Product Documentation

To add an app tunneling device policy for Android

Mar 31, 2015

Application tunnels (app tunnels) are designed to increase service continuity and data transfer reliability for your mobile apps. App tunnels define proxy parameters between the client component of any mobile device app and the app server component. You can also use app tunnels to create remote support tunnels to a device for management support.

Note: Any app traffic sent through a tunnel that you define in this policy goes through XenMobile before being redirected to the server running the app.
  1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.


    Select device policies

  2. Click Add to add a new policy. The Add a New Policy dialog box appears.


    Select tunnel policy

  3. Click More and then, under Network access, click Tunnel. The Tunnel Policy page appears.


    Device tunnel policy information

  4. In the Policy Information pane, enter the following information:
    1. Policy Name: Type a descriptive name for the policy.
    2. Description: Optionally, type a description of the policy.
  5. Click Next. The Android Policy platform page appears.


    Tunnel policy information page

  6. In Use this tunnel for remote support, select whether the tunnel will be used for remote support.
    Note: The configuration steps are different depending on whether you select remote support.
    If you do not select remote support, do the following:
    1. Connection initiated by: Click Device or Server to specify the source initiating the connection.
    2. Maximum connections per device: Type a number to specify how many concurrent TCP connections the app can establish. This field applies only to device-initiated connections.
    3. Define connection time out: Select whether to set a length of time an app can be idle before the tunnel is closed.
    4. Connection time out: If you set Define connection time out to On, type the length of time in seconds that an app can be idle before the tunnel is closed.
    5. Block cellular connections passing by this tunnel: Select whether this tunnel is blocked while roaming.
      Note: WiFi and USB connections will not be blocked.
    6. Client port: Type the client port number. In most cases, this value is the same as for the server port.
    7. IP address or server name: Type the IP address or name of the app server. This field applies only to device-initiated connections.
    8. Server port: Type the server port number.
    If you do select remote support, do the following:
    1. Use this tunnel for remote support: Set to On.
    2. Define connection time out: Select whether to set a length of time an app can be idle before the tunnel is closed.
    3. Connection time out: If you set Define connection time out to On, type the length of time in seconds that an app can be idle before the tunnel is closed.
    4. Use SSL connection: Select whether to use a secure SSL connection for this tunnel.
    5. Block cellular connections passing by this tunnel: Select whether this tunnel is blocked while roaming.
      Note: WiFi and USB connections will not be blocked.
  7. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.


    Deployment rules

    1. In the lists, click options to determine when the policy should be deployed.
      1. You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
      2. Click New Rule to define the conditions.
      3. In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
      4. Click New Rule again if you want to add more conditions. You can add as many conditions as you would like.
    2. Click the Advanced tab to combine the rules with Boolean options.


      Advanced deployment rules with base rules

      The conditions you chose on the Base tab appear.
    3. You can use more advanced Boolean logic to combine, edit, or add rules.
      1. Click AND, OR, or NOT.
      2. In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.

        At any time, you can click to select a condition and then click EDIT to change the condition or Delete to remove the condition.

      3. Click New Rule again if you want to add more conditions.

        In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

        Advanced deployment rules complete

  8. Click Next. The Tunnel Policy assignment page appears.
  9. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.


    Policy assignment page

  10. Expand Deployment Schedule and then configure the following settings:
    1. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
    2. Next to Deployment schedule, click Now or Later. The default option is Now.
    3. If you click Later, click the calendar icon and then select the date and time for deployment.
    4. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
    5. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.
      Note: This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.
    Note: The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.


    Deployment schedule

  11. Click Save to save the policy.