How to choose and set up a mobile VPN for an iPhone
Many users perform work tasks on their iPhones, relying on mobile VPNs to securely access corporate resources. Learn about VPN options for iPhones and how to set up these systems.
VPNs are an important security tool for many endpoints, but how does this technology work on enterprise iPhones?
The iOS platform comes with some built-in features to help support VPN access. For example, iPhones include VPN client software that's compatible with several common VPN configurations. They also provide built-in support for multiple authentication methods and connection types, including custom connection types. In addition, IT can configure an iPhone's VPN capabilities through MDM software. This makes it easier to manage VPN access on a large number of devices.
Implementing an iPhone VPN can strengthen privacy and security. By encrypting data and concealing users' IP addresses, VPNs defend against online threats and keep sensitive information private. To enable this technology for iPhones in the enterprise, IT teams must find an approach that ensures security and fits their goals.
Factors to consider when implementing an iPhone VPN
IT should keep a few factors in mind when implementing a VPN platform. Many organizations have to provide VPN services for multiple device types, including iPhones. Those services must meet the organization's specific business requirements for the foreseeable future. Other important factors include supported OSes and existing infrastructure.
Cloud vs. on-premises VPN
VPNs are available as either cloud-based services or on-premises systems. Each option comes with advantages and disadvantages, and the best choice depends on the organization's individual needs. For example, cloud services minimize the demand on IT resources, which can benefit smaller organizations. Conversely, on-premises tools provide IT with greater control, which can be useful to larger organizations with varying requirements.
Connection availability type
Today's iPhones support three types of VPNs: VPN On Demand, Always On VPN and per-app VPN. In other words, depending on the VPN, iPhones can establish a connection on an as-needed, constant or per-app basis. IT teams should understand the differences between the options and figure out which one is best suited to their users and workloads. Additionally, decision-makers should assess each type's potential effect on existing resources and infrastructure.
Organizations often set up VPNs for remote workers so they can access resources securely.
Volume and types of supported users and devices
IT administrators should know how many VPN users they plan to support and what to expect in terms of the short- and long-term need for VPN services. They should also determine the ownership status of the iPhones.
Supported OS platforms
Most VPNs support multiple platforms, such as Windows, macOS, iOS and Android. Admins should determine which platforms they need to support in addition to iOS and how supporting multiple platforms might affect their operations.
Existing systems and infrastructure
Admins should check if they have to augment or upgrade their existing systems and network infrastructure to support VPN connectivity. They should also prepare the network for VPN deployment. This process might involve updating software, reviewing security policies, adjusting configurations and optimizing performance. The VPN platform should be able to integrate with existing tools, systems and infrastructure without significant disruption to current operations.
Remote access vs. site-to-site VPN configurations
IT teams should decide whether they plan to provide a remote access VPN only or implement a site-to-site VPN as well to support satellite offices. Knowing this in advance can help determine the best way to deploy a VPN.
These are by no means the only factors to consider when planning a VPN strategy, but they provide a good starting point. IT decision-makers should also calculate total cost of ownership for a VPN initiative. This estimate should factor in the costs of the required infrastructure and in-house resources, as well as the VPN platform itself. For example, the organization might face ongoing subscription or licensing fees, along with the costs of IT personnel to maintain operations.
To reduce costs, organizations can consider free VPNs, but these services often come with feature and performance limitations. Free options also raise privacy concerns. Some vendors track their users' data and sell it to third-party entities to help offset the costs of offering free services.
Popular iPhone VPN options for the enterprise
The market is overflowing with VPN products, and choosing one can be a large undertaking. IT must find an offering that can keep data safe without markedly compromising performance. To understand the different types of platforms organizations are using today, consider the following list of VPN products. This list was chosen based on industry research into mobile VPN tools compatible with Apple ecosystems. It is not ranked and instead appears in alphabetical order.
Check Point Remote Access VPN
Every Check Point firewall includes Remote Access VPN, which enables remote users to work with secure network resources. Users can access the network through the mobile app or through a Secure Sockets Layer/Transport Layer Security VPN portal that facilitates browser-based connectivity. Remote Access VPN supports both iOS and Android mobile devices. It also provides an MDM enforcement feature for managing VPN access in either OS. The service includes out-of-the-box support for various third-party MDM platforms, such as MobileIron and Sophos.
Cisco Secure Client
Cisco Secure Client is the next generation of Cisco's AnyConnect. Secure Client expands on AnyConnect's VPN capabilities to provide a more comprehensive suite of services. This includes threat protection, roaming protection, zero-trust access controls, network visibility and inspection services. Secure Client works in conjunction with Cisco server platforms, such as Cisco Secure Firewall, Aggregation Services Routers and Identity Services Engine. Admins can configure Secure Client for iPhones through an MDM platform, Apple Configurator or a Secure Client VPN client profile.
Fortinet FortiClient
Fortinet customers might consider FortiClient, which works in conjunction with systems such as FortiSASE, FortiNAC and FortiPAM. This tool runs on client devices and communicates with Fortinet Security Fabric, an architecture of integrated cybersecurity products. With FortiClient, remote workers connect to the corporate network through an encrypted VPN tunnel with connectivity based on zero-trust principles. The platform provides advanced protections, such as endpoint quarantining, app firewalls and cloud sandboxing. Additionally, features such as web filtering, compliance posture tags and remote logging are available for iOS devices.
NordLayer
While NordVPN is a well-known consumer VPN provider, its parent company, Nord Security, also offers an enterprise VPN product, NordLayer. This cloud-based network security platform provides VPN services, along with advanced threat protection and features such as split tunneling, IP allowlisting and site connectors. With server performance of up to 1 Gbps, NordLayer has shared gateway locations in over 30 countries. The platform provides secure access to both on-premises and cloud resources and includes compliance tools. Users can download the NordLayer app from the Apple App Store and enter connection information to start setup.
When choosing a product, IT admins should weigh security and costs against performance and usability. VPN providers can vary greatly from one option to the next, and IT must carefully evaluate each tool to ensure that it meets all requirements.
A VPN is not something that IT can implement and forget about.
7 steps to deploy a mobile VPN for iOS
The process to set up enterprise VPN tools for iPhones depends on the selected VPN platform, implementation approach and the device management tools in use. Because of these variables, every deployment process is unique. In general, however, there are seven steps IT teams take when deploying iPhone VPNs.
1. Determine VPN requirements
Before looking into VPN providers, IT should review the organization's needs. Pinpoint the following details:
Number of users.
Geographic distribution of users.
VPN types.
Device ownership types.
Required level of security.
Any other requirements for implementing VPN services, such as split tunneling or certificate-based authentication.
IT teams should also determine whether they plan to use an MDM platform to manage iOS devices. If so, examine the platform's requirements.
2. Select the VPN platform
Research and choose a VPN offering that can meet the organization's short- and long-term goals. Initially, admins might consider both cloud-based services or on-premises systems to better understand how they differ. The platform should integrate seamlessly with existing infrastructure and systems. It should also support the necessary client OSes and meet all security and compliance needs.
3. Configure the VPN platform and environment
How IT approaches configuring the VPN environment depends on whether the platform is a cloud service or hosted on-premises. The goal is to fully prepare the environment for onboarding VPN users and their devices. An on-premises system requires more effort for system and infrastructure configuration. For either approach, however, admins must also handle steps such as configuring authentication, network systems and VPN settings.
4. Create and deploy VPN profiles through MDM
If an organization uses an MDM platform to manage iPhones, IT must create the necessary VPN device profiles. During this process, specify connection details, such as server addresses, authentication information and connection types. These profiles should then be pushed to the managed endpoints.
5. Install the client VPN app on target endpoints
In most cases, a client VPN app must be installed on each iPhone connecting to the VPN server. Admins can use an MDM platform to distribute the VPN app to their managed devices or instruct their users to download it from the Apple App Store. In either case, provide users with the instructions and training they need to interact with the app and use the VPN.
6. Test and troubleshoot the VPN
After the VPN apps have been deployed to the iPhones, users should verify that they can connect to the VPN and access network resources. To do this, they should test the VPN service on both Wi-Fi and cellular connections. If users run into any connection issues, admins should immediately troubleshoot to identify the source of the problems. For larger deployments, IT teams might want to start with a smaller number of users before rolling out VPN services to all target users.
7. Maintain and optimize the VPN
A VPN is not something that IT can implement and forget about. Instead, admins should continuously track performance and check that everything is working as expected. This also means monitoring systems for security threats and compliance issues. Be prepared to accommodate fluctuations in workloads, as users come and go and corporate requirements change.
When deploying and maintaining a VPN implementation, IT admins can sometimes run into service-related issues. For example, an admin might have used an incorrect server address when creating the VPN profile. Alternatively, different security layers might conflict with each other, or conflicts might exist with other VPN services. Users can also run into performance issues. When this happens, admins might need to try different server or protocol configurations to achieve more reliable services.
Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.
