Apple’s IOS 12 and Network Extension Framework for VPN Clients

Gartner recognizes MobileIron as a leader in its most recent Unified Endpoint Management (UEM) Magic Quadrant based on our “up to date, scalable and proven UEM solution that integrates with a large security ecosystem.”  This blog post illustrates how MobileIron, plus our VPN technology ecosystem partners, are working together so customers can take full advantage of the new features in iOS 12.

With the release of iOS 12, Apple has restricted the use of "VPN framework” in the OS, which was predominantly used by VPN clients, and has provided a new, extensible and robust networking framework called “Network Extension.” This new framework makes it easier to use transport and security protocols when sending or receiving data.

VPN vendors can use this new framework to directly access protocols like TLS, TCP, and UDP for developing custom application protocols. The Network Extension framework contains APIs that can be used to customize and extend the core networking features of iOS and macOS and leverage the latest Apple framework for more reliable VPN connectivity as well as to support the latest features in iOS.

VPN vendors need to update client apps

Usage of the Network Extension framework is mandatory on iOS 12. As a result, VPN vendors have developed and launched new apps in the App Store. Most of these new apps leverage the latest framework in such a way that it works seamlessly not only with iOS 12, but also with iOS 11 (in some cases they support on iOS 10 as well).

VPN vendors have embraced the change gracefully by adopting the new framework and in some cases augmenting their product intelligence on the client side by adding new features as part of their offering. For the most part, as the change is on the client side, there are no major server/infrastructure updates. However, it is always best to reach out to your VPN vendor to get full clarity on this subject.

In order to prevent any confusion and remove app fluff in the App Store, most of the VPN vendors have renamed their existing applications as ‘legacy’ and also published end-of-support and end-of-life timelines on their respective websites. They have published the new app with the latest framework and included new bundle identifiers. For more information about  the feature set and support compatibility matrix, as well as full details about = iOS 12 readiness, please reach out to your respective VPN vendor.

MobileIron supports all the leading VPN vendors, in addition to our own solution, MobileIron Tunnel

MobileIron also takes advantage of the Network Extension Framework via MobileIron Tunnel. As part of our MobileIron Cloud and MobileIron Core solutions, we support a host of VPN client configurations in order to deliver hassle-free device enrollment and a seamless user onboarding experience (in some cases, with just a single touch). Among the many VPN vendors we support as part of MobileIron’s Technology Partner Ecosystem are Check Point Capsule, Cisco AnyConnect, F5’s Access for IOS, Palo Alto Network’s GlobalProtect, Pulse Secure IOS Client, SonicWALL, and Aruba VIA.  Furthermore, as part of implementing the Network Extension Framework, some of our vendors have performed compatibility tests of their new app with MobileIron’s Cloud and/or MobileIron Core solutions and published the findings, outcomes, and any necessary configuration changes in their blogs, release notes, and other documentation.

Tips on updating and distributing new VPN apps with MobileIron

The new VPN apps can be imported into the MobileIron App Catalog (MobileIron Core or Cloud) and distributed to all the existing devices. In some cases, cloning the existing configurations and publishing new ones are required. Consequently, after thorough testing is done to ensure that the VPN works flawlessly with the new apps, you will want to do the simple cleanup work to remove old VPN apps from the devices and archive previous VPN configurations. If you need any assistance during migration, please do not hesitate to contact MobileIron Support and/or Sales.

Keep an eye on the “Ecosystem” category of our blog , where we will publish regular updates on how MobileIron plus our ecosystem partners are working together to give you the choice and flexibility you need to preserve and grow value in your security environments.

Kalyan Vishnubhotla

Business Development Lead - Technology Integrations

About the author

Kalyan works as a lead at Mobileiron's Business and Corporate Development unit, specializing in technology integrations, developer relations and security.