Learn How a Virtual Networking Approach Can Strengthen the Security of Federal Networks REGISTER >
Enterprise mobility is taking the business world by storm. It is poised to tear down the barriers that keep productivity at bay, or more specifically – tethered to a single location.
What’s more, research firm IDC projects that mobile workers will account for 72 percent of the U.S. workforce by 2020. That's a sobering statistic for those charged with successfully deploying mobile solutions in the enterprise.
Therein lies the real challenge, one accentuated by the fact that building a mobile workforce is anything but simple. In short, without the proper governance, embracing mobile technology will induce chaos in what was once a well-defined network.
The move to mobilize the workforce is permeated by security concerns, connectivity issues and performance challenges, as well as an ease-of-management obstacle. That adds up to a recipe for disaster, and it quickly becomes obvious why many mobility projects fail upon launch.
NetMotion is looking to remove failure from the mobility equation by introducing a new approach to the ideology of mobilization. It's an approach that has long been proven in other relevant enterprise technology spheres. This approach merges the ideologies of hardware abstraction with virtualization, and it has been validated by numerous successful solutions.
In the same way that networking, storage and compute have embraced software-defined everything (SDx), NetMotion is leveraging the software-defined concept for mobility.
There is something to be said for comfort derived by familiarity. NetMotion has embraced this idea by turning to software-defined networking (SDN) as a template for building a secure mobile performance management platform, but with a few caveats. Simply put, SDN decouples the forwarding of network traffic from the control over how the traffic is forwarded. That enables network administrators to manage multiple network devices from a single console and define policies that dynamically redefines network-wide traffic flow to meet changing needs and conditions.
However, mobile networks consist of carrier elements and other pieces of hardware and software that are beyond the control of a network administrator, a situation that makes SDN in its purest form untenable for mobile networks. That is exactly where NetMotion transforms SDN ideology into a software-defined mobility solution.
NetMotion accomplishes that lofty goal by eschewing the ideology of completely controlling the underlying network by software, and instead defines traffic control and forwarding logically by giving IT control of the connectivity at the endpoint. That allows administrators to manage application delivery based on changing network conditions through software, regardless of the combination of networks used.
Hands on NetMotion Mobility
Even as a software-defined offering, NetMotion Mobility still offers the familiar client-server paradigm. The NetMotion Mobility virtual appliance acts as a server, while the various pieces of connectivity software act like client applications on the mobile devices registered into the system.
Mobility proves to be a very robust platform for secure mobile performance management to enterprise applications. The software-defined/virtualized nature of the Mobility platform gives administrators significant flexibility for deploying the platform. The management portion of the product can be installed on premise, in a remote data center, or even as a cloud instance, and regardless of the deployment methodology selected, the platform offers the same capabilities.
I tested a hosted implementation of NetMotion Mobility Server with several different client devices, including an Apple iPad mini, a Samsung Galaxy Note 5, a Lenovo Tab3 10 Business, and a Dell XPS 15 laptop with Windows 10. All the devices, save for the Dell XPS 15, offered both cellular and WiFi connectivity, with the iPad mini on the Verizon network and the other devices on the T-Mobile Network.
Establishing a Connection
The primary focus of the testing was to establish a secure connection that was persistent in nature, optimizing enterprise applications on the go. Some of the applications tested included Salesforce (via a gateway), Microsoft SharePoint, and remote desktop connections. The NetMotion Mobility platform offers several integrated elements to support persistence, as well as security.
NetMotion incorporates a VPN client that uses certificate-based authentication to ensure that an encrypted connection is made between the device and the network. During authentication, the Mobility server establishes whether or not the client is a trusted device and only then allows the user to authenticate.
Once authentication has completed, the server and client derive symmetric encryption keys via an authenticated elliptic curve Diffie-Hellman (ECDH) key exchange and create the secure VPN tunnel. Administrators can optionally maintain the VPN tunnel after a user logs off, or establish a new one to maintain secure connectivity to the device, allowing them to remotely support the device, even without the user logged in. That proves useful for deploying patches or other maintenance items.
Once connected, persistence and roaming are supported via the Mobility VPN, which is able to keep the VPN tunnel alive, even if the device moves across different networks or changes IP addresses. That proves to be a critical capability for devices that are switching from hot spots to cellular connections and vice versa.
The VPN tunnel remains active and accounts for numerous scenarios, such as:
- Moving to a different network
- High latency environments
- Excessive signal interference
- Gaps in coverage
When interruptions occur, the Mobility VPN can suspend the operation and then resume once a connection is reestablished. In my testing, I turned off connectivity during several scenarios and was able to pick up right where I left off once connectivity was reestablished.
Learn How a Virtual Networking Approach Can Strengthen the Security of Federal Networks REGISTER >
With NetMotion Mobility, policies prove to be the cornerstone of security and connectivity. Policy management is accomplished using Mobility’s policy module, which allows administrators to create and assign policies to users, groups, devices and so forth. The policies are granular in nature and several specific conditions can be set when defining a policy.
Policies consist of rules and controls, and they are executed on the endpoint. Administrators have the ability to create controls based upon many different attributes, including application name, user name, device name, time of day, network name, SSID, BSSID, protocol, IP address, port number, device ID, interface name, interface speed, interface type, whether or not the interface is tariffed, interface plug-and-play ID, network access control status, operating system version, client version, battery status, an arbitrary registry key value or an externally defined condition.
Based upon the attributes and values used, policies have a defined impact on connections, including allow, block, disconnect, passthrough and bypass traffic. Policies can also be defined to take additional actions, such as launch applications, execute command line arguments, set system parameters, send notifications and so on. Those additional actions prove useful for pushing out additional security settings, such as validating (or installing) malware protection.
Policies are very easy to create and are wizard-driven for the most part, meaning that even neophyte administrators can quickly define and assign policies to get a mobile initiative started in an enterprise.
One of the most critical elements of any mobile performance management product is the ability to bring acceptable levels of performance to the table. Simply put, enabling secure connectivity means little if the platform does not offer the needed performance for success.
With NetMotion Mobility, there are several technologies at play to maximize performance. For example, the product incorporates traffic shaping, which means administrators can set network priorities and application throttling.
In other words, admins can create quality of service (QoS) policies that control how traffic flows over the network. They can assign low-priority applications limited bandwidth and give more network resources to critical applications, such as VoIP, video and so forth. The QoS policies also incorporate packet loss recovery (PLR), which has become a critical component of real-time data streams, such as voice or video traffic. When packets are lost, PLR works by reconstructing lost packets using information from the packets that were received, without retransmitting the lost packet. Administrators can set PLR levels based upon the amount of packet loss expected, with a low setting for reliable networks and a high setting for networks that are less reliable. PLR can add to transmission overhead, so a low setting may be appropriate for most applications.
NetMotion also deploys other performance enhancing technologies, such as data compression, web image acceleration and fragmentation optimization. All of which help to maintain expected levels of performance and bring connectivity to slower wireless networks where limited performance may have excluded attached devices from being connected to the network.
One of the biggest challenges associated with provisioning and managing a mobile-enabled network comes down to understanding what is actually happening on the network. This situation is further complicated by the fact that administrators have little or no control over external access points, cellular networks or public hot spots.
Solving connectivity problems becomes increasingly difficult when that connectivity information is lacking, and many an administrator finds a lack of consistency when it comes to identifying areas that have weak coverage or inconsistent bandwidth.
The NetMotion diagnostics module gathers up all information related to connections provided by the NetMotion’s software and stores that information so that administrators can perform both real-time and historical analytics on the complete mobility platform, including client devices, NetMotion Mobility Server and any other information that can be gleaned from network traffic.
Interestingly, the tool can mash up connectivity statistics with physical location using device-based GPS feeds. Users can correlate that information to create a connectivity map that shows when GPS feeds were dropped and reestablished — handy information for those enterprises working closely with carriers to establish better coverage and eliminate dead zones.
The diagnostics module offers dozens of reports, charts and graphs that create a visual representation of everything from device usage to network performance to system operations and root-cause troubleshooting. Administrators also can drill down into coverage maps, which use statistics to reveal which carriers are in use, recorded signal strengths, and several other factors.
Mobility also offers trending reports displaying connection windows (time connected), device usage (device trends), compression (data compression trends), adapters (cellular connections), and numerous other factors. What’s more, the collected data is stored in such a way that additional analytical tools can further mine the data.
With its software-defined Mobility offering, NetMotion has successfully melded security, management and diagnostics for enterprises seeking to leverage a mobile workforce. The platform’s ability to gather data and extrapolate actionable insight proves to be unique in the mobile VPN market. Its policy definition and traffic acceleration are valuable allies when it comes to securing mobile traffic while also providing acceptable levels of performance.
For any enterprise that is serious about providing the best possible mobile experience for users, NetMotion Mobility fits the bill.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant. He has written for leading technology publications including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom's Hardware, and business publications including Entrepreneur, Forbes and BNET. Ohlhorst was also the executive technology editor for Ziff Davis Enterprise's eWeek and former director of the CRN Test Center.