Using a virtual private network

The diagram in this topic shows a network topology that uses a Virtual Private Network (VPN) server as the secure access point to the company intranet from mobile devices.

The first diagram in this topic shows a network topology that uses a Virtual Private Network (VPN) server as the secure access point to the a standalone HCL Traveler server on the company intranet from mobile devices.

VPN

The second diagram shows the same network topology with an HA pool of HCL Traveler servers. In this case, the function of spraying or load balancing the device requests is provided by a separate server in the trusted domain.

VPN HA

This solution allows for the most flexibility in terms of what applications can be connected by mobile devices and what protocols they are allowed to use. When you use a secure VPN tunnel between the mobile device and the company intranet, any applications that are running on the device can connect to any company server just as if it were running inside the company network. For example, you can use the device browser to open pages on an internal website or use instant messaging on the device that connects to internal messaging servers.

You might want to consider running the mobile device client connection with the HTTP protocol rather than the HTTPS protocol when you are using a VPN. The VPN typically provides a secure data channel. There is some performance gain using HTTP rather than SSL, because the mobile device and the HCL Traveler server do not need to encrypt all data. However, this leaves the connection unencrypted between the VPN connection point and the HCL Traveler server.

The type of VPN server that must be installed depends on the mobile device. Most of the mobile devices support some form of IPSec or PPTP protocol, so network VPN appliances can be used by the mobile devices. HCL Safelinx provides mobile clients that support Android devices. It also offers a secure HTTP access solution for devices such as the Apple iPhone.

For Apple iOS devices, a VPN connection must be manually started by the device user. This connection may disconnect after it is started and will not restart automatically. Therefore, using a VPN connection as the primary method for connecting Mail, Calendar and Contacts applications on iOS devices to the HCL Traveler server is not recommended. You should consider an SSL connection directly to the HCL Traveler server or an intermediate proxy.

In addition, pushed messages may not flow over an Apple VPN connection. As a result, it is suggested you not use a VPN solution if you intend to push messages.