- Mobile virtual private network
-
A mobile virtual private network (mobile VPN or mVPN) provides mobile devices with access to network resources and software applications on their home network, when they connect via other wireless or wired networks.
Mobile VPNs are used in environments where workers need to keep application sessions open at all times, throughout the working day, as they connect via various wireless networks, encounter gaps in coverage, or suspend-and-resume their devices to preserve battery life. A conventional VPN cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out,[1], fail, or even the computing device itself to crash.[2] Mobile VPNs are commonly used in public safety, home care, hospital settings, field service management, utilities and other industries.[3] Increasingly, they are being adopted by mobile professionals and white-collar workers as well.[2]
Contents
Comparison with other VPN types
A VPN maintains an authenticated, encrypted tunnel for securely passing data traffic over public networks (typically, the Internet.) Other VPN types are IPsec VPNs, which are useful for point-to-point connections when the network endpoints are known and remain fixed; or SSL VPNs, which provide for access through a Web browser and are commonly used by remote workers (telecommuting workers or business travelers).[4]
Makers of mobile VPNs draw a distinction between remote access and mobile environments.[4] A remote-access user typically establishes a connection from a fixed endpoint, launches applications that connect to corporate resources as needed, and then logs off. In a mobile environment, the endpoint changes constantly (for instance, as users roam between different cellular networks or Wi-Fi access points). A mobile VPN maintains a virtual connection to the application at all times as the endpoint changes, handling the necessary network logins in a manner transparent to the user.[5]
Mobile VPN functions
The following are functions common to mobile VPNs.[6]
Function Description Persistence Open applications remain active, open and available when the wireless connection changes or is interrupted, a laptop goes into hibernation, or a handheld user suspends and resumes the device Roaming Underlying virtual connection remains intact when the device switches to a different network; the mobile VPN handles the logins automatically Application compatibility Software applications that run in an "always-connected" wired LAN environment run over the mobile VPN without modification Security Enforces authentication of the user, the device, or both; as well as encryption of the data traffic in compliance with security standards such as FIPS 140-2 Acceleration Link optimization and data compression improve performance over wireless networks, especially on cellular networks where bandwidth may be constrained. Strong authentication Enforces two-factor authentication or multi-factor authentication using some combination of a password, smart card, public key certificate or biometric device; required by some regulations, notably for access to CJIS systems in law enforcement Mobile VPN management
Some mobile VPNs offer additional "mobile-aware" management and security functions, giving information technology departments visibility and control over devices that may not be on the corporate premises or that connect through networks outside IT's direct control.[7]
Function Description Management console Displays status of devices and users, and offers the ability to quarantine a device if there is possibility that it may have been lost or stolen Policy Management Enforces access policies based on the network in use, bandwidth of the connection, on layer-3 attributes (IP address, TCP and UDP port, etc.), time of day, and in some VPNs, the ability to control access by individual application software Quality of service Specifies the priority that different applications or services should receive when contending for available wireless bandwidth; this is useful for ensuring delivery of the essential "mission-critical" applications (such as computer-assisted dispatch for public safety) or giving priority to streaming media or voice-over-IP Network Access Control (NAC) Evaluates the patch status, anti-virus and anti-spyware protection status, and other aspects of the "health" of the device before allowing a connection; and optionally may integrate with policies to remediate the device automatically Mobile Analytics Gives administrators a view into how wireless networks and devices are used Notifications Alerts administrators of security concerns or connection problems that impact users, delivered via SMTP, SNMP or syslog Mobile VPN industries and applications
Mobile VPNs have found uses in a variety of industries, where they give mobile workers access to software applications.[8]
Industry Workers Applications Public Safety Police officers, firefighters, emergency services personnel, first responders Computer-assisted dispatch, automatic vehicle location, state driver's license and vehicle registration plate databases, criminal databases including the CJIS system, dashcam software, departmental intranet Home Care Visiting nurses, in-home physical therapists and occupational therapists, home care aides and hospice workers Electronic health records, electronic medical records, scheduling and billing applications Hospitals and Clinics Physicians, nurses and other staff Electronic health records, Electronic medical records, Picture archiving and communications systems, Computerized physician order entry, pharmacy, patient registration, scheduling, housekeeping, billing, accounting Field Service Field-service engineers, repair technicians Field Service Management which can include customer relationship management, work order management, dispatch, and historical customer service data as well as databases of customer-premises equipment, access requirements, and parts inventory; asset tracking, parts ordering, documentation access Field Sales Sales representatives Customer relationship management, inventory, order fulfillment Utilities Linemen, installation and repair technicians, field-service engineers Dispatch, scheduling, work-order management, geographic information systems, maintenance tracking, parts ordering, customer-service, testing and training applications Insurance Claims adjusters Claims systems, estimating applications Mobile VPN devices
Some mobile environments call for devices built to handle physical shock, weather extremes or other conditions encountered outdoors or in the field. Some manufacturers create ruggedized computers, such as the Panasonic Toughbook or the Itronix GoBook, in laptop or Tablet PC configurations.[9] Various handhelds and smartphones may also be used. Operating systems are typically Microsoft Windows-based, including special mobile-capable versions such as Windows CE and Windows Mobile.[10] Mobile VPN is available for all Symbian OS based smartphones by Nokia.[11]
Mobile VPNs in telecommunications
In telecommunication, a mobile VPN is a solution that integrates all offices and employees in a common network that includes all mobile and desk phones. Simultaneously mVPN makes internal communication more efficient, by providing additional services and guarantees high quality for best value. Through a connection between a leased line (E1/T1) and an enterprise PABX (Private Automatic Branch Exchange) system, it connects remote and mobile users with the company.[12]
Using mVPNs the company has the following advantages:[13]
- Direct connectivity – the corporate network becomes part of mobile operator's network through direct connection
- Private numbering plan – the communication is tailored to company organisation
- Corporate Business Group – all offices and employees are part of one common group, that includes all mobile and desk phones
- Short dialling – a short number to access each employee, no meter on his mobile or desk phone
- Smart Divert – easy divert within company group
- Groups and subgroups – Several sub-groups could be defined within the group with different changing as well as with separate numbering plan
- Calls control – certain destinations could be allowed or barred both on mobile and desk phones.
Vendors
- Birdstep Technology
- ERICSSON
- Radio IP Software
- Columbitech
- NeoAccel
- NetMotion Wireless
- Nokia
References
- ^ Phifer, Lisa. "Mobile VPN: Closing the Gap", SearchMobileComputing.com, July 16, 2006.
- ^ a b Cheng, Roger. "Lost Connections", The Wall Street Journal, December 11, 2007.
- ^ http://www.netmotionwireless.com/industries/default.aspx
- ^ a b http://www.netmotionwireless.com/products/mobilevsssl.aspx
- ^ http://searchmobilecomputing.techtarget.com/tip/0,289483,sid40_gci1210989_mem1,00.html
- ^ http://www.columbitech.com, http://www.netmotionwireless.com, http://www.radio-ip.com
- ^ http://www.netmotionwireless.com
- ^ http://www.netmotionwireless.com/resources/case_studies.aspx
- ^ http://www.panasonic.com/business/Toughbook, http://www.gd-itronix.com
- ^ http://www.netmotionwireless.com/support/technotes/1515.aspx
- ^ http://www.nokia.com/mobilevpn
- ^ http://media.wiley.com/product_data/excerpt/10/04712190/0471219010.pdf
- ^ http://www.huawei.com/publications/view.do?id=131&cid=79&pid=61
External links
- VPN Consortium
- "An Introduction to IPsec VPNs on Mobile Phones" by Ramon Arja, MSDN Magazine, September 2009
- Search Mobile Computing: mobile VPN
- "Face-off: Mobile VPN is a better choice than an SSL VPN" by Tom Johnaton, Network World (24 November 2006)
Categories:- Network architecture
- Computer network security
- Internet privacy
- GSM standard
- Mobile technology
Wikimedia Foundation. 2010.