課件文稿cc-p培訓(xùn)xenmobile poc process and methodology v2

1、XenMobile PoC Process and MethodologyXenMobile PoCUnderstanding your Customers needsEvaluateBasic SecurityAdvanced SecurityEnd User ProductivityEmployee On-boarding / Off-boardingMonitoring ToolsMobile App ManagementMobile Doc ManagementRequirements3Device ConfigurationLost Device RecoveryResource C

2、onfiguration: Email, WiFi, File AccessOverall device inventory and managementOff the shelf applicationsApp WrappingSecure ContainerMicro-VPNFile SynchronizationSecure File SharingNeedsDevice ConsiderationsAssess of what types of devices are connectingExclude devices that lack features you require fo

3、r compliancePlatform / OSOwnership - BYOD vs. BusinessCommission / missionUser ConsiderationsUser type and roleEmployee, Contractor, Manager, AdministratorAuthentication / Access controlInternal single auth, External dual auth Workplace mobility Home, office, multi siteEase of management Workflow, A

4、utomated account creationShared devicesShift workers, Hospital staffData and App ConsiderationsApp compliancePerformance and reliabilityWhich app on which device?Support (In-house apps vs. 3rd party apps)Encryption (Data in motion and Data at rest)Data loss preventionReporting and audit trailsGenera

5、l Considerations7Passcode EnforcementJailbreak DetectionPKI EnforcementPushing ApplicationsWiFi and VPN Access controlSelective or Full wipeGeo Location trackingData security, compliance, reporting, auditingPrevent pliant devices and applicationsComprehensive auditing and reportingUser-friendly solu

6、tion that will not increase help desk callsImprove quality of patient careAccess charting apps and reports securelySecure access to patient records/documentsShare mobile device with othersPlatform for healthcare innovationsGain workflow efficiencies and see more patientsSecure access to apps - EMR,

7、CPOE, etc.Secure access to patient records/documentsHave access inside and outside hospitalUse BYOD for email, patient info, and resultsClinicianNurse / Admin StaffIT / Compliance Dept.Healthcare example Three Scenarios and RequirementsUse case evaluation Example 1Nonprofit multi-specialty academicm

8、edical centerExamples of mobile business initiativesCustom app. Custom-developed and distributed a concussion app. Use device accelerometer and gyroscope on field. When player has an accident, have a field of their motor skills, can test and understand whether concussion has occurred. Physician prod

9、uctivity. Piloting “virtual visits” using GoToMeeting. Doctor initiates meeting; patient clicks link; connects to other side. Can see each other and share information for certain non-emergency visits.Security/privacy practices beyond device managementData security. Data security an issue; needed sec

10、ure alternative to file sharing services, especially at point of data creation (data entered but not yet synched). For example, in concussion app, or in a home healthcare/visit situation, the data resides locally for a period of time until can get transferred back to home servers. User privacy. For

11、user privacy purposes of non-employees (have 43,000 employees and 6,000 “consulting” doctors). Want to manage the full device of the employees, but only offer some access (email, secure app/data access) to consulting doctors.Use case evaluation Example 2Nonprofit network of four hospitals serving Fl

12、oridas Space CoastSecurity best practicesBYOD. Initially, get control over BYOD devices (iOS and Android). Installed solution, identified rogue devices, gave grace period, enrolled in groups.HIPAA/Hi-Tech. Worked to map regulations to business/identify where PHI residesDevice management. Consistent

13、encryption, robust passcodesSupport enablement. Needed remote support for devices, but in pliant waySecurity monitoring. SIEM integration. Integrate MDM with Splunk to identify potential security threats or compliance violations.Whats nextCorporate-issued. Rolling out corporate check-in, check-out i

14、Pads. Will manage them alongside BYOD, with different policies/management practices applying to each.Network Access Control. Uses Cisco ISE. Will use Citrix integration and issue certs for devices, and do compliance check on each before network access.Considerations translate to PoliciesDevice and a

15、ccess policiesRogue or pliant appsDevice loss or theftData and Compliance controlsNetwork access controlsSecurity, scalability and service issuesUse case and their Technical ComponentsMDM Edition12Use caseClient SideServer SideMobile device managementJailbreak detectionSelective or full wipeGeo loca

16、tion trackingPasscode enforcementPushing applicationsNative mail client access controlWifi & vpn access controlAccess to SharePoint & network drivesWorx HomeXenMobile Device ManagerShareFileStorageZone Controller13Use caseClient SideServer SideMobile application managementFederated single sign onSec

17、ure emailSecure browsingAutomated account provisioningWorkflowPolicy based interapp securityApp specific micro vpnUnified corporate app storeAccess to SharePoint & network drivesWorx HomeXenMobileAppControllerAccess GatewayUse case and their Technical ComponentsApp EditionShareFileStorageZone Contro

18、ller14Use caseClient SideServer SideAll MDM Edition Use casesAll App Edition Use casesSecure document sharing, syncing & editingBoth cloud and on-premises data storage optionsWorx HomeWorxMailWorx WebShareFileXenMobile Device Manager AppControllerUse case and their Technical ComponentsEnterprise Edi

19、tionStorageZone ControllerAccess GatewayIn an ideal world15Controlled environmentInternal Wireless accessSmall Active DirectoryAccess to everythingPrerequisites are filledAll details are revealedbut in reality you must Prepare for a Successful POCXenMobile PoC Kit ShareFile PoC Kit XNC deployment gu

20、ide Make use of the Prerequisite Checklist. It will save your life!XenMobile POC17On premise PoCCloud PoCOn premise XenMobile POCPoC ScopingPoC ExecutionPoC EvaluationINPUT OUTPUT#2 XenMobile Discovery Questionnaire Establish RequirementsINPUT OUTPUT#3 XenMobile PoC Scope and SOWINPUT OUTPUT#6 XenMo

21、bile PoC Worksheet#7 XenMobile POC TestCasesINPUT OUTPUT#4 XenMobile Prerequisite Checklist#5 XenMobile PoC Deployment Guide#6 XenMobile PoC Worksheet19Dont bite off more than you can chewDont deploy all at onceBreak down into 5 phasesTreat each phase as its own PoCDistinguished success criteria at

22、end of each phasePhase 1: Deploy XenMobile Device ManagerXDMDMZPort 80 & 443 & 8443Worx HomeDeploy XenMobile Device Manager & enroll- Install XM-Device Manger- Set up User Data Base and configure Role Based Access Control- Set up Secure Mobile Gateway- Select Device Types of interest- Configure Poli

23、ces and Applications to be pushed for selected Devices- Email setup - Device restrictions- Location services- Configure Automated Actions and Notifications- Blacklist / Whitelist applications- Create Deployment Packages for configured Policies and ApplicationsConduct TestsPhase 2: Deploy XenMobile A

24、ppControllerXDMXMADMZXNCPort 80 & 443Worx HomePort 80 & 443 & 8443Add AppController- Configure Network Settings from Console- Complete Startup Wizard from GUI- Configure Active Directory- Configure Certificates (Web Server and SAML)- Map Active Directory groups to roles on AppController- Categories

25、and publish Web & SaaS apps- Configure Native Mobile apps and assign MDX Policies- Optionally configure Workflow- Optionally configure ShareFile integrationConduct TestsPhase 2: Add XMAontrollerPhase 3: Deploy NetScaler GatewayXDMNetscalerXMADMZXNCWorx HomePort 443Add AccessGatewayConfigure Networki

26、ng Settings from console- Run Through configuration Wizard- Set Up MIP/SNIP- Install licenses Platform and Universal SSL Licenses- Enable Basic features Access Gateway and SSL Offloading- Configure VIP- Configure Certificates- Configure Policies- Configure Domain Clientless Access- Bind Session and

27、Clientless Policy to VIP- Bind AppController URL to VIP- Configure STA for XA/XD or AppControllerConduct TestsPhase 4: Deploy ShareFileXDMNetscalerXMADMZXNCSZC Port 80 or 443ShareFileWorx HomeDeploy ShareFileConfigure ShareFile application and clientsAfter gaining access to a ShareFile Enterprise ac

28、count install and configure the following:- Mobile apps- Desktop sync apps - configure proxy server (if needed)- ShareFile Outlook Plugin - configure proxy server (if needed)- Admin settings within the ShareFile Web UIConfigure SAML IdPConfigure Mobile Device SecurityConduct TestsDeploy ShareFileCus

29、tomer-managed StorageZones (on-prem) Requirements- Create CIFS share dedicated ShareFile Data storage- A physical or virtual machine with 2 CPUs and 4 GB RAM- Windows Server 2008 Datacenter/Standard R2 SP1- Publicly-resolvable Internet hostname for your StorageZone Controller server (not an IP addre

30、ss)- Configure internal and external address resolution to the external address name of the SZC- Enable the Web Server (IIS) role, and the basic authentication role service- Install 4.5.- In the IIS Manager ISAPI and CGI Restrictions, verify that the 4.5 Restrictions value is Allow.- Enable SSL for

31、communications with ShareFile.- If you are not using DMZ proxy servers, install a public, Windows-accepted from a Certificate Authority that is not self-singed or unsigned SSL certificate on the IIS service.- Bind 443 within IIS. (Note all external/internal traffic is over 443 but 80 is used on loca

32、lhost for health check.Conduct TestsOptionalPhase 5: Integrate with XA / XDXDMNetscalerXMADMZStorefrontWebInterfaceXNCXenAppXenDesktopSZCShareFileWorx HomeIntegration with XA/XD via StoreFront- Install StoreFront services- Configure SSL certificate in IIS- Configure Delivery Controllers e.g. XA/XD o

33、r AppController- Configure Remote Access - Define Gateway Settings for Netscaler Access Gateway- Configure Auth MethodsConduct TestsTraps to watch out for31Ports not opened on FirewallService Account names not availableIP addresses not assignedMobile Applications not preparedNo Apple Developer Accou

34、nt (legality)APNS Certificates not availableHave Macintosh for app wrappingPoint at specific OU to not fetch the entire AD databaseDont close the browser before the wizard is completeLessons Learned32General POCNarrow your Use Cases to POC Focus on Customer PrioritiesOnly POC 2/3 of the above mentio

35、ned use casesMobility Use Cases now require embedding into Production/Semi-Production Systems.Be Diligent and thorough with scope and pre-requisites (both customer and Citrix)Factor in Change Control lead times on Production Environments.Ensure the right dependant infrastructure is identified.VPN DN

36、S Servers, WiFi DNS Servers.3rd Party (Public) SSL Certificates Ensure Network and Security requirements/pre-requisites are clearly establishedPort RequirementsDNS SRV requirementsXenMobile PoC In The CloudEnabling Rapid Cloud Based PoCsDemo 2 WeeksPoC30 DaysPoC CompleteXenMobile Demos and PoCsShowc

37、ase Citrix Mobility (1 Day)Worx HomeWorxMailWorxWebShareFileConnect to Customers Environment (1 Day + Pre-Reqs)Setup CloudBridge between demo center and customers environmentConnect to Customers EnvironmentActive DirectoryExchange SharePoint IntranetOptional Add-Ons (1 Day Each)iOS AppsAndroid AppsW

38、eb & SaaS AppsWindows Apps and DesktopsXDMXenMobile POC In The Cloud StoryThe sales team has just finished their initial conversation with the customer and the customer would like to move this forward to the next phase. DemoSE checks out a XenMobile demo environment from Citrix Demo Center 24 hours

39、before demo (Available for 1 weeks)SE demos XenMobile solution to the customerSE provides customer with full admin access to the environment PoC ScopingSE fills in the scope document based on conversation with customer and gets it signed off by customerPre-RequisitesSE hands over a pre-requisite doc

40、ument for CloudBridge setupCustomer chooses from add-ons and SE provides additional set of pre-requisitesCustomer reviews the demo environment and internally fulfills the requirements defined in the pre-requisite document(s)PoC ExecutionCustomer fulfills pre-requisites and SE (or white glove resourc

41、e) meets with the customer (GTM or meeting on site) for CloudBridge setupSE extends demo environment for 30 days and provides them with PoC Usage GuidePoC EvaluationCustomer evaluates PoC according to scope doc and signs off on completionOnce the PoC is successful, the sales person re-engages to get

42、 a PO from the customerXenMobile Cloud PoC Flow#1 - Citrix Completes Sales Conversation#2 - Have scoping conversation with customer. Base model plus optional add-ons. #3 - Customer is sent pre-requisites and internally fulfills pre-requisites #4 - Citrix Cloud PoC Team has GTM With Customer To Setup

43、 CloudBridge and Test#5 - SE Walks Customer Through Environment#6 - Customer Performs PoC with SE available to assistStage 3Stage 2Stage 1Responsibilities Who Does What?Citrix SECitrix Cloud PoC TeamCustomerCreate demo environmentReview Demo EnvironmentSend pre-requisites docFulfill pre-requisitesSe

44、tup CloudBridgeWalk customer through demo environmentStart PoCStage 4Citrix SE: What do I need to do?Use the XebMobile Demo Center Request Guide to request for a demo environmentReview the Customer information document and send info to the Cloud PoC TeamDiscuss the scope of the PoC with the Citrix S

45、ales Person and the customer, update the Scope document and have the customer sign offSend the Pre-requisite document to the customer. If the customer chooses app wrapping, send the app prep guide. Also, send customer NS Platinum License.Talk to Cloud PoC team and once theyre done, walk the customer

46、 through the PoC environment with the customerBe available to assist the customerStep 1Step 2Step 3Step 4Step 5Step 6Cloud PoC Team: What do I need to do?Receive and review the Customer information document and demo environment with SEOnce SE sends update that the pre-requisites are complete, send e

47、mail to the customer and invite them to a GTM to setup CloudBridge Follow the XenMobile Cloud PoC Setting Up CloudBridge GuideUpdate the required settings using the XenMobile Cloud PoC Updating XenMobile Settings guideSend email to the Citrix SE that the environment is readyBe available to assist th

48、e customerStep 1Step 2Step 3Step 4Step 5Step 6Customer: What do I need to do?Complete the Customer Information DocumentView demo environment with Citrix SEDiscuss the scope of the PoC with the Citrix Sales Person and SE and sign off on scope documentSetup NetScaler using the XenMobile Cloud PoC Sett

49、ing Up NetScaler GuideFulfill the pre-requisites from the Pre-requisite documentMeet with the Cloud PoC Team and Setup CloudBridgeStep 1Step 2Step 3Step 4Step 5Step 6Review the PoC environment with the Citrix SEReview the XenMobile Cloud PoC Usage GuideBegin PoCSign off on PoC a.k.a. PoC CompleteSte

50、p 7Step 8Step 9Step 10XenMobile Cloud PoC DocsCitrix SECitrix Cloud PoC TeamCustomer#1 - Customer - Process Guide#2 - Customer - Customer Information Document#3 - Customer Pre-Requisite Document#4 - Customer - XenMobile Cloud PoC Setting Up NetScaler Guide#5 - Customer - XenMobile Cloud PoC Usage Gu

51、ide#6 - Customer - How To Prep Mobile Applications#1 - Citrix SE - Process Guide#2 - Citrix SE - XenMobile Demo Center Request Guide#3 - Citrix SE - SAMPLE XenMobile Cloud POC Scope and SoW#1 - Citrix XenMobile Cloud PoC Team - Process Guide#2 - Citrix PoC Cloud Team - XenMobile Cloud PoC Setting Up CloudBridge#3 - Citrix PoC Cloud Team - XenMobile Cloud PoC Updating XenMobile SettingsFIREWALLFIREWALLStorageZoneControllerSSL3 001000111010101 SSL3 00100101 SSL3DMZ ZoneCorpora