Workspace ONE UEM supports various app tunneling solutions to authenticate and securely communicate apps with internal back-end resources. By enabling an app tunnel for a specific set of business applications, you can secure you network from unauthorized or malicious applications.

Table 1. Supported App Tunnel Solutions
App Tunnel Options Description
VMware Tunnel This option uses the Per-App Tunnel component of the VMware Tunnelgateway and is the suggested architecture for best features, performance, and support.

The gateway service is available on the Unified Access Gateway, and also has an installer for Linux. It also requires applications that use the SDK to consume the supported SDK version.

VMware Tunnel - Proxy

This option uses the Proxy component of the VMware Tunnel. gateway

The gateway service is available on the Unified Access Gateway, and also has an installer for Linux and Windows. It also requires applications that use the SDK to consume the supported SDK version.

Standard Proxy Enables devices to rely on an existing HTTP or SSL Proxy to determine which content Workspace ONE Web or other browser accesses.

Conventional Technology Vulnerabilities

From a security standpoint, app tunneling solutions are more secure than conventional technologies such as full-device VPNs. Conventional technologies allow devices to gain full access to enterprise resources regardless of whether resources are accessed within a business, personal, or malicious application. Full device connectivity through VPN or Wi-Fi carries the risk of data loss, because sensitive data is collected in personal applications and potentially distributed. Also, these conventional technologies put IT at the mercy of end users who might unknowingly have malicious applications on their devices.

VMware Tunnel

VMware Tunnel provides app tunneling functionality to connect mobile devices to enterprise systems in your network. VMware Tunnel provides encryption and authentication to compliant devices, and can be enabled for SDK-built applications as well as generically on managed devices utilizing MDM and the VMware Tunnel mobile apps.

Two Gateway Services

VMware Tunnel offers two gateway services, the Per-App Tunnel service and the Proxy service. These gateways correspond to two different settings for the SDK, the Tunnel and Tunnel - Proxy.

VMware Tunnel enables app-tunneling to both SDK-built applications and applications managed on MDM enrolled devices across major platforms. Tunnel provides better speed and performance over Proxy, more secure authentication and encryption utilizing certificates and TLS 1.2, and tighter network access control with domain filtering.

VMware Tunnel - Proxy has long been offered by the SDK and enables app-tunneling specifically for SDK-built applications to the Proxy gateway service.