Push notifications for Secure Mail 编辑

Secure Mail for iOS and Secure Mail for Android can receive notifications about email and calendar activity when the app is running in the background or is closed. Secure Mail for iOS supports notifications provided through Remote Push Notifications provided through the Apple Push Notification service (APNs). Secure Mail for Android supports notifications provided through the Firebase Cloud Messaging service (FCM).

How push notifications work

To provide push notifications for iOS and Android, Citrix hosts a listener service on Amazon Web Services (AWS) to perform the following functions:

• Listen for Exchange Web Services (EWS) push notifications sent by Exchange Servers when there is Inbox activity. Exchange does not send any mail content to the Citrix service.

  No personally identifiable information is stored by the Citrix service. Instead, a device token and subscription ID identifies the specific device and Inbox folder to be updated within Secure Mail.

• Send APNs notifications, containing only badge counts, to Secure Mail on iOS devices.

• Send FCM notifications to Secure Mail on Android devices.

The Citrix listener service does not impact mail data traffic, which continues to flow between user devices and Exchange Servers through ActiveSync. The listener service, which is configured for high availability and disaster recovery, is available in three regions:

• Americas
• Europe, Middle East and Africa (EMEA)
• Asia Pacific (APAC)

System requirements for push notifications

If your Citrix Gateway configuration includes Secure Ticket Authority (STA) and split tunneling is off, Citrix Gateway must allow traffic (when tunneled from Secure Mail) to the following Citrix listener service URLs:

Configuring Secure Mail for push notifications

To set up Apple Push Notifications or FCM for Secure Mail for app store distribution, in the Endpoint Management console, set Push notifications to ON and then select your region. The following figure shows the setting for iOS.

For Android, the following figure shows the same Push notification setting as for iOS. In addition, if the EWS is hosted in a different region from where the mail server resides, complete the EWS HostName setting. The default setting is empty. If you leave the setting empty, Endpoint Management uses the host name of the mail server.

Configure Exchange and Citrix ADC to allow traffic to flow to the listener service.

Exchange Server configuration

Allow outbound SSL (over port 443) from your firewall to the Citrix listener service URL for the region where your Exchange Server is located. For example:

If you have a proxy server between Exchange Web Services (EWS) and the Citrix listener device, you can do one of the following.

• Send EWS traffic through the proxy and then on to the listener device.
• Bypass the proxy and route EWS traffic to the listener device directly.

To send EWS traffic through the proxy server, configure the EWS web.config file in the ClientAccess\exchweb\ews folder, as follows.

<configuration>
<system.net>
<defaultProxy>
<proxy usesystemdefault="true" bypassonlocal="true" />
</defaultProxy>
</system.net>
</configuration>