The Per App Tunnel component and VMware Tunnel apps for iOS, Android, Windows Desktop, and macOS allow both internal and public applications to access corporate resources that reside in your secure internal network. They allow this functionality using per app tunneling capabilities. Per app tunneling lets certain applications access internal resources on an app-by-app basis. This means that you can enable some apps to access internal resources while you leave others unable to communicate with your back end systems.
This alternative solution is different from app tunneling with app wrapping because it supports both TCP and HTTP(S) traffic. It works for both public and internally developed apps. However, for internal apps, the VMware Tunnel app acts as an alternative option only if the sole requirement is tunneling into the internal network. Otherwise, you need to use app wrapping to take advantage of features such as integrated authentication, geofencing, offline access control, and so on.
The workflow to enable and use per app tunneling in AirWatch includes the listed steps.
- First, configure the app settings in the AirWatch Console on the VMware Tunnel settings page.
- Next, create an VMware Tunnel VPN profile for your devices. You can select the Per-App VPN check box to enable app tunneling for apps.
- Finally, push apps that you want to enable with app tunnel functionality from the AirWatch Console. A Use VPN check box on the Deployment tab of the Add Application page sets the application to use app tunneling.
Windows Desktop devices use the native Per-App VPN functionality. Add the apps to the VPN profile to enable Per-App Tunnel functionality.
An on-demand feature lets you configure apps to connect automatically using VMware Tunnel when launched. The connection remains active until a time-out period of receiving no traffic, then it is disconnected. When using VMware Tunnel, no IP address is assigned to the device, so you do not need to configure the network or assign a subnet to connected devices.
In addition, iOS apps can use the iOS DNS Service to send DNS queries through the VMware Tunnel server to the DNS server on a corporate network. This service allows applications such as Web browsers to use your corporate DNS server to look up IP address of your internal Web servers.