XenMobile and ShareFile

Jaan Feldmann Sergei Sokolov

Magic Quadrant for Mobile Device Management Software

How Mobile Feels Today

User Needs
Freedom to access all their apps and data from any of their devices

For Enterprise IT, mobile presents big challenges

IT Needs
to meet security and compliance requirements

But the needs of users and IT must be balanced

The problem: Solving this requires more than one tool.

IT Needs
to meet security A complete and compliance set of tools requirements

Complete EMM

Solution to
Mobilize Your

Business

The Mobile Solutions Bundle

A complete stack for

managing and
securing apps, data, and devices

App Management

Data Management

Device Management

5 Key Features
Enterprise MDM Secure email, browser and data sharing Mobile app containers Unified app store Identity management, SSO and scenariobased access control

Enterprise Grade MDM

Give users device choice whether corporate issued or BYO

Manage the device throughout lifecycle

Sandboxed Mail, Docs, and Browser

Mail

Docs

Browser

combined with a great user experience.

Users can access the apps they love

MDX Access MDX Vault MDX Interapp

IT meets compliance requirements

Disable Camera

Data protection settings that allow IT to take a granular, yet measured approach

Disable Open-In Disable iCloud use Disable Copy/Paste

Disable sending email

Disable sending SMS Disable printing Restrict outbound URL Encrypt app and data

Any app. Any device. Emphasis on ANY.

Unified App Store
Available on 3B+ devices Mobile apps native on device

Windows, datacenter and web apps delivered via Receiver

Any device smartphone, tablet, PC and Mac

Identity Management, SSO, and Scenario-based Access

Simple access for users Simple provisioning, revocation, and control for IT

The Mobile Solutions Bundle

Business Apps
App Management
Productivity and Collaboration

App Management

Secure Mail

Data Management

Device Management

Deployment Mobile First Adoption

XenMobile MDM Edition

Mobile Device Management

Complete Mobility Infrastructure Apps, Data, and Devices

XM ActiveSync Controller
Native Mail Encryption

TMG

MDM Client
XM Device Manager

Mobile Device Management

DMZ

XenMobile Device Manager

Actively manage policy and configuration for iOS, Android, Windows Mobile/CE and Symbian Deploy and administer mobile applications
Functionality varies by app and platform

Control data access with DLP add-on Receives connections directly from mobile devices Makes connections to:
Database Server (MS SQL Server or Postgres) Directory Server (AD or any other LDAP based system)

XenMobile MDM Pre-requisites

Windows Server (Standard or Enterprise) 2003 64 bit, 2008 64 bit, or 2008 R2 64 bit Service Accounts Installation account must be local admin of server Does not require SQL rights directly Account with database creation permissions in SQL Intended MDM server does not need to be a member of the domain Do not install IIS. Uninstall IIS if it exists on this server External DNS record for the MDM server (ex. Mobile.yourcompany.com) Apple APNS certificate required during the install, obtained using the XenMobile APNS Certificate Setup Guide Java SE 7 Java Cryptography Extension (JCE) files Unlimited Strength Jurisdiction Policy Files copy local_policy.jar and US_export_policy.jar to /Java/jdk1.6.0_x/jre/lib/security Software License

XM MDM Directory Services

Real-time access to LDAP (AD, Domino, etc..) source Can configure multiple connections to multiple servers Supports LDAP and LDAPS with certificate management

Wizard driven configuration

XM MDM Role Based Access Control

Roles can be created as desired
For example, multiple helpdesk tiers, devices managed by business units, etc..

Access is granular by admin function or group

Roles are selected by group

Groups can be defined locally or referenced from AD

Zenprise Security at the Network

Secure Mobile Gateway
Mail ZDM Secure Mobile Gateway

X
2 Rules, Device, User Properties, Applications

3G / 4G
4 Monitored traffic flow 1 Normal traffic flow 3 Blacklisted App Install

5 Block User from Intranet Internal Resources

Block on blacklisted apps, rooted devices, unmanaged devices, user/group

Device Support
Citrix XenMobile MDM allows you to manage the following mobile device platforms: Apple handheld devices (iPhone, iPad) using iOS 5.0 or higher Android handheld devices using 2.2 or higher

Microsoft Windows 8 Phone and Windows 8 Tablet

Windows Mobile and its derivatives, including Smartphone and PocketPC Windows Mobile 5.x or 6.x (PocketPC or Smartphone Edition) Pocket PC 2003 Windows CE 4.x, 5.x or 6.x

BlackBerry handheld devices using BlackBerry OS versions 5.x, 6.x, and 7.x Symbian BB10

Device Functionality Matrix (1 of 4)

Feature
Mobile Dashboard Enhanced Enrollment Modes (OTP, Multifactor, Invitationbased) Windows 8 Windows 8 Phone
--

--

--

--

--

--

Invitation Client Download

Email Attachment Encryption App Lock ('Kiosk Mode') --

----

----

----

----

----

App Tunnels -Mobile SSL VPN ----

Device Functionality Matrix (2 of 4)

Feature
Mobile Windows 8 Windows 8 Phone

Storage Card Encryption Policy Auto discovery Logon

--

---

----

---

--

Automated Actions Notifications Agent Notification Enterprise App Store Locate Device -----------

--

--

----

---

Device Functionality Matrix (3 of 4)

Feature
Mobile Windows 8 Windows 8 Phone

Geo-Tracking, Geo-Fencing Secure SharePoint

--

---------

-------

---

Remote client installation (OTA)

Provisioning of devices & users Hardware Inventory Software Inventory Security Jailbreak detection --

--

--

--

--

Device Functionality Matrix (4 of 4)

Feature
Mobile Windows 8 Windows 8 Phone

Remote Wipe & Lock Software download & install File transfer Device Remote Control Roaming Management Reports (activity & devices inventory) Local device data encryption (option) --

(limited) --------------

--

Policy Types
MDM Policies Device specific configuration and restriction
policies Application Tunnels Automated Actions Server Groups

XenMobile Policies Application access policies (black/white lists) XM SDK enabled app control DLP configuration MyWeb configuration

Lock Screens

The passcode policy is the #1 feature used by our customers Deployed in 62% of instances Common requirements (in order) 1. Have a passcode defined 2. Disallow simple passcodes 3. Set auto-lock time 4. Set maximum password age 5. Set maximum password length

Passcode Policy - iOS

Click on Policies > iOS | Configurations > New Configuration > Passcode to configure a Passcode policy for iOS devices
Configure the settings you wish to apply as your Corporate passcode policy for iOS devices
Note: Turning on a passcode on an iOS device will by default, turn on hardware encryption.

Location Services

This is the #3 most popular policy type Deployed in 39% of instances A location services policy must be pushed to a device in order to track the device or use the geofencing functionality Location services policies only apply to iOS devices currently

Geotracking results
Once enabled, ZDM can store up to 6 hours of movement for each device

XenMobile Mobility Bundle

MDX Technologies & Mobile Application Management

Complete Mobility Infrastructure Apps, Data, and Devices

XM ActiveSync Controller
Native Mail Encryption

TMG

MDM Client
XM Device Manager

Mobile Device Management

Web & SaaS Mobile Apps Secure Data

Receiver

Access Gateway
Netscaler
DMZ

XM AppController

Citrix Mobile App Management

Full support for both personal and corporate usage (BYOD)
Corporate apps and data secure even on employee-owned devices New consumer-driven devices supported immediately

No risk of corporate data loss or compliance exceptions when:

Device is lost or stolen or employee leaves organization Collaboration / file sharing apps used on the device

Governance is built-in
Policies can be updated on hundreds of apps with no requirement to change source code

No requirement for developers to change the way they develop apps or learn mobile security standards

MDX Controller

MDX App Vault

Secure container that enables app and data containment, wipe and lock

MDX Access
Secure access to Intranet resources

MDX InterApp
Trusted application communication fabric

MDXVault
MDX InterApp

Native Mobile Apps

Deny SMS Disable iCloud Disable screenshots Force authentication Block jailbroken device

Citrix Receiver MDX Policies during app wrapping

app private data vault app private data vault

private data

XenMobile

MDXInterapp
MDX InterApp

Citrix Receiver

Open with

Deny access to in-secure applications

private data

XenMobile

MDXAccess
MDX InterApp

Citrix Receiver

private data

MDXAccess
MDX InterApp

Citrix Receiver
SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101

SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101

SaaS Web Mobile Data

Access Gateway C-VPN Mode

private data

XenMobile

Data Containment Preliminary iOS Policies

AppWrapper
Mobile App Wrap tool runs on Mac OS X
Mobile App Wrap tool for Android Beta Available Takes a pre-compiled iOS native application bundle (.IPA) as input Produces repackaged iOS application bundle with Citrix app wrapper logic inserted (.MDX) Recertifies the repacked app with using a customer provided enterprise distribution profile

App Preparation Process

Secure app with App Preparation Tool

Upload app to XenMobile

App available as a secure, managed app

Push App via ZP Client

App is visible on iOS home screen

QuickOffice.ipa

QuickOffice Enterprise

QuickOffice Enterprise

QuickOffice

Me@Work
mobile app family

@WorkWeb
Secure Browsing

@WorkMail
Email, calendar & contacts

ShareFile
Follow-me Data

GoToMeeting
Integrated Collaboration

Podio
Social Team Collaboration

MDX App Vault

MDX InterApp

MDX Policy

Allow Camera

InterApp Sharing
iCloud Backup

Enable DLP
Require Authentication Trusted Network Only Disable printing Restrict outbound URL

24 h

Offline lease period

MDX Policy

Allow Camera Secure app containers

Micro VPN
Lock and wipe Inter-app controls

InterApp Sharing
iCloud Backup

Enable DLP
Require Authentication Trusted Network Only

Conditional access policies Disable printing

Restrict outbound URL

24 h

Offline lease period

@WorkMail

@WorkWeb

Mail, calendar, contacts Enterprise class security Beautiful native experience Full inter-app integration MDX-secured

Secure browser Internal web app access Full inter-app integration Consumer experience MDX-secured

 Secure Exchange connectivity

@WorkMail

No new messaging infrastructure Connected/ disconnected

access
@WorkWeb

Any intranet site access Native browser experience

@Work Mail
Secure email body and attachment Open in control to provide data leak protection NO Exchange server exposure to internet Send email with ShareFile attachments Integrated calendars and Exchange GAL

@WorkMail Mail, calendar, contacts Enterprise class security Beautiful native experience Full inter-app integration MDX-secured

@Work Mail - Topology

Firewall

@WorkMail

Internet

Micro VPN

NetScaler/ Client Access Server (CAS) Access Gateway

@Work Web
iOS and Android device intranet web browsing
Easy accesst to SharePoint, Intranet Portal etc
@WorkWeb

Similar look/ feel as native browser

Safari on iOS; Chrome on Android

Secure browser Internal web app access Full inter-app integration Consumer experience MDX-secured

Single sign-on via NetScaler

Respond to HTTP 401

60

@Work Web - Topology

Firewall

@WorkWeb

Internet

Micro VPN

NetScaler/ Access Gateway

Mobile Application Policies

ShareFile Enterprise

Consumerization of IT
? My Workspace My Device(s) My Apps My Data

Users Demand
Instant file and data access from any device File sharing (with anyone) Easy and familiar (love Dropbox)

IT Wants
Security Control no data leakage (hate Dropbox)

ShareFile Enterprise
Empower users with Instant access to data, synced across all devices
Improve collaboration and productivity through secure file sharing Meet corporate security and compliance standards with a secure service Deliver an enterprise-class service that meets workflow and productivity needs Enable IT to retain control and deliver a managed service Access data wherever its stored, on/off-premises, and existing data platforms

ShareFile Workspaces and ShareFile Sync

ShareFile Workspaces Internal and external sharing Large file support (up to 100 GB) Custom Branding

ShareFile Sync Sync data across all devices Sync user data and team folders Offline Access

Team Folders - File Distribution to Any Device

Latest file versions pushed to user devices

Restrict access to download only

ShareFile Enables Mobile Workstyles

Access, share and sync files from any device
Apps for mobile devices Mobile-optimized ShareFile web site Offline access and editing

Built-in Mobile Content Editor

Automatically sync folder contents for offline editing Offline editing of Microsoft Word, Excel and PowerPoint documents

Mark up PDF documents with text, arrows, shapes and drawings

Restrict use of unauthorized content editing tools

Workflow Integration with Microsoft Outlook

Unclog mail servers
Overcome file size restrictions

Attachment conversion

Better control and visibility Request large files

Windows Explorer and Mac Finder Integration

Plug-ins for Windows Explorer and Mac Finder Integration that provides an intuitive user experience

Choose where your data is stored

ShareFile with StorageZones

Choose where your data is stored Designated zones in public clouds Manage StorageZones on-premises

Citrix-managed StorageZone (AWS)

Customer-managed StorageZone (example)

Optimized for Virtual Desktops

+
On-Demand Sync
Instant access, share and sync Reduce storage costs

Secure by Design

Robust Security Features

Reporting and auditing Secure sharing Device security
Remote wipe

Device lock
Poison pill Passcode lock Encryption through passcode lock Restrict jailbroken devices

Secure Citrix Managed StorageZones

SSAE 16 audited data centers 256 bit SSL Encryption in transit Files stored with AES 256-bit encryption at rest All uploaded files scanned for viruses All ShareFile servers protected by dedicated firewalls All files are backed up and mirrored in real time

Reporting and Audit Trails

Audit trails

ShareFile Architecture

Why StorageZones?

Compliance
Legal compliance with geographic storage requirements Alignment with organizational policies

Performance
Files and folders in closer proximity to users File access performance optimization

Citrix- Managed StorageZones

Control Plane
*.sharefile.com Sharefile.eu.

Client
DB
Windows phone

Web Application Reporting

Authorization

StorageZones
Storage Center (EC2)

Storage centers Backend storage Various locations WW

S3

Customer- Managed StorageZones

Control Plane
*.sharefile.com Sharefile.eu

Client
DB
Windows phone

Web Application Reporting

Authorization
Storage Center (EC2)

StorageZones
Storage Center (Windows IIS) S3

NAS

NAS

Storage centers Backend storage Various locations WW

Customer Datacenter

Using StorageZones
StorageZones can be set on

User Home Folder

Root Folder-level

Using StorageZones
StorageZones can be set on
User Home Folder Root Folder-level

ShareFile StorageZone Connectors

ShareFile Personal Folder ShareFile Team Folder ShareFile Team Folder Existing Network Share SharePoint Doc Library
(coming soon)
Corp Governance
SharePoint Library

86

For Follow-me Data

Light Demo

The Mobile Solutions Bundle

Business Apps
App Management
Productivity and Collaboration

App Management

Secure Mail

Data Management

Device Management

Access Your Apps, Data and Desktops From Any Device

References
http://www.gartner.com/technology/reprints.do?id=1-1FRIMH0&ct=130523&st=sb http://www.pqr.com/downloadformulier http://www.citrix.com/products/xenmobile/try.html?ntref=header_try http://www.sharefile.com

TakeAway
Testige Citrix XenMobile MDM vi XenMobile Enterprise Juunis Juulis Korraldame kohtumise teiega testimiseks ja testitulemuste arutamiseks Kingituseks: Segway sit kahele Tallinna Vanalinnas + Restorani kinkekaart PS: ks kingitus ettevtte kohta

Kohtumiste korraldamiseks vtke palun hendust aadressil: ivika.pukk@atea.ee

Work better. Live better.

Licensing & Pricing On Prem & CSP

Mobile Solutions
Perpetual License Perpetual SW Maintenance* (SA + Support) Annual License Annual SW Maintenance* (SA + Support)

XenMobile MDM Edition User

$105 $24/yr. $45 $10

Mobile Solutions Bundle User

$185 $40/yr. $74 $16

Device
$80 $17/yr $33 $7

CSP Monthly (per calendar month)

$4.81

$3.67

$8.48

* SWM required with perpetual and annual license model

Licensing & Pricing Cloud Hosted

XenMobile MDM Edition
No HA
Hosted 1 year Hosted 2 years Hosted 3 years $67 $121 $151

User HA
$91 $165 $205

Device No HA
$52 $94 $117

HA
$70 $127 $158

NOTE: HA is a customer decision at the time of purchase of the service and cannot be added on

ShareFile Enterprise: SKUs and Pricing

Packaging Options for Citrix-managed StorageZones
Product Name ShareFile Enterprise Annual - 20 GB storage ShareFile Enterprise Annual - 1 GB storage ShareFile Enterprise with 100 GB storage pack Storage Entitlement 20 GB per user 1 GB per user 100GB pooled SRP (Per Year) $198 $100 $1500

Packaging Options for Customer-managed StorageZones (on-premises)

Product Name Storage Entitlement 0 GB per user 0 GB per user SRP (Per Year) $150 $83/per year Software Maintenance (Per Year) $33 N/A
Citrix Confidential Subject to NDA

ShareFile Enterprise Perpetual - 0 GB storage ShareFile Enterprise Annual - 0 GB storage