Apps 编辑

Enterprise Mobility Management (EMM) segments into Mobile Device Management (MDM) and Mobile Application Management (MAM). While MDM enables organizations to secure and control mobile devices, MAM facilitates application delivery and management. To support BYOD adoption, you can typically implement a MAM solution, such as XenMobile, to assist with the following:

  • application delivery
  • software licensing
  • configuration
  • application life cycle management

You can require or allow users to also opt into MDM management.

With XenMobile, you can go a step further to secure these apps by configuring specific MAM policies and VPN settings to prevent data leak and other security threats. XenMobile provides organizations with the flexibility to deploy their solution as a:

  • MAM-only environment
  • MDM-only environment
  • Unified XenMobile Enterprise environment that provides both MDM and MAM functionality

In addition to the ability to deliver apps to mobile devices, XenMobile offers app containerization through MDX technology. The apps are subject to granular policy-based controls. Independent software vendors (ISVs) can apply these controls using the Mobile Apps SDK.

In a corporate environment, users use various mobile apps to aid in their job role. The apps can include apps from the public app store, in-house developed apps, or native apps. XenMobile categorizes these apps as follows:

  • Public apps: These apps include free or paid apps available in a public app store, such as the Apple App Store or Google Play. Vendors outside of the organization often make their apps available in public app stores. This option lets their customers download the apps directly from the Internet. You might use numerous public apps in your organization depending on users’ needs. Examples of such apps include GoToMeeting, Salesforce, and EpicCare apps.

    • If you use the MAM SDK: Obtain the app binaries from your app vendor. Then, integrate the MAM SDK into the app.

    • If you use the MDX Toolkit: Citrix does not support downloading app binaries directly from public app stores, and then wrapping them with the MDX Toolkit for enterprise distribution. To wrap third-party applications, work with your app vendor to obtain the app binaries. You can then wrap the binaries by using the MDX Toolkit.

  • In-house apps: Many organizations have in-house developers who create apps that provide specific functionality and are independently developed and distributed within the organization. In certain cases, some organizations might also have apps that ISVs provide. You can deploy such apps as native apps or you can containerize the apps by using a MAM solution, such as XenMobile.

    For example, a healthcare organization might create an in-house app that allows physicians to view patient information on mobile devices. An organization can then secure patient information and enable VPN access to the patient database by using one of the following:

    • MAM SDK
    • MDX Toolkit
  • Web and SaaS apps: These apps include apps accessed from an internal network (web apps) or over a public network (SaaS). XenMobile also allows you to create custom web and SaaS apps using a list of app connectors. These app connectors can facilitate single sign-on (SSO) to existing Web apps. For details, see App connector types. For example, you can use Google Apps SAML for SSO based on Security Assertion Markup Language (SAML) to Google Apps.
  • Mobile productivity apps: Mobile productivity apps are Citrix-developed apps that are included with the XenMobile license. For details, see About mobile productivity apps. Citrix also offers other business-ready apps that ISVs develop by using the Mobile Apps SDK.
  • HDX apps: HDX apps are Windows-hosted apps that you publish with StoreFront. If you use Citrix Virtual Apps and Desktops and Citrix Workspace, HDX apps are available to enrolled users.

Depending on the type of mobile apps you plan to deploy and manage with XenMobile, the underlying configuration might differ. For example, multiple groups of users with different level of permissions might consume a single app. In that case you can create separate delivery groups to deploy two separate versions of the same app. In addition, you must make sure that the user group membership is mutually exclusive to avoid policy mismatches on users’ devices.

You can also manage iOS application licensing by using Apple volume purchase. This option requires you to register for the volume purchase program and configure the volume purchase settings in the XenMobile console. That configuration allows you to distribute the apps with the volume purchase licenses. Various use cases make it important to assess and plan your MAM strategy before implementing the XenMobile environment. You can start planning your MAM strategy by defining the following:

  • Types of apps: List the different types of apps that you plan to support and categorize them, such as public, native, Web, in-house, or ISV apps. Also, categorize the apps for different device platforms, such as iOS and Android. This categorization helps with aligning the various XenMobile settings that are required for each type of app. For example, a few apps might require use of the Mobile Apps SDK to enable special APIs for interaction with other apps.
  • Network requirements: Configure the settings of apps that have specific network access requirements. For example, certain apps might need access to your internal network through the VPN. Some apps might require Internet access to route access via the DMZ. To allow such apps to connect to the required network, you must configure various settings accordingly. Defining per-app network requirements help in finalizing your architectural decisions early on, which streamlines the overall implementation process.
  • Security requirements: You can define security requirements to apply to either individual apps or all apps.

    • Settings, such as the MDX policies, apply to individual apps
    • Session and authentication settings apply across all apps
    • Some apps might have specific containerization, MDX, authentication, geofencing, passcode, or data sharing requirements

    Outline those requirements in advance to simplify your deployment. For details on security in Endpoint Management, see Security and User Experience.

  • Deployment requirements - You may want to use a policy-based deployment to allow only compliant users to download the published apps. For example, certain apps might require that the device is managed, or that the device meets a minimum operating system version. You may also want certain apps to be available only to corporate users. Outline such requirements in advance so that you can configure the appropriate deployment rules or actions.
  • Licensing requirements: Keep a record of the app-related licensing requirements. Your notes can help you manage license usage effectively and decide whether to configure specific features in XenMobile to facilitate licensing. For example, if you deploy a free or paid iOS app, Apple enforces licensing requirements on the app. As a result, users must sign in to their Apple App Store account.

    However, you can register for Apple volume purchase to distribute and manage these apps by using XenMobile. Volume purchase allows users to download the apps without having to sign into their Apple App Store account.

    Some platforms, such as Samsung SAFE and Samsung Knox, have special licensing requirements to complete before deploying those features.

  • Allow list and block list requirements: You might identify apps that you do not want users to install or use. Creating a block list defines an out of compliance event. You can then set up policies to trigger when the event occurs. On the other hand, an app might be acceptable for use but can fall under the block list for some reason. In that case, you can add the app to an allow list and indicate that the app is acceptable to use but is not required. Also, keep in mind that the apps pre-installed on new devices can include some commonly used apps that are not part of the operating system. Such apps can conflict with your block list strategy.

Use Case

A healthcare organization plans to deploy XenMobile to serve as a MAM solution for their mobile apps. Mobile apps are delivered to corporate and BYOD users. IT decides to deliver and manage the following apps:

Mobile productivity apps: iOS and Android apps provided by Citrix. For details, see mobile productivity apps.

Citrix Secure Hub: Client used by all mobile devices to communicate with XenMobile. You push security settings, configurations, and mobile apps to mobile devices by using Secure Hub. Android and iOS devices enroll in XenMobile through Secure Hub.

Citrix Receiver: Mobile app that allows mobile device users to open applications hosted by Citrix Virtual Apps.

GoToMeeting: An online meeting, desktop sharing, and video conferencing client that lets users meet with other computer users, customers, clients, or colleagues via the Internet in real time.

SalesForce1: Salesforce1 lets users access Salesforce from mobile devices and brings all Chatter, CRM, custom apps, and business processes together in a unified experience for any Salesforce user.

RSA SecurID: Software-based token for two-factor authentication.

EpicCare apps: These apps give healthcare practitioners a secure and portable access to patient charts, patient lists, schedules, and messaging.

Haiku: Mobile app for the iPhone and Android phones.

Canto: Mobile app for the iPad

Rover: Mobile apps for iPhone and iPad.

HDX: Citrix Virtual Apps delivers HDX apps.

  • Epic Hyperspace: Epic client application for electronic health record management.

ISV:

  • Vocera: HIPAA compliant voice-over IP and messaging mobile app that extends the benefits of Vocera voice technology anytime, anywhere via iPhone and Android smartphones.

In-house apps:

  • HCMail: App that helps compose encrypted messages, search address books on internal mail servers, and send the encrypted messages to the contacts using an email client.

In-house web apps:

  • PatientRounding: Web application used to record patient health information by different departments.
  • Outlook Web Access: Allows the access of email via a web browser.
  • SharePoint: Used for organization-wide file and data sharing.

The following table lists the basic information required for MAM configuration.

     
App NameApp TypeMAM SDK integration or MDX WrappingiOSAndroid
Secure MailXenMobile AppNo for version 10.4.1 and laterYesYes
Secure WebXenMobile AppNo for version 10.4.1 and laterYesYes
Citrix FilesXenMobile AppNo for version 10.4.1 and laterYesYes
Secure HubPublic AppN/AYesYes
Citrix ReceiverPublic AppN/AYesYes
GoToMeetingPublic AppN/AYesYes
SalesForce1Public AppN/AYesYes
RSA SecurIDPublic AppN/AYesYes
Epic HaikuPublic AppN/AYesYes
Epic CantoPublic AppN/AYesNo
Epic RoverPublic AppN/AYesNo
Epic HyperspaceHDX AppN/AYesYes
VoceraISV AppYesYesYes
HCMailIn-House AppYesYesYes
PatientRoundingWeb AppN/AYesYes
Outlook Web AccessWeb AppN/AYesYes
SharePointWeb AppN/AYesYes

The following table lists specific requirements that you can consult configuring MAM policies in XenMobile.

App NameVPN RequiredInteraction (with apps outside of container)Interaction (from apps outside of container)Proxy FilteringLicensingGeo-fencingMobile Apps SDKMinimum Operating System Version
Secure MailYSelectively AllowedAllowedRequiredN/ASelectively RequiredN/AEnforced
Secure WebYAllowedAllowedRequiredN/ANot requiredN/AEnforced
Citrix FilesYAllowedAllowedRequiredN/ANot requiredN/AEnforced
Secure HubYN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
Citrix ReceiverYN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
GoToMeetingNN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
SalesForce1NN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
RSA SecurIDNN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
Epic HaikuYN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
Epic CantoYN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
Epic RoverYN/AN/ANot requiredVolume purchaseNot requiredN/ANot enforced
Epic HyperspaceYN/AN/ANot requiredN/ANot requiredN/ANot enforced
VoceraYBlockedBlockedRequiredN/ARequiredRequiredEnforced
HCMailYBlockedBlockedRequiredN/ARequiredRequiredEnforced
PatientRound-ingYN/AN/ARequiredN/ANot requiredN/ANot enforced
Outlook Web AccessYN/AN/ARequiredN/ANot requiredN/ANot enforced
SharePointYN/AN/ARequiredN/ANot requiredN/ANot enforced

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:13 次

字数:19560

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文