Accelerate your mobile strategy with XenMobile€¦ · 2016 Source: Forrester's Global Business...
Transcript of Accelerate your mobile strategy with XenMobile€¦ · 2016 Source: Forrester's Global Business...
Accelerate your mobile strategy with XenMobile
Introduction
Jeroen J.V Lebon – Pre-Sales Engineer Mobility
@jjvlebon https://nl.linkedin.com/in/jeroenlebon
“Strategy & Direction”
Strategy & Direction
App Management
Device Management
Data Management
Productivity and Collaboration Netw
ork Security G
ateway
MD
M to
EM
MIn
crea
sing
Diff
eren
tiatio
n
Strategy & Direction
Security Experience Flexibility
Delightful, on-demand,
seamless & intuitive
Protect what matters – data, apps & usage
Design for change – any app, any
device, any cloud
Mobile is the new desktop
Devices Used For WorkGlobal Information Workers, 2013 - 2016
Which of the following devices do you use for work?
85%
72%
30%27%
58%
83%
72%
36%
23%
65%
57%
88%
29%32%
70%
16%
79%75%
43%
36%
72%
31%
Desktop computer Laptop/notebook computer Tablet A regular mobile phone Smartphone Purpose-specific mobileconnected device
2013 2014 2015 2016
Source: Forrester's Global Business Technographics Telecommunications and Mobility Workforce Survey, 2016, 2015, 2014, 2013
Base: N=7342 (2016) 7238 (2015) N=7032 (2014) N=5116 (2013) Information workers
Mobile devices are on the rise within all information workers
Apps are designed for mobile devices first (Frameworks)
The way of how apps are installed change (Public Store/Enterprise Store)
Processing Power of Devices (Mobile and Flexible)
Mobile Office add-ons (Enhanced small form factors) like keyboard and mouse, Microsoft Continuum/Display Dock, HP X3 Elite, Citrix Mouse transform you’re device to a productive desktop
Users expect a mobile native experience (Generation Change)
XenMobile Components
EMMEnterprise Mobility Management
Productivity and Collaboration
Data Management
Device Management
App Management
Network
XenMobile
Feature rich MDM with freedom of choice
Productivity and Collaboration
Data Management
App Management
Device Management
Network
Mobile Device Management
Automated Device Compliance
ComplianceEngine
Initiate compliance actions based on a variety of triggers
Lock device
Modify policy set
Block network access
Selective wipe
Full wipe
Revoke
Send notification
Set out of compliance
Passcode policy
AD changes to user
Jailbroken device
Unmanaged device
Data Roaming
Geo-fencing
App Blacklist
App Whitelist
Mac OSX Management
MDM Enroll Mac OSX Devices
Enrollment of OS X 10.10 (Yosemite) and 10.11(El Capitan) devicesPolicies include:
• Wi-Fi profile• VPN profile• Mail profile• LDAP profile• Fonts profile• Contacts profile• Calendar profile• Airplay profile
• SCEP profile• Certificates profile• OS X restrictions profile• Web Clip profile• Passcode profile• Exchange profile• New El Capitan restrictions• Import pre-created profile
Windows 10 Management
MDM Enroll Windows 10 Devices
Windows 10 MDM on XenMobile 10Same policies supported on XenMobile 9 available today
• Enrollment of Windows 10 devices (Desktop, Tablet, Phone)• Support for MDM server AutoDiscovery• Support for Azure AD based enrollment: the company can enforce the enrollment of those devices• Support Terms & Conditions approval during enrollment• Hardware & Software inventory• Backward compatibility with Win8.1/WP8.1 policies• Wi-Fi and VPN configuration wizards• Certificates distribution (Root, CA), and SCEP (Wifi only) for user certificates.• Health Attestation: Retrieve security related device properties. Can be used in deployment rules, automated actions,…• Custom MDM Configuration import
iOS Enhancements
iOS9 Management
• Set Device Name (IT)• Set Wallpaper policy (IT)• MDX Apps in Apple B2B
Store• Request Mirroring/Stop
Mirroring (AirPlay)• Authorized DEP Enrollments
(End-user Creds)• Worx Home push after DEP
w/out additional auth
Pre-iOS 9/Generic Apple iOS 9
• DEP Support – Block device during “set-up”
• Network Usage Rules (Roaming for managed apps)
• Reassign app from unmanaged to managed (IT)
• VPP/B2B – XenMobile can deploy apps to devices rather than users (No iTunes account required)
• 12 new restrictions
Android Management
Android 6 MDM Policies
• General Android Enhancements• XenMobile Server distribution of WorxHome closed
environments• Voice and SMS capability reporting through hardware inventory• Google Cloud Messaging Support• HTC device policies
• Continued integration and support for AfW• Device Owner Mode (Corporate-issued)• SAML cert for Android for Work without requiring server restart• Support for pre-Android L devices
Samsung Knox Management
Samsung Knox Policies
• XenMobile MDX integration with KNOX-enabled devices• Encryption policy – Add fast encryption option (only encrypts used
memory)Restrictions:
• Allow firmware recovery• Allow development mode• Allow Certificate Revocation Check• Allow Set emergency call only• Restrict camera in KNOX container• Allow unknown sources• ODE Trusted boot verification
VPN Policy:
• KNOX SSL per-app VPN• Android legacy VPN allow/disallow• KNOX SSL Container VPN• KNOX IPSec Per-app VPN• Certificate Based Auth for SSL VPN
Mobile Application Management
Secure and manage mobile applications simply and easily
Productivity and Collaboration
Data Management
App Management
Device Management
Network
• Secure app containers
• Inter-app controls
• On-demand micro VPN
• Conditional access policies
• App lock and wipe
Enterprise Ready Apps with Worx App SDK
• Simple and powerful SDK • Enabled through a single line of code • Apps can be wrapped post-development• Controls add:
• Data encryption• 2 factor authentication• Secure lock and wipe• Inter-app policies• Geo-fencing• SSO• App level passwords• Network access / WiFi
Micro-VPN provides seamless user experience
Worx App Gallery - the industry’s largest ecosystem of apps built for business
“MAM Only in a BYOD Scenario”
When to Use MAM Only?
Leads to increase in Mobile Application Management (MAM)
compared to MDM
MDMNo
separation
MAM
Separation of personal &
company data
More companies adopting BYOD
MDM First vs MAM Only
Does not require MDM nor O.S. and device security policies
Not limited by O.S. & device
MAM
MDM
MAM Only
MAM
MDM First (Appconfig)
Why MAM Only?
MAM Only
Leverage MDX
Stronger VPN
Better BYOD
Better then Native email
MAM Only the Better App Security
MAM Only MDM First
More security controls (not limited by OS/device)
Strong encryption - AES 256 FIPS compliant
Lower risk (e.g. if device compromised, app still encrypted)
Fewer security controls (limited by O.S./device)
Some devices do not include encryption
Higher risk (if device compromised, app data is exposed
MAM Only the Stronger VPN Security
MAM Only MDM First
Micro-app VPN creates a uniqueNetScaler VPN tunnel for each app – more secure and manageable
Per app VPN – all apps use the same VPN tunnel
Requires 3rd party VPN solution
Higher risk even a compromised app can use same tunnel to access network
MAM Only the Better Corporate E-mail
MAM Only MDM First
Secure Mail delivers business features
MDX Framework delivers enterprise productivity, security and flexibility
Native email less secure (limited by device/O.S. controls)
Fewer business features
MAM Unique Selling Points
MAM Only
• Shared devices for WorxMail, WorxWeb and ShareFile• Self destruct after X Days of inactivity• GEO fencing for MAM• Certificate Based Authentication for MAM Only
With MAM Only, Privacy, User eXperience,
Choice and Security Matters.
Enterprise File Sharing
EMM is more than just checking your email
Productivity and Collaboration
Data Management
App Management
Device Management
Network
70%of employees are using personal online file sharing accounts without IT approval
Source: ESG Research Report, Online File Sharing and Collaboration: Security Challenges and Requirements
Users DemandInstant access from any deviceFile sharing with anyoneEasy and familiar user experience
IT RequiresSecurityControl No data leakage
ShareFile – Solves this “DropBox” Problem
Provided by ShareFile
• Poison Pill• Require password• Data retention• Encrypt files at rest• Passcode lock• Device lock• Jail-break detection• Remote wipe• Wipe status and auditing• Disable external applications• Secure sharing• Network IP restrictions• Session inactivity timeout
Provided by MDX Wrapping
• Constrain clipboard cut and copy• Constrain clipboard paste• Constrain external applications• Constrain URL Schemes• Block camera• Block microphone• Block screen capture• Block email compose• Disable print• Require Citrix Worx Home authentication• Define maximum offline period• Require regular re-authentication• Wipe data after security event
Keep business information safe on any device• Mobile “Data Loss Prevention Controls” with XenMobile
• Online access only• Constrain Wi-Fi networks• Require internal network• Constrain network access• App update grace period• Require device encryption• Require device pattern screen
lock
StorageZone Connectors
ShareFile Databases
Sharefile.com Sharefile.eu
FileTransfer
LoginApplication Tier• Web Application• Reporting
MANAGED BY
CUSTOMER-MANAGED
StorageZones• Existing network shares• SharePoint 2010, 2013• Office 365 (SharePoint Online &
OneDrive for Business)• Other systems via
SDK partners
StorageZone Controllers On-Premises
Network shares
SharePoint
OtherECM
Office365
Productivity Apps
Experience productivity throughapplication integration
Productivity and Collaboration
Data Management
App Management
Device Management
Network
ShareConnect
Desktop-like productivity Citrix-owned / MDX-enabled
Citrix for Salesforce
New Apps coming soon !
Windows 10 Universal Apps
Native AppsSecureMail, SecureWeb & ShareFile Universal Apps
Windows 10 EDP/WIPEncryption & Inter-app restrictions
*MAM-only mode not supported – requires MDM
MDX Layer* “Limited” MDX for:• MicroVPN• STA & max offline
timer settings• App specific policies
and settings like S/MIME
Windows 10 Universal Apps
Windows 10 Live Tiles
Windows 10 Universal Apps
“ Mobilize your business processes”SecureForms
Mobilization with SecureForms
Accelerate Time“Any process that involves paper
takes to long to complete”
Do the ImpossibleGeo-location for compliance
Fast, Easy, SecureEmpower LOB & System Admins.
No coding
XenMobile security + ShareFile automation
SecureForms Components and Flow
Compose and publish
Use and submit from mobile device
A
B
Securely save to ShareFile
C
Optionally connect to back-end via Web Services
SecureForms Components and Flow
WorxForms ComposerCreate form templates and workflow rules
WorxForms Mobile App Capture structured data
Records Management
System
Data StoreStructured Json, XML, CSVArchive and Search
IntegrationConnect to existing systems
ETL – BI Tools
ShareFile
SharePoint
Web Service
SMTP Service
“Secure Mobile Lync Client”SecureChat
SecureChat – Secure messaging client
• 1:1 Chat, Group Chat • Push Notifications
• No VOIP dependency - optimal battery performance
• Always ‘On’ approach for SecureChat users• Off-Work Mode – Any messages sent will be
delivered later• Integrated Workflows, MDX and Micro VPN
• Presence in WorxMail, etc• Netscaler Gateway in data path• MDX policies
• Leverage existing Lync infrastructure
Secure messaging client
MDX wrapped appfrom Cisco
Securing the mobile network while adding value and scalability
Productivity and Collaboration
Data Management
App Management
Device Management
Network
Secure Mobile Gateway
NetScaler – Secure Mobile GatewayNetScaler excellence in the areas of scalability, performance and security
Scalability: 100,000 concurrent mobile users
Performance: 4.8 times faster than the competition*
Security: Per App micro-VPN, application firewall, SSL offload, DDoS, and ActiveSync mail filtering
Secure Mobile
Gateway
XenMobile
Data
DMZ InternalExternal
Apps
Web
Mobile Gateway
Competition
NetScaler provides MOREbusiness value!
Mobile Gateway
L4-7 Load Balancing
SSL VPN
Application Firewall
App Caching
TCO
“XenMobile Good to Know”
XenMobile Good to Know
Exact CRM for CITRIX XenMobile now available!
http://blogs.exact.com/products/2016/01/exact-crm-for-citrix-now-available
https://citrixready.citrix.com/search.html?search=exact&_charset_=utf-8&category=c1-works-mobile-apps&lang=en_us&sortby=product-asc
XenMobile Good to Know
XenMobile Enterprise Mobile Threat Defense integration with SkyCure
Continuity & Resilience
SkyCure for Citrix harnesses predictive intelligence, machine learning.
Mobile Threat Intelligence
SkyCure for Citrix adds real-time visibility to XenMobile
Optimized User Experience
SkyCure for Citrix stop access to sensitive information—and then automatically remediate the problem
https://www.skycure.com/skycure-for-citrix/
WORK BETTER. LIVE BETTER.
Thank You