SSL VPN for Android
The use of Android smartphones on the rise
Punlished research indicates that Android has taken almost 50% share of the worldwide smart phone market.
Given this strong figure there is no doubt the Android-based phones will play a big role in the corporate area. Quick access to needed data while on the move can greatly improve work.
The applications available within the Business category of the Android Market tend to prove this point; on top of that Android is an open platform that encourages third-party development.
The Android mobile workforce challenge
To securely integrate the managed or unmanaged Android-based phones into the corporate infrastructure, enterprises and VPN vendors can build on the experience gained with the iPhones; the challenges are similar.
A difference would be Android’s openness in terms of approving the apps for distribution on the Android Market; malware issues. Application monitoring and control for user’s phones may be needed.
Android challenge details
- clientless access to business-class web applications.
- restricted access to corporate resources when users use personal Androids.
- achieve VPN anywhere connectivity; network roaming and blocked ports issues.
- granular role based access to resources in order to securely accommodate unmanaged Androids.
- compatibility issues, early stages; some VPN vendors still in beta testing and preview modes.
- determine the earliest version of Android that will be supported for business use.
SSL VPNs and Android-based phones
With SSL VPN solutions varying from pseudo-VPNs to true VPNs, multiple scenarios can be fulfilled.
- access to web applications can be achieved using the portal on the VPN gateway and the browser on Android as VPN client; the web applications will not be directly exposed to the Internet. Granular access to certain applications and applications features can be granted per user or group of users. SSO(single sign on) is supported for the backend web applications so the users won’t have to login multiple times.
- access 24x7x365 to e-mail using ActiveSync is done without having to expose the Microsoft Exchange server to the Internet; the VPN gateway can act as an ActiveSync reverse proxy allowing only authenticated traffic to the back Exchange server.
- true VPN or full network access for power users in need to access non-web applications(like RDP, telnet, SSH) is provided through a full blown SSL VPN client compatible with the Android; the VPN client can be downloaded from the Apps Android Market. The VPN tunnel can be established even when connecting behind restrictive firewalls or web proxies; advanced features like network roaming or connect on demand(and tear down after an interval of inactivity) are supported.
- the VPN gateway can require a client side certificate for the Android.
- As part of the VPN solution a mobile security suite might be offered by some vendors to address the malware and application control issues.
SSL VPNs caveats for Androids
- The lack of Java Runtime Environment on the Android makes certain SSL VPN features like port forwarding, application forwarding or Java based clients for popular applications unavailable; port forwarding or application forwarding are typically provided using Java applets or ActiveX controls, neither being available on the Android.
- SSL VPN support for Android might be still in beta testing or preview mode including from some major vendors; compatibility not guaranteed.
- Root access required for various layer 3 VPN clients to perform certain necessary OS level operations due to limitations and restrictions of the Android platform.