XenMobile and ShareFile. Jaan Feldmann Sergei Sokolov

XenMobile and ShareFile Jaan Feldmann Sergei Sokolov

Magic Quadrant for Mobile Device Management Software

How Mobile Feels Today

User Needs Freedom to access all their apps and data from any of their devices

For Enterprise IT, mobile presents big challenges

IT Needs to meet security and compliance requirements

But the needs of users and IT must be balanced

The problem: Solving this requires more than one tool.

IT Needs to meet security A complete and compliance set of tools requirements

Complete EMM Solution to Mobilize Your Business

The Mobile Solutions Bundle A complete stack for managing and securing apps, data, and devices App Management Data Management Device Management

5 Key Features Enterprise MDM Secure email, browser and data sharing Mobile app containers Unified app store Identity management, SSO and scenariobased access control

Enterprise Grade MDM Give users device choice whether corporate issued or BYO Manage the device throughout lifecycle

Sandboxed Mail, Docs, and Browser Mail Docs Browser combined with a great user experience.

Users can access the apps they love MDX Access MDX Vault MDX Interapp IT meets compliance requirements

Data protection settings that allow IT to take a granular, yet measured approach Disable Camera Disable Open-In Disable icloud use Disable Copy/Paste Disable sending SMS Disable printing Disable sending email Restrict outbound URL Encrypt app and data

Any app. Any device. Emphasis on ANY. Unified App Store Available on 3B+ devices Mobile apps native on device Windows, datacenter and web apps delivered via Receiver Any device smartphone, tablet, PC and Mac

Identity Management, SSO, and Scenario-based Access Simple access for users Simple provisioning, revocation, and control for IT

App Management The Mobile Solutions Bundle Business Apps Productivity and Collaboration App Management Secure Mail Data Management Device Management

Deployment Mobile First Adoption

XenMobile MDM Edition Mobile Device Management

Complete Mobility Infrastructure Apps, Data, and Devices XM ActiveSync Controller MDM Client TMG Native Mail Encryption XM Device Manager Mobile Device Management D M Z

XenMobile Device Manager Actively manage policy and configuration for ios, Android, Windows Mobile/CE and Symbian Deploy and administer mobile applications ᵒ Functionality varies by app and platform Control data access with DLP add-on Receives connections directly from mobile devices Makes connections to: ᵒ Database Server (MS SQL Server or Postgres) ᵒ Directory Server (AD or any other LDAP based system)

XenMobile MDM Pre-requisites Windows Server (Standard or Enterprise) 2003 64 bit, 2008 64 bit, or 2008 R2 64 bit Service Accounts ᵒ Installation account must be local admin of server ᵒ Does not require SQL rights directly ᵒ Account with database creation permissions in SQL Intended MDM server does not need to be a member of the domain Do not install IIS. Uninstall IIS if it exists on this server External DNS record for the MDM server ᵒ (ex. Mobile.yourcompany.com) Apple APNS certificate ᵒ required during the install, obtained using the XenMobile APNS Certificate Setup Guide Java SE 7 Java Cryptography Extension (JCE) files Unlimited Strength Jurisdiction Policy Files ᵒ copy local_policy.jar and US_export_policy.jar to /Java/jdk1.6.0_x/jre/lib/security Software License

XM MDM Directory Services Real-time access to LDAP (AD, Domino, etc..) source Can configure multiple connections to multiple servers Supports LDAP and LDAPS with certificate management Wizard driven configuration

XM MDM Role Based Access Control Roles can be created as desired ᵒ For example, multiple helpdesk tiers, devices managed by business units, etc.. Access is granular by admin function or group Roles are selected by group ᵒ Groups can be defined locally or referenced from AD

Zenprise Security at the Network Secure Mobile Gateway Mail 2 Internal Resources Rules, Device, User Properties, Applications 5 ZDM Secure Mobile Gateway X Block User from Intranet 3G / 4G 4 Monitored traffic flow 1 Normal traffic flow 3 Blacklisted App Install Block on blacklisted apps, rooted devices, unmanaged devices, user/group

Device Support Citrix XenMobile MDM allows you to manage the following mobile device platforms: Apple handheld devices (iphone, ipad) using ios 5.0 or higher Android handheld devices using 2.2 or higher Microsoft Windows 8 Phone and Windows 8 Tablet ᵒ Windows Mobile and its derivatives, including Smartphone and PocketPC ᵒ Windows Mobile 5.x or 6.x (PocketPC or Smartphone Edition) ᵒ Pocket PC 2003 ᵒ Windows CE 4.x, 5.x or 6.x BlackBerry handheld devices using BlackBerry OS versions 5.x, 6.x, and 7.x Symbian BB10

Device Functionality Matrix (1 of 4) Feature Mobile Windows 8 Windows 8 Phone Dashboard -- Enhanced Enrollment Modes (OTP, Multifactor, Invitationbased) -- -- -- -- -- Invitation Client Download -- -- -- -- -- Email Attachment Encryption -- -- -- -- -- App Lock ('Kiosk Mode') -- -- -- -- -- -- App Tunnels Mobile SSL VPN -- -- -- --

Device Functionality Matrix (2 of 4) Feature Storage Card Encryption Policy Mobile Windows 8 Windows 8 Phone -- -- -- -- -- Auto discovery Logon -- -- -- -- Automated Actions -- Notifications -- -- -- Agent Notification -- -- -- -- -- Enterprise App Store -- -- -- -- -- Locate Device -- -- --

Device Functionality Matrix (3 of 4) Feature Mobile Windows 8 Windows 8 Phone Geo-Tracking, Geo-Fencing -- -- -- -- Secure SharePoint -- -- -- -- -- Remote client installation (OTA) Provisioning of devices & users -- -- -- -- -- -- Hardware Inventory -- Software Inventory -- Security Jailbreak detection -- -- -- -- --

Device Functionality Matrix (4 of 4) Feature Remote Wipe & Lock Mobile Windows 8 (limited) Windows 8 Phone Software download & install -- -- File transfer -- Device Remote Control -- -- -- -- Roaming Management -- -- -- Reports (activity & devices inventory) Local device data encryption (option) -- -- -- -- --

Policy Types MDM Policies Device specific configuration and restriction policies Application Tunnels Automated Actions Server Groups XenMobile Policies Application access policies (black/white lists) XM SDK enabled app control DLP configuration MyWeb configuration

Lock Screens The passcode policy is the #1 feature used by our customers Deployed in 62% of instances Common requirements (in order) 1. Have a passcode defined 2. Disallow simple passcodes 3. Set auto-lock time 4. Set maximum password age 5. Set maximum password length

Passcode Policy - ios Click on Policies > ios Configurations > New Configuration > Passcode to configure a Passcode policy for ios devices Configure the settings you wish to apply as your Corporate passcode policy for ios devices Note: Turning on a passcode on an ios device will by default, turn on hardware encryption.

Location Services This is the #3 most popular policy type Deployed in 39% of instances A location services policy must be pushed to a device in order to track the device or use the geofencing functionality Location services policies only apply to ios devices currently

Geotracking results Once enabled, ZDM can store up to 6 hours of movement for each device

XenMobile Mobility Bundle MDX Technologies & Mobile Application Management

Complete Mobility Infrastructure Apps, Data, and Devices XM ActiveSync Controller MDM Client TMG Native Mail Encryption XM Device Manager Mobile Device Management Web & SaaS Mobile Apps Secure Data Receiver Access Gateway XM AppController Netscaler D M Z

Citrix Mobile App Management Full support for both personal and corporate usage (BYOD) ᵒ Corporate apps and data secure even on employee-owned devices ᵒ New consumer-driven devices supported immediately No risk of corporate data loss or compliance exceptions when: ᵒ Device is lost or stolen or employee leaves organization ᵒ Collaboration / file sharing apps used on the device Governance is built-in ᵒ Policies can be updated on hundreds of apps with no requirement to change source code No requirement for developers to change the way they develop apps or learn mobile security standards

MDX Controller MDX App Vault Secure container that enables app and data containment, wipe and lock MDX Access Secure access to Intranet resources MDX InterApp Trusted application communication fabric

MDXVault Native Mobile Apps Deny SMS Disable icloud Disable screenshots Force authentication Block jailbroken device MDX Policies during app wrapping MDX InterApp Citrix Receiver app private data vault app private data vault private data XenMobile

MDXInterapp MDX InterApp Citrix Receiver Open with Deny access to in-secure applications private data XenMobile

MDXAccess MDX InterApp Citrix Receiver private data

MDXAccess MDX InterApp Citrix Receiver SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101 SSL3 00100011 SSL3 001000111010101 SSL3 00100101 SSL3 001000111010101 SaaS Web Mobile Data private data Access Gateway C-VPN Mode XenMobile

Data Containment Preliminary ios Policies

AppWrapper Mobile App Wrap tool runs on Mac OS X Mobile App Wrap tool for Android Beta Available Takes a pre-compiled ios native application bundle (.IPA) as input Produces repackaged ios application bundle with Citrix app wrapper logic inserted (.MDX) Recertifies the repacked app with using a customer provided enterprise distribution profile

App Preparation Process Secure app with App Preparation Tool Upload app to XenMobile App available as a secure, managed app Push App via ZP Client App is visible on ios home screen QuickOffice.ipa QuickOffice Enterprise QuickOffice Enterprise QuickOffice

Me@Work mobile app family @WorkWeb Secure Browsing @WorkMail Email, calendar & contacts ShareFile Follow-me Data GoToMeeting Integrated Collaboration Podio Social Team Collaboration

MDX App Vault

MDX InterApp

MDX Policy Allow Camera InterApp Sharing icloud Backup Enable DLP Require Authentication Trusted Network Only Disable printing Restrict outbound URL Offline lease period 24 h

MDX Policy Secure app containers Micro VPN Lock and wipe Inter-app controls Allow Camera InterApp Sharing icloud Backup Enable DLP Conditional access policies Disable printing Require Authentication Trusted Network Only Restrict outbound URL Offline lease period 24 h

@WorkMail Mail, calendar, contacts Enterprise class security Beautiful native experience Full inter-app integration MDX-secured @WorkWeb Secure browser Internal web app access Full inter-app integration Consumer experience MDX-secured

Secure Exchange @WorkMail connectivity No new messaging infrastructure Connected/ disconnected access @WorkWeb Any intranet site access Native browser experience

@Work Mail @WorkMail Mail, calendar, contacts Enterprise class security Beautiful native experience Full inter-app integration MDX-secured Secure email body and attachment Open in control to provide data leak protection NO Exchange server exposure to internet Send email with ShareFile attachments Integrated calendars and Exchange GAL

@Work Mail - Topology Firewall @WorkMail Internet Micro VPN NetScaler/ Access Gateway Client Access Server (CAS)

@Work Web @WorkWeb Secure browser Internal web app access Full inter-app integration Consumer experience MDX-secured ios and Android device intranet web browsing Easy accesst to SharePoint, Intranet Portal etc Similar look/ feel as native browser Safari on ios; Chrome on Android Single sign-on via NetScaler Respond to HTTP 401 60

@Work Web - Topology Firewall @WorkWeb Internet Micro VPN NetScaler/ Access Gateway

Mobile Application Policies

ShareFile Enterprise

Consumerization of IT My Workspace My Device(s) My Apps? My Data

Users Demand Instant file and data access from any device File sharing (with anyone) Easy and familiar (love Dropbox) IT Wants Security Control no data leakage (hate Dropbox)

ShareFile Enterprise Empower users with Instant access to data, synced across all devices Improve collaboration and productivity through secure file sharing Meet corporate security and compliance standards with a secure service Deliver an enterprise-class service that meets workflow and productivity needs Enable IT to retain control and deliver a managed service Access data wherever it s stored, on/off-premises, and existing data platforms

ShareFile Workspaces and ShareFile Sync ShareFile Workspaces Internal and external sharing Large file support (up to 100 GB) Custom Branding ShareFile Sync Sync data across all devices Sync user data and team folders Offline Access

Team Folders - File Distribution to Any Device Latest file versions pushed to user devices Restrict access to download only

ShareFile Enables Mobile Workstyles Access, share and sync files from any device Apps for mobile devices Mobile-optimized ShareFile web site Offline access and editing

Built-in Mobile Content Editor Automatically sync folder contents for offline editing Offline editing of Microsoft Word, Excel and PowerPoint documents Mark up PDF documents with text, arrows, shapes and drawings Restrict use of unauthorized content editing tools

Workflow Integration with Microsoft Outlook Unclog mail servers Attachment conversion Overcome file size restrictions Better control and visibility Request large files

Windows Explorer and Mac Finder Integration Plug-ins for Windows Explorer and Mac Finder Integration that provides an intuitive user experience

Choose where your data is stored

ShareFile with StorageZones Choose where your data is stored Designated zones in public clouds Manage StorageZones on-premises Citrix-managed StorageZone (AWS) Customer-managed StorageZone (example)

Optimized for Virtual Desktops + On-Demand Sync Instant access, share and sync Reduce storage costs

Secure by Design

Robust Security Features Reporting and auditing Secure sharing Device security Remote wipe Device lock Poison pill Passcode lock Encryption through passcode lock Restrict jailbroken devices

Secure Citrix Managed StorageZones SSAE 16 audited data centers 256 bit SSL Encryption in transit Files stored with AES 256-bit encryption at rest All uploaded files scanned for viruses All ShareFile servers protected by dedicated firewalls All files are backed up and mirrored in real time

Reporting and Audit Trails Audit trails

ShareFile Architecture

Why StorageZones? Compliance Performance Legal compliance with geographic storage requirements Alignment with organizational policies Files and folders in closer proximity to users File access performance optimization

Citrix- Managed StorageZones Control Plane Client *.sharefile.com DB Sharefile.eu. Web Application Reporting Windows phone Authorization Storage Center (EC2) S3 StorageZones Storage centers Backend storage Various locations WW

Customer- Managed StorageZones Control Plane Client *.sharefile.com DB Sharefile.eu Web Application Reporting Windows phone Authorization Storage Center (Windows IIS) NAS NAS Storage Center (EC2) S3 StorageZones Storage centers Backend storage Various locations WW Customer Datacenter

Using StorageZones StorageZones can be set on User Home Folder Root Folder-level

Using StorageZones StorageZones can be set on ᵒ User Home Folder ᵒ Root Folder-level

ShareFile StorageZone Connectors ShareFile Personal Folder ShareFile Team Folder ShareFile Team Folder Existing Network Share SharePoint Doc Library (coming soon) Corp Governance SharePoint Library 86

For Follow-me Data

Light Demo

App Management The Mobile Solutions Bundle Business Apps Productivity and Collaboration App Management Secure Mail Data Management Device Management

Access Your Apps, Data and Desktops From Any Device

References http://www.gartner.com/technology/reprints.do?id=1-1frimh0&ct=130523&st=sb http://www.pqr.com/downloadformulier http://www.citrix.com/products/xenmobile/try.html?ntref=header_try http://www.sharefile.com

TakeAway Testige Citrix XenMobile MDM või XenMobile Enterprise Juunis Juulis Korraldame kohtumise teiega testimiseks ja testitulemuste arutamiseks Kingituseks: Segway sõit kahele Tallinna Vanalinnas + Restorani kinkekaart PS: Üks kingitus ettevõtte kohta Kohtumiste korraldamiseks võtke palun ühendust aadressil: ivika.pukk@atea.ee

Work better. Live better.

Licensing & Pricing On Prem & CSP XenMobile MDM Edition Mobile Solutions Bundle Mobile Solutions User Device User Perpetual License $105 $80 $185 Perpetual SW Maintenance* (SA + Support) $24/yr. $17/yr $40/yr. Annual License $45 $33 $74 Annual SW Maintenance* (SA + Support) $10 $7 $16 CSP Monthly (per calendar month) $4.81 $3.67 $8.48 * SWM required with perpetual and annual license model

Licensing & Pricing Cloud Hosted User Device XenMobile MDM Edition No HA HA No HA HA Hosted 1 year $67 $91 $52 $70 Hosted 2 years $121 $165 $94 $127 Hosted 3 years $151 $205 $117 $158 NOTE: HA is a customer decision at the time of purchase of the service and cannot be added on

ShareFile Enterprise: SKUs and Pricing Packaging Options for Citrix-managed StorageZones Product Name Storage Entitlement SRP (Per Year) ShareFile Enterprise Annual - 20 GB storage 20 GB per user $198 ShareFile Enterprise Annual - 1 GB storage 1 GB per user $100 ShareFile Enterprise with 100 GB storage pack 100GB pooled $1500 Packaging Options for Customer-managed StorageZones (on-premises) Product Name Storage Entitlement SRP (Per Year) Software Maintenance (Per Year) ShareFile Enterprise Perpetual - 0 GB storage 0 GB per user $150 $33 ShareFile Enterprise Annual - 0 GB storage 0 GB per user $83/per year N/A Citrix Confidential Subject to NDA