Network adapter compatible with the host operating system for communication with the internal network
Microsoft .NET Framework	Version 8.5.1.11 requires Microsoft .NET Framework 4.5.
Display	VGA or higher-resolution monitor

的host computer for Citrix Gateway connector for Exchange ActiveSync requires the following minimum available hard disk space:

• Application:10–15 MB (100 MB recommended)
• Logging:1 GB (20 GB recommended)

For information about platform support for Citrix Gateway connector for Exchange ActiveSync, seeSupported device operating systems.

Device email clients

Not all email clients consistently return the same ActiveSync ID for a device. Because Citrix Gateway connector for Exchange ActiveSync expects a unique ActiveSync ID for each device, the following is true: Only email clients that consistently generate the same, unique ActiveSync ID for each device are supported. Citrix has tested these email clients and the clients have performed without errors:

• Samsung native email client
• iOS native email client

Deploying Citrix Gateway connector for Exchange ActiveSync

Citrix Gateway connector for Exchange ActiveSync enables you to use Citrix ADC to proxy and load balance XenMobile Server communication with XenMobile managed devices. The connector communicates periodically with XenMobile to synchronize policies. The connector and XenMobile can be clustered, together or independently, and can be load-balanced by Citrix ADC.

Citrix Gateway connector for Exchange ActiveSync components

• Citrix Gateway connector for Exchange ActiveSync service:This service provides a REST web service interface that can be invoked by Citrix ADC to determine if an ActiveSync request from a device is authorized.
• XenMobile configuration service:This service communicates with XenMobile to synchronize XenMobile policy changes with the connector.
• XenMobile notification service:This service sends notifications of unauthorized device access to XenMobile. In this way, XenMobile can take appropriate measures, such as notifying the user why the device was blocked.
• Citrix Gateway connector for Exchange ActiveSync configuration utility:这个应用程序允许管理员进行gure and monitor the connector.

设置监听地址Citrix网关connector for Exchange ActiveSync

For Citrix Gateway connector for Exchange ActiveSync to receive requests from Citrix ADC to authorize ActiveSync traffic, do the following. Specify the port on which the connector listens to Citrix ADC web service calls.

1. From theStartmenu, select the Citrix Gateway connector for Exchange ActiveSync configuration utility.
2. Click theWeb Servicetab and then type the listening addresses for the connector web service. You can selectHTTPorHTTPSor both. If the connector is co-resident with XenMobile (installed on the same server), select port values that do not conflict with XenMobile.
3. After the values are configured, clickSaveand then clickStart Serviceto start the web service.

To configure device access control policies in Citrix Gateway connector for Exchange ActiveSync

To configure the access control policy you want to apply to your managed devices, do the following:

1. In the Citrix Gateway connector for Exchange ActiveSync configuration utility, click thePath Filterstab.
2. Select the first row,Microsoft-Server-ActiveSync is for ActiveSyncand then clickEdit.
3. From thePolicylist, select the desired policy. For a policy that is inclusive of XenMobile policies, selectStatic + ZDM: Permit Mode or Static + ZDM: Block Mode. These policies combine local (or, static) rules with the rules from XenMobile. Permit Mode means that all devices not explicitly identified by the rules are permitted access to ActiveSync. Block Mode means that such devices are blocked.
4. After setting the policies, clickSave.

To configure communication with XenMobile

Specify the name and properties of the XenMobile Server (also known as a Config Provider) that you want to use with Citrix Gateway connector for Exchange ActiveSync and Citrix ADC.

Note:

This task assumes that you have already installed and configured XenMobile.

1. In the Citrix Gateway connector for Exchange ActiveSync configuration utility, click theConfig Providerstab and then clickAdd.
2. Enter the name and URL of the XenMobile Server you are using in this deployment. If you have multiple XenMobile Servers deployed in a multitenant deployment, this name must be unique for each server instance. For example, forName, you could typeXMS.
3. InUrl, enter the Web address of the XenMobile GlobalConfig Provider (GCP), typically in the formathttps:////services/. TheMagConfigServicename is case-sensitive.
4. InPassword, enter the password that will be used for basic HTTP authorization with the XenMobile web server.
5. InManaging Host, enter the server name where you installed Citrix Gateway connector for Exchange ActiveSync.
6. InBaseline Interval, specify a time period for when a new refreshed dynamic ruleset is pulled from XenMobile.
7. InRequest Timeout, specify the server request timeout interval.
8. InConfig Provider, select if the config provider server instance is providing the policy configuration.
9. InEvents Enabled, enable this option if you want Secure Mobile Gateway to notify XenMobile when a device is blocked. This option is required if you are using Secure Mobile Gateway rules in any of your Device Manager Automated Actions.
10. After configuring the server, clickTest Connectivityto test the connection to XenMobile.
11. When connectivity has been established, clickSave.

Deploying Citrix Gateway connector for Exchange ActiveSync for redundancy and scalability

如果你想扩展Citrix网关连接器for Exchange ActiveSync and XenMobile deployment, you can install instances of the connector on multiple Windows Servers, all pointing to the same XenMobile instance, and then you can use Citrix ADC to load balance the servers.

的re are two modes for the Citrix Gateway connector for Exchange ActiveSync configuration:

• In non-shared mode, each Citrix Gateway connector for Exchange ActiveSync instance communicates with a XenMobile Server and keeps its own private copy of the resulting policy. For example, if you had a cluster of XenMobile Servers, you could run a connector instance on each XenMobile Server and the connector would get policies from the local XenMobile instance.
• In shared mode, one connector node is designated the primary node and it communicates with XenMobile. The resulting configuration is shared among the other nodes either by a Windows network share or by Windows (or third-party) replication.

在一个整个连接器配置folder (consisting of a few XML files). The connector process detects changes to any file in this folder and automatically reloads the configuration. There is no failover for the primary node in shared mode. But the system can tolerate the primary server being down for a few minutes (for example, to restart) because the last known good configuration is cached in the connector process.