Many enterprises (e.g., corporations, partnerships, governments, academic institutions, other organizations, etc.) maintain enterprise computer networks that allow enterprise users, such as employees, to access enterprise resources, such as hardware and software applications for email, customer relationship management (CRM), document management, enterprise resource planning (ERP), and the like, as well as other data controlled by the enterprise. Enterprises often allow remote access, such as when enterprise users are not in an enterprise network. Also, many enterprises allow users to access enterprise resources via mobile devices, such as smartphones, tablet computers, PDAs (personal digital assistant), and the like. Enterprises typically deploy enterprise mobility management (EMM) solutions to assist in the management and control of remote access to enterprise resources via mobile devices.
EMM solutions have traditionally taken the approach of managing entire mobile devices through what are known as mobile device management (MDM) approaches. In such cases, enterprises typically issue mobile devices to employees, which are often intended exclusively for business use, and the enterprise maintains control over the mobile devices and all of their applications and data. A recent trend is to allow employees to use their own mobile device(s) for work purposes—a scenario known as BYOD—bring your own device. It is desirable in this scenario too for the enterprise to maintain control over enterprise applications and enterprise data, which may be accessed by, may be run on, or may be stored on an employee's mobile device.
In many enterprises, these personal mobile devices are often allowed to remotely access enterprise resources via a VPN (Virtual Private Network). VPN refers to a technology which implements a private network over a public network infrastructure such as the Internet. Typically, data is encrypted and encapsulated in a process known as VPN tunneling. Many smart phones are equipped with traditional VPN software to enable a VPN tunnel to be created between the smart phone and a corporate intranet. Once the VPN tunnel is created, it is provided on a device level, such that all applications running on the smart phone (e.g. email programs, browsers, etc.) are tunneled through the VPN and are able to access enterprise resources on the corporate intranet.
Enterprise mobile applications may be supported via local application delivery or hosted application delivery. Because the choice of mobile device may be with the enterprise user, and mobile devices vary in their operating systems and versions of those operating systems, an appropriate EMM solution should include support for a variety of applications and a variety of mobile device platforms, while providing appropriate levels of security for enterprise resources and data.