MicroVPNs are virtual private networks that are specific to an application instead of a device. The purpose of using a MicroVPN in mobile apps is to enable Bring Your Own Device (BYOD) and avoid deploying a VPN client to every device. MicroVPNs allow mobile apps to establish direct and seamless access to corporate resources without a VPN on the device. This Knowledge Base explains how anyone can use Appdome to achieve secure remote mobile access with MicroVPN.
Appdome is a no-code mobile app security platform designed to add security features in mobile apps.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps without coding. When a user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Using Appdome, there are no development or coding prerequisites to build secured apps. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, stores, and logic to the app automatically, with no manual development work at all.
Appdome MicroVPN is a flexible, all-in-one, mobile enterprise connectivity solution that supports any enterprise standard network gateway such as an SSL gateway, proxy, reverse proxy, or industry standard VPN. Appdome MicroVPN eliminates the need for mobile device VPNs or per application VPNs. Using Appdome MicroVPN each mobile app connects directly and securely to enterprise infrastructures.
Appdome’s MicroVPN does not require all web service endpoints to be published via a gateway or code change to apps to repoint to the newly published addresses of services. Appdome’s MicroVPN can use any SSL gateway, including Microsoft App Proxy, Netscaler and more in two main modes: transparent mode which does not require resources to be publicly published, and reverse proxy mode which is intended for publicly resolvable resources. Modes can also be set on a per resource basis, providing full granular control over the access and connectively model.
Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on having standard or proprietary VPN protocols inside the mobile apps. The Appdome technology adds MicroVPN and relevant standards, protocols and more to the mobile app automatically.
On Appdome, you can enable a mobile app to use MicroVPN in two different modes of operation:
Inclusive routing means you can decide that only some domains (regular expressions can be used) are securely connected using MicroVPN, while other connections that are not included in the domain list are allowed to pass directly. This gives you the option to choose particular settings different domains, which is especially useful for defining multiple profiles with different configurations.
The most straightforward way of ensuring that connections between mobile apps and corporate networks are secure is to restrict the parameters of the connection. Appdome allows you to control two important parts of the connection used by the Appdome MicroVPN layer.
When Strict Protocol Checking is enabled, built apps will only be able to make connections to secure servers using these algorithms:
DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES256-SHA256, DHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256.
Static Client Pinning
A more advanced security measure is to apply restrictions on the server or gateway which is the destination for the mobile app. If you set up the server or gateway to only accept connections from clients that can identify themselves using specific client certificates, Appdome can integrate the certificates needed to identify the client and present them as part of the secured connections.
Dynamic Client Pinning
Dynamic client pinning is an enterprise extension for static client pinning. It allows the use of a unique client-side certificate distributed by a SCEP server on a per-user basis. Currently, users are identified when fusing an app together with MicroVPN and Microsoft Intune. For more details read this article.
Appdome allows you to define one or more profiles to configure all the above settings. In this manner, you can protect some domains with Static Client Pinning, while protecting others by securing them using Transparent Proxy mode. Note: When using multiple profiles, all the profiles should be set up with Inclusive Routing in order to have the handling of each domain well defined.
In order to use Appdome’s no code implementation of MicroVPN on Appdome, you’ll need:
Follow these step-by-step instructions to add MicroVPN to mobile apps on Appdome:
Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.
The technology behind Build My App has two major elements – (1) a micro service architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add MicroVPN to the mobile app in seconds.
Congratulations! When your implementation is complete, you’ll see the notice below. You now have a mobile app fully integrated with MicroVPN.
After you have added MicroVPN to any mobile app on Appdome, there are a few additional steps needed to complete your mobile integration project.
Appdome is a full featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the application.
For more information on the range of options available in Context™, please read this knowledge base article.
In order to deploy an Appdome-Built application, it must be signed. Signing iOS app and Signing an Android app are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned application and sign locally using your own signing methods.
Once you have signed your Appdome-Built application, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built applications, please read this knowledge base.
That is it – Enjoy MicroVPN in your application!
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.