Compared to other enterprise mobility management (EMM) products on the market, Citrix has invested heavily in intuitive usability and user experience.
View all our recommendations for mobile device management (MDM) solutions on our best picks page.
Following in the footsteps of Citrix's ShareFile (the company's enterprise file sync and share product), XenMobile is available as both a cloud-based service and an on-premises software package. There are some slight idiosyncrasies that we will explore in this review, but the holistic user experience is very similar between the two products.
The crux of XenMobile's value proposition is, as stated above, the end user experience. While XenMobile has MDM capabilities, this isn't its core value proposition. Instead, XenMobile focuses on making corporate assets available on different devices to satisfy user demands and make workers more productive. Thus, Citrix approaches the market first as a MAM vendor.
Citrix designed its XenMobile product with the goal that "mobility management must allow people to do their job with the minimal amount of interference." We found the Citrix apps very easy to use. In just about every case, they provided more value than the built-in productivity apps. What amazed us most was how well they are integrated.
Since Citrix has carved out a spot as a key Microsoft partner, organizations that use Microsoft's Intune, Azure AD and other Microsoft components should seriously reconsider and give XenMobile a chance. XenMobile's integration with Exchange is exemplary, and while ShareFile acts as the backbone to many Worx tools, it is not forced upon users for file sharing (although, as we noted, ShareFile is a pretty good platform for enterprise file sync and share).
Other providers have Citrix beat on administrative console depth, consolidated support, and sheer market presence, but on the pure aspects of enterprise mobility management, XenMobile is an excellent solution.
Capabilities and Key Features
Find a Mobile Device Management Solution for Your Business
Citrix is, first and foremost, focused on the end-user experience coupled with enterprise management, visibility, protection, and control. This is most evident in the tremendous amount of usability in its Worx suite of mobile apps.
There are four types of applications that can be exposed to mobile users, each of which differs in user experience, connectivity, security and where the backend (logic and data) resides:
- Native public store apps
- Native private enterprise apps
- Mobile device extension (MDX) apps
- Web apps (or more accurately, web "things")
The native public apps are true public apps available on the Apple App Store and Google Play. Anyone can download them. (although their usefulness will differ depending on who the users are and which enterprise networks they have access to.) The apps can actually be referenced by enterprise app shops, but Citrix does not have a way to bundle the public apps like IBM Maas360. Two popular examples of public apps in the Citrix family are Citrix Presenter and GoToMeeting, both of which are very popular across all users. Two important points as it pertains to EMM: Public apps can be optional or required (users can only delay installation for a finite period), and a volume purchasing program (VPP) can be applied for public apps from large software vendors, such as Microsoft and Adobe, or smaller developers who have prenegotiated contracts with Citrix.
The private native enterprise apps are not wrapped in Citrix's proprietary MDX and lack specific app-centric policies. Apps in this class are either the raw code from developers (such as Apple Xcode), which is vetted by the enterprise and published to their private app shop, or full apps sent by a third party. Examples of these include corporate- or organization-specific apps, such as those developed by an airline to access real-time flight status (beyond what passengers can see), passenger information, cargo information, or catering coordination.
The third and most significant type are apps that are placed within an MDX wrapper (currently available for iOS and Android). The process to enable this is very quick, as apps only require one line of code. Beyond the core policies, encryption and connectivity through NetScaler, customers find value in unique features that can be enabled, that would otherwise be impossible. One interesting example is Citrix's wireless mouse; it only "works" with MDX-enabled apps, as it is essentially interacting with a remote system, not the local device. Instead of restricting connectivity and communication to the local device, Citrix has expanded the ecosystem to and through the entire EMM platform.
Finally, there are apps that are actually web links – much like saving a browser link on the home screen of a smartphone. Citrix actually has two flavors of web apps: ones that simply launch the default browser (i.e., Safari or Chrome) or the Citrix secure browser (available in Worx), and a second type that looks identical but is configured to point thru a single sign-on (SSO) gateway, gain/pass SAML credentials (through Citrix NetScaler) and operate like an enterprise browser app. A good example of this is Salesforce.com and other applications running on the Force.com platform. One final note: For virtualization, XenMobile can integrate with XenApp and XenDesktop. XenMobile does not offer a native hypervisor on any mobile device.
Mobile Content Management (MCM) Capabilities
While this review is not focused on document and content management, it's worth noting how Citrix has integrated its content functionality into the XenMobile story. After all, MCM is a part of EMM these days. ShareFile Enterprise is included with XenMobile Enterprise; it acts as both an end-user file sharing and backend platform for unstructured data. It can also be considered one of the key selling points for the solution over the competition.
ShareFile Enterprise has extensive capabilities on rights management within its own document repository. In addition, many of the XenMobile Citrix apps (Secure Mail, Notes, Tasks, etc.) integrate with and utilize Microsoft Active Directory Rights Management for additional levels of protection. Finally, ShareFile is the backup storage, which supports several Citrix applications, with more being added in each release.
Citrix App Suite
XenMobile's Ready Marketplace app store is fully contained within the Citrix Home app. This native store can deliver any type of app (native, web clip, MDX, or public) that IT decides for each user or device. When combined with XenDesktop and XenApp, XenMobile provides users with access to any app, including legacy Windows apps all with tightly integrated single sign on.
The positioning of Citrix Mobile Apps is slightly confusing, since it currently includes business mobile apps developed by Citrix, Citrix productivity apps and hundreds of third-party apps.
In Calendar, scheduling meetings is intuitive. Unlike Apple's built-in model where users have to hunt down and guess about other users' availability, Worx Calendar has an advanced mechanism for identifying free and busy times for mandatory and optional users. There is full conflict resolution, coupled with an auto-suggest feature, like in Microsoft Outlook 2010, 2013 and 2016.
Additionally, Calendar can auto-fill GoToMeeting invites and includes a "running late" button, which has actions and attachments that resemble functionality of tools like MobileDay.
The Secure Notes app is one of the tools integrated with Citrix's ShareFile. It includes rich metadata tagging, authoring and sync capabilities similar to those found in Evernote and OneNote, a link to calendars and location (where the note was authored), and full integration with rich media, such as photos and audio. Notes can be automatically generated from Secure Mail, demonstrating the tight integration across Citrix's product information management (PIM) suite of apps. For those that want to edit notes on a PC or Mac, there is a browser-based client. For organizations wanting to protect confidential data, Secure Notes is a compelling tool. The Secure Mail app is pretty much just an email app; the true differentiation comes through the calendar and notes components of the Suite. The Secure Mail app, along with others in the suite, provides a consistent experience for end users, offering additional email control options and simple document attachment capabilities.
Security and Administration
XenMobile has a highly usable and polished administration console. There are three tabs always visible to guide IT admins:
- Dashboard (includes subtabs for home, analytics and reporting)
IT admins have an uncluttered, easy-to-use interface. They can customize the dashboard, export reports, troubleshoot the console and create scalable workflows.
Devices can be provisioned through an auto-discovery process selected by administrators and multiple methods may be used. The most common is based on email address. Devices can also be provisioned by IT utilizing a secure one-time password (OTP) and over a dozen different ways including SMS (text) message, 2D barcode and enterprise application integration.
For directory service integration, XenMobile ties tightly with LDAP and Active Directory (AD). Rather than utilizing a sync method (which has led to huge loads on the local AD servers and flood requests to AD in the cloud, such as Azure AD and other services), XenMobile utilizes a unique late-binding approach. During enrollment, user information is queried from the directory service, the user's information is pulled from the service and then finally the user is automatically created in XenMobile – all within a matter of seconds. This is very important in widescale rollouts, service provider situations and mass device replacements (for example, after a breach).
XenMobile Deployment Groups (for software and policies) can be tied directly to AD organizational units (OUs) or groups for automatic updates and ease of widespread policy changes.
XenMobile does not, however, offer device backup functionality, but it has the ability to control specific elements of the backup procedure. This functionality isn't nearly as critical as in years past, since much of the time to restore data and settings has been eliminated with advanced configurations and cloud-based storage. Original device manufacturers, such as Apple and Google, provide cloud-based services (albeit for a fee, including appropriate storage). Enterprises also have a variety of tools and services to back up data and settings, which now encompass smartphones and tablets in addition to traditional PCs and servers.
Citrix offers "in-line" updates through the release management area of the administrative console. Updating XenMobile is similar to that of a consumer device, involving downloading a moderately sized file, uploading it to the server and rebooting the instance (physical restart or leveraging Hypervisor to bounce the instance). The secondary benefit of XenMobile is that it is available as an online service, which stands to minimize upgrade woes.
While security isn't Citrix's differentiator, it is still an important consideration. The two biggest issues with securing mobile devices are that they're inherently not attached to anything, and people will always find a way around policies and restrictions.
Citrix believes that securing information and devices is about education, not strictly locking down devices. Thus, XenMobile security policies err on the side of flexibility, and the tool is not inherently as restrictive as Good and BlackBerry.
While other EMM solutions now include Apple iBeacon support (Apple's programming interface that allows your phone to listen for and react to beacons), Citrix leverages its NetScaler infrastructure to identify where devices are and either allow or deny access to certain network resources or content.
Documentation and Support
As with ShareFile and other Citrix solutions, the online documentation, customer adoption and enterprise support for XenMobile is outstanding. For example, for our review, we went through the MDX Toolkit documentation, which was highly informative, educational and answered our questions that would otherwise be reserved for professional services (consulting) or technical support.
Citrix support is equally impressive. The company staffs support centers throughout the world, including a modern well-staffed facility near our testing lab in Atlanta, Georgia. In addition to documentation and online support, XenMobile includes a first-time-use wizard to help IT administrators get some basic policies created and ensure the system is set up and configured properly.
Integration and Compatibility
As a remote productivity company at its core, Citrix covers the complete spectrum of remotely accessing and supporting just about every personal computing device. However, since Citrix's bread-and-butter Workspace business is a platform to access data and desktop environments (a precursor to today's virtual desktop infrastructure, or VDI), Citrix defines "mobile" as smartphones and tablets. In Citrix's opinion, the device is not mobile, rather, the user is.
To that end, Citrix XenMobile has an extensive and impressive list of mobile device support. End-user client support is available for iOS, Android (including Samsung KNOX and Android for Work), Windows 10 (x86 and Windows Phone), legacy Windows Phone (8.x, WinCE and Windows Mobile), Mac OS X, Amazon Kindle Fire OS (3.0+) and Symbian devices.The actual feature level varies by device OS, with the greatest level of development and engineering innovation occurring in the platforms with the highest current and forward-looking adoption.
On the integration side, there is significant horsepower behind the scenes. Citrix believes that its core differentiator resides in the caching and load balancing of NetScaler, acquired over a decade ago. This is ideal for scaling to tens of thousands of devices, which is increasingly becoming critical in the world of mobility management. While Citrix doesn't have an actual identity and access management (IAM) solution, the company utilizes NetScaler to tie into IAM tools such as Active Directory, Okta, Microsoft Azure AD and so forth.
NetScaler also acts as a network layer proximity engine (instead of Apple's iBeacons, which are based on Bluetooth Low Energy). Compared to other EMM providers, with control of the network, Citrix can trigger permissions and alter access on the fly. One can argue it's even stronger than iBeacons, since it uses certificates and two-factor authentication tokens (although device-level Bluetooth keys are pretty strong too).
Thanks in part to NetScaler, Citrix has tested XenMobile to upwards of 200,000 devices (we obviously weren't able to independently confirm this). The NetScaler gateway appliances are industry leading secure connectivity appliances and can also scale without bound. Currently, even a single appliance can handle over 100,000 simultaneous connected users moving secure packets.
Editor's Note: Looking for a mobile device management solution? Click the Compare Quotes button below to have our sister site Buyer Zone connect you with vendors that can help.
How Does Your Business Stack Up? Get a Free Business Report Card!Get My Report Card