Features & Benefits

Protect Networks and Data with Standards-Based Security

Mobility XE secures network access and all data transmissions using strong, standards-based authentication and encryption, makes tight security easy to manage and maintain. Single sign-on and InterNetwork Roaming capabilities make security transparent to the end user; workers only need to log in once, for the duration of their session. There are no additional steps or passwords to remember, no matter how many different networks they use. The VPN tunnel encrypts all data transmitted to guard against eavesdropping.

User-Transparent Security

Single sign-on and inter-network roaming  capabilities make security transparent to the end user; workers only need to log in once, for the duration of their session. There are no additional steps or passwords to remember, no matter how many different networks they use. For additional security against unauthorized use of devices that have been misplaced or stolen, Mobility XE can enforce periodic user reauthentication, validating the identity of the person using the device.

Two-factor Authentication

Two-factor authentication is federally mandated for many law enforcement agencies, and is a wise precaution for commercial enterprises as well. It requires a second factor — something the user has — in addition to a password to successfully authenticate the user. Mobility XE two-factor authentication methods allow organizations to meet the standards at minimal cost. In addition to native RSA Secured certified support for RSA SecurID, Mobility XE also supports smart cards or X.509v3 user certificates. By leveraging RADIUS-EAP and standard PKI infrastructure available from many vendors and built into Microsoft server operating systems, Mobility XE provides options for strong, two-factor user authentication with little or no incremental cost. Mobility XE also supports NTLM and RADIUS authentication.

Device Authentication

Authentication of the device using X.509v3 certificates confirms that the device is an authorized corporate asset. This protects corporate resources from being accessed by legitimate users logging in from an untrusted, unsecure device. It also adds an extra authentication factor that can be bound loosely or tightly to the user; an individual may only be allowed to use a subset of devices, or a specific, personally assigned device. The ability to authenticate the device without an active user session is also a key management feature, supporting over-the-air device management using third-party policy, asset-management and control tools.

The Industry's Highest-Standard Encryption

FIPS 140-2 validated AES encryption modules are the United States government's standard for securing non-classified information. Mobility XE provides encrypts all data transmitted between the Mobility client and server with FIPS 140-2 validated AES encryption, in 128-bit, 192-bit or 256-bit strengths. Mobility XE provides the security advantages of an IPSec VPN without its configuration, client provisioning and management burdens.

Network Access Control

Allowing a device with an out-of-date security posture to connect to internal resources is a security risk. Mobile Network Access Control verifies that every connecting device is up-to-date with software and patches and that security measures are enabled, while keeping mobile workers productive.

Device Quarantine for Additional Network Protection

Because mobile device loss or theft can compromise information on enterprise networks, Mobility XE lets network administrators  quickly and easily quarantine lost or stolen devices. Quarantined devices are unable to authenticate to the network and administrators can easily restore network access when the device is recovered.

Ensure Critical Applications are Always Available

No other VPN can match Mobility XE Application Session Persistence — its ability to sustain application sessions even through suspend-and-resume cycles and loss of connectivity. Other VPN's in these situations lose application sessions—causing data loss and corruption, and forcing users to re-login and restart applications.

When a Mobility XE user encounters a coverage gap, open application sessions are maintained until the user's network connection is re-established. If a user loses connectivity while an application is transmitting data, Mobility XE suspends the transmission—for days if necessary. As soon as connectivity is re-established, Mobility XE resumes transmitting the data at the exact point the application was interrupted.

Optimize Performance Over Wireless Networks

Mobility XE wireless WAN optimization automatically reduces network consumption and improves throughput and application responsiveness, particularly over bandwidth-constrained or wireless networks.

Other VPNs typically degrade performance, especially over wireless networks, often by as much as 50%. Mobility XE uses link optimizations to reduce the number of retransmitted packets, excess control information and other network "chatter," and dramatically improves throughput by compressing data and images. Best-Bandwidth Routing technology ensures the fastest and most efficient available network connection is used.

For example, Mobility XE automatically roams to a WLAN connection the moment it becomes available—resulting in greater productivity, improved efficiency and reduced WAN expenses. 

Roam Seamlessly Across Networks

Today's mobile workers use a variety of public and private networks such as conventional wired LANs, corporate Wi-Fi networks, third-party hotspots and Wireless WANs available through cellular carriers. Mobility XE nterNetwork Roaming capability lets mobile workers change networks seamlessly, transparently and securely without thinking about their network connections or needing to re-authenticate.

Mobility XE  inter-network roaming is tightly integrated with network applications and single sign-on authentication so that users have application session persistence and do not have to re-login when they traverse networks, go in and out of network range, or suspend and resume their devices.

The Mobility XE server accomplishes this by establishing a virtual IP address for each VPN session. As users roam, enterprise application servers always see the same, unchanging virtual IP address rather than network-specific IP addresses. With Mobility XE, there is no need to re-segment networks, implement VLANs or deploy additional hardware to enable mobile workers to traverse networks seamlessly. They can focus on their work—not configuring, enabling and disabling adapters.

Mobile Network Access Control Module

IT administrators who support highly mobile field forces need security solutions that protect their networks without impacting the productivity of the mobile professionals they serve. Mobility XE Mobile Network Access Control (NAC) Module allows devices to connect to the enterprise network only after meeting specified security policies, but gives administrators greater control and flexibility over how and when to administer remediation policies.

 Mobile NAC typically deploys in minutes without any need to reconfigure network infrastructure. A NAC wizard makes it easy to configure and enforce access security policies. Administrators can check compliance for required software including:

• Antivirus
• Antispyware
• Firewall
• Operating system version
• Windows™ Update status
• Registry keys
• and other applications.

 Unlike automatic security policies that force users to perform time-consuming, non-critical software updates before allowing access, Mobile NAC integrates with Mobility XE's Policy Management Module, giving administrators flexibility and control over the response to a device that does not meet security guidelines. Based on severity and even the speed of their connection, administrators may choose from simple warnings, to triggering customizable remediation policies that can limit application access, launch websites, or even initiate software downloads, to disconnecting or quarantining the device. When rules are updated, they are automatically pushed down to client devices, and devices are automatically rescanned at regular intervals to ensure ongoing compliance.

Centrally Manage Thousands of Connections

No other VPN provides the spectrum of flexibility, visibility and control afforded by Mobility XE.

Management Console

This robust administrative console allows all aspects of the system to be observed and managed in one centralized location. The web-based interface gives administrators a complete system-wide view, from overall metrics down to device connections, worker behavior and application use. Detailed activity logs preserve a historical view of user activity. From the management console, administrators can quarantine devices that are misused, lost or stolen, as well as view device connectivity status, number of quarantined devices and even battery life. Administrators can search for information on a specific user or device, such as open applications, device operating system and interface or port in use.

Integration with Systems Management Tools

Unattended device access extends the reach of device- and patch-management tools to mobile platforms with true “over the air” management access. By using certificates to authenticate the device at boot time, Mobility XE provides a secure wireless connection that’s just as full-featured as an internal wired network. It supports device-management technologies such as Active Directory Domain scripting and software update policies, as well as other popular device-management suites. Users stay in the field and remote devices stay up to date – all without new investments in wireless-specific management tools.

Analytics Module

The Analytics Module proactively alerts administrators of pending problems by sending notifications, for more hands-off management.

Proactively Manage the Mobile Deployment

The unique Mobility XE Analytics Module delivers visibility into resource use and performance that is simply unavailable in other VPNs.

Visibility Into User, Device and Network Behavior

The Analytics Module delivers more than 20 reports with statistics on performance and usage, furnishing insight and intelligence on the networks and applications used by mobile workers. Know how devices and bandwidth are being used, which applications are being run, and where and when mobile workers might be encountering coverage problems. Use this insight to fine-tune policies, make the help desk more efficient, and track compliance with carrier agreements.

Notifications for Hands-off Management

Automated notifications issue alerts of problems with devices or with the mobile deployment — often before those problems can impact productivity or performance. This allows "management by exception". Managers can spend less time finding problems, focus instead on fixing them, and free their time for other tasks.

Ideal Complement for Mobility XE Policy Management

The Analytics module works hand-in-hand with the NetMotion Mobility XE Policy Management Module. Administrators can use the insight from the Analytics Module to find problems with device, application and network use that impact productivity, push out corrective policies through the Policy Management Module, then use the Analytics Module to verify that results are as intended. This provides a way to continuously improve the performance, cost-efficiency and productivity delivered by the mobile deployment. Learn more about the Policy Management Module.

Easy to Deploy, Software-only Mobile VPN

Award-winning Mobility XE is a software-only solution that helps minimize costs and complexity. It is simple to deploy, highly scalable and easy to maintain. And, its use is transparent to end users—no user configuration or training required. The Mobility XE architecture is comprised of server and client software. The Mobility XE server software can be installed on a server behind the firewall or in the DMZ. Lightweight Mobility XE client software is installed on each mobile device (client)—any combination of laptops and handheld devices including tablets, pocket PCs and smartphones.

Protect Networks and Data with Standards-Based Security

Mobility XE secures network access and all data transmissions using strong, standards-based authentication and encryption, makes tight security easy to manage and maintain. Single sign-on and inter-networking roaming  capabilities make security transparent to the end user; workers only need to log in once, for the duration of their session. There are no additional steps or passwords to remember, no matter how many different networks they use. The VPN tunnel encrypts all data transmitted to guard against eavesdropping.

User-Transparent Security

Single sign-on and  inter-network roaming capabilities make security transparent to the end user; workers only need to log in once, for the duration of their session. There are no additional steps or passwords to remember, no matter how many different networks they use. For additional security against unauthorized use of devices that have been misplaced or stolen, Mobility XE can enforce periodic user reauthentication, validating the identity of the person using the device.

Two-factor Authentication

Two-factor authentication is federally mandated for many law enforcement agencies, and is a wise precaution for commercial enterprises as well. It requires a second factor — something the user has — in addition to a password to successfully authenticate the user. Mobility XE two-factor authentication methods allow organizations to meet the standards at minimal cost. In addition to native RSA Secured certified support for RSA SecurID, Mobility XE also supports smart cards or X.509v3 user certificates. By leveraging RADIUS-EAP and standard PKI infrastructure available from many vendors and built into Microsoft server operating systems, Mobility XE provides options for strong, two-factor user authentication with little or no incremental cost. Mobility XE also supports NTLM and RADIUS authentication.

Device Authentication

Authentication of the device using X.509v3 certificates confirms that the device is an authorized corporate asset. This protects corporate resources from being accessed by legitimate users logging in from an untrusted, unsecure device. It also adds an extra authentication factor that can be bound loosely or tightly to the user; an individual may only be allowed to use a subset of devices, or a specific, personally assigned device. The ability to authenticate the device without an active user session is also a key management feature, supporting over-the-air device management using third-party policy, asset-management and control tools.

The Industry's Highest-Standard Encryption

FIPS 140-2 validated AES encryption modules are the United States government's standard for securing non-classified information. Mobility XE provides encrypts all data transmitted between the Mobility client and server with FIPS 140-2 validated AES encryption, in 128-bit, 192-bit or 256-bit strengths. Mobility XE provides the security advantages of an IPSec VPN without its configuration, client provisioning and management burdens.

Network Access Control

Allowing a device with an out-of-date security posture to connect to internal resources is a security risk. Mobile Network Access Control verifies that every connecting device is up-to-date with software and patches and that security measures are enabled, while keeping mobile workers productive.

Device Quarantine for Additional Network Protection

Because mobile device loss or theft can compromise information on enterprise networks, Mobility XE lets network administrators quickly and easily quarantine lost or stolen devices. Quarantined devices are unable to authenticate to the network and administrators can easily restore network access when the device is recovered.

Mobile Network Access Control Module

IT administrators who support highly mobile field forces need security solutions that protect their networks without impacting the productivity of the mobile professionals they serve. Mobility XE Mobile Network Access Control (NAC) Module allows devices to connect to the enterprise network only after meeting specified security policies, but gives administrators greater control and flexibility over how and when to administer remediation policies.

Mobility NAC module typically deploys in minutes without any need to reconfigure network infrastructure. A NAC wizard makes it easy to configure and enforce access security policies. Administrators can check compliance for required software including:

• Antivirus
• Antispyware
• Firewall
• Operating system version
• Windows™ Update status
• Registry keys
• and other applications.

 Unlike automatic security policies that force users to perform time-consuming, non-critical software updates before allowing access, Mobile NAC integrates with Mobility XE's Policy Management Module, giving administrators flexibility and control over the response to a device that does not meet security guidelines. Based on severity and even the speed of their connection, administrators may choose from simple warnings, to triggering customizable remediation policies that can limit application access, launch websites, or even initiate software downloads, to disconnecting or quarantining the device. When rules are updated, they are automatically pushed down to client devices, and devices are automatically rescanned at regular intervals to ensure ongoing compliance.

Roam Seamlessly Across Networks

Today's mobile workers use a variety of public and private networks such as conventional wired LANs, corporate Wi-Fi networks, third-party hotspots and Wireless WANs available through cellular carriers.  Mobility XE inter-network roaming capability lets mobile workers change networks seamlessly, transparently and securely without thinking about their network connections or needing to re-authenticate.

Mobility XE inter-network roaming is tightly integrated with network applications and single sign-on authentication so that users have  application session persistence and do not have to re-login when they traverse networks, go in and out of network range, or suspend and resume their devices.

 The Mobility XE server accomplishes this by establishing a virtual IP address for each VPN session. As users roam, enterprise application servers always see the same, unchanging virtual IP address rather than network-specific IP addresses. With Mobility XE, there is no need to re-segment networks, implement VLANs or deploy additional hardware to enable mobile workers to traverse networks seamlessly. They can focus on their work—not configuring, enabling and disabling adapters.

Ensure Critical Applications are Always Available

No other VPN can match Mobility XE application session persistence — its ability to sustain application sessions even through suspend-and-resume cycles and loss of connectivity. Other VPNs in these situations lose application sessions—causing data loss and corruption, and forcing users to re-login and restart applications.

When a Mobility XE user encounters a coverage gap, open application sessions are maintained until the user's  network connection is re-established. If a user loses connectivity while an application is transmitting data, Mobility XE suspends the transmission—for days if necessary. As soon as connectivity is re-established, Mobility XE resumes transmitting the data at the exact point the application was interrupted.

Optimize Performance Over Wireless Networks

Mobility XE wireless WAN optimization automatically reduces network consumption and improves throughput and application responsiveness, particularly over bandwidth-constrained or wireless networks.

Other VPNs typically degrade performance, especially over wireless networks, often by as much as 50%. Mobility XE uses link optimizations to reduce the number of retransmitted packets, excess control information and other network "chatter," and dramatically improves throughput by compressing data and images. Best-Bandwidth Routing technology ensures the fastest and most efficient available network connection is used.

For example, Mobility XE automatically roams to a WLAN connection the moment it becomes available—resulting in greater productivity, improved efficiency and reduced WAN expenses.

Proactively Manage the Mobile Deployment

The unique Mobility XE Analytics Module delivers visibility into resource use and performance that is simply unavailable in other VPNs.

Visibility Into User, Device and Network Behavior

The Analytics Module delivers more than 20 reports with statistics on performance and usage, furnishing insight and intelligence on the networks and applications used by mobile workers. Know how devices and bandwidth are being used, which applications are being run, and where and when mobile workers might be encountering coverage problems. Use this insight to fine-tune policies, make the help desk more efficient, and track compliance with carrier agreements.

Notifications for Hands-off Management

Automated notifications issue alerts of problems with devices or with the mobile deployment — often before those problems can impact productivity or performance. This allows "management by exception". Managers can spend less time finding problems, focus instead on fixing them, and free their time for other tasks.

Ideal Complement for Mobility XE Policy Management

The Analytics module works hand-in-hand with the NetMotion Mobility XE Policy Management Module. Administrators can use the insight from the Analytics Module to find problems with device, application and network use that impact productivity, push out corrective policies through the Policy Management Module, then use the Analytics Module to verify that results are as intended. This provides a way to continuously improve the performance, cost-efficiency and productivity delivered by the mobile deployment. Learn more about the Policy Management Module.

Manage Multiple Networks, Device Types & User Groups with Mobility XE Policy Management

Mobile computing, particularly over wireless and public networks, presents new management and security challenges. Often, there are multiple networks, many types of devices and different groups of mobile workers with varying roles and application requirements.

For a mobile VPN deployment, the optional Mobility XE Policy Management Module gives administrators unprecedented flexibility and control over mobile productivity and security. With Policy Management, administrators can create custom policies to manage access to network resources. Conditions and actions can be combined to help control WWAN costs, bandwidth usage and user experience according to your organization’s security policies. Basic block, allow, disconnect or pass-through actions can be assigned to parameters such as network interface speed, network name, IP address, date and time, OS version, and application name.

 Policies are centrally maintained in the Mobility XE server and automatically pushed out to mobile devices in the field. Policy enforcement is transparent to the user and can be modified for an individual, work group or entire organization.

Practical Policy Management Scenarios Include:

• Disable image compression for critical applications
• Limit access to network resources based on the time of day or network in use
• Automatically synchronize data when a high-bandwidth connection becomes available
• Block bandwidth-intensive applications such as Web surfing or antivirus updates over low-bandwidth networks
• Prevent unauthorized applications from consuming network resources
• Automate hotspot authentication

Manage VPN Traffic with Quality of Service (QoS)

Mobility XE Policy Management integrates best-in-class Quality of Service (QoS) for even greater control over the speed and quality of mission critical transmissions. Administrators can allocate more or less of the available bandwidth to specific applications. Traffic shaping can significantly improve performance on low-bandwidth networks, like wireless WANs, and is especially important when bandwidth-intensive applications are being used. Without QoS, all VPN traffic is treated equally and the most sensitive applications are vulnerable to delay.

Ideal complement to the Mobility XE Analytics Module

The Policy Management Module is ideal for taking action, based on the intelligence gathered through the Mobility XE Analytics Module. Use the insight from the Analytics Module to find problems that impact productivity, push out corrective policies through the Policy Management Module, then use the Analytics Module to verify the impact of those policies.