Multi-OS App VPN

Multi-OS App VPN

User privacy is a key element of the mobile model. However, privacy extends to the network as well. IT must secure traffic from enterprise apps without capturing traffic from personal apps. This fundamentally changes the network security model from device-wide VPN to more intelligent and granular app VPN.

A key MobileIron end user product, MobileIron Tunnel protects data in the network with multi-OS app VPN, supporting iOS and Windows Phone. The IT administrator effortlessly sets certificate and VPN configuration settings behind the scenes, making enterprise access seamless for the employee.

Tunnel for iOS and Windows Phone 8.1 Devices

On iOS devices, Tunnel allows organizations to authorize specific business apps, including internally built and App Store apps to access corporate resources behind the firewall. Unapproved and personal apps are blocked so that only business data flows through Tunnel. This provides data security and protects user privacy.

On Windows Phone devices, any app from the Windows Phone Store can use MobileIron Tunnel for secure connectivity at the app level.

Tunnel Security Using Device Posture

Tunnel uses MobileIron’s advanced security capabilities to continuously monitor device posture before access is granted to protected resources. This ensures that devices that are jailbroken or have data protection disabled are prevented from establishing a connection inside the enterprise.

Devices fall in and out of compliance regularly, especially in BYOD programs, making dynamic access control essential. Tunnel combines the secure transport of traditional VPN with certificate-based identity and posture-based policy. This simplifies enterprise access for the user while maintaining security for IT.

Tunnel Features Include:

  • Per app VPN connectivity on iOS 7 using SSL to MobileIron Sentry
  • iOS 7 Single Sign On
  • Per app VPN on most App store applications
  • Safari/Internet Explorer to access applications behind a firewall
  • In native iOS 7+ and WP 8.1 emails, internal corporate links can automatically be opened in the native browser (Safari/IE)
  • Direct certificate authentication to internal corporate applications
  • App VPN for Windows Phone Store apps
  • UDP support on Windows Phone 8.1 devices
  • Split Tunnel traffic on Windows Phone 8.1 devices

Identity@Work Using Kerberos Proxy

MobileIron’s ability to proxy Kerberos allows iOS devices that are not on the corporate network to use iOS 7 SSO without needing to expose the Kerberos Key Distribution Center (KDC). This protects both data-in-motion and the customer’s Kerberos infrastructure. For example, Tunnel enables Apple’s Safari browser to securely access intranet sites behind the firewall with transparent authentication so that users do not have to re-enter their usernames and passwords as they go from site to site.