There is a staggering growth of endpoint mobile devices in enterprises. With this influx, Information Technology (IT) administrators can no longer ignore these mobile devices as simply outside their scope of responsibility. Correspondingly, there has been an unprecedented growth in the cloud services that are made available by an enterprise to its employees. Traditionally, enterprises have deployed one secure application for each service for each platform but this has eventually failed to scale with the growth of mobility in IT. There are myriad numbers of cloud-based services that are being accessed from unmanaged endpoint mobile devices across diverse operating systems, uncontrolled network topologies and vaguely understood mobile geographies. Typically, enterprises have deployed applications for a specific service, applications to access corporate resources that themselves vary for different network conditions, and applications to secure the endpoints itself.
Conventionally, for each application, the enterprise user has to perform numerous steps. For example, the end user has to contact an enterprise administrator (i.e., in person or web portal) to configure the mobile device to use the end-point application for a corresponding service. The end user has to enroll in each application to access a service, and the enterprise administrator has to undertake to the complex tasks of tracking, deploying and managing individual apps on each endpoint mobile device. Accordingly, it would be advantageous to eliminate the multiple applications for various enterprise functions, to enable a user to connect to multiple cloud services.
Normally, in order to securely access multiple network resources concurrently, the end user has to connect to multiple applications, such as a corporate VPN for accessing enterprise's internal resources (intranet) and a private VPN or a network filtering application for accessing internet resources. This is not only perplexing for the end user but also creates several compatibility issues between different applications which compete for network access at different layers of networking. For instance, the service of a Virtual Private Network (VPN) application to securely connect to an enterprise network is affected by a web security firewall application running on the device which monitors and forbids any network interface changes. The situation is further exacerbated by the fact that the user needs to reconfigure each application depending upon the changes in network conditions such as moving from one subnet to another and that there is no indication to the user to perform such a change. All such service transitions must then be performed manually by the user with every network change. This is analogous to the situation where a user must statically configure Internet Protocol (IP) address configuration on a network interface for every network change. This problem was overcome by Dynamic Host Configuration Protocol (DHCP) that discovers configuration for the interface such as IP Address, Subnet Mask, Default Gateways and Domain Name System (DNS) servers. With the advent of mobility and explosion in the number of cloud services and mobile applications, there is a similar need for unified service discovery and secure availability.