Rollout: NetMotion Mobility XE 7.2

Mobility XE 7.2 offers good value to specific verticals, providing excellent user experience by preventing application disconnections. Just don't expect it to replace standard remote access.

May 23, 2007

5 Min Read
Network Computing logo

Enterprise users are on the move. Whether they're roaming office corridors or accessing apps from a coffee shop three states away, they connect over a variety of networks, including corporate WLANs, Wi-Fi hotspots and 3G cellular services. But mobility has a price: Move out of coverage range and the application fails, forcing users to reconnect to the network, restart the application and re-enter any lost data.

NetMotion Wireless' Mobility XE can keep that from happening. It's a mobile VPN that maintains app sessions as users move into a wireless coverage gap, or from WLANs to cellular data connections. Mobile VPNs are engineered from the ground up to smooth out coverage gaps and include optimizations such as compression and low protocol overhead tailored for bandwidth-limited wireless connections.

Competitors such as Columbitech, Ecutel and IBM offer similar products and support a broader range of server OSs and mobile platforms. But NetMotion is still the one to beat, thanks to its policy-management functions and QoS capabilities. However, the real competition for NetMotion is the business case. If session persistence isn't essential, and the application is secured through built-in encryption or a standard IPsec or SSL VPN, Mobility XE and other mobile VPNs are strictly optional.

The Power Of PersistenceMobility XE acts as a transport-level proxy between applications running on an internal server and any client applications running on a mobile client. In addition, all communications are secured using FIPS 140-2-validated AES (Advanced Encryption Standard).

When a mobile device becomes unreachable, the Mobility XE server at the back end maintains all application sessions with remote servers by tricking the server into thinking the client is still accessible. On the client side, network applications are kept alive in a similar manner. Once network connectivity is restored, Mobility XE will re-establish the VPN session automatically and signal client-server applications to resume data transmission. Device connectivity outages thus manifest themselves as a pause in the data flow rather than a complete client-server disconnection.

The server portion of Mobility XE runs on Windows Server 2000/2003 and is comprised of two parts. The first, Mobility's LDAP-based "warehouse," stores all client configuration information and can be housed on a single server or replicated among multiple servers. The second half terminates client connections and can be pooled and load balanced on up to 10 servers.

Seamless RoamingClick to enlarge in another window

Mobility XE can authenticate the client's user name and password using Active Directory, a RADIUS server or RSA SecurID. An intelligently designed Web interface lets you manage server and client settings hierarchically. An optional policy module allows conditional actions, such as blocking unwanted applications like NetBIOS or bandwidth-hungry ones like Windows Updates on 3G connections. The Mobility VPN can be bypassed automatically when connected to the wired corporate infrastructure.On the client side, all Windows desktop and Windows Mobile OSs are supported. Version 7.2 adds support for the business version of Windows Vista. The only configuration parameter needed for installation is the IP address of the Mobility server. Single sign-on is also supported, provided the same Windows login credentials are used to authenticate to the Mobility XE VPN.

Our tests showed Mobility XE provides a seamless user experience. We roamed from Verizon's EV-DO to WLAN and back again on Windows XP, Vista and Mobile 5.0. Our HTTP downloads paused momentarily, then continued, and our SSH sessions never dropped. We were even able to place the mobile devices into standby mode without disrupting our applications. The only application Mobility XE couldn't maintain for extended periods was NetBIOS file transfers, which have a 30-second hard coded time-out limit built into the protocol.

Mobility XE won't work with a conventional IPsec or SSL VPN because it intercepts all application network requests at a higher layer than other VPN solutions. However, users can place Mobility XE into bypass mode, allowing the use of other VPN solutions as needed.

What's New

Since we last reviewed Mobility XE in April 2005 (see nwc.com/go/0528gateways.jhtml), a variety of features have been added to this Editor's Choice pick. For instance, syslog support allows centralized aggregation of Mobility XE alerts into existing monitoring infrastructures. Web image acceleration offers increased browsing speed on slow networks by compressing images. Also new is Client Network Failover, which lets the Mobility XE client choose an interface with a route to the Mobility server, even if it's not the fastest connection.One drawback is that users must manage connections by themselves. The software won't automatically dial a 3G connection or associate to a hotspot within range.

On the competitive front, Columbitech, Ecutel and IBM offer mobile VPN solutions that support both Linux and Windows platforms. Enterprises with Palm or Symbian devices should evaluate IBM's Lotus Mobile Connect 6.1. Those with DOS and embedded systems should look to Columbitech's Wireless VPN because both NetMotion and Ecutel are Windows/Windows Mobile-only. Check Point Software has implemented session persistence in its SecureClient Mobile for Windows Mobile PDAs.

For basic mobile VPN functionality, Mobility XE weighs in at $150 per client. Extended functions such as QoS and application restrictions require an optional policy module at $65 per client.>

Jameson Blandford is an NWC contributing editor and the lab director at the Center for Emerging Network Technologies at Syracuse University. Write to him at [email protected].

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights