Configuring an AppTunnel service

An AppTunnel service defines the backend service to which an AppConnect AppTunnel is created.

You create the AppTunnel service on the MobileIron Core Admin Portal in Services > Sentry. Edit the Standalone Sentry entry that is configured for AppTunnel to add the AppTunnel service.

See "Standalone Sentry for AppTunnel" in the Sentry Guide for Core for information about configuring AppTunnel and an AppTunnel service. Standalone Sentry product documentation is available on the Sentry Landing Page.

About the AppTunnel service name

When you configure an AppTunnel service, you give the service a service name. The service name is used in the AppConnect app configuration. The app configuration uses the service name to restrict the app to accessing servers in the Server List field associated with the service name. The service name is similarly used in:

  • the Web@Work setting for configuring tunneling for Web@Work for Android or iOS
  • the Docs@Work setting for configuring tunneling for Docs@Work

The service name is one of the following:

  • A unique name for the service that the AppConnect app on the device accesses

    One or more of your internal app servers provide the service. You list the servers in the Server List field associated with the service name.

    For example, some possible service names are:

    • SharePoint
    • Human Resources

    A service name cannot contain these characters: 'space' \ ; * ? < > " |.

    Special prefixes:

    • For app tunnels that point to CIFS-based content servers, the service name must begin with CIFS_.
    • For AppTunnel with TCP tunneling, the name must begin with TCP (case-insensitive).

    Example: TCP_Finance

  • <ANY>

    Select <ANY> for the service name to allow tunneling to any URL that the app requests. Typically, you select <ANY> if an AppConnect app’s app configuration specifies a URL with wildcards for tunneling, such as *.myCompany.com. The Sentry tunnels the data for any URL request that the app makes that matches the URL with wildcards.

    The Sentry tunnels the data to the app server that has the URL that the app specified. The Server List field is therefore not applicable when the Service Name is <ANY>.

    For example, consider when the app requests URL myAppServer.mycompany.com, which matches *.mycompany.com in the app configuration. The Sentry tunnels the data to myAppServer.myCompany.com

    Web@Work typically uses the <ANY> service, so that it can browse to any of your internal servers.

    Do not select this option for tunneling to CIFS-based content servers. Select <CIFS_ANY> instead.

  • <TCP_ANY>

    Select <TCP_ANY> for the service name to allow AppTunnel with TCP tunneling to any backend server that the app requests.

  • <CIFS_ANY>

    Select <CIFS_ANY> or the service name to allow tunneling to any URL for a CIFS-based content server. Typically, you select <CIFS_ANY> if the URL for a CIFS-based content server contains wildcards for tunneling, such as *.myCompany.com.