Many Windows Mobile devices support two methods of connecting to a network:
- The cellular data network of the Mobile Operator that connects
to the Internet.
- An 802.1X-based Wi-Fi connection. The Wi-Fi service could
connect the device to several different types of networks.
These connection types affect how to manage the devices and how they interact with your company infrastructure.
The Mobile virtual private network (VPN) for the managed Windows Mobile device uses the best Internet connection available when it connects to Mobile Device Manager (MDM) Gateway Server. If a better connection becomes available, the device does not change automatically. As an example, a device connected through Mobile VPN over a cellular connection to MDM Gateway Server continues to use the cellular connection even if a Wi-Fi connection becomes available. However, if the cellular connection becomes unavailable, the Mobile VPN transitions seamlessly to the best communication channel available.
|To minimize battery consumption, if the Mobile VPN connects over Wi-Fi, the device may disable Wi-Fi when the device goes into hibernation. If this occurs, the Mobile VPN can connect to MDM Gateway Server over the cellular connection if it is available.|
The following illustration shows how the device can use the two connection types to access MDM Gateway Server in your organization.
The following list identifies the main access connection routes for a device:
Cellular data connection: This is the standard cellular
mobile data service, such as General Packet Radio Service (GPRS) or
Code Division Multiple Access (CDMA). Devices make these
connections by using the data network of the cellular provider, and
then connect to the Internet through the Mobile Operator IP
network. From this point, the devices connect to the external MDM
Gateway Server, where they authenticate and connect to internal
resources. The Mobile Operator may provide direct, private access
from the cellular mobile data service to an entry point in your
company network. In this case, devices can connect over the
cellular network and access the external MDM Gateway Server, where
they authenticate and then connect to internal resources.
Wi-Fi hotspot connection: These connections provide a route
to the Internet through a third-party owned and managed Wi-Fi
connection. Wi-Fi hotspots are in many public places around the
world, such as airports and coffee shops. With these connections,
your devices connect to the network owned by the third party
(usually protected by an IEEE 802.1X password or certificate) and
are routed to the Internet. From there, the device connects to the
external MDM Gateway Server for authentication and connection to
Wi-Fi direct connection: MDM can manage devices that can
connect directly to the Wi-Fi access points of your organization by
using an 802.1X connection if the devices can access MDM. The
transition to the Wi-Fi direct connection will not be seamless for
devices that use MDM Gateway Server to connect to MDM over the
Internet. To connect to the company network by using the Wi-Fi
direct connection option, the user must manually disable the device
Mobile VPN. We do not recommend this option when you have MDM
installed and configured for your organization because the user
must manually enable and disable the Mobile VPN on the device to
transition to or from the Wi-Fi direct connection.
Wi-Fi gateway connection: In this configuration, the
organization has configured an internal MDM Gateway Server to
manage the Windows Mobile devices as they connect to the Wi-Fi
network of your organization. Although this approach may seem
unusual, especially if you already enable devices to make direct
Wi-Fi connections, it enables organizations to take advantage of
MDM management and security features that are not available to
directly connected devices.
For both internal and external gateway connections, we recommend that the network administrators for your company configure a firewall between MDM Gateway Server and your company internal resources. This configuration gives you a finer level of control over how you manage network traffic between the internal resources and the Windows Mobile devices.