kind of funny you say that since XenApp is the main thing I use when I VPN in from my phone. Just to play around a few months ago when I was installing some new HP gear I was curious if I could actually install vSphere while sitting at a bar having some drinks with my phone.
Combining ILO Advanced w/boot from ISO, my Galaxy note 3 with stylus, XenApp fundamentals (small 5 user license or something that we use for operational related apps) I was able to power up the new HP server, and install ESXi on it from my phone. It felt pretty cool at the time. Also have used XenApp over mobile to briefly look and make changes to our Netscalers via web UI. Last time I had to do that was maybe 2 or 3 years ago.
Anything more serious and I need my laptop. I haven't even bothered to try to get ssh working on my phone, and OpenVPN to my personal colo? tried it once, gave up pretty quick when the app wanted the configuration in some kind of format I had never heard of before.
My org uses Duo two factor for 2nd factor, can link a phone, or other device, or register a phone number and it will call you. Lots of options, very simple to use. It may be the only SaaS offering that I could not see a way to host in house (mainly to do phone calls, about 10% of the user base relies on call backs for 2nd factor, many of them international).