AppTec360 Endpoint Manager is a software for the management of mobile devices, MacBooks and Windows PCs. In addition to typical UEM functions such as inventory, software distribution and patch management, it also offers an integrated VPN solution that admins can configure centrally for all end devices.
If employees need to access IT resources in the company network from different locations or while travelling, most organisations secure such connections via a VPN.
In principle, there is no shortage of VPN software; widely used products such as Wireguard or OpenVPN are even free of charge. However, the real challenge lies in rolling out the VPN clients, including certificates, to heterogeneous end devices and configuring them in such a way that the highest level of security is achieved.
Centralised VPN provisioning with AppTec360
AppTec360 Unified Endpoint Management (UEM) takes on precisely this task and accelerates the company-wide deployment of VPNs. The software supports Android, iOS, macOS and Windows. The devices can be configured individually, via their group membership or on the basis of profiles.
Once set up, the VPN starts automatically when certain apps are opened and encrypts data traffic to the company network. In always-on mode, managed devices connect to the company network automatically and exclusively via VPN.
The AppTec360 Universal Gateway provides a VPN service in the DMZ and can be connected to the Active Directory.
It is then not possible for the user to subsequently deactivate the VPN in favour of a WLAN or mobile hotspot connection, for example, not even by restarting.
Universal gateway with VPN service
The setup is simple. The VPN service is part of the Universal Gateway (UG). This component runs as a virtual appliance in the DMZ. It does not matter whether the AppTec360 server is hosted on-prem or used in the cloud. Active Directory and AppTec360 UEM can also be located in different networks.
The AppTec360 Gateway can be used both with a local AppTec360 server and with the cloud version.
It is set up and configured via the AppTec360 web console. Admins add the gateway here and enter the host name, password and SSL certificate. One or more VPN accesses are defined in the menu item Add VPN configuration.
The AppTec360 Universal Gateway includes a VPN server that can be easily integrated into the company network.
For devices managed by the MDM, you then only need to select which of the VPN connections should be used in each case. AppTec360 UEM then automatically distributes the configuration to the devices.
AppTec360 admins define the VPN connection via the web console.
The gateway blacklist prohibits access to certain domains or IP addresses for all devices that are connected via the UG. All you have to do is upload a text file with the addresses.
Administrators can use blacklists to prevent access to websites and IP addresses from a central location.
As an option, AppTec360 admins can store self-signed certificates and identity certificates for logging on to applications and services and distribute them to the relevant end devices.
Zero touch authentication with Kerberos
For mail traffic via the VPN gateway, Kerberos can be activated for user authentication in conjunction with Active Directory. Users then do not have to enter a password to access their mail account.
This increases convenience, especially in environments that require frequent password changes and very long passwords.
The Kerberos option ensures one-touch authentication, for example in conjunction with Microsoft Exchange
Prices and availability
AppTec360 can be used on-prem as a virtual appliance or as a cloud solution in Swiss or German data centres. The SaaS version only requires registration to get started with device management.
The free licence for up to 25 devices is aimed at smaller companies. It contains all functions, has no time limit and can be downloaded from the manufacturer’s website. Support is limited to 30 days in this version.
If you want to manage more than 25 devices, you pay EUR 0.99 per device and month for the on-prem licence. The Universal Gateway costs an additional €0.79 per device and month as a Secure Connection & Identity Package.
Cloud-based device management costs an additional €0.59 per device per month for a minimum term of two years.
Conclusion
AppTec360 UEM is a comprehensive solution for the management of mobile devices, MacBooks and Windows PCs. The integrated VPN component consists of servers and clients that can be managed centrally via the intuitive web console.
The configuration of VPN connections on an individual, group or profile basis enables rapid deployment and customisation to the specific requirements of certain device classes.
The optional blacklist for the VPN gateway and the simple connection to Active Directory, including the Kerberos option, offer additional options for improving security and user convenience.
Source: https://www.windowspro.de/andrej-radonic/apptec360-uem-test-gateway-vpn-clients-ueber-web-konsole-zentral-konfigurieren