Tunnel - Per App VPN

Tunnel - Per App VPN

A key MobileIron end user product is Tunnel, an iOS per app VPN. MobileIron Tunnel allows organizations to authorize specific business apps, including internally built and App Store apps, to access corporate resources behind the firewall. Unapproved and personal apps are blocked so that only business data flows through Tunnel. This provides data security and protects users’ privacy.

Securing App Data in Motion and Streamlining Authentication

Download: Datasheet

Tunnel Features Include:

  • Per app VPN connectivity on iOS 7 using SSL to MobileIron Sentry
  • iOS 7 Single Sign On
  • Per app VPN on most App store applications
  • Safari to access applications behind a firewall
  • In native iOS 7 emails, internal corporate links can automatically be opened in Safari
  • Direct certificate authentication to internal corporate applications
Tunnel Explained
Tunnel Demo

Safari and Tunnel

Tunnel creates a Per App VPN for Safari when needed, based on the domains specified by the Administrator in the VSP.

Tunnel Security Using Device Posture

Tunnel uses MobileIron’s advanced security capabilities to continuously monitor device posture before access is granted to protected resources. This ensures that devices that are jailbroken or have data protection disabled are prevented from establishing a connection inside the enterprise.

Devices fall in and out of compliance regularly, especially in BYOD programs, making dynamic access control essential. Tunnel combines the secure transport of traditional VPN with certificate-based identity and posture-based policy. This simplifies enterprise access for the user while maintaining security for IT.

AppConnect vs. Tunnel

Tunnel & AppConnect

MobileIron AppConnect led the way by securing data in motion for AppConnect-enabled Apps using the HTTP/S protocol. Tunnel builds on that innovation by extending data in motion security to over a million Apps in the App Store. Most iOS Managed Application using HTTP/S and/or TCP protocols can establish a Per App VPN to protected enterprise resources.

Identity@Work Using Kerberos Proxy

MobileIron’s ability to proxy Kerberos allows iOS devices that are not on the corporate network to use iOS 7 SSO without needing to expose the Kerberos Key Distribution Center (KDC). This protects both data-in-motion and the customer’s Kerberos infrastructure. For example, Tunnel enables Apple’s Safari browser to securely access intranet sites behind the firewall with transparent authentication so that users do not have to re-enter their usernames and passwords as they go from site to site.

Kerberos and Tunnel - Why is it important to have them togetherr

Learn More About MobileIron Tunnel