11/11/2008
The following are four ways that you can configure System Center Mobile Device Manager (MDM) to route internal line of business (LOB) traffic:
-
Direct access by using NetBIOS name: The LOB application
that is running on the managed Windows Mobile device sends a
request to the NetBIOS name of an LOB service that resides within
the company internal or perimeter network. The managed device
transmits this message through the virtual private network (VPN)
tunnel. Based on the local routing table, MDM Gateway Server
forwards the message to the next router which then sends it to the
server that hosts the LOB service. This is also known as a network
hop.
Note: For Direct access to work by using a NetBIOS name, WINS must be available and MDM Gateway Server must configure the WINS servers in the device as part of the VPN negotiation. -
Direct access by defining networks or domains that map to the
company network: During the provisioning process, you can use
Group Policy settings to configure the list of company-internal
destinations on the managed device. After the company network
destinations are configured on the managed device, the LOB
application that is running on the device sends a request to an LOB
service that resides within the company internal or perimeter
network. This LOB service destination is listed in the company
network list. Network traffic then moves from the managed device
through the VPN tunnel, bypassing the provisioned proxy. Based on
the local Windows-based operating system routing table, MDM Gateway
Server forwards this message to the next network hop.
-
Proxy access (Web proxy traffic): In this case, when the
Mobile VPN connected, a proxy was configured for network access.
The LOB application that is running on the managed device sends a
request to an LOB service that resides within the company internal
or perimeter network. The destination URL is a fully qualified
domain name (FQDN) or an IP address. The managed device sends the
request to the provisioned proxy through the VPN tunnel. MDM
Gateway Server queries the local Windows-based operating system
routing table for the proxy location. The proxy receives this
message, applies the proxy policy, changes its source IP address,
and then sends it back to its destination LOB service.
-
Direct access: In this case, when the Mobile VPN connected,
no proxy was configured for network access. The LOB application
that is running on the managed device sends a request to an LOB
service that resides within the company internal or perimeter
network. The destination URL is a fully qualified domain name
(FQDN) or an IP address. The managed device sends the request to
MDM Gateway Server directly. MDM Gateway Server queries the local
Windows-based operating system routing table for the LOB service
location and then sends the request to the destination LOB service.