Product Documentation

About This Release

Sep 27, 2015

XenMobile Secure Mobile Gateway 8.5 provides the following capabilities:

  • Filter-based rules to allow or block access. XenMobile Secure mobile Gateway evaluates a particular client request against the organization's rules. The end result is a binary state of allowed, in which the client is permitted to contact the Microsoft Exchange 2010 Client Access Server (CAS), or blocked, in which the client request is dropped and access to the Exchange CAS is not permitted. Paired with settings in the Device Manager console, you can prevent Exchange ActiveSync email access to device users based on compliance criteria, such as when a blacklisted app is installed on the device, if the device is jailbroken, and so on.
  • A two-tiered filter model. The first tier parses the incoming HTTP requests based on path-specific information. The second tier filters based on user or device specific information. You can configure both tiers.
  • Filter rules stored in configuration files. Specific filter rules pertaining to the user accounts and devices in your organization are stored in the gateway's XML configuration files.
  • Encryption of email attachments for clients that use the ActiveSync protocol. Attachment encryption is selective based on the properties of the device and file types of attachments.

Key Features

The key features of Secure Mobile Gateway are:

  • Access Control of HTTP ActiveSync requests. Secure Mobile Gateway can control the HTTP ActiveSync requests that mobile devices make of Exchange servers. You can build filters in Secure Mobile Gateway that enable you to allow or block user devices based on rules and criteria that you specify. When you set the rules in Secure Mobile Gateway, you can turn on and off the rules in XenMobile Device Manager, which then manages the ability for devices to access email within the organization.
  • Attachment encryption. Secure Mobile Gateway supports the encryption of email attachments for user devices that use the ActiveSync protocol. Attachment encryption is selective based on the properties of the device and file types of attachments. You configure Device Manager to control the selection criteria and to dynamically configure Secure Mobile Gateway to perform the encryption.
  • Encryption support. The web service interface between Secure Mobile Gateway and Device Manager supports the delivery of encryption keys and criteria.
  • Remote configuration. Device Manager controls the baseline and delta intervals used by Secure Mobile Gateway.
  • Logging. On the Log tab of the Secure Mobile Gateway configuration utility, you can view when the encryption is enabled for a given user device at the request level, in addition to devices that are allowed or blocked.

Known Issues in This Release

  • SMG-98: SysLog Redirector doesn't send messages to the SysLog server. The SysLog server must be specified as a DNS address. Dotted IP addresses do not work.
  • SWB-63: If you uninstall the Secure Mobile Gateway 8.0.1 or 7.x versions by using the uninstall application, you will see a message prompting you to stop the SysLog service (which does not exist). Click Retry or Ignore and then proceed with the uninstallation.
  • SMG-99: Some Android devices are blocked after a remote wipe. Certain Android devices temporarily send a device ID of "validate" when reestablishing connectivity with ActiveSync after they have been wiped. If you configure Secure Mobile Gateway in Block Mode, you must add the device ID to the Static Allow list to enable the devices to be able to reconnect. By default, this device ID is included in the Static Allow list.