Enterprise Mobile Device Network Configuration Settings - dummies

Enterprise Mobile Device Network Configuration Settings

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Most mobile device management (MDM) solutions gives you control over network connections and the way that each enterprise mobile device connects to the corporate environment. Here are several ways that mobile devices connect to networks:

  • Virtual private network (VPN) access: Most MDM functions allow you to configure VPN access requirements on a mobile device. It is critical that all connections to your enterprise environment do so through a VPN, and setting the policies on behalf of the user makes it that much easier for the user to be in compliance with your policies.

    Typically, the MDM solution allows you to specify a VPN gateway, along with the type of user authentication required and any other information required to securely connect to the corporate network.

  • Private access point name (private APN): Private APNs are much like VPNs from a security perspective. The APN configuration specifies the point where a mobile device can access an IP network. Many service providers globally provide a private APN service to large customers, enabling them to separate their data traffic from that of customers. MDM solutions can sometimes configure mobile devices to support private APNs.

    Private APNs are a proxy for an IPsec or SSL VPN only if the device is connected directly to the carrier network. For devices that do not have 3G or 4G service, or when devices are connected to Wi-Fi but not to the carrier network, the level of data security and segmentation that a private APN provides is no longer available.

  • Wi-Fi access: Many mobile devices on the market today have multiple radios — one for accessing the 3G or 4G network and another for Wi-Fi access. MDM solutions allow you to configure mobile devices to seamlessly connect to Wi-Fi access points of your choosing.

    For example, you may have an enterprise wireless local area network (WLAN) deployment that you want devices to access when the user is on the corporate campus. MDM allows you to specify the service set identifier (SSID) of the WLAN, and also specify the security settings, such as encryption type and password, required to have the device seamlessly join the network when it’s within range.

    Many MDM solutions also allow you to select whether Wi-Fi access is allowed from a mobile device at all. This truly prevents users from connecting to insecure or untrusted wireless networks; however, it also has the likely impact of limiting the users’ productivity or forcing them to use more expensive 3G data services, even if free or low-cost Wi-Fi is available in their current location.