Deploying Applications Using Ivanti NMDM Cloud

Before you begin, ensure that the endpoints to which you want to deploy applications are enrolled with Ivanti NMDM.

Deploying Applications Using Ivanti NMDM on Android

To deploy Ivanti managed application:

  1. From the Ivanti NMDM console, select Apps > App Catalog, and then click Add.

  2. From the application store drop-down list, select Google Play.

  3. In the Google Play window, search for Ivanti Secure Access Client app, select the application, and then click Next.

  4. In the Describe window, enter the Category and a Description (optional), and click Next.

  5. In the App Delegation window, select Do not delegate this app and click Next.

  6. Choose a distribution level for this configuration of the app and click Next.

    • Everyone - The app is added to all the user compatible devices.

    • No One - The app is staged for distribution at a later date.

    • Custom - Select one of the options from "User/User Groups" or "Device/Device Groups".

  7. In the App Configurations window, click Done to push the App Catalog to the endpoints.

Configuring Per-App VPN, Always On VPN / On Demand VPN for Android Endpoints Using Ivanti NMDM

Per-app VPN allows Android devices to establish VPN connections only for specific apps. The specific app traffic will go through tunnel, whereas other application’s traffic goes through Physical Adapter.

In an Always On VPN configuration, the tunnel is always on. The device/app traffic that matches specific filters is always routed through the tunnel based on the configuration.

To configure application:

  1. From the Ivanti NMDM console, select Apps > App Catalog.

    The List View page shows a list of Ivanti managed apps.

  2. Edit the application that you want to configure.

  3. On the App Configurations tab, select Managed Configurations for Android and then click Add.

  4. In the Configuration Setup page that is displayed:

    1. Enter a name for the configuration.

    2. Enter Connection Name.

    3. Enter application URL.

    4. From the Authentication Type list, select certalias.

    5. From the AppVPN Action list:

      • select allow. This allows only AppVPN Packages through the tunnel.
      • select deny. This denies AppVPN Packages, but allows other packages through the tunnel.

    6. From the VPN Trigger Type list, choose one of the following:

      • Manual: Connect manually by user.
      • On Demand: Enable connection if needed.
      • Always On: Always establish a connection.
    7. Specify the Realm name and user Role.
    8. Click Save.

Refer the following table for more details.

Configuration Keys Value Type Configuration Values Description
Stealth Mode String   Stealth mode authentication
VPN Trigger Type Choice 0 or 1 or 2 VPN trigger type: Manual=0, On Demand=1, Always On VPN=2
App VPN Packages String com.android.chrome, com.microsoft.skydrive Application VPN packages (value should be comma separated)
AppVPN Action Choice 0 or 1 Application VPN action: allow = 0, deny = 1
Route Type String 0 or 1 Route Type: device VPN = 0 or Per -App VPN = 1

Role

String

 

VPN Role

Realm

String

 

VPN Realm

VPN-Standard

bool

 

Set this profile as default. Existing default profile will be override

Certificate Alias

String

 

Certificate alias in the Android KeyStore

Password2

String

 

VPN Password 2

Username2

String

 

VPN Username 2

Password

String

 

VPN Password

Username

String

 

VPN Username

Authentication Type

choice

Certalias or userpass or dualauth

VPN Authentication Type: certalias: Certificate Authentication,

userpass: Username/Password based Authentication,

dualauth: combination of userpass/certauth

URL

String

 

VPN Connection URL

Connection Name

String

 

VPN Connection name

UDID

String

 

Device UDID to be allowed access and validate pre-auth

Deploying Applications Using Ivanti NMDM on Apple iOS

To deploy Ivanti managed applications:

  1. From the Ivanti NMDM console, select Apps > App Catalog, and then click Add.

  2. From the application store drop-down list, select iOS Store.

  3. In the Apple App Store window, search for Ivanti Secure Access Client app, select the application, and then click Next.

  4. In the App Information page, specify Launch URL, add a brief Description (optional), and then click Next.

  5. In the App Delegation page, select the Do not delegate this app option and click Next.

  6. Choose a distribution level for this configuration of the app and click Next.

    • Every One- The app is added to all the user compatible devices.
    • No One - The app is staged for distribution at a later date.
    • Custom - Select one of the options from "User/User Groups" or "Device/Device Groups".

  7. In the App Configuration page, select Apple Application Management Configuration Settings and click Done.

    8. The app is listed in the Apps/App Catalog.

Configuring Per-app VPN, Always On VPN / On Demand VPN for iOS Endpoints Using Ivanti NMDM

Per-app VPN allows iOS devices to establish VPN connections only for specific apps, while other traffic goes through the normal network.

In an Always On VPN configuration, the connection is always on. The traffic that matches specific filters is always routed through the ICS tunnel.

To configure Per-app VPN and enable VPN On Demand:

  1. From the Ivanti NMDM console, select Configurations and then click Add.

  2. In the Add Configuration page, select the Certificate configuration.

  3. Enter a name for the configuration, and then browse and select the certificate file.

  4. Click Next and Distribute.

  5. In the Add Configuration page, select the Per-App VPN configuration.

  6. In the Per-App VPN Configuration page that is displayed:

    1. Enter the Connection Name that the endpoint displays.
    2. Select Pulse Secure from the Connection Type list.
    3. Enter the Server host name.
    4. Specify the Realm name and user Role.
    5. Select Certificate as User Authentication.
    6. Enable VPN On Demand.

  7. Click Next.

  8. Choose a distribution level for this configuration of the app and click Done.

    • All Devices - The app is added to all the user compatible devices.
    • No Devices - The app is staged for distribution at a later date.
    • Custom - Select one of the options from "User/User Groups" or "Device/Device Groups".

    9. To configure Always On VPN:

    1. From the Ivanti NMDM console, select Configurations and then click Add.

    2. In the Add Configuration page, select the Always On VPN configuration.

    3. In the Create Always On VPN Configuration page, enter the required details and click Next.

    4. Choose a distribution level for this configuration of the app and click Done.

      • All Devices - The app is added to all the user compatible devices.
      • No Devices - The app is staged for distribution at a later date.
      • Custom - Select one of the options from "User/User Groups" or "Device/Device Groups".