Mobile virtual private network

Last updated

A mobile virtual private network (mobile VPN or mVPN) is a VPN which is capable of persisting during sessions across changes in physical connectivity, point of network attachment, and IP address. [1] The "mobile" in the name refers to the fact that the VPN can change points of network attachment, not necessarily that the mVPN client is a mobile phone or that it is running on a wireless network. [2]

Contents

Mobile VPNs are used in environments where workers need to keep application sessions open at all times, throughout the working day, as they connect via various wireless networks, encounter gaps in coverage, or suspend-and-resume their devices to preserve battery life. A conventional VPN cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out, [1] fail, or even the computing device itself to crash. [3] Mobile VPNs are commonly used in public safety, home care, hospital settings, field service management, utilities and other industries. [4] Increasingly, they are being adopted by mobile professionals and white-collar workers. [3]

Comparison with other VPN types

A VPN maintains an authenticated, encrypted tunnel for securely passing data traffic over public networks (typically, the Internet.) Other VPN types are IPsec VPNs, which are useful for point-to-point connections when the network endpoints are known and remain fixed; or SSL VPNs, which provide for access through a Web browser and are commonly used by remote workers. [5]

Makers of mobile VPNs draw a distinction between remote access and mobile environments. A remote-access user typically establishes a connection from a fixed endpoint, launches applications that connect to corporate resources as needed, and then logs off. In a mobile environment, the endpoint changes constantly (for instance, as users roam between different cellular networks or Wi-Fi access points). A mobile VPN maintains a virtual connection to the application at all times as the endpoint changes, handling the necessary network logins in a manner transparent to the user. [6]

Functions

The following are functions common to mobile VPNs. [7] [8] [9]

FunctionDescription
PersistenceOpen applications remain active, open and available when the wireless connection changes or is interrupted, a laptop goes into hibernation, or a handheld user suspends and resumes the device
Roaming Underlying virtual connection remains intact when the device switches to a different network; the mobile VPN handles the logins automatically
Application compatibility Software applications that run in an "always-connected" wired LAN environment run over the mobile VPN without modification
SecurityEnforces authentication of the user, the device, or both; as well as encryption of the data traffic in compliance with security standards such as FIPS 140-2
AccelerationLink optimization and data compression improve performance over wireless networks, especially on cellular networks where bandwidth may be constrained.
Strong authentication Enforces two-factor authentication or multi-factor authentication using some combination of a password, smart card, public key certificate or biometric device; required by some regulations, notably for access to CJIS systems in law enforcement

Management

Some mobile VPNs offer additional "mobile-aware" management and security functions, giving information technology departments visibility and control over devices that may not be on the corporate premises or that connect through networks outside IT's direct control. [10]

FunctionDescription
Management consoleDisplays status of devices and users, and offers the ability to quarantine a device if there is possibility that it may have been lost or stolen
Policy ManagementEnforces access policies based on the network in use, bandwidth of the connection, on layer-3 and layer-4 attributes (IP address, TCP and UDP port, etc.), time of day, and in some VPNs, the ability to control access by individual application software
Quality of service Specifies the priority that different applications or services should receive when contending for available wireless bandwidth; this is useful for ensuring delivery of the essential "mission-critical" applications (such as computer-assisted dispatch for public safety) or giving priority to streaming media or voice-over-IP
Network access control (NAC)Evaluates the patch status, anti-virus and anti-spyware protection status, and other aspects of the "health" of the device before allowing a connection; and optionally may integrate with policies to remediate the device automatically
Mobile AnalyticsGives administrators a view into how wireless networks and devices are used
NotificationsAlerts administrators of security concerns or connection problems that impact users, delivered via SMTP, SNMP or syslog

Industries and applications

Mobile VPNs have found uses in a variety of industries, where they give mobile workers access to software applications. [11]

IndustryWorkersApplications
Public Safety Police officers, firefighters, emergency services personnel, first responders Computer-aided dispatch, automatic vehicle location, state driver's license and vehicle registration plate databases, criminal databases like the FBI Criminal Justice Information System (CJIS), dashcam software, departmental intranet
Home Care Visiting nurses, in-home physical therapists and occupational therapists, home care aides and hospice workers Electronic health records, electronic medical records, scheduling and billing applications
Hospitals and Clinics Physicians, nurses and other staff Electronic health records, Electronic medical records, Picture archiving and communications systems, Computerized physician order entry, pharmacy, patient registration, scheduling, housekeeping, billing, accounting
Field ServiceField-service engineers, repair technicians Field Service Management which can include customer relationship management, work order management, Computer-aided dispatch, and historical customer service data as well as databases of customer-premises equipment, access requirements, and parts inventory; asset tracking, parts ordering, documentation access
Field Sales Sales representatives Customer relationship management, inventory, order fulfillment
Utilities Linemen, installation and repair technicians, field-service engineers Computer-aided dispatch, scheduling, work-order management, geographic information systems, maintenance tracking, parts ordering, customer-service, testing and training applications
Insurance Claims adjusters Claims systems, estimating applications

In telecommunications

In telecommunication, a mobile VPN is a solution that provides data user mobility and ensures secure network access with predictable performance. Data user mobility is defined as uninterrupted connectivity or the ability to stay connected and communicate to a possibly remote data network while changing the network access medium or points of attachment. [2]

In 2001, Huawei launched a product named "MVPN". In this case "MVPN" had a different meaning from the way that later industry sources would use the term. [12] The Huawei product was focused on delivering a seamless corporate phone system to users whether they were on desktop phones or mobile devices. Although the web page is no longer available, the company advertised that their MVPN had the following advantages over a standard phone system:

Vendors

Related Research Articles

<span class="mw-page-title-main">Network address translation</span> Technique for making connections between IP address spaces

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

<span class="mw-page-title-main">Mobile computing</span> Human–computer interaction in which a computer is expected to be transported during normal usage

Mobile computing is human–computer interaction in which a computer is expected to be transported during normal usage and allow for transmission of data, which can include voice and video transmissions. Mobile computing involves mobile communication, mobile hardware, and mobile software. Communication issues include ad hoc networks and infrastructure networks as well as communication properties, protocols, data formats, and concrete technologies. Hardware includes mobile devices or device components. Mobile software deals with the characteristics and requirements of mobile applications.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

Mobile IP is an Internet Engineering Task Force (IETF) standard communications protocol that is designed to allow mobile device users to move from one network to another while maintaining a permanent IP address. Mobile IP for IPv4 is described in IETF RFC 5944, and extensions are defined in IETF RFC 4721. Mobile IPv6, the IP mobility implementation for the next generation of the Internet Protocol, IPv6, is described in RFC 6275.

The IEEE 802.21 standard for Media Independent Handoff (MIH) is an IEEE standard published in 2008. The standard supports algorithms enabling seamless handover between wired and wireless networks of the same type as well as handover between different wired and wireless network types also called media independent handover (MIH) or vertical handover. The vertical handover was first introduced by Mark Stemn and Randy Katz at U C Berkeley. The standard provides information to allow handing over to and from wired 802.3 networks to wireless 802.11, 802.15, 802.16, 3GPP and 3GPP2 networks through different handover mechanisms.

The next-generation network (NGN) is a body of key architectural changes in telecommunication core and access networks. The general idea behind the NGN is that one network transports all information and services by encapsulating these into IP packets, similar to those used on the Internet. NGNs are commonly built around the Internet Protocol, and therefore the term all IP is also sometimes used to describe the transformation of formerly telephone-centric networks toward NGN.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

<span class="mw-page-title-main">Home network</span> Type of computer network

A home network or home area network (HAN) is a type of computer network that facilitates communication among devices within the close vicinity of a home. Devices capable of participating in this network, for example, smart devices such as network printers and handheld mobile computers, often gain enhanced emergent capabilities through their ability to interact. These additional capabilities can be used to increase the quality of life inside the home in a variety of ways, such as automation of repetitive tasks, increased personal productivity, enhanced home security, and easier access to entertainment.

<span class="mw-page-title-main">Wi-Fi calling</span> Protocol that extends mobile voice, data and multimedia applications over IP networks

Wi-Fi calling, also called VoWiFi, refers to mobile phone voice calls and data that are made over IP networks using Wi-Fi, instead of the cell towers provided by cellular networks. Using this feature, compatible handsets are able to route regular cellular calls through a wireless LAN (Wi-Fi) network with broadband Internet, while seamlessly change connections between the two where necessary. This feature makes use of the Generic Access Network (GAN) protocol, also known as Unlicensed Mobile Access (UMA).

Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network and a local area network or wide area network at the same time, using the same or different network connections. This connection state is usually facilitated through the simultaneous use of a LAN network interface controller (NIC), radio NIC, Wireless LAN (WLAN) NIC, and VPN client software application without the benefit of an access control.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

The Nexus Hawk 4G is a gateway router linking broadband cellular data, such as CDMA, GSM and Wi-Fi a, b, g, n) and WAN networks providing enterprises with broadband wireless internet/network data services in mobile and remote environments.

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Though closely related to Enterprise Mobility Management and Unified Endpoint Management, MDM differs slightly from both: unlike MDM, EMM includes mobile information management, BYOD, mobile application management and mobile content management, whereas UEM provides device management for endpoints like desktops, printers, IoT devices, and wearables as well.

A social VPN is a virtual private network that is created among individual peers, automatically, based on relationships established by them through a social networking service. A social VPN aims at providing peer-to-peer (P2P) network connectivity between a user and his or her friends, in an easy to set up manner that hides from the users the complexity in setting up and maintaining authenticated/encrypted end-to-end VPN tunnels.

NetMotion Software, formerly NetMotion Wireless, is a privately held software company specializing in network security.

Enterprise mobility management (EMM) is the set of people, processes and technology focused on managing mobile devices, wireless networks, and other mobile computing services in a business context. As more workers have bought smartphone and tablet computing devices and have sought support for using these devices in the workplace, EMM has become increasingly significant.

Radio IP Software is a privately held software company specializing in mobile data connectivity and mobile virtual private network solutions. Established in 1998, Radio IP Software is headquartered in Montreal, Quebec, Canada and has offices in Florida, USA and London, England.

<span class="mw-page-title-main">SoftEther VPN</span> Open-source VPN client and server software

SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba. VPN protocols such as SSL VPN, L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. It was released using the GPLv2 license on January 4, 2014. The license was switched to Apache License 2.0 on January 21, 2019.

References

  1. 1 2 Phifer, Lisa. "Mobile VPN: Closing the Gap", SearchMobileComputing.com, July 16, 2006. Accessed July 25, 2009
  2. 1 2 Introduction to MVPN
  3. 1 2 Cheng, Roger. "Lost Connections", The Wall Street Journal , December 11, 2007. Accessed July 25, 2009
  4. "Industry Case Studies of NetMotion Wireless Software". NetMotion. Retrieved 2017-06-07.
  5. "Software Define Mobility". NetMotion. 2017-06-07. Retrieved 2017-06-07.
  6. Phifer, Lisa. "Mobile VPN: Closing the gap". Searchmobilecomputing.techtarget.com. Retrieved 2014-06-12.
  7. "Home". columbitech.com.
  8. "NetMotion - Uncompromised secure access. SDP, ZTNA, VPN & DEM". NetMotion Software.
  9. "Mobile Virtual Private Network Solutions (MVPN)". Radio IP.
  10. "NetMotion Software". NetMotion. 2017-06-07. Retrieved 2017-06-07.
  11. "NetMotion Wireless Customer Case Studies". NetMotion. 2017-06-07. Retrieved 2017-06-07.
  12. "Huawei Publications". huawei. Archived from the original on May 25, 2006.