Which Apple VPN Do You Prefer?

Standard VPN, Third Party Clients or Per App VPN: Keep track of Apple’s many VPN possibilities

Successfull Apple VPN strategist

A virtual private network (VPN) serves to connect branch offices and external employees. VPNs also play an essential role in the integration of smartphones and tablets by ensuring that all network regulations in the company are also applied to the mobile devices. And it is precisely here that the problems arise because, depending on whether the smartphone or tablet is provided by the company or is the personal property of an employee, the requirements of how to use such a VPN can vary widely.

We now distinguish between the VPN configurations below:

  • Standard VPN
  • Third-Party VPN clients
  • On Demand VPN
  • Always On VPN
  • Per App VPN

While the Standard VPN describes the manual VPN based on the built-in VPN client, using Apple’s On Demand VPN allows domains to be managed so that whenever the Safari browser or an app wants to access them, a VPN connection is established.

With Apple’s Always On VPN, which was added in iOS 8 and operated the iPhone almost like a BlackBerry, turning on the device establishes a VPN that cannot be disabled by the user. This form, certainly only used on company-owned devices, ensures that all communication is routed through the corporate network and can be appropriately monitored and controlled there.

It goes without saying that this is unacceptable in a BYOD context. So Apple introduced the so-called Per App VPN in version 8. This VPN is used only by managed apps and rolled out directly through Cortado Server. Typical consumer apps like YouTube and WhatsApp are ignored.

Not only does this result in users not feeling monitored when using this app, but it also spares the corporate network from personal traffic.

Disable access to Dropbox & Co. with Per App VPN

One quick example of the utility of Per App VPN is that it disables Microsoft Office’s Dropbox access, which cannot be disabled with any other setting.

If you use the Per App VPN for Microsoft Office, then the IT administrator can disable the access to Dropbox on the network simply through corresponding DNS entries.

Since the Per App VPN only affects Microsoft Office, it is still possible to use your personal Dropbox on the iPhone. It is solely the corporate data that has no access to it.

iOS 9: A key step for Apple’s Per App VPN

With iOS 8, Per App VPN still required a specific VPN that was supported by only a few conventional VPN providers. This requirement and the somewhat complex implementation have so far prevented the breakthrough of this concept. This may change substantially with iOS 9.

With iOS 9, Apple now makes it possible to create a Per App VPN with every VPN that is supported by the built-in VPN client. Since this has evolved considerably over the years, it can be assumed that Per App VPN can be used in virtually every corporate network.

Per App VPN as a central component of the native business container

The Per App VPN is also a central component of the native business container, which has already been described in this previous article. The interesting thing is that it not only allows Apple to connect applications with the Per App VPN through the native support, but rather Apple ensures with the concept of the managed domain that email traffic and access to certain websites, mostly intranet sites, only occur through this Per App VPN.

Thus this technology creates a completely closed container, including mail app and secure browser, which is connected to the company via a secured VPN without limiting the user’s personal apps.

Conclusion

In short, Per App VPN is the premium option among Apple’s VPN alternatives and easily implemented using iOS 9 and Cortado Server. That will help the native business container achieve its breakthrough.

For more information, please download the following White Paper:
VPN with iOS: Which type of virtual private network is best for you?

Comments are closed.