Mobile VPN
A Mobile Virtual Private Network ( Mobile VPN or mVPN) provides mobile devices such as smartphones , notebooks , netbooks and PDAs with an uninterrupted connection for accessing applications and data when they are connected via wireless or wired networks. Developed for today's wireless and mobile computing environments, mobile VPNs enable easy roaming between wired and wireless networks, both local WLANs and national public networks .
Mobile VPNs are used in environments in which users must continuously maintain connections while they are connected to the data sources via wireless connections, or if they keep breaking and re-establishing the connection in order to conserve the batteries of their devices, but the connection is established smoothly must work. Conventional VPNs , which rely on a fixed IP address for the duration of the connection , cannot meet these requirements and, for example, lose the connection and thus lead to the crash of applications that are currently in use. Mobile VPNs are typically used in the public security sector , in hospitals , for care at home, in the field and for mobile users who depend on an uninterrupted connection.
Compared to other VPNs
A VPN can provide an authenticated encrypted tunnel for secure data transmission through public networks (typically via the Internet ) in order to bind a client to a remote network or at least to enable the client to securely access a company application.
Other (non-mobile) VPNs, such as IPsec VPNs, assume that the endpoints of the connection are known and are not changed during the data transfer; SSL VPNs offer secure access for a mobile client via a web browser, but also require that the location does not change during the connection.
In a mobile environment, however, the client's point of view changes constantly, for example when a user moves between different network cells or even between different public networks on a train, in a car or in a larger building complex. A mobile VPN establishes a virtual connection to the data sources that is maintained even if the endpoint changes. The necessary dial-in to the various networks is made invisible to the user in the background.
The technology of Mobile VPN
Differences to wired VPNs
Mobile VPNs avoid the problems of wired VPNs when using mobile devices. Technically, this is made possible by connecting a special communication server between the application server and the client . This takes over the communication with the application server and maintains the connection even if the client loses the connection due to a dead spot or a change to another network. While wired VPNs work with the IP address assigned by the provider , mobile VPNs use a logical IP address that is permanently connected to the mobile device. The client no longer communicates with the application server, but with the communication server. When the terminal device has a stable network connection again, the communication server reconnects. In the best case scenario, neither the user nor the application will notice the interruption. This makes it easier for the end device to choose the optimal connection. Which, depending on requirements, can be the fastest or the cheapest connection. Neither the user nor the current connection will be affected.
Mobile VPN server
The Mobile VPN server acts as a transport layer proxy for all mobile devices on which the Mobile VPN client is running. The server maintains the health of all clients and is responsible for the complex session management required to maintain continuous connections to systems that host network applications. If a mobile device becomes inaccessible, is idle or switches to a different network, the Mobile VPN server maintains the connection to the client's peer applications by acknowledging receipt of data and queuing requests. The mobile VPN server also manages the network addresses of mobile devices. Every mobile VPN client receives a virtual IP address in the wired network. This is usually assigned using DHCP or assigned from an address range that is reserved for this purpose on the Mobile VPN server. The Mobile VPN Server also supports the static assignment of virtual IP addresses to individual devices or users. Several servers can act as a server pool and thus offer failover and load balancing.
Mobile VPN client software
The mobile VPN client software is located on the TDI ( Transport Driver Interface ) layer on supported Microsoft platforms and takes care of the initiation and redirection of application network calls. When an application wants to use the network, the TDI calls are intercepted, the parameters are set up and the call is forwarded to the Mobile VPN server for execution. This works transparently with operating system functions so that the client-side application session can remain active if the device loses contact with the network.
Type of connection
The Remote Procedure Call Protocol (RPC) and the Internet Mobility Protocol (IMP) form the technological backbone that connects the Mobile VPN server with the individual mobile devices. A remote procedure call is a way for a process on a local system to call a procedure on a remote system, sending the client's network calls to the server for remote execution.
If the Mobile VPN Server were operated on the Winsock layer, these would be calls such as “ open socket ”, “ bind ”, “ connect ”, “ send ” and “ receive ”. However, since it works on the TDI layer, the corresponding TDI calls are forwarded to the server for remote execution. The application on the local system does not know that the procedure call is being executed on a remote system. The advantage of the RPC approach is that the mobile device can get out of range or interrupt operation without losing the active network session. Since this way of maintaining sessions does not require any user-specific settings or reprogramming of applications, commercial applications run unchanged in the wireless environment. The RPC protocol is encapsulated in the Internet Mobility Protocol (IMP), which in turn is encapsulated in UDP.
The Internet Mobility Protocol compensates for the differences between wired and less reliable networks by adjusting frame sizes and protocol timing to reduce network traffic. This becomes important when a limited bandwidth is available, high latency times exist or the battery of the mobile device needs to be saved. The Mobile VPN server also improves data security by encrypting all data traffic between the server and client and only allowing authenticated devices to connect to the Mobile VPN server.
Typical applications for mobile VPNs
Mobile VPNs are used wherever mobile users rely on an uninterrupted data connection. Typical application scenarios are rescue and security forces such as fire brigade and police , medical staff moving in large building complexes with multiple networks, mobile care staff, mobile customer service and maintenance staff as well as users who travel a lot and want to use an uninterrupted connection to the company network on the train, for example .
Mobile VPNs in practice
In addition to uninterrupted data transmission, mobile VPNs offer other advantages. Mobile VPNs support access to any application that runs in a wired environment through the intermediary of the communication server. This mainly includes mainframe connections that require an uninterrupted session. Thanks to Mobile VPN, these applications can be used for mobile use without any software changes. The fail-safe data connection makes it possible to save critical data preferentially on the servers, thus avoiding security risks from stolen or lost mobile devices. Some mobile VPNs support data and graphics compression and can optionally be configured to automatically select the fastest or cheapest connection. Depending on the manufacturer, mobile VPNs offer the same range of functions on mobile devices as on notebooks.
Mobile VPN functions
All mobile VPNs have these functions:
| function | description |
|---|---|
| Persistence | Open applications remain active, open and available when the wireless connection changes or is interrupted, a laptop goes to sleep or the user of a PDA restarts the device |
| Roaming | The connection remains in place when the device switches to another network; the Mobile VPN automatically logs in |
| Application Compatibility | Programs that run in a wired network with a permanent network connection run without modifications in the Mobile VPN |
| safety | Requires authentication of the user, the device or both, the data is encrypted according to standards such as FIPS 140-2 |
| Accelerated data transfer | Data compression improves data throughput in wireless networks, especially in public networks, where bandwidth can be limited. |
| Strong authentication | Requires a combination of two or more authentication methods such as password, smart card, certified key or biometric identification |
Mobile VPN management
Many mobile VPNs have additional management and security functions that give IT departments more transparency and control over mobile devices.
| function | description |
|---|---|
| Management console / mobile analytics | Shows the status and usage of mobile devices and users and enables locking if a device is lost or stolen |
| Policy Management | Allows you to enter guidelines for the current network, the bandwidth of the connection, the control options for individual applications and the configuration of other components |
| QoS | Determines the priorities for how the bandwidth is allocated for different applications or services. This ensures that certain applications are given higher priority |
| Network Access Control (NAC) | Determines the "health" of the device, such as the status of the current updates, protection by anti-virus and anti- spyware programs, and only establishes the connection if the specified security guidelines are met |
| Notifications | Informs administrators via SMTP , SNMP or syslog about security or connection problems |
Mobile VPN application areas
Mobile VPNs are used today in a variety of industries where employees need mobile access to applications.
| Area | user | Applications |
|---|---|---|
| public safety | Police, fire brigade, emergency services | Computer-aided deployment control, automatic location of the vehicle, driver's license and vehicle registration databases, criminal records or access to the intranet |
| Home care | Care workers, doctors on home visits | Electronic patient files , resource planning and billing |
| Hospitals and clinics | Doctors, nurses and other employees | Electronic patient files, digital image processing, patient admission, resource planning |
| External sales | Service staff, sales staff, installation and repair technicians, field engineers | Resource planning, customer management, order processing, spare parts ordering, documentation, scheduling, maintenance monitoring, spare parts ordering, customer service, testing and training applications |
credentials
- ↑ Lisa Phifer: Mobile VPN: Closing the Gap . SearchMobileComputing.com , July 16, 2006.
- ↑ Archived copy ( Memento of the original dated December 13, 2011 in the Internet Archive ) Info: The archive link has been inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Archived copy ( memento of the original dated August 6, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Technical overview whitepaper from NetMotion Wireless ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.
- ↑ http://www.columbitech.com , http://www.netmotionwireless.com , http://www.radio-ip.com
- ↑ Archived copy ( Memento of the original from March 31, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
