After configuring and installing VMware Tunnel with the Per-App Tunnel component, the workflow to enable and use per app tunneling in Workspace ONE UEM includes:


  1. Create a VPN profile for your end-user devices.
    These profiles depend on your device platform.

    If your platform uses user profiles and device profiles, such as Windows Desktop and Android, you must create user profiles.

  2. After creating a VPN profile, push the profiles and the apps to the devices.
    1. For iOS and Android platforms, enable the Use VPN check box on the Deployment tab of the Add Application page to use app tunneling.
    2. Because Windows Desktop devices use the native Per-App VPN functionality, add the apps to the VPN profile to enable Per-App Tunnel functionality.


An on-demand feature lets you configure apps to connect automatically using VMware Tunnel when launched. The connection remains active until a time-out period of receiving no traffic, then it is disconnected. When using VMware Tunnel, no IP address is assigned to the device, so you do not need to configure the network or assign a subnet to connected devices.

In addition, iOS apps can use the iOS DNS Service to send DNS queries through the VMware Tunnel server to the DNS server on a corporate network. This service allows applications such as Web browsers to use your corporate DNS server to look up the IP address of your internal Web servers.