Per-App VPN

A Virtual Private Network(VPN) ensures all data is transmitted via secured tunnel which means, it strictly requires authentication or a special certificate to establish connectivity. So, every enterprise prefers to configure VPN, to ensure all the corporate data is secured from hackers or unauthentic users. VPN is a necessity, without which users cannot reach the corporate network away from work. Since mobile devices have become a part of productivity, corporate data should be reachable for employees from anywhere or everywhere. As an administrator, you have the need to configure VPN for all the managed mobile devices.

Overview

When a VPN is set up, all the data from the devices, including the personal data, is routed through the VPN. Some organizations only require a VPN to be set up only for the corporate apps, in that case the admin can make use of per-app VPN. With per-app VPN, the admin can select the apps for which the VPN is to be set up.

You have to specify the app for which VPN should be turned on. You can add multiple apps in the same profile. The below mentioned table assists you on the inputs which need to be used on the product server to configure VPN for mobile devices

The following VPN connection types are supported by MDM:

Pulse Secure VPN, Cisco AnyConnect Legacy, Cisco AnyConnect New and F5 SSL require the corresponding third-party app Pulse Secure, Cisco AnyConnect Legacy, Cisco AnyConnect New and F5 BIG-IP Edge Client respectively, to be installed in the device for setting up the VPN configuration. Click here to know more about App Distribution and click here to know how to install apps silently in iOS devices.

Profile Specification

Description

Per-App VPN

Add App

Specify the name of the apps for which the VPN is to be set up.

Automatically connect to this VPN, when using the selected apps

Enable to ensure a VPN is set up automatically, when the apps are being used

Secure network communication using

Choose whether to use App Proxy or Packet tunnelling as the means to secure the communication

General VPN settings

Connection Type

Connection type to be enabled

Connection Name

Specify the name, which needs to be displayed as VPN name on the end user's mobile device

Server Name / IP Address

Host name or IP address of the server

Account

'User Authentication to access the VPN' (%username%) will get the appropriate user name, mapped to the device

Realm (Can be configured only if Connection Type is set as Juniper SSL/Pulse VPN)

Specify the authentication realm. An authentication realm specifies the criteria users must comply with, to use the VPN service. It is a grouping of authentication resources, including authentication server, authentication policy etc., This is usually done by the network administrators.

Role (Can be configured only if Connection Type is set as Juniper SSL/Pulse VPN)

Specify the user role. A user role is an entity defining user session parameters(such as session settings), personalization settings(such as bookmarks) and other enabled access features. For example, a user role may define whether or not a user can perform Web browsing.

Group Name

Specify the group name to be used for identifying the group. The group must end with [hybrid] if Hybrid Authentication is enabled

User Authentication

Specify user authentication type as password or RSA securID

Password (Can be configured only if User authentication is set as Password)

Specify the password to be used for user authentication

Identity Certificate (Can be configured only if User Authentication is set as Certificate)

Specify the identity certificate to be used for certificate-based authentication. You can also use SCEP for this.

Configure Proxy

Proxy settings

Configure proxy settings for VPN

Server URL (Can be configured only if Proxy is set as Automatic)

Specify the URL containing the Proxy PAC.

Server (Can be configured only if Proxy is set as Manual)

Proxy server name

Port (Can be configured only if Proxy is set as Manual)

Port number to be used

User Name (Can be configured only if Proxy is set as Manual)

User name for authentication

Password (Can be configured only if Proxy is set as Manual)

Specify the password to be used.


Dynamic Variables :

The below mentioned dynamic variables are retrieved from the data provided while enrolling the device.

%username% - will get the appropriate user name, mapped to the device

See Also: Associating Profiles to Groups, Associating Profiles to Devices, App Management, Distribute Apps to Devices, Distribute Apps to Groups

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine