Mobile virtual private network
Encyclopedia
A mobile virtual private network (mobile VPN or mVPN) provides mobile devices with access to network resources and software applications on their home network, when they connect via other wireless
or wired networks.
Mobile VPNs are used in environments where workers need to keep application sessions open at all times, throughout the working day, as they connect via various wireless networks, encounter gaps in coverage, or suspend-and-resume their devices to preserve battery
life. A conventional VPN
cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out,, fail, or even the computing device itself to crash
. Mobile VPNs are commonly used in public safety
, home care
, hospital
settings, field service management
, utilities
and other industries. Increasingly, they are being adopted by mobile professionals and white-collar workers as well.
maintains an authenticated, encrypted tunnel for securely passing data traffic over public networks (typically, the Internet
.) Other VPN types are IPsec
VPNs, which are useful for point-to-point connections when the network endpoints are known and remain fixed; or SSL
VPNs, which provide for access through a Web browser
and are commonly used by remote workers (telecommuting
workers or business travelers).
Makers of mobile VPNs draw a distinction between remote access and mobile environments. A remote-access user typically establishes a connection from a fixed endpoint, launches applications that connect to corporate resources as needed, and then logs off. In a mobile environment, the endpoint changes constantly (for instance, as users roam between different cellular network
s or Wi-Fi
access point
s). A mobile VPN maintains a virtual connection to the application at all times as the endpoint changes, handling the necessary network logins in a manner transparent to the user.
departments visibility and control over devices that may not be on the corporate premises or that connect through networks outside IT's direct control.
Toughbook
or the Itronix GoBook, in laptop or Tablet PC
configurations. Various handhelds and smartphones may also be used. Operating systems are typically Microsoft Windows
-based, including special mobile-capable versions such as Windows CE
and Windows Mobile
.
Mobile VPN is available for all Symbian OS based smartphones by Nokia
.
, a mobile VPN is a solution that integrates all offices and employees in a common network that includes all mobile
and desk phone
s. Simultaneously mVPN makes internal communication more efficient, by providing additional services and guarantees high quality for best value.
Through a connection between a leased line
(E1
/T1
) and an enterprise PABX (Private Automatic Branch Exchange) system, it connects remote and mobile users with the company.
Using mVPNs the company has the following advantages:
Wireless
Wireless telecommunications is the transfer of information between two or more points that are not physically connected. Distances can be short, such as a few meters for television remote control, or as far as thousands or even millions of kilometers for deep-space radio communications...
or wired networks.
Mobile VPNs are used in environments where workers need to keep application sessions open at all times, throughout the working day, as they connect via various wireless networks, encounter gaps in coverage, or suspend-and-resume their devices to preserve battery
Battery (electricity)
An electrical battery is one or more electrochemical cells that convert stored chemical energy into electrical energy. Since the invention of the first battery in 1800 by Alessandro Volta and especially since the technically improved Daniell cell in 1836, batteries have become a common power...
life. A conventional VPN
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out,, fail, or even the computing device itself to crash
Crash (computing)
A crash in computing is a condition where a computer or a program, either an application or part of the operating system, ceases to function properly, often exiting after encountering errors. Often the offending program may appear to freeze or hang until a crash reporting service documents...
. Mobile VPNs are commonly used in public safety
Public Safety
Public safety involves the prevention of and protection from events that could endanger the safety of the general public from significant danger, injury/harm, or damage, such as crimes or disasters .-See also:* By nation...
, home care
Home care
Home Care, , is health care or supportive care provided in the patient's home by healthcare professionals Home Care, (also referred to as domiciliary care or social care), is health care or supportive care provided in the patient's home by healthcare professionals Home Care, (also referred to as...
, hospital
Hospital
A hospital is a health care institution providing patient treatment by specialized staff and equipment. Hospitals often, but not always, provide for inpatient care or longer-term patient stays....
settings, field service management
Field Service Management
Field service management is an attempt to optimize processes and information needed by companies who send technicians or staff "into the field" . Optimization is difficult, since it involves intelligent scheduling and dispatching of multiple technicians to different locations daily, while...
, utilities
Public utility
A public utility is an organization that maintains the infrastructure for a public service . Public utilities are subject to forms of public control and regulation ranging from local community-based groups to state-wide government monopolies...
and other industries. Increasingly, they are being adopted by mobile professionals and white-collar workers as well.
Comparison with other VPN types
A VPNVirtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
maintains an authenticated, encrypted tunnel for securely passing data traffic over public networks (typically, the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.) Other VPN types are IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
VPNs, which are useful for point-to-point connections when the network endpoints are known and remain fixed; or SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
VPNs, which provide for access through a Web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
and are commonly used by remote workers (telecommuting
Telecommuting
Telecommuting or telework is a work arrangement in which employees enjoy flexibility in working location and hours. In other words, the daily commute to a central place of work is replaced by telecommunication links...
workers or business travelers).
Makers of mobile VPNs draw a distinction between remote access and mobile environments. A remote-access user typically establishes a connection from a fixed endpoint, launches applications that connect to corporate resources as needed, and then logs off. In a mobile environment, the endpoint changes constantly (for instance, as users roam between different cellular network
Cellular network
A cellular network is a radio network distributed over land areas called cells, each served by at least one fixed-location transceiver known as a cell site or base station. When joined together these cells provide radio coverage over a wide geographic area...
s or Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
access point
Wireless access point
In computer networking, a wireless access point is a device that allows wireless devices to connect to a wired network using Wi-Fi, Bluetooth or related standards...
s). A mobile VPN maintains a virtual connection to the application at all times as the endpoint changes, handling the necessary network logins in a manner transparent to the user.
Mobile VPN functions
The following are functions common to mobile VPNs.Function | Description |
---|---|
Persistence | Open applications remain active, open and available when the wireless connection changes or is interrupted, a laptop Laptop A laptop, also called a notebook, is a personal computer for mobile use. A laptop integrates most of the typical components of a desktop computer, including a display, a keyboard, a pointing device and speakers into a single unit... goes into hibernation, or a handheld user suspends and resumes the device |
Roaming Roaming In wireless telecommunications, roaming is a general term referring to the extension of connectivity service in a location that is different from the home location where the service was registered. Roaming ensures that the wireless device is kept connected to the network, without losing the... |
Underlying virtual connection remains intact when the device switches to a different network; the mobile VPN handles the logins automatically |
Application compatibility | Software applications that run in an "always-connected" wired LAN Local area network A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building... environment run over the mobile VPN without modification |
Security | Enforces authentication Authentication Authentication is the act of confirming the truth of an attribute of a datum or entity... of the user, the device, or both; as well as encryption Encryption In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information... of the data traffic in compliance with security standards such as FIPS 140-2 FIPS 140-2 The Federal Information Processing Standard Publication 140-2, , is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules... |
Acceleration | Link optimization and data compression Data compression In computer science and information theory, data compression, source coding or bit-rate reduction is the process of encoding information using fewer bits than the original representation would use.... improve performance over wireless networks, especially on cellular networks where bandwidth may be constrained. |
Strong authentication Strong authentication Strong authentication is a notion with several unofficial definitions; is not standardized in the security literature.Often, strong authentication is associated with two-factor authentication or more generally multi-factor authentication... |
Enforces two-factor authentication Two-factor authentication Two-factor authentication is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi-factor authentication, which is a defense in depth approach to security... or multi-factor authentication Multi-factor authentication Multi-factor authentication, sometimes called strong authentication, is an extension of two-factor authentication. This is the Defense in depth approach of "Security In Layers" applied to authentication. While two-factor authentication only involves exactly two factors, multi-factor... using some combination of a password Password A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access.... , smart card Smart card A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile... , public key certificate Public key certificate In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth... or biometric device; required by some regulations, notably for access to CJIS Criminal Justice Information Services Division The Criminal Justice Information Services Division is a division of the United States Federal Bureau of Investigation . The CJIS was established in February 1992 and it is the largest division in the FBI.... systems in law enforcement Law enforcement agency In North American English, a law enforcement agency is a government agency responsible for the enforcement of the laws.Outside North America, such organizations are called police services. In North America, some of these services are called police while others have other names In North American... |
Mobile VPN management
Some mobile VPNs offer additional "mobile-aware" management and security functions, giving information technologyInformation technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
departments visibility and control over devices that may not be on the corporate premises or that connect through networks outside IT's direct control.
Function | Description |
---|---|
Management console | Displays status of devices and users, and offers the ability to quarantine a device if there is possibility that it may have been lost or stolen |
Policy Management | Enforces access policies based on the network in use, bandwidth Bandwidth (computing) In computer networking and computer science, bandwidth, network bandwidth, data bandwidth, or digital bandwidth is a measure of available or consumed data communication resources expressed in bits/second or multiples of it .Note that in textbooks on wireless communications, modem data transmission,... of the connection, on layer-3 attributes (IP address IP address An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing... , TCP and UDP port TCP and UDP port In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication... , etc.), time of day, and in some VPNs, the ability to control access by individual application software Application software Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. Many application programs deal principally with... |
Quality of service Quality of service The quality of service refers to several related aspects of telephony and computer networks that allow the transport of traffic with special requirements... |
Specifies the priority that different applications or services should receive when contending for available wireless bandwidth; this is useful for ensuring delivery of the essential "mission-critical" applications (such as computer-assisted dispatch Computer-assisted dispatch Computer-assisted dispatch, also called Computer Aided Dispatch , is a method of dispatching taxicabs, couriers, field service technicians, or emergency services assisted by computer. It can either be used to send messages to the dispatchee via a mobile data terminal and/or used to store and... for public safety Public Safety Public safety involves the prevention of and protection from events that could endanger the safety of the general public from significant danger, injury/harm, or damage, such as crimes or disasters .-See also:* By nation... ) or giving priority to streaming media Streaming media Streaming media is multimedia that is constantly received by and presented to an end-user while being delivered by a streaming provider.The term "presented" is used in this article in a general sense that includes audio or video playback. The name refers to the delivery method of the medium rather... or voice-over-IP |
Network Access Control Network Access Control Network Access Control is an approach to computer network security that attempts to unify endpoint security technology , user or system authentication and network security enforcement.-Background:Network Access Control is a computer networking solution that uses a set of protocols to define and... (NAC) |
Evaluates the patch status, anti-virus and anti-spyware protection status, and other aspects of the "health" of the device before allowing a connection; and optionally may integrate with policies to remediate the device automatically |
Mobile Analytics | Gives administrators a view into how wireless networks and devices are used |
Notifications | Alerts administrators of security concerns or connection problems that impact users, delivered via SMTP Simple Mail Transfer Protocol Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today... , SNMP Simple Network Management Protocol Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more." It is used mostly in network management systems to monitor... or syslog Syslog Syslog is a standard for computer data logging. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them... |
Mobile VPN industries and applications
Mobile VPNs have found uses in a variety of industries, where they give mobile workers access to software applications.Industry | Workers | Applications |
---|---|---|
Public Safety Public Safety Public safety involves the prevention of and protection from events that could endanger the safety of the general public from significant danger, injury/harm, or damage, such as crimes or disasters .-See also:* By nation... |
Police officers, firefighters, emergency services personnel, first responders | Computer-assisted dispatch, automatic vehicle location Automatic vehicle location Automatic vehicle location is a means for automatically determining the geographic location of a vehicle and transmitting the information to a requester.... , state driver's license Driver's license A driver's license/licence , or driving licence is an official document which states that a person may operate a motorized vehicle, such as a motorcycle, car, truck or a bus, on a public roadway. Most U.S... and vehicle registration plate Vehicle registration plate A vehicle registration plate is a metal or plastic plate attached to a motor vehicle or trailer for official identification purposes. The registration identifier is a numeric or alphanumeric code that uniquely identifies the vehicle within the issuing region's database... databases, criminal databases including the CJIS system, dashcam software, departmental intranet Intranet An intranet is a computer network that uses Internet Protocol technology to securely share any part of an organization's information or network operating system within that organization. The term is used in contrast to internet, a network between organizations, and instead refers to a network... |
Home Care Home care Home Care, , is health care or supportive care provided in the patient's home by healthcare professionals Home Care, (also referred to as domiciliary care or social care), is health care or supportive care provided in the patient's home by healthcare professionals Home Care, (also referred to as... |
Visiting nurses, in-home physical therapists and occupational therapists, home care Home care Home Care, , is health care or supportive care provided in the patient's home by healthcare professionals Home Care, (also referred to as domiciliary care or social care), is health care or supportive care provided in the patient's home by healthcare professionals Home Care, (also referred to as... aides and hospice Hospice Hospice is a type of care and a philosophy of care which focuses on the palliation of a terminally ill patient's symptoms.In the United States and Canada:*Gentiva Health Services, national provider of hospice and home health services... workers |
Electronic health records, electronic medical records, scheduling and billing applications |
Hospitals and Clinics | Physicians, nurses and other staff | Electronic health records, Electronic medical records, Picture archiving and communications systems, Computerized physician order entry, pharmacy, patient registration, scheduling, housekeeping, billing, accounting |
Field Service | Field-service engineers, repair technicians | Field Service Management Field Service Management Field service management is an attempt to optimize processes and information needed by companies who send technicians or staff "into the field" . Optimization is difficult, since it involves intelligent scheduling and dispatching of multiple technicians to different locations daily, while... which can include customer relationship management Customer relationship management Customer relationship management is a widely implemented strategy for managing a company’s interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processes—principally sales activities, but also those for marketing,... , work order management, dispatch, and historical customer service data as well as databases of customer-premises equipment Customer-premises equipment Customer-premises equipment or customer-provided equipment is any terminal and associated equipment located at a subscriber's premises and connected with a carrier's telecommunication channel at the demarcation point... , access requirements, and parts inventory; asset tracking, parts ordering, documentation access |
Field Sales | Sales representatives | Customer relationship management Customer relationship management Customer relationship management is a widely implemented strategy for managing a company’s interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processes—principally sales activities, but also those for marketing,... , inventory, order fulfillment Order fulfillment Order fulfillment is in the most general sense the complete process from point of sales inquiry to delivery of a product to the customer... |
Utilities | Linemen, installation and repair technicians, field-service engineers | Dispatch, scheduling, work-order management, geographic information systems, maintenance tracking, parts ordering, customer-service, testing and training applications |
Insurance Insurance In law and economics, insurance is a form of risk management primarily used to hedge against the risk of a contingent, uncertain loss. Insurance is defined as the equitable transfer of the risk of a loss, from one entity to another, in exchange for payment. An insurer is a company selling the... |
Claims adjusters | Claims systems, estimating applications |
Mobile VPN devices
Some mobile environments call for devices built to handle physical shock, weather extremes or other conditions encountered outdoors or in the field. Some manufacturers create ruggedized computers, such as the PanasonicPanasonic
Panasonic is an international brand name for Japanese electric products manufacturer Panasonic Corporation, which was formerly known as Matsushita Electric Industrial Co., Ltd...
Toughbook
Toughbook
Toughbook is a trademarked brand name owned by Panasonic Corporation and refers to its line of rugged computers. The Toughbook is designed to withstand vibration, drops, spills, extreme temperature, and other rough handling....
or the Itronix GoBook, in laptop or Tablet PC
Tablet computer
A tablet computer, or simply tablet, is a complete mobile computer, larger than a mobile phone or personal digital assistant, integrated into a flat touch screen and primarily operated by touching the screen...
configurations. Various handhelds and smartphones may also be used. Operating systems are typically Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
-based, including special mobile-capable versions such as Windows CE
Windows CE
Microsoft Windows CE is an operating system developed by Microsoft for embedded systems. Windows CE is a distinct operating system and kernel, rather than a trimmed-down version of desktop Windows...
and Windows Mobile
Windows Mobile
Windows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is...
.
Mobile VPN is available for all Symbian OS based smartphones by Nokia
Nokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
.
Mobile VPNs in telecommunications
In telecommunicationTelecommunication
Telecommunication is the transmission of information over significant distances to communicate. In earlier times, telecommunications involved the use of visual signals, such as beacons, smoke signals, semaphore telegraphs, signal flags, and optical heliographs, or audio messages via coded...
, a mobile VPN is a solution that integrates all offices and employees in a common network that includes all mobile
Mobile phone
A mobile phone is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area. It does so by connecting to a cellular network provided by a mobile network operator...
and desk phone
Phone
Within phonetics, a phone is:* a speech sound or gesture considered a physical event without regard to its place in the phonology of a language* a speech segment that possesses distinct physical or perceptual properties...
s. Simultaneously mVPN makes internal communication more efficient, by providing additional services and guarantees high quality for best value.
Through a connection between a leased line
Leased line
A leased line is a service contract between a provider and a customer, whereby the provider agrees to deliver a symmetric telecommunications line connecting two or more locations in exchange for a monthly rent . It is sometimes known as a 'Private Circuit' or 'Data Line' in the UK or as CDN in Italy...
(E1
E-carrier
In digital telecommunications, where a single physical wire pair can be used to carry many simultaneous voice conversations by time-division multiplexing, worldwide standards have been created and deployed...
/T1
Digital Signal 1
Digital signal 1 is a T-carrier signaling scheme devised by Bell Labs. DS1 is a widely used standard in telecommunications in North America and Japan to transmit voice and data between devices. E1 is used in place of T1 outside North America, Japan, and South Korea...
) and an enterprise PABX (Private Automatic Branch Exchange) system, it connects remote and mobile users with the company.
Using mVPNs the company has the following advantages:
- Direct connectivity – the corporate network becomes part of mobile operator's network through direct connection
- Private numbering plan – the communication is tailored to company organisation
- Corporate Business Group – all offices and employees are part of one common group, that includes all mobile and desk phones
- Short dialling – a short numberTelephone numbering planA telephone numbering plan is a type of numbering scheme used in telecommunications to allocate telephone numbers to subscribers and to route telephone calls in a telephone network. A closed numbering plan, such as found in North America, imposes a fixed total length to numbers...
to access each employee, no meter on his mobile or desk phone - Smart Divert – easy divert within company group
- Groups and subgroups – Several sub-groups could be defined within the group with different changing as well as with separate numbering planTelephone numbering planA telephone numbering plan is a type of numbering scheme used in telecommunications to allocate telephone numbers to subscribers and to route telephone calls in a telephone network. A closed numbering plan, such as found in North America, imposes a fixed total length to numbers...
- Calls control – certain destinations could be allowed or barred both on mobile and desk phones.
Vendors
- Birdstep TechnologyBirdstep TechnologyBirdstep Technology is a public company, founded in 1996 and is listed on the Oslo Stock Exchange since 2002, under the ticker BIRD. The company has 66 employees and is headquartered in Oslo, Norway, with competence centres in Sweden, Finland, UK and the United States...
- ERICSSONEricssonEricsson , one of Sweden's largest companies, is a provider of telecommunication and data communication systems, and related services, covering a range of technologies, including especially mobile networks...
- Radio IP SoftwareRadio IP SoftwareRadio IP Software is a privately held software company specializing in mobile data connectivity and Mobile Virtual Private Network solutions...
- ColumbitechColumbitechColumbitech, founded in 2000, provides wireless security to secure mobile devices, with support for WLAN and public networks, including 3G, 4G and WiMAX...
- NeoAccelNeoAccelNeoAccel is a multinational company that sells computer network security products direct to the end-user and through OEM relationships. The company is best known for its SSL VPN-Plus product and related ICAA & TSSL technology...
- NetMotion WirelessNetMotion WirelessNetMotion Wireless is a privately-held software company, founded in 2001 and based in Seattle, Washington. NetMotion Wireless develops software for organizations with mobile workforces, focusing on security and management of their wireless data deployments...
- NokiaNokiaNokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
External links
- VPN Consortium
- "An Introduction to IPsec VPNs on Mobile Phones" by Ramon Arja, MSDN Magazine, September 2009
- Search Mobile Computing: mobile VPN
- "Face-off: Mobile VPN is a better choice than an SSL VPN" by Tom Johnaton, Network WorldNetwork WorldNetwork World is a weekly IT publication that provides news and information to network executives. The company is headquartered in Framingham, Massachusetts, United States....
(24 November 2006)