NetMotion Leverages Software-Defined Trend to Secure Mobile Devices
NetMotion Mobility combines provisioning, governance and security into a package any network admin could love.
Enterprise mobility is taking the business world by storm. It is poised to tear down the barriers that keep productivity at bay, or more specifically – tethered to a single location.
What’s more, research firm IDC projects that mobile workers will account for 72 percent of the U.S. workforce by 2020. That's a sobering statistic for those charged with successfully deploying mobile solutions in the enterprise.
Therein lies the real challenge, one accentuated by the fact that building a mobile workforce is anything but simple. In short, without the proper governance, embracing mobile technology will induce chaos in what was once a well-defined network.
The move to mobilize the workforce is permeated by security concerns, connectivity issues and performance challenges, as well as an ease-of-management obstacle. That adds up to a recipe for disaster, and it quickly becomes obvious why many mobility projects fail upon launch.
NetMotion is looking to remove failure from the mobility equation by introducing a new approach to the ideology of mobilization. It's an approach that has long been proven in other relevant enterprise technology spheres. This approach merges the ideologies of hardware abstraction with virtualization, and it has been validated by numerous successful solutions.
In the same way that networking, storage and compute have embraced software-defined everything (SDx), NetMotion is leveraging the software-defined concept for mobility.
There is something to be said for comfort derived by familiarity. NetMotion has embraced this idea by turning to software-defined networking (SDN) as a template for building a secure mobile performance management platform, but with a few caveats. Simply put, SDN decouples the forwarding of network traffic from the control over how the traffic is forwarded. That enables network administrators to manage multiple network devices from a single console and define policies that dynamically redefines network-wide traffic flow to meet changing needs and conditions.
However, mobile networks consist of carrier elements and other pieces of hardware and software that are beyond the control of a network administrator, a situation that makes SDN in its purest form untenable for mobile networks. That is exactly where NetMotion transforms SDN ideology into a software-defined mobility solution.
NetMotion accomplishes that lofty goal by eschewing the ideology of completely controlling the underlying network by software, and instead defines traffic control and forwarding logically by giving IT control of the connectivity at the endpoint. That allows administrators to manage application delivery based on changing network conditions through software, regardless of the combination of networks used.
Hands on NetMotion Mobility
Even as a software-defined offering, NetMotion Mobility still offers the familiar client-server paradigm. The NetMotion Mobility virtual appliance acts as a server, while the various pieces of connectivity software act like client applications on the mobile devices registered into the system.
Mobility proves to be a very robust platform for secure mobile performance management to enterprise applications. The software-defined/virtualized nature of the Mobility platform gives administrators significant flexibility for deploying the platform. The management portion of the product can be installed on premise, in a remote data center, or even as a cloud instance, and regardless of the deployment methodology selected, the platform offers the same capabilities.
I tested a hosted implementation of NetMotion Mobility Server with several different client devices, including an Apple iPad mini, a Samsung Galaxy Note 5, a Lenovo Tab3 10 Business, and a Dell XPS 15 laptop with Windows 10. All the devices, save for the Dell XPS 15, offered both cellular and WiFi connectivity, with the iPad mini on the Verizon network and the other devices on the T-Mobile Network.
Establishing a Connection
The primary focus of the testing was to establish a secure connection that was persistent in nature, optimizing enterprise applications on the go. Some of the applications tested included Salesforce (via a gateway), Microsoft SharePoint, and remote desktop connections. The NetMotion Mobility platform offers several integrated elements to support persistence, as well as security.
NetMotion incorporates a VPN client that uses certificate-based authentication to ensure that an encrypted connection is made between the device and the network. During authentication, the Mobility server establishes whether or not the client is a trusted device and only then allows the user to authenticate.
Once authentication has completed, the server and client derive symmetric encryption keys via an authenticated elliptic curve Diffie-Hellman (ECDH) key exchange and create the secure VPN tunnel. Administrators can optionally maintain the VPN tunnel after a user logs off, or establish a new one to maintain secure connectivity to the device, allowing them to remotely support the device, even without the user logged in. That proves useful for deploying patches or other maintenance items.
Once connected, persistence and roaming are supported via the Mobility VPN, which is able to keep the VPN tunnel alive, even if the device moves across different networks or changes IP addresses. That proves to be a critical capability for devices that are switching from hot spots to cellular connections and vice versa.
The VPN tunnel remains active and accounts for numerous scenarios, such as:
- Moving to a different network
- High latency environments
- Excessive signal interference
- Gaps in coverage
When interruptions occur, the Mobility VPN can suspend the operation and then resume once a connection is reestablished. In my testing, I turned off connectivity during several scenarios and was able to pick up right where I left off once connectivity was reestablished.