Mobile Device Manager Device Access Connection Method

2/9/2009

Many Windows Mobile devices support two methods of connecting to a network:

• The cellular data network of the mobile operator that connects to the Internet.
• An 802.1X-based Wi-Fi connection. The Wi-Fi service could connect the device to several different types of networks.

These connection types affect how to manage the devices and how they interact with your company infrastructure.

The Mobile virtual private network (VPN) for the managed Windows Mobile device uses the best Internet connection available when it connects to Mobile Device Manager Gateway Server. If a better connection becomes available, the device does not switch to the new connection automatically. As an example, a device connected through Mobile VPN over a cellular connection to MDM Gateway Server continues to use the cellular connection even if a Wi-Fi connection becomes available. However, if the cellular connection does not become available, the Mobile VPN transitions seamlessly to the best communication channel that is available.

The following illustration shows how the device can use the two connection types to access MDM Gateway Server in your organization.

The following list identifies the main access connection routes for a device:

• Cellular data connection: This is the standard cellular mobile data service, such as General Packet Radio Service (GPRS) or Code Division Multiple Access (CDMA). Devices make these connections by using the data network of the cellular provider, and then connect to the Internet through the Mobile Operator IP network. From this point, the devices connect to the external MDM Gateway Server, where they authenticate and connect to internal resources. The mobile operator may provide direct, private access from the cellular mobile data service to an entry point in your company network. In this case, devices can connect over the cellular network and access the external MDM Gateway Server, where they authenticate and then connect to internal resources.
• Wi-Fi hotspot connection: These connections provide a route to the Internet through Wi-Fi connections that are owned and managed by third-party providers. Wi-Fi hotspots are in many public places around the world, such as airports and coffee shops. With these connections, your devices connect to the network owned by the third party (usually protected by an IEEE 802.1X password or certificate) and are routed to the Internet. From there, the device connects to the external MDM Gateway Server for authentication and connection to internal resources.
• Wi-Fi direct connection: MDM can manage devices that can connect directly to the Wi-Fi access points of your organization by using an 802.1x connection if the devices can access MDM. The transition to the Wi-Fi direct connection will not be seamless for devices that use MDM Gateway Server to connect to MDM over the Internet. To connect to the company network by using the Wi-Fi direct connection option, the user must manually disable the device Mobile VPN. We do not recommend this option when you have MDM installed and configured for your organization because the user must manually enable and disable the Mobile VPN on the device to transition to or from the Wi-Fi direct connection.
• Wi-Fi gateway connection: In this configuration, the organization has configured an internal MDM Gateway Server to manage the Windows Mobile devices as they connect to the Wi-Fi network of your organization. Although this approach may seem unusual, especially if you already enable devices to make direct Wi-Fi connections, it enables organizations to take advantage of MDM management and security-related features that are not available to directly connected devices.

For both internal and external gateway connections, we recommend that the network administrators for your company configure a firewall between MDM Gateway Server and your company internal resources. This configuration gives you a finer level of control over how you manage network traffic between the internal resources and the Windows Mobile devices.