You enable the Per App Tunnel component in the AirWatch Tunnel settings to set up per app tunnelling functionality for Android devices. Per app tunneling allows your internal and managed public applications to access your corporate resources on an app-by-app basis.

About this task

The VPN can automatically connect when a specified app is launched. For detailed AirWatch Tunnel configuration instructions, see the VMware AirWatch Tunnel Guide on the AirWatch Resources Web site.

Procedure

  1. In the AirWatch admin console, navigate to System > Enterprise Integration > AirWatch Tunnel.
  2. The first time you configure AirWatch Tunnel, select Configure and follow the configuration wizard. Otherwise, select Override and select the Enable AirWatch Tunnel check box. Then click Configure.
  3. In the Configuration Type page, enable Per-App Tunnel (Linux Only). Click Next.

    Leave Basic as the deployment model.

  4. In the Details page, for the Per-App Tunneling Configuration enter the AirWatch Tunnel server host name and port. For example, enter as tunnel.example.com. Click Next.
  5. In the SSL page, configure the Per-App Tunneling SSL Certificate. To use a public SSL, select the Use Public SSL Certificate check box. Click Next.

    The Tunnel Device Root Certificate is automatically generated.

    Note:

    SAN certificates are not supported. Make sure that your cert is issued for the corresponding server host name or is a valid wildcard certificate for the corresponding domain.

  6. In the Authentication page, select the certificate authentication type to use. Click Next.

    Option

    Description

    Default

    Select Default to use the AirWatch issued certificates.

    Enterprise CA

    A drop-down menu listing the certificate authority and certificate template that you configured in AirWatch is displayed. You can also upload the root certificate of your CA.

    If you select Enterprise CA, make sure that the CA template contains the subject name CN=UDID.You can download the CA certificates from the AirWatch Tunnel configuration page.

    If device compliance check is configured for Android, make sure that the CA template contains the subject name CN=UDID or set a SAN type to include the UDID. Select the San type DNS. The value must be UDID={DeviceUid}.

  7. Click Next.
  8. In the Profile Association page, associate an existing or create a new AirWatch Tunnel VPN profile for Android.

    If you create the profile in this step, you still must publish the profile. See Configure Android Profile in AirWatch.

  9. (Optional) In the Miscellaneous page, enable the access logs for the Per-App Tunnel components. Click Next.

    You must enable these logs before you install the AirWatch Tunnel server.

  10. Review the summary of your configuration and click Save.

    You are directed to the system settings configuration page.

  11. Select the General tab and download the Tunnel virtual appliance.

    You can use VMware Access Point to deploy the Tunnel server.

What to do next

Install the AirWatch Tunnel server. For instructions, see the VMware AirWatch Tunnel Guide on the AirWatch Resources Web site.