Application Policies Test
You can set policies for mobile apps in the App Controller management console. Application policies for Android or iOS apps fall into the following three main categories:
- Information security. These policies are designed to protect app data and documents. The policies dictate how information can be exchanged between apps. You can configure settings for the app to allow or prevent user access to such operations as printing, email, text messaging, and use of the device camera.
- Application access. These policies determine the logon requirements users must meet in order to open an app. You can configure authentication methods, settings to prevent apps from running on a jailbroken, or rooted, device, network connection requirements, and conditions for locking or erasing app data.
- Network. These policies determine the network settings for traffic to and from the app. You can configure the following settings: allow unrestricted access to the internal network, redirect traffic through XenMobile App Edition by using a VPN tunnel specific to each app, or block all traffic from accessing the internal network.
Application policies for Web & SaaS apps on the other hand, fall into the following categories:
- Device security: This policy prevents jail broken or rooted devices from accessing apps.
- Network: These policies determine the network settings for communicating with the app.
Periodically, administrators will have to review these policies, identify the applications on which these policies have been configured, and decide whether the restrictions imposed by the policies on the applications should continue, should be made stronger, or can be lifted. The Application Policies test helps administrators in this exercise. For each category of applications delivered by the AppController, this test reports the number of applications (of that type/category) on which certain key usage policies have been enforced. Detailed metrics collected by this test also reveal the names of these applications. Using this information, administrators can quickly identify where policy changes may have to be effected.
Target of the test : Citrix AppController
Agent deploying the test : A remote agent
Outputs of the test : One set of results for each category of applications delivered by the Citrix AppController being monitored.
Parameter | Description |
---|---|
Test Period |
How often should the test be executed. |
Host |
The IP address of the host for which the test is being configured. |
Port |
The port at which the host listens. By default, this is NULL. |
Username and Password |
To pull out metrics, this test needs to login to the AppController’s management console as a user with Administrator rights to AppController. For this purpose, you need to configure this test with the Username and Password of a user with Administrator rights to the AppController. |
Confirm Password |
Confirm the Password by retyping it here. |
SSL |
Indicate whether/not AppController is SSL-enabled. By default, this flag is set to Yes. |
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
Application blocking jailbroken or rooted devices |
Indicates the number of applications of this type that have been configured to not run on jailbroken or rooted devices. |
Number |
Use the detailed diagnosis of this measure to identify those applications that will not run on jailbroken or rooted devices. |
Device pin or password required applications |
Indicates the number of applications of this type that can be accessed only when a device pin or a password is provided. |
Number |
Use the detailed diagnosis of this measure to identify those applications that support password- or pin-protected access. |
Camera blocking applications |
Indicates the number of applications of this type that prevent the use of the camera. |
Number |
Use the detailed diagnosis of this measure to identify those applications that block camera usage. |
Microphone blocking applications |
Indicates the number of applications of this type that do not allow the use of a microphone. |
Number |
Use the detailed diagnosis of this measure to identify those applications that disallow microphone usage. |
Location services blocking applications |
Indicates the count of applications of this type that prevent the use of location services (eg., GPS or network). |
Number |
Use the detailed diagnosis of this measure to know which applications prevent the use of location services. |
“SMS Compose” blocking applications |
Indicates the number of applications of this type that block SMS (compose). |
Number |
Use the detailed diagnosis of this measure to know which applications block SMS. |
“Screen Capture” blocking applications |
Indicates the number of applications of this type that prevent a user-initiated screen capture when running. |
Number |
Use the detailed diagnosis of this measure to know which applications block screen capture operations. |
Device sensors blocking applications |
Indicates the number of applications of this type that do not permit the use of device sensors, like accelerometer, motion sensor, or gyroscope. |
Number |
Use the detailed diagnosis of this measure to know which applications do not allow the use of device sensors. |
Application logs blocking applications |
Indicates the number of applications of this type that block application logs. |
Number |
Use the detailed diagnosis of this measure to know which applications do not allow the logging of application events. |
Full VPN tunnel enabled applications |
Indicates the number of applications of this type that use an application-specific VPN tunnel through Netscaler Gateway for accessing the internal network. |
Number |
Use the detailed diagnosis of this measure to know which applications use a VPN tunnel to access the internal network. |
“Access limits for public files” applications |
Indicates the number of applications of this type that have been configured with ‘Access limits for public files’. |
Number |
In the App Controller management console, administrators can set the Access limits for public files policy for an application. This contains a comma-separated list. Each entry is a regular expression path followed by (NA), (RO), or (RW). Files matching the path are limited to No Access, Read Only, or Read Write access. The list is processed in order and the first matching path is used to set the access limit. This policy is enforced only when the Public file encryption policy is enabled (changed from the Disable option to the SecurityGroup or Application option). This policy is applicable only to existing, unencrypted public files and specifies when these files are encrypted. Use the detailed diagnosis of this measure to know for which applications access limits have been configured for public files. |
Wifi require applications |
Indicates the number of applications of this type that have been set to run only when the device is connected to a Wifi network. |
Number |
Use the detailed diagnosis of this measure to know which applications require a Wifi connection for execution. |
“Network access” blocking applications |
Indicates the number of applications of this type that have block all network access for the device they run on. |
Number |
Use the detailed diagnosis of this measure to know which applications block network access for the devices they run on. |