Today MobileIron announced a round of new features targeting the enterprise, including Splunk integration, new options for per-app VPN in iOS 7, and remote screen sharing for iOS. Their messaging around the announcement is that as mobile device deployments grow to enterprise scale, customers will need more advanced tools to deal with them. Here's a quick rundown.
Splunk is a platform for monitoring and analyzing all types of machine data, and I’ve never met anyone who doesn’t think it’s awesome. (Gabe took a deeper look at it a little while ago, so check out this video for more.)
MobileIron will now the ability to dump all of its data directly into Splunk. That’s a lot of data—think of all the different metrics that MDM can get out devices, plus all the data from managed apps and everything else MobileIron can touch. To help make sense of it all, there’s corresponding MobileIron Splunk App. Splunk Apps are essentially widgets that can help you sort through and interpret the raw data and create graphs, reports, alerts, and dashboards.
With iOS MDM, you’ve always been able to use profiles to configure VPN connections (SSL connections like MobileIron Tunnel also require an agent app). iOS 7 introduced an option to restrict VPN connections to just apps that are managed with MDM, and in Safari the VPN can be restricted to only the domains specified administrators. This keeps traffic from personal mobile apps off of corporate networks.
MobileIron previously supported iOS 7 per-app VPNs using other major VPN vendors, but now MobileIron Sentry can be used as the connection point, too. Tunnel/Sentry uses certificates for authentication, and since it’s managed by the same EMM server used to manage everything else, you can build all sorts of conditional access policies.
Another part of this announcement was that Sentry can be used to proxy traffic to a Kerberos Key Distribution Center (KDC). Kerberos-based SSO was one of the new iOS 7 features, but since nobody would want their KDC exposed to the internet, using it required being on a corporate network or using a VPN. Now Sentry gives a new option for getting a Kerberos ticket from outside the network.
Remote screen sharing
The last part of the today’s announcement is MobileIron’s remote screen sharing app, called Help@Work. Help at work is only available as an enterprise-deployed iOS app, and it’s being positioned for help desk usage. Help@Work leverages Apple’s AirPlay Mirroring as well as the AirPlay Mirroring MDM command that was introduced with iOS 7. Normally for AirPlay Mirroring both devices have to be on the same local network, but MobileIron has figured out a way to get this to work over a WAN, including 3G and 4G connections.