615: Improve the Resilience of Your XenMobile

Implementation with Multi-site Redundancy

Hands-on Lab Exercise Guide

Synergy 2014

Make money selling Field Services

Stop by the Education and Consulting booths in the Solutions Expo to find out
how! We're here to help.

| 1 |
 Contents
Contents ..................................................................................................................................... 2
Overview .................................................................................................................................... 3
Scenario ..................................................................................................................................... 8
Exercise 1................................................................................................................................... 9
Create a XenMobile Device Manager Cluster ............................................................................. 9
Exercise 2................................................................................................................................. 28
Creating an LDAP Policy for XenMobile Device Manager ......................................................... 28
Exercise 3................................................................................................................................. 35
Enabling Multi-Node mode with XenMobile Device Manager .................................................... 35
Exercise 4................................................................................................................................. 39
Configure Load Balancing for XenMobile Device Manager on Citrix NetScaler ......................... 39
Exercise 5................................................................................................................................. 55
Configure MSSQL Load Balancing with NetScaler DataStream ................................................ 55
Exercise 6................................................................................................................................. 63
Configuring Remote Access to XenMobile through NetScaler Gateway ................................... 63
Exercise 7................................................................................................................................. 69
Configuring High Availability for XDM AppController ................................................................. 69
Configuring AppController and XDM in Disaster Recovery Site ................................................ 77
Configuring Disaster Recovery for XenMobile with NetScaler GSLB ........................................ 80
Exercise 9................................................................................................................................. 75
Configuring Disaster Recovery for XenMobile with NetScaler GSLB ........................................ 75

| 2 |
 Overview
Hands-on Training Module
Objective
The following exercises will assist you in the process of designing and implementing a high-availability
and DR strategy for XenMobile Enterprise edition.

Prerequisites
• Basic understanding of networking
• Basic knowledge of Citrix NetScaler management
• Basic knowledge of XenMobile Device Manager

Audience
Citrix Partners, Customers, Sales Engineers, Consultants, and Technical Support

Lab Environment Details

The topology diagram of the lab deployment is detailed below:

| 3 |
 The Student Desktop is accessed remotely using Citrix Receiver running on your laptop. All windows
applications such as XenCenter, (the XenServer GUI management tool), are accessed from the
Student Desktop.

Lab Guide Conventions

This symbol indicates particular attention must be paid to this step

Special note to offer advice or background information

reboot Text the student enters or an item they select is printed like this
VMDemo Filename mentioned in text or lines added to files during editing
Start Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen (R:255 G:20 B:147)

Shows where to click or select an item on a screen shot (R:255 G:102 B:0)

List of Virtual Machines Used

VM Name IP Address Description

Site1-AD1 192.168.10.11 Site1 MS AD – DHCP, DNS, Certificate Services,

MSSQL 2012 Witness, IIS
Site1-SQL1 192.168.10.28 MS SQL 2012 Primary
Site1-SQL2 MS SQL 2012 Mirror
Site1-Exch 192.168.10.26 MS Exchange 2010MS
Site1-XDM1 192.168.10.30 Primary XenMobile Device Manger
Site1-XDM2 192.168.10.31 Secondary XenMobile Device Manger
Site1-AppController1 192.168.10.21 Primary XenMobile AppController
Site1-AppController2 192.168.10.22 Secondary XenMobile AppController
Site1-NS1 192.168.10.50 Primary NetScaler
Site2-NS2 192.168.20.50 Secondary NetScaler
Site2-AD2 192.168.20.11 Site 2 - AD – DHCP, DNS, Certificate Services, IIS
Site2-SQLRemote 192.168.20.28 MSSQL 2012 - Replication Subscriber
Site2-XDM3 192.168.20.30 DR XenMobile Device Manger
Site2-AppController3 192.168.20.23 DR XenMobile AppController

| 4 |
 Required Lab Credentials
The credentials required to connect to the environment and complete the lab exercises.

VM Name Username Password

Site1 / Site2 Domain training\administrator Citrix123
XDM1/2/3 (Pre-LDAP) admin Citrix123
Site1-AppController1 administrator Citrix123
Site1-AppController2 administrator password
Site1-NS1 / Site2-NS2 nsroot nsroot

| 5 |
 How to Log into the Lab Environment
Follow the directions below to access the lab environment.

Step by step guidance

Action
1. Launch your web browser and go to http://ilt.citrixsynergy.net

2. On the website, type in the session code provided by your instructor and
your business email address. Click “Get started”.

3. Once you’ve logged in, click the Start Lab button. This will launch a desktop.

Please leave this screen open as you will need these details during the exercises.
Note: Please allow time for the desktop to launch.

4. Take note of your assigned Credentials and Assigned IP Addresses for later use
in the Lab:

| 6 |
 5. On your landing VM, start XenCenter and select Add Server.

6. On the Add New Server screen enter the XenServer IP address provided on
the website and in the Password field enter the password provided on the site.

| 7 |
 Scenario
Your company has implemented the Citrix XenMobile Enterprise Edition to manage mobile devices
and applications used by its employees.
Citrix XenMobile Enterprise consists of multiple components:
• Citrix XenMobile Device Manager (called XDM from here on) – version 8.8 (Please Note that
a Pre-Release version is being used for the lab. The Release to Web version may be
different from this build)

• Citrix XenMobile App Controller (called XAC from here on) – version 2.10

• Citrix NetScaler Gateway (called NSG from here on) – version 10.1 Build 124.1308e
You are tasked with providing external access using NetScaler Gateway, as well as improving the
reliability of the solution by configuring high availability and disaster recovery to a second site. This
will be accomplished by completing the following tasks:

• Install and configure a HA Multi-Node Cluster of XenMobile Device Manager servers

• Configure a HA pair of AppController appliances

• Allow external access to the environment through NetScaler Gateway

• Configure NetScaler GSLB between the Primary Site and the Secondary site for Disaster
Recovery

• Force a disaster scenario and recovery for predictable impact to operations

This document refers to a Primary Location and a Disaster Recovery Location, and explains with the
possibility that the Primary Location goes offline because of a disaster. And an assigned passive DR
Location. It recommends architecture and procedures for implementing Active/Passive or Active/DR
or Active/Standby topologies for the different components of XenMobile

| 8 |
 Exercise 1
Create a XenMobile Device Manager Cluster
Overview
In this exercise you will install XenMobile Device Manager on virtual machines Site1-XDM2,
and Site2-XDM3, and copy some components from Site1-XDM1 which are required to
configure XDM Load Balancing and Clustering in subsequent exercises.

Pre-requisites
Site1-XDM1 was already preconfigured for this exercise

Step by step guidance

Estimated time to complete this lab: 30 minutes

Step Action
1. Open XenCenter and select the Site1-XDM2 virtual machine (turn vm on) then click the
Console tab. At the console logon prompt, enter the administrator credentials.

Username: Training\Administrator
Password: Citrix123

2. Navigate to \\AD\Share to locate XenMobile Device Manager 8.8.0.34548.exe.

3. Launch the executable to install Device Manager on XDM2.

When you come to the Components Selection Dialog, de-select the
License and Database installation option:

| 9 |
 Click “Next” and choose the defaults for the remaining dialogs to start the install.
Continue the process until prompt for license.
4. When prompted for the XenMobile Device Manager License, browse to and select the
license file located on \\AD\Share\XenMobile MDM Files\ Select Citrix Internal 3XM
MDM Eval Lic and then click “Next”

| 10 |
 Click “Next”

5 When prompted for the SQL Server Connection details, Enter the following information:

| 11 |
 Database Driver: SQL Server/jTDS
Authentication type: SQL Server Authentication
Host Name: sql1.training.lab
Port: 1433
User name: sa
Password: Citrix123
Database name: zdm

Once you have entered the above information, click “Check the connection” to verify you can
connect successfully to the XenMobile configuration database. If not successful, verify the input
information. If successful, click “Next”

| 12 |
 6 When prompted for the Crystal Reports Java Reporting Components keycode, leave the field
blank and click “Next” – This component is optional and only required for custom reporting or
report branding
7 When prompted to configure the iOS usage authentication code, leave the default values and
selection and click “Next”

| 13 |
 Then Stop Here!

Open XenCenter and select the Site2-XDM3 virtual machine and then click the Console tab. At
the console logon prompt, enter the administrator credentials.

Username: Training\Administrator
Password: Citrix123

Repeat the Installation Previous Steps 2-8 for XDM3. Stop in the
exact same place at step 8
In XenCenter return to the Site1-XDM1 VM.

Navigate to: Shortcut on Site1-XDM1 Desktop

This takes you to the C:\Program Files (x86)\Citrix\XenMobile Device

Manager\tomcat\conf directory. Locate the following files and copy them to the same
location on Site1-XDM2 and Site2-XDM3:

| 14 |
 • pki-ca-root-crt.pem
• https
• pki-ca-devices
• pki-ca-root
• pki-ca-servers

Return to Site1-XDM2 to continue the installation

Leave the defaults and click “Next”

| 15 |
 Leave the defaults and click “Next”

| 16 |
 Enter the Keystore password and confirmation for the root certification authority:

| 17 |
 Keystore Password: Citrix123

This field should turn green if the Keystore password has been entered correctly. Click
“Next”

Enter the Keystore password and confirmation for the server certification authority:

| 18 |
 Keystore Password: Citrix123

Click “Next”
Enter the Keystore password and confirmation for the Device certification authority:

| 19 |
 Keystore Password: Citrix123

Click “Next”

When prompted for the certificate for HTTPS usage, enter only the Keystore password
and the external FQDN:

| 20 |
 Keystore password: Citrix123
IP Address or FQDN: mdm.citrixtraining.net
Mdm.mycitrixtraining.net will be
configured as our GSLB Domain

Click “Next”

When prompted to define the APNS certificate file for iOS, first enter the Private key
password and then browse to the Apple_APNS_Certificate.pfx file located on

| 21 |
 the \\AD\Share\XenMobile MDM Files folder Share Select File APNS

| 22 |
 Private key password: Citrix123

Click “Next”

Leave the defaults when prompted to configure the tunnel ports for remote support:

| 23 |
 Click “Next”
When prompted for Extended management options, enter the following information:

The DATABASE was pre-configured during XDM1 installation, no need to input

credentials

| 24 |
 User name: admin
Password: Citrix123

Click “Next”

On the final dialog, click “Finish” to complete the installation of Site1-XDM2.

| 25 |
 There will be a few more prompts to click through and you will also be returned to the
origin installer dialog to finish the installation.

Repeat steps 14-24 on Site2-XDM3

On each XDM Server navigate to http://localhost/ZDM to verify the installation
succeeded

| 26 |
 User name: admin
Password: Citrix123

Exercise Summary
You have completed the required steps to install XenMobile Device Manager on multiple server nodes
for a load balanced, clustered deployment. All nodes will point to the same database configuration
and can be managed from this point forward from a single Administration Console.

| 27 |
 Exercise 2
Creating an LDAP Policy for XenMobile Device
Manager
Overview
In this exercise you will configure an LDAP policy on the XenMobile Device Manager to enable
external authentication and group-to-role mapping.

Step by step guidance

Estimated time to complete this lab: 10 minutes

Ste Action
p
1. Navigate to the Site1-XDM1 Management console at http://localhost/xdm, login with
the administrator credentials and go to Options menu:

2. Click on LDAP Configuration:

| 28 |
 .168
Click on “New”

3. On the type of directory dialog, select LDAP:

Then click “Next >”

4. Enter the following information for the Directory connection parameters:

| 29 |
 Directory type: Microsoft Active Directory
Primary host: 192.168.10.11
Root context: DC=Training,DC=lab
Search user: [email protected]
Domain alias: training
Global Catalog TCP port: 3268
Global Catalog root context: DC=Training,DC=lab
User Search By: userPrincipalName

5. Click “Check” to verify connectivity to the LDAP server:

| 30 |
 Click “OK”, then “Next >”

6. Leave the default values selected on the LDAP attributes import dialog:

| 31 |
 Click “Next >”

7. On the Mapping between the LDAP groups and the security model, click “ New group” button:

| 32 |
 8. Create 2 Group-To-Role mappings:

Domain Users : Users

| 33 |
 Domain Admins : Admins

9. Verify the settings on the Summary dialog:

Click “Finish”

| 34 |
 Before Exiting enable LDAP Policy try to log in with
[email protected] Citrix 123 credentials. in case you get an auth error
restart the services in the XDM servers and try again.

Before Exiting enable LDAP Policy

Exercise Summary
In this exercise you have completed the required steps to create an LDAP connector which is
used for authentication and role mapping for directory user accounts in XenMobile Device
Manager.
. XDM supports the addition of multiple LDAP connectors for redundancy but a
better alternative is to leverage a NetScaler LB VServer to make an HA connection

Exercise 3
Enabling Multi-Node mode with XenMobile Device
Manager
Overview
In this exercise you will complete the remaining steps required to enable a XenMobile Device
Manager multi-node active-active cluster deployment.

Step by step guidance

Estimated time to complete this lab: 15 minutes.

Step Action
1. On all the XDM nodes stop the XenMobile Device Manager Windows service by
selecting the Stop script from the Windows Start Menu: type XenMobile Device Manager

| 35 |
 2. To be able to manage the deployment with the XDM Remote Console when configured
in a cluster, verify the ew-config.properties file located in
<installation_dir>\tomcat\webapps\zdm\WEB-INF\classes on each XDM server has
the following entries in the CLUSTERING section of that file:

multi.node.enabled =true

3. Once you verify each server, start the XenMobile Device Manager Windows service by
selecting the Start script from the Windows Start menu.

| 36 |
 Verify the service has started by accessing the XenMobile Administration Console on
each by navigating to http://localhost/zdm in a browser window.
4. Verify Clustering is configured properly by navigating to the diagnostics page located at
http://localhost/zdm/helper.jsp
5. Select MultiNode Info from the Navigation Tree menu:

You should see all servers defined under Cluster Members with an Active Status

| 37 |
 Exercise Summary
In this exercise you completed the setup of a XenMobile Device Manager Multi-Node Cluster. This
will enable the ability to leverage Citrix NetScaler to Load Balance the Cluster for High Availability and
High Scalability. All nodes share the same configuration database

| 38 |
 Exercise 4
Configure Load Balancing for XenMobile Device
Manager on Citrix NetScaler
Overview
In this exercise you will configure NetScaleR Load Balancing for the XenMobile Device Manager
Cluster you configured previously in Exercises 1-3. To accomplish this, we will setup HTTP load
balancing services for the XDM servers, import the SSL Certificate referenced during the installation,
create a custom monitor and then configure the SSL Offload VServers required for an XDM HA
Deployment
Step by step guidance
Estimated time to complete this lab: 45 minutes.

Step Action
1. Open XenCenter and select the Site1-Win7 VM and then click the Console tab. At the
console logon prompt, enter the administrator credentials.

2. Open up a browser window and navigate to the Site1-NS1 NetScaler Administration UI at

http://192.168.10.50

Username: nsroot
Password: nsroot

3. In Site1-NS1 Navigate to Traffic Management > Load Balancing > Services and click
“Add” to create a new LB Service for XDM1 with the following properties:

| 39 |
 Service Name: XDM1
Protocol: HTTP
Server: 192.168.10.30
Port: 80

Click ‘Create” but keep the dialog open (don’t click “Close”)

4. Add an additional XenMobile Device Manager Service which points to XDM2 in Site 1
with the following properties:

| 40 |
 Service Name: XDM2
Protocol: HTTP
Server: 192.168.10.31
Port: 80

Click “Create” and “Close”

5.

6.

7. Return to the Site1-XDM1 VM in XenServer and click the Console tab. Login as the
Administrator Account – Training\Administrator Citrix123

8. Find the Shortcut link to the C:\Program Files (x86)\Citrix\XenMobile Device

Manager\tomcat\conf folder and open it.

9. Open the cacerts.pem file in Notepad and then click File > Save As and enter a name of
“Devices-CA.cer” on the Desktop

| 41 |
 Make sure you do not overwrite the
original cacerts certificate file

10. Open a second instance of Notepad as we will segment the two certificates in the
Devices –CA certificate file into two separate files:

Select the text from the second certificate in the file:

To make it easier to access we will save the 2 certs to \\AD\Share after created.

| 42 |
 Use Ctrl-X to cut this selection and Ctrl-V to paste into the new Notepad Window. Save
this file as “Root-CA.cer” on the Desktop

11. Open up a browser window and navigate to the Site1-NS1 NetScaler Administration UI at
http://192.168.10.50

| 43 |
 Username: nsroot
Password: nsroot

12. In the NetScaler UI navigate to Traffic Management > SSL > Certificates. Click
“Install” and enter Devices-CA for Certificate-Key Pair Name. For Certificate File
Name click the drop-down arrow beside Browse and select Local. From the Open
prompt you can navigate to the Desktop and select the Devices-CA.cer file. Click
“Create”.

Repeat this step for the Root-CA.cer file using the name Root-CA
13. Once the two Certificate Authority SSL Certificates are added to the NetScaler we need
to link them as part of the configuration. In the Certificates UI select the newly created
Devices-CA certificate and from the Action menu select Link. This will open the Link
Server Certificates dialogue box:

In the drop-down select the Root-CA certificate you installed in step 12 and Click “OK”
14. Repeat steps 11-13 on the Site2-NS2 NetScaler VM
15. On Site1-NS1 Navigate to Traffic Management > SSL Offload > Virtual Servers >

| 44 |
 Click “Add”
16. Use the following settings to create the SSL Offload LB VServer for the XDM Cluster:

Name: LB_XDM_SSL_Offload_443
Protocol: SSL
IP address: your MDM Site 1 IP = 192.168.10.100
Port: 443

Select Services XDM1 and XDM2 you created in steps 3-4

Do not click Create yet as we need to bind

an SSL cert and modify the SSL Settings
| 45 |
 17. Under SSL Settings, select the MCP-Wildcard SSL Certificate which was pre-installed
and click “Add” to bind the certificate to the SSL Offload VServer

Next select Devices-CA in the left-hand pane and select the drop-down arrow beside
Add and select as CA

Repeat this for Root-CA and you should end up with:

| 46 |
 Click “OK”

18. Next we need to create an SSL Policy and Action for use with the configuration.
Navigate to Traffic management > Virtual Servers >
LB_XDM_SSL_Offload_443 LB VIP and click Open. Under SSL Settings > SSL

Policies >Insert Policies >new policies. Name it SSL Policy button NS

and in Create SSL Action give the name SSL-Action, change Client Certificate to
ENABLE and enter NSClientCert in the Certificate Tag field. Click Create.

| 47 |
 Click New

Name it SSLOffload Note: (remove the true value )

| 48 |
 Click New Name Action as SSL Action
SSL

Set Client Certificate to Enabled, and Certificate Tag to NSClientCert

| 49 |
 Click on Expression Builder to reveal the Expression Builder dialogue box.
Using the drop-down options, you can create the following expression:

Note: Delete true value form Expression panel.

CLIENT.SSL.CLIENT_CERT.EXISTS

| 50 |
 Click OK. You should end up with this window:

Click Create and OK and OK.

19.
Now that the first vServer is in place, we can move onto the second. Click Add
again in Virtual Servers. Use the following settings for the virtual server:

Name: LB_XDM_SSL_Offload_8443
Protocol: SSL
IP address: Your Site 1 XDM LB IP= 192.168.10.100
Port: 8443

| 51 |
 You can bind the existing MDM1+MDM2 service by selecting the checkbox. The
SSL Settings only require the MCT-Wildcard certificate to be added:

Under SSL Settings, select only the MCT-Wildcard Certificate:

Click “Add” to bind it to the VServer

20. Click “Create” and “Close” to finish the setup of the second SSL Offload
VServer.
Note we will to bind the CA Certs for the 8443 vServer
21. Save the configuration by
clicking the disk icon in the UI

We will do the Same Steps in Site2-Netscaler http://192.168.20.50 but with NS 2 DR Site Assigned
IP’s

Open up a browser window and navigate to the Site2-NS2 NetScaler Administration UI at

http://192.168.20.50

| 52 |
 Username: nsroot
Password: nsroot

In Site2-NS3 Navigate to Traffic Management > Load Balancing > Services and click
“Add” to create a new LB Service for XDM3 with the following properties:

Service Name: XDM1

Protocol: HTTP

| 53 |
 Server: 192.168.10.30
Port: 80

Name: LB_XDM_SSL_Offload_443
Protocol: SSL
IP address: your MDM Site 1 IP = 192.168.20.100

Name: LB_XDM_SSL_Offload_8443
Protocol: SSL
IP address: your MDM Site 1 IP = 192.168.20.100

Service XDM3

Exercise Summary
In this exercise you configured Load Balancing for XenMobile Device Manager on Citrix NetScaler.

| 54 |
 Exercise 5
Configure MSSQL Load Balancing with NetScaler
DataStream
Overview
In this exercise you will again work with the NetScaler VM to configure HA for the Device Manager
Database leveraging the NetScaler DataStream feature. The main benefit of this is two-fold: to
overcome a limitation of the jTDS driver used by the XDM application which does not support MSSQL
mirroring and also to provide a seamless failover for the XDM application upon the event of a
database failure.

Step by step guidance

Estimated time to complete this lab: 20 minutes.
Step Action
1. From the Win7 Desktop Browser link to Site1-NS1 192.168.10.50 , Open the NS
Configuration UI and login with :
User: nsroot
Password: nsroot
2. Under System > User Administration on the navigation menu, select “Database
Users” and create a new account as follows:
Note: sa user was pre-created open and modify password

User Name: sa
Password: Citrix123

NetScaler DataStream also supports IWA Authentication but SQL Authentication

was chosen for simplicity in the lab

3. role Navigate to Traffic Management > Load Balancing > Monitors and click “Add” and
create a monitor to create a monitor for checking the state of SQL Mirroring. This
monitor queries a system table on each server periodically to determine which server
is the principal server:

| 55 |
 Name: XDM-MSSQL-Mirroring
Type: MSSQL-ECV
Database: master
Query:
SELECT mirroring_role_desc from sys.database_mirroring
WHERE database_id = DB_ID(‘ZDM’)
User Name: sa
Rule:
MSSQL.RES.ROW(0).TEXT_ELEM(0).EQ("PRINCIPAL")
Protocol Version: 2008R2
4. Go to Traffic Management > Load Balancing > Servers, Click “Add” and create
the following two SQL servers which will serve as LB targets:

Server Name: sql1.training.lab

IP Address: 192.168.10.28

Click “Create” but don’t hit “Close” and create the second server entity:

| 56 |
 Server Name: sql2.training.lab
IP Address: 192.168.10.29

Click “Close”
5. Go to Traffic Management > Load Balancing > Services and click “Add” to create
the following two services for the server entities created in step 4, and referencing
the monitor in step 3:

Service Name: svc_SQL1_MSSQL_1433

Type: MSSQL
IP Address: sql1.training.lab
Port: 1433
Monitor: XDM-MSSQL-Mirroring

| 57 |
 Service Name: svc_SQL2_MSSQL_1433
Type: MSSQL
IP Address: sql2.training.lab
Port: 1433
Monitor: XDM-MSSQL-Mirroring

6. Go to Traffic Management > Load Balancing > Virtual Servers and click “Add” to
configure the VServer entities you will use to Load Balance and make highly
available the SQL Load Balancing DB used for your XenMobile Device Manager
Deployment:

Name: vsrv_XDM_SQL1_1433
Protocol: MSSQL
IP Address: 192.168.10.41
Port: 1433

| 58 |
 Services: svc_SQL1_MSSQL_1433
Comments: “Primary XDM Configuration Database”
Click “Create” but don’t close the dialog to create the next VServer in step 7.

7. This VServer will serve as the Backup VServer for the primary VServer created in
step 6. For this reason, network information will not be required as upon failover, the
network settings from the Primary will be assumed. Use the following information to
create the backup:

Name: vsrv_XDM_SQL2_1433
Protocol: MSSQL
Directly Accessible: Unchecked
Services: svc_SQL2_MSSQL_1433
Comments: “Mirror XDM Configuration Database”

Click “Create” and “Close”

8. Re-open the vsrv_XDM_SQL1_1433 Virtual Server previously created and
configure vsrv_XDM_SQL2_1433 as a Backup Virtual Server on the Advanced
settings tab:

| 59 |
 Click “OK” and “Close”

Note that only one of the VServers will show in a state of UP at any
given time. This is because there is only one database in a Primary

9. If not already connected, open Remote Desktop Connection Manager or

XenCenter and connect to Site1-XDM1. If prompted for Credentials enter:
Training\Administrator
Citrix123
10. To test SQL HA provided by NetScaler DataStream you just configured in the
previous steps, the ew.-config.properties will be altered to point XenMobile Device
Manager to the Virtual Server. This file is located in all 3 XDM Servers at
C:\Program Files (x86)\Citrix\XenMobile Device
Manager\tomcat\webapps\zdm\WEB-INF\classes:

| 60 |
 Use Ctrll+F to find and replace all sql1.training.lab entries with
datastream.training.lab. Click File > Save and close the file.
11. To test functionality of the XenMobile Device Manager after the database
configuration change, first stop and start the XenMobile Device Manager on each
server from the scripts located in the Start Menu
12. After completing step 11, load the Administration console by Opening a browser and
navigating to http://localhost/xdm on each XDM server and then close the browser
13. From the Site1-SQL1 VM Start SQL Management Studio:

14. Connect to SQL1 and open Databases > Mirror > Failover:

| 61 |
 Click “Failover” to force a failover of the primary SQL DB to the mirror SQL
DB.

15. Return to the XenMobile Device Manager on Site1-XDM1 and verify you can
still access the Administration Console at http://localhost/xdm
16. In the Site1-NS1 UI, verify the states of each Vserver

Exercise Summary
In this exercise you configured and tested SQL HA for the XenMobile Configuration DB by leveraging
the NetScaler DataStream feature.

| 62 |
 Exercise 6
Configuring Remote Access to XenMobile through
NetScaler Gateway
Overview
In this exercise you will configure a NetScaler Gateway VServer for External access to the Enterprise
Store for both the Primary and DR sites by leveraging the built-in Wizard.

Step by step guidance

Estimated time to complete this lab: 15 minutes.

Ste Action
p
1. From the XAStudent Landing VM Desktop, Open the link to Site1-NS1

2. At the logon prompt, select the Deployment Type “NetScaler Gateway” from the dropdown:

Username: nsroot
Password: nsroot

3. Select “Get Started”:

| 63 |
 4. Enter the following information in the NetScaler Gateway Settings dialog:

Name: NSG Site1

IP Address: 192.168.10.101
Port: 443

Click “Continue”

5. On the “Choose Certificate” option, select “MCT_Wildcard” for the Certificate:

| 64 |
 Click “Continue”

6. For the Authentication Settings, leave LDAP selected for the Primary Authentication and
select Choose LDAP, and then select the pre-configured authentication policy for
training.lab:

Click “Continue”

7. For the Enterprise Store Settings, use the following values:

| 65 |
 XenMobile
App Controller FQDN: AppCHA.training.lab
Click “Done”

8. At this point, the wizard will automatically create the NetScaler Gateway Server and required
policies for accessing XenMobile remotely. Once the process completes, you should be
directed to the Statistics landing page as below:

9. From the XAStudent Landing VM Desktop, Open the link to Site2-NS3

| 66 |
 10. Repeat steps 1-8 to create the NetScaler Gateway VServer for the DR site. For the
NetScaler Gateway settings you will use the following settings:

Name: NSG Site2

IP Address: 192.168.20.101
Port: 443

All other settings for the wizard should be the same as you used in steps 1-8

11. Once the NetScaler Gateway VServers are created for both sites, Open a new browser
session and navigate to https://appcha.training.lab:4443. Log in as Administrator and
Citrix123

12. Navigate for Settings > Deployment and click the plus sign to configure AppController for
External Access via the NetScaler Gateway VServer you previously created with the
following settings:

| 67 |
 Alias: NSG
Display Name: NSG
Callback URL: leave blank
External URL: https://nsg.mycitrixtraining.net
This is the GSLB FQDN we will be using
the access the environment remotely

Logon Type: Domain only

Select Set as default

Click “Save”

Exercise Summary
In this exercise you created two NetScaler Gateway VServers for both the Primary and DR sites by
using the built-in wizard and then configured the AppController virtual machine for external access.

| 68 |
 Exercise 7
Configuring High Availability for XDM AppController
Overview
In this exercise you will configure two XenMobile AppController virtual appliances as a high availability
pair, and then configure remote access from your mobile device via NetScaler Gateway in Site 1 you
configured in Exercise 6.

Step by step guidance

Estimated time to complete this lab: 20 minutes.

Step Action
1. From the XAStudent Landing VM Desktop, open a browser and navigate to the Site 1
AppController Administration UI located at https://192.168.10.21:4443:

User name: Administrator

Password: Citrix123

2. Before Starting we will Export the configuration for later use to bring up the DR Site. In
the Administration Console, navigate to Settings > Release Management

| 69 |
 3. A pop-up window will open:

From this dailog, select “Export” to backup the current configuration datebase
4. When prompted, save the file to \\AD\Share

5. Site1-AppController1
Open XenCenter wasthe
and select preconfigured
Site1-AppController2 virtual machine and then click
for this
the Console tab.Lab

6. At the console logon prompt, enter the administrator credentials. The default user name
for the console is administrator and the default password is password

| 70 |
 7. At a command prompt, press [0] to select Express Setup. Enter the following
information for the network configuration:

IP Address / Subnet Mask: 192.168.10.22 / 255.255.255.0

Default Gateway: 192.168.10.1
Primary DNS Server: 192.168.10.11
Secondary DNS Server: Leave Empty
NTP Server: 192.168.10.11

8. Select [5] to commit the changes and type y to confirm the restart:

9. Return to XenCenter and log on to the Site1-AppController1 by using the Console tab
with username administrator and Citrix123:

| 71 |
 At the prompt, select option [1] for the High Availability configuration and press Enter

10. Select option [1] to set the current virtual appliance as the Primary AppController and
press Enter:

11. Select option [2] and then press ENTER to set the virtual IP address (on the primary
only), peer IP address, and shared key as per the following:

Virtual IP address: 192.168.10.23 (Site1-AppController2)

Peer IP address: 192.168.10.22
Shared Key: 12345
When finished, press y to commit the changes.

12. Select option [3] to invoke the High Availability Settings:

| 72 |
 Note - Once started, the status will show as STANDALONE, as the second
appliance is not yet configured.

13. Log on to the secondary appliance (Site1-AppController2) by using the Console

tab in XenCenter. Start VM

14. At the command prompt, press [1] and Enter to configure High Availability:

| 73 |
 15. Press [1] and then press [2] and Enter to set the VM role preference as the
secondary.

16. At the command prompt, press [3], then y and then press return to enable High
Availability. Enter y and Enter to commit the change:

| 74 |
 18. Go back to the console of Site1-AppController1 and press [4] and ENTER to
show the status:

Connections to AppController will now be made

using the Virtual IP of the HA pair

19. Log on to Site1-AD.Training.Lab and create a DNS Host entry for

AppCHA.Training.Lab. We will also add the DR AppController IP to the DNS
record for Disaster Site testing:

| 75 |
 DNS Record IS ALREADY CREATED!

Exercise Summary
AppController could be used in an Active Passive High Available mode.

Exercise 8
| 76 |
 Configuring AppController and XDM in the Disaster
Recovery Site
Overview
In this exercise you will configure the DR Site AppController from the Primary Site configuration
backup and change the database connection for XDM to leverage the DR site replicated SQL DB.

Step by step guidance

Estimated time to complete this lab: 15 minutes.

Step Action
1. From the XAStudent Landing VM Desktop, open a browser window and navigate to
https://1921.168.20.23:4443/ControlPoint/ to access the DR site AppController
Administrative UI.

2. Logon to the Admin UI:

User name: administrator

Password: Citrix123

3. Navigate to Settings > Release Management and select “Import” to restore the Primary
site configuration we previously backed up to \\AD\Share:

| 77 |
 4. From XenCenter start the Site2-XDM3 VM:

5. Once the VM powers up, log in to XDM3 Server using training\administrator Citrix123
credentials.

6. Open the shortcut on the XDM3 desktop pointing to Tomcat Folder C:\Program Files

| 78 |
 (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes

Locate file ew-config-properties file and search-replace the connection string for the
configuration database:

Find what: datastream.training.lab

Replace with: sqlremote.training.lab

7. Stop and start the XenMobile Device Manager Windows service by using the shortcuts
in the Start menu
8. Once the service is restarted, Open a new browser window and navigate to the
Administration UI at https://xdm3.training.lab/zdm to test the XenMobile Device
Manager functionality

Is Very Important that the DR AppController

is not turned on until the Site has completely Failed Over

| 79 |
 Note: the AppController3 will now become FQDN AppCHA.training.lab

We will shut down Site1-AppController 1 and 2 to test DR Site2-AppController

Then test connecting to https://appcha.training.lab

Exercise 9
Configuring Disaster Recovery for XenMobile with
NetScaler GSLB
Overview
In this exercise configure an Authoritative DNS service, A Primary site and DR Site, and the related
services required to enable Global Server Load Balancing for XenMobile.

Step by step guidance

Estimated time to complete this lab: 45 minutes.

Step Action
1. From the XAStudent Landing VM Desktop, Open the link to Site1-NS1
http://192.168.10.50 Log in nsroot Password nsroot

2. In the NetScaler Administration UI Navigate to Load Balancing > Services and click

| 80 |
 “Add”

3. Create an ADNS service for the Primary site used to resolve client queries by entering
the following details:

Service Name: svc_ADNS_Site1

Server: 192.168.10.51
Protocol: ADNS
Port: 53

Click “Create” and “Close”

4. Navigate to Load Balancing > Servers

5. Create a server entry for the Primary NS Gateway with the following settings:

6.

7. Clear the previous entries and create an additional server entry for the DR NS Gateway
with the following settings:

| 81 |
 Server Name: RemoteNSG
IP Address: 192.168.20.100

Click “Close”
8. Navigate to GSLB > Sites and click “Add”
9. Enter the following details to create a GSLB Site for the Primary site:

Name: site_1
Site Type: LOCAL
Site IP Address: 192.168.10.51

Leave the rest of the fields as default. Click “Create” but don’t close the dialog

| 82 |
 10. Create the DR GSLB Site on Site1-NS1 by entering the following details:

Name: site_2
Site Type: REMOTE
Site IP Address: 192.168.20.51

This site’s MEP status will show as DOWN until the site is also
configured on the remote NetScaler.

Click “Create” and “Close”

11. From the XAStudent Landing VM Desktop, Open the link to Site2-NS
http://192.168.20.50 Username nsroot Password nsroot
12. Navigate to Load Balancing > Services and click “Add”
13. Create an ADNS service for the DR site used to resolve client queries by entering the
following details:

| 83 |
 Service Name: svc_ADNS_Site2
Server: 192.168.20.51
Protocol: ADNS
Port: 53

Click “Create” and “Close”

14. Navigate to Load Balancing > Servers

15. Create a server entry for the Primary NS Gateway with the following settings:

| 84 |
 Server Name: LocalNSG
IP Address: 192.168.20.101

Click “Create” but do not click “Close”

16. Clear the previous entries and create an additional server entry for the DR NS Gateway
with the following settings:

Server Name: RemoteNSG

IP Address: 192.168.10.101

Click “Close”
17. Navigate to Load Balancing > Monitors and click on Add. Create a monitor for the
GSLB MDM service on port 443. Use the following parameters:

Name: Mon-MDM-443-Main
IP: 192.168.10.100
Port: 443

| 85 |
 18. Create another monitor for the GSLB MDM service on port 8443. Use the following
parameters:

Name: Mon-MDM-8443-Main
IP: 192.168.10.100
Port: 8443

19. Finally, create a monitor for the GSLB NSG service on port 443. Use the following
parameters:

Name: Mon-NSG-443-Main
IP: 192.168.10.100
Port: 443

| 86 |
 20. Open a new browser and navigate to Site2-NS management IP: 192.168.20.50.
Navigate to Load Balancing > Monitors and click on Add. Create a monitor for the
GSLB MDM service on port 443. Use the following parameters:

Name: Mon-MDM-443-Remote
IP: 192.168.20.100
Port: 443
21. Create another monitor for the GSLB MDM service on port 8443. Use the following
parameters:

Name: Mon-MDM-8443-Remote
IP: 192.168.10.100
Port: 8443
22. Finally, create a monitor for the GSLB NSG service on port 443. Use the following
parameters:

Name: Mon-NSG-443-Remote
IP: 192.168.10.100
Port: 443
23. Navigate to GSLB > Sites and click Add

24. Create the GSLB Site for the DR site by entering the following details:

| 87 |
 Name: site_2
Site Type: LOCAL
Site IP Address: 192.168.20.51

Leave the rest of the fields as default. Click “Create” but don’t close the dialog

25. Add the Primary Site as a Remote GSLB site by entering the following details:

Name: site_1
Site Type: REMOTE

| 88 |
 Site IP Address: 192.168.10.51

Click “Create” and “Close”

If the remote site shows up as DOWN, click Refresh.

26. Return to the Site1-NS1 NetScaler Administration UI

27. Navigate to GSLB > Services and Click “Add”

28. Create a GSLB Service for the local NetScaler Gateway vServer you previously
created with the following settings:

Service Name: GSLB_svc_NSG_Main

Site Name: site_1
Virtual Server: Name: NSG Site1 (192.168.10.100), when prompted to create the
service click “Yes”
Server Name: LocalNSG (This will be pre-populated)
Server IP: 192.168.10.101 (This will be pre-populated)
Service Type: SSL (This will be populated once you select the NSG_vsrv VServer)
Public IP: <External Public IP#2> (Clear the pre-populated IP)
Public Port: 443
Return to the class logon portal at http://ilt.citrixsynergy.net if
you did not record your assigned public IP addresses

Click “Create” and “Close”

29. Click “Add” and create another GSLB service for the remote DR Site with the following
settings:

| 89 |
 Service Name: GSLB_svc_NSG_DR
Site Name: site_2
Virtual Server: Name: None
Server Name: RemoteNSG
Server IP: 192.168.20.101 (This will be pre-populated)
Service Type: SSL
Public IP: <External Public IP#4> (Clear the pre-populated IP)
Public Port: 443

30. On the Configure GSLB Service Dialog, switch to the Monitors tab
There is no need to use monitors for LOCAL site load balancing virtual servers.
GSLB is notified of a load balancing virtual server with the status as DOWN for its
own virtual servers and services.
.
From the Available Monitors list, select all the monitors and click “Add”:
Mon-MDM-443-Main
Mon-MDM-8443-Main
Mon-NSG-443-Main

| 90 |
 Click “Create” and “Close”

31. From Traffic Management > Load Balancing > Servers click “Add…” to create
a server entry for the Primary site XenMobile Device Manager with the following settings:

Server Name: MDMPrimary

IP Address: 192.168.10.100
Click “Create”

32. Clear the previous entries and create an additional server entry for the DR Site
XenMobile server with the following settings:

Server Name: RemoteMDM

IP Address: 192.168.20.100

| 91 |
 Click “Create” and “Close”
33. Navigate to Traffic Maangement > GSLB > Services and click “Add a GSLB Service
for the local MDM 443 vServer you previously created with the following settings:
Service Name: GSLB_svc_XDM_443_Main
Site Name: site_1
Virtual Server: MDM443
Service Type: SSL
Public IP: <External Public IP#1> (Clear the pre-populated IP)

34. Remote GSLB Service 443

Main GSLB Service 443
Service Name: GSLB_svc_XDM_443_Remote
Site Name: site_1
Virtual Server: RemoteMDM
Service Type: SSL
Public IP: <External Public IP#1> (Clear the pre-populated IP)

Click “Create” and “Close”

| 92 |
 Main GSLB Service 8443
Service Name: GSLB_svc_XDM_8443_Main
Site Name: site_1
Virtual Server: MDM443
Service Type: SSL
Public IP: <External Public IP#1> (Clear the pre-populated IP)

Click “Create” and “Close”

Remote GSL Service 8443

Service Name: GSLB_svc_XDM_8443_Main

| 93 |
 Virtual Server:
RemoteMDM
Service Type: SSL
Public IP: <External Public IP#3> (Clear the pre-populated IP

Create and Close

35. Configure GSLB Virtual Server

From Traffic Management < GSLB< Virtual Server

| 94 |
 36. On GSLB_vsrv_NSG Switch to the Domains tab and click Add

nsg.mycitrixtraining.net
In Backup use the IP for the Remote Site EXTIP#4

37. Click OK
38. Select the Domains tab and click “Add…” to create a GSLB domain with the following
settings:

| 95 |
 Domain Name: mdm.mycitrixtraining.net
TTL: 5s
Backup IP: <IP Address for Remote Site> EXT IP#3

Click “OK” and “Close”

39.
40. Synchronize the configuration to the remote site:

On Site1-NS1, navigate to GSLB.

Click on ‘Synchronize configuration on remote sites’.

| 96 |
 41. Select the Synchronization Option ‘Force Sync’ and click Run.

| 97 |
 Note – If you receive an error, you can review the successful and failed
commands in /var/netscaler/gslb/[remote_site].error

42. On NetScaler1’s GUI, navigate to GSLB > Services

43. Right-click on GSLB_svc_NSG_site1 and select ‘disable’. See different NSG

44.
45. You could enroll using training\user1 password Citrix123

| 98 |
 46. To test a connection from outside the lab environment you will need to use the
NetScaler as your local DNS server by specifying the public IP addresses #1
Your IP and #3 Your IP on your mobile device or Laptop.

Exercise Summary
<<Summarize what the student accomplished in the exercise>>

| 99 |
 Revision: Change Description Updated By Date
1.0 Original version Albert Alvarez 04/2014
1.1 Updated Jeff Sani 04/2014

Please complete this survey

We value your feedback! Please take a moment to let us know about your training
experience by completing the brief Learning Lab Survey

About Citrix
Citrix Systems, Inc. designs, develops and markets technology solutions that enable information
technology (IT) services. The Enterprise division and the Online Services division constitute its two
segments. Its revenues are derived from sales of Enterprise division products, which include its
Desktop Solutions, Datacenter and Cloud Solutions, Cloud-based Data Solutions and related
technical services and from its Online Services division's Web collaboration, remote access and
support services. It markets and licenses its products directly to enterprise customers, over the Web,
and through systems integrators (Sis) in addition to indirectly through value-added resellers (VARs),
value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the
Company acquired Bytemobile, provider of data and video optimization solutions for mobile network
operators.
http://www.citrix.com

| 100 |
The following are sample warning and info boxes.

This is a sample warning Your physical XenServer

of an important step. name will be different.