The iOS app per-VPN feature allows you to the VPN profile in conjunction with the Citrix VPN app on an iOS-managed XenMobile use device. There you can establish installed on the corporate network for a desired set of applications on the device an on-demand VPN tunnel.
The following will contribute steps you will per-app VPN to allow XenMobile with Server and Citrix VPN
Pre-Requisite : .. to begin , you must ensure that you have a XenMobile (10.3.5) environment to run have
there are 6 steps .:
- an application decide for VPN to activate and manage it in XenMobile
- define an app. Inventory policy on the XenMobile Server.
- you define a Credential Provider policy on the XenMobile Server.
- define a VPN policy on the XenMobile Server.
- define a policy on the App XenMobile Server attribute.
- define a trigger policy on the server NetScaler.
Step 1: Maintain an application that VPN-per-app requires
Once device vpn to the desired program to enable Pre-App on the iOS device, you need to manage it in the XenMobile Server. To illustrate I will GoToMeeting as an application that needs to access the corporate network.
1. Login to XenMobile server PostLogin to Configure > Apps and click In .
2. Under In App side, click Public App Store
. Note: You can also select an enterprise application that is not published in the App Store.
3. Enter the name the application, description and click Next
Note . Make sure you have only iPhone and iPad chosen because this is specifically for iOS devices.
4. Search GoToMeeting from the public App Store, select the GoToMeeting application check / change the name and description, "Force will be managed app" set flag on oN and click Next. Repeat. This step for iPad and click Next
5. Click on delivery group assignment the delivery group , to you to implement this policy and click Save .
Note: You may also push application Citrix VPN on the user device. If not, you need to instruct the end user to manually install the app from the App Store (without which it will be possible to trigger not the per-app VPN)
Step 2 :. Configure an App Inventory Policy
Here we will define app inventory policy that are installed, the list of applications and their application IDs on the device obtained Once the Device Manager App IDs does it know which applications are managed and what applications they need to push the per-app VPN policy. (Based on the config that we do in the next steps).
1. In Admin Console to Configure > Device Policies and click In .
2. Under In a new directive this area More and click app inventory .
3. Under app inventory Directive tab, select iOS platform and set the iOS policy oN and click Next .
4. Under assignment , select the desired delivery group and click Save .
Step 3: Credentials Provider Policy
Here we configure a credentials define policy, the requirement of the certificate for the VPN policy to define
. Note: This step is required only if you use "Certificate-based authentication" in XenMobile Server or "LDAP + Certificate-based authentication." If you only use LDAP-based authentication, then you do not need to take this step.
1. In the Admin Console to Configure > Device Policies and click In .
. 2 Under the to add a new policy this area More and click Credentials .
3. Under the Credentials Policy , select iOS platform , in the right area offer policy name and click Next .
4. Set the Credential type as Credentials Provider in the drop, select the appropriate Credentials provide (you have configured for certificate-based authentication) from the drop-down and click Next .
5. Under assignment , select the desired delivery group and click Save
step 4 :. Configuring a VPN policy
Here we are going to define a VPN policy.
1. In the Admin Console to Configure > Device Policies and click In .
. 2 Under the to add a new policy pane Click VPN .
3. Under VPN policy the iOS platform , in the right area offer policy name and click Next.
4. Enter the policy information, as referenced below, and click Next .
" Connection name" = any name
" Connection Type" = Citrix VPN
"server name or IP address" = NetScaler FQDN (for the Citrix VPN requires app to build the VPN connection)
" account" = $ user. username
" authentication type for the connection" = certificate (if you only use LDAP-based authentication in XenMobile server, then select password from the drop -down).
"identity credential" = policy credentials policy from which you created in Step 3.
"Enable per-app VPN" = ON
"on-demand game app enabled" [1945006=] ON
Note: If you want the traffic to each of your internal domains of Safari browser tunnel, then you can do the same with Safari define domains.
5. Under assignment , select the desired delivery group and click Save
step 5 :. Configuring App attribute policy
Here we will define VPN app attribute .
1. In the Admin Console to Configure > Device Policies and click In .
. 2 Under the Add a new directive area, expand more and click APP attributes .
3. Set the Managed app bundle ID in the drop (that you defined in step 1) and then set Per-App VPN credentials , click (that you defined in step 4) Next .
4. Under assignment , select the desired delivery group and click Save
step 6 :. Configure NetScaler traffic from Citrix VPN app.
to accept this, we will have a meeting to define policies that will be used / to enable road to NetScaler Gateway traffic from Citrix VPN app. To illustrate, I have the XenMobile NetScaler Gateway, the Citrix establish VPN application the tunnel (make sure that the gateway URL used that you have configured in the Citrix VPN policy in step 4.4 and the configurations, you do below steps in going one and the same).
1.Login to NetScaler.
2. Contribute application, NetScaler Gateway tab> Virtual Server > Select to of the right sidebar and Edit , the XenMobile Gateway .
3. Under the VPN Vserver page, scroll to the Policies section down and click session policies .
4. Under VPN Virtual Server Session Policy Binding, click Add Binding .
5. Under guidelines binding, set the priority (the same as the other session policies) and click the button " + " to create a new policy.
6. Enter the name politics, make the expression as " REQ.HTTP.HEADER user agent CitrixReceiver / NSGiOSplugin && REQ.HTTP.HEADER referer NotExists CONTAINS "and click " + " a new session to add profile.
7. Create under NetScaler Gateway session Profile , enter the name of the profile and then click client Experience and check override Global for " Clientless Access" and reinstall it on of in the drop Check override global for " plug-in type" and put them on him "Windows / MAC OS X" in the drop.
8. In the same page, you now click Security and check Override Global for the " Standard authorization action " and set it to" LET " in the drop.
9. In the same side, now on published applications and check override Global for the "ICA proxy" and set it to " oFF " from the drop-down and click create .
10. Click create to Build NetScaler Gateway session policy page.
11. Under session policies . Select the VPN policy that you created in the above steps
12. Click to bind to Bind Directive on the NetScaler Gateway Vserver.
13. The Policy Binding page click Close .
14. Under VPN Vserver page, click Done and Save to the settings on NetScaler.
End User Experience to start
, you need to make sure that the Citrix VPN application is installed on the user's device (as mentioned above, you can push it from XenMobile server as part of the registration). After the start, users need to permit NetScaler gateway secure internal network to communicate with the company. (Without the user VPN not to create capable).
Note Make sure the end user latest version of Citrix VPN app uses. The older version has known issues with iOS 9 platform.
Once the user writes on the XenMobile server, you will notice also VPN policy is pushed to the device. Once the managed application is installed, you will be the same on the device under PER APP VPN settings.
Every time when users try to access the GoToMeeting application from the mobile device, per apt VPN policy will encourage kick in and the user to enter their credentials to establish a VPN connection
. Note: you see this authentication challenge in the case of LDAP only and Cert + LDAP authentication modes. You will not see this message if you are only using certificate-based authentication in XenMobile Server.
The user can confirm the device connected to VPN and monitor use of the tunnel statistics.
0 Komentar