This document introduces a technical architecture that enables applications installed on mobile phones and similar devices to access security-sensitive applications deployed inside a private corporate network perimeter. The mobile devices may be personal (i.e., "BYOD") or corporate owned/managed, but it is assumed that they are neither wirelessly attached to the corporate network nor necessarily able to establish a virtual private network (VPN) link.
The "Bring your own device" trend
Personally owned phones and tablets that their owners wish to use for work are often referred to as "bring your own device" or BYOD for short.
Users increasingly wish to access corporate applications, data and services from their mobile phones and tablets. These devices most commonly run either the Apple iOS or Google Android platform.
BYOD devices are typically connected to the public Internet (e.g., via home WiFi or mobile provider data plan) rather than to the corporate network. This means that, without special steps being taken to provide connectivity, these devices have no way to access applications installed on a private corporate network.
A core problem in enabling BYOD devices to access private, corporate systems and applications is how to provide secure connectivity.