Open topic with navigation

WorkZone Mobile requirements to Citrix XenMobile infrastructure

To allow WorkZone Mobile access to on-premise WorkZone through Citrix XenMobile, some configuration of your organization's infrastructure is required. You need to:

• Establish a XenMobile server with management of the organization's mobile devices.
• Establish a Citrix NetScaler with MicroVPN to an internal web server.
• Make the WorkZone Mobile app available in XenMobile.
• Make Microsoft Office 365 available in XenMobile, if you want to use the document editing features.
• Ensure that Microsoft Office apps have a per App VPN access through NetScaler to an internal WorkZone web server.

The diagram below shows a conceptual overview of the components in the infrastructure and how they are set up to support WorkZone Mobile with Citrix XenMobile. The number of real servers, firewalls, load balancers, and so on, varies depending on how the environment is set up for a specific organization.

Citrix XenMobile

You must set up XenMobile to manage the mobile devices that should have access to the internal WorkZone web server. For users to have a consistent experience with user names and passwords, it is recommended to allow XenMobile access to look up and approve access in the same internal domain (Active Directory) that holds the WorkZone users.

Citrix NetScaler

You need to set up a MicroVPN tunnel rule that allows mobile devices to access the internal WorkZone web server. If you want to use the document editing feature in WorkZone Mobile, you also need to set up a Per-App VPN on NetScaler that also gives access to the internal WorkZone web server. This VPN will be used by Office 365 Mobile apps, so that they can fetch documents for editing from the WorkZone web server.

Publishing the WorkZone Mobile on Citrix XenMobile

You need to wrap the WorkZone Mobile app using Citrix MDX Toolkit before you can manage it in XenMobile. See Wrap the WorkZone Mobile app using Citrix MDX Toolkit.

Tip: You can deploy the app using delivery groups.

Document editing with Office 365 mobile apps

WorkZone Mobile uses Microsoft Office 365 suite of mobile apps to edit Office documents that are available on the internal WorkZone web server. To edit document, the following requirements must be fulfilled:

• Relevant Office apps must be installed and activated on the mobile devices.
• To edit an Office document, a Microsoft Office 365 license is required.
• The desired Office apps must be managed by XenMobile. The Office apps are available from App Store.

Office 365 apps require Per-App VPN

Currently, Office 365 apps do not support Citrix MDX features, and therefore they cannot use the build in MicroVPN to access the internal WorkZone web server. In order to fetch Office documents from the WorkZone web server, you need to configure a Per-App VPN on NetScaler. In addition, you must create policies in XenMobile, so that all the relevant Office apps can establish this Per-App VPN. Citrix manages VPN profiles with the Citrix VPN app, which means that this app also must be available and managed through XenMobile.

To maintain an acceptable level of security, it is recommended to use a certificate as authentication on this VPN.

Administrator's Guide for WorkZone Mobile 2019.1