Sections: Secure Access 12.0 Insights for Network 3.0 Maintenance Releases
A powerful software defined perimeter (SDP) easily deployable without retooling or re-architecture
Software defined perimeters and zero trust security solutions reduce an organization’s attack surface to a bare minimum. We have added rich software defined perimeter (SDP) capabilities to the NetMotion platform’s unique ability to improve application resilience and roam seamlessly between networks, further extending security, management, and visibility to all traffic on your mobile perimeter previously only available to VPN-tunneled traffic. The platform is streamlined and consolidated into fewer products, a single client app, fewer servers, and more unified administration and management.
In the NetMotion platform, Mobility 12.0 and Mobile IQ 3.0 unite Mobility’s powerful, intelligent security controls, Diagnostic’s root cause analysis of remote connectivity faults along with the network and location awareness, and Mobile IQ’s advanced visualizations.
Easy to implement, zero-trust security controls provide administrators with the visibility and control they need to enforce a strong security posture without reducing user productivity.
A powerful, unified console for all NetMotion reporting, dashboards and operational intelligence offers over 20 new dashboards, and numerous enhancements to dashboard functionality, console access user management, and disaster recovery.
Software Defined Perimeter for Modern Mobile Workforces
Distributed policy enforcement on the mobile edge without chokepoints
Mobility 12.0’s unique local proxy architecture brings the control and visibility associated with datacenter grade forward-proxy and reverse-proxy services to the mobile edge. With enforcement on the mobile edge, administrators can intelligently block both outbound and inbound traffic without routing it to a datacenter or cloud-based chokepoint, all while still retaining precision data intelligence. NetMotion’s new platform offers unique benefits:
- Reduces load on your corporate Internet back-haul and switching infrastructure by blocking unauthorized traffic at the mobile device.
- Highly scalable local proxy architecture leverages each mobile device’s computing resources to filter its own traffic minimizing load on computing resources in the data center.
- Routes authorized cloud and data center traffic directly to its destination, improving SaaS and data center application performance.
Secure traffic across your hybrid cloud
Define access policies suitable for the different systems, applications, and access methods. Automatically block access to risky, unsafe, or inappropriate web content. Restrict access to social media during the workday while allowing access after-hours. Set policies by organizational unit, time of day, device, or access network.
Tightly control access to data-center resources to offload network backhaul, while optimizing for an excellent experience to mobile workers focused on business priorities.
Manage all mobile traffic regardless of its destination
Administrators can monitor all mobile data traffic and use that insight to better control access and support their users. By proxying all traffic entering and leaving the mobile device, the NetMotion platform gathers flow and meta-data about the apps, resources and networks used by mobile workers.
Automatically block client access to risky and imprudent sites by reputation and category
Mobility reputation services are now an integral part of the platform, and they’ve been enhanced to support policies that automatically block client access to risky or imprudent sites. The reputation engine recognizes over 85 web site categories, from ‘abused drugs’ to ‘social media’ to ‘web-based email’. AI-powered reputation policies automatically enforce policy decisions on the client. Tune your risk tolerance by user, group, and device to determine what websites are permitted, when, and from what networks; without wasting the time and data required to send the traffic to a datacenter or cloud-based web proxy.
Automatically block phishing and smishing attacks
Reputation services automatically blocks phishing and smishing attacks by preventing access to servers or internet sites that pose a security risk. Even if a user accidentally clicks a malicious link, Mobility prevents the connection on the mobile perimeter.
Easily apply policies to a large group of hosts, domains, or IP addresses
Cloud service providers like Microsoft, Amazon AWS, and others have large lists of domains and servers. Easily import lists of hosts and domains to a named group and apply policy controls to manage access and ensure direct-to-destination routing.
Unified client app on all platforms
The Mobility 12.0 client app now includes the data collection capabilities found previously in the NetMotion Diagnostics client, turning every mobile device in to an active, policy-driven sensor. The data gathering capabilities, including bandwidth testing and connectivity diagnostics are included on every client platform.
Policy-driven bandwidth testing and connection diagnostics
Launch bandwidth tests and connectivity diagnostics using Mobility’s powerful policy engine. Automatically diagnose when our application and network persistence features are needed when a device is unable to reach or reconnect to Mobility server, detect GPS failures, detect lost access to corporate resources, and test available bandwidth to quickly diagnose problems in the field and keep mobile workers productive.
Quicker, more accurate bandwidth tests for high-speed 5G and 802.11ax networks
Improved bandwidth tests complete more quickly and provide more accurate throughput measurements, including on highspeed 5G and 802.11ax networks. Monitor mobile network technologies and drive more informed purchase decisions for devices, networks, coverage and service levels.
Full data collection and Diagnostics extended to macOS
The full suite of diagnostic and data collection capabilities is now also available in the Mobility client for macOS. Minimize downtime by quickly identifying problems and solving them with pinpoint accuracy. Reduce support costs by eliminating unnecessary work and accelerating problem resolution. Troubleshoot, diagnose and report across all networks including cellular, Wi-Fi and Ethernet.
Full IPv6 support, including single-stack IPv6 apps and networks
Mobility v12.0 and Mobile IQ v3 feature full support for ‘single-stack’ IPv6 apps, application servers, and infrastructure.
Simplified packaging and licensing
The new NetMotion platform is available as a simple, annual subscription license per device, ensuring you have access to everything. Contact your account representative for assistance converting your existing licenses to the new platform subscription.
Powerful, Unified Intelligence and Visualizations
NetMotion Mobile IQ is now an integral component of the NetMotion platform. It provides a unified, console for the intelligence and visualizations previously available in Diagnostics and the Analytics module. Powerful dashboards illuminate your entire mobile perimeter from layer one connectivity through application and flow analysis.
User group & device group filters
Organizations that leverage Mobility’s device groups and user groups can filter most dashboards to display specific groups of users and/or devices to organize and partition data visualizations.
Enhanced device activity maps pinpoint problems and facilitate troubleshooting
As a device moves, the mapped trace line changes color based on cellular signal strength, indicating areas of poor coverage. Clicking on a point in the device trace line details the networking activity, including carrier, radio type, technology type, connection status, location GPS coordinates, location accuracy, signal quality, and band.
New Battery Status chart identify dwindling batteries and batteries with excessive drain
The new Battery Status chart on the Device Details dashboard displays the battery’s charge level over time. Gain insight into battery charging and discharging behavior, and identify devices with failing or aging batteries, and batteries that are being drained more quickly than usual.
Mobility Connection Status chart
A new Mobility Connection Status swim lane chart on the Device Details dashboard displays the Mobility server’s connection state (e.g. Connected, Unreachable, Disconnected). Correlate the Mobility connection status with other charts on the dashboard to diagnose and troubleshoot connection problems caused by adapter issues and networks.
New Mobile IQ Performance Dashboards
Cellular coverage map
Understand the overall network coverage experienced by mobile devices, including signal quality and available network technology. Identify coverage gaps, understand where network performance is degraded, and find out which network carrier has more consistent coverage in a given area.
Cellular and Wi-Fi connection map
See where your devices connect to cellular and Wi-Fi networks, and find locations where devices should be using Wi-Fi but are not. Reduce cellular data plan overages and optimize coverage by identifying employees using costly cellular data plans that could be using low-cost Wi-Fi.
Device Location Health
Monitor the status of location reporting for devices in your NetMotion deployment. Identify devices that frequently drop location data, including the number of location drops as well as the percentage of time location data was successfully collected for each device. This information can be used to determine if devices are reporting location data when expected. Devices that frequently drop location data may need to be reconfigured, repaired or replaced.
Diagnostic Reports List
Troubleshoot mobile connectivity issues more quickly to pinpoint when, where, and why a failure occurred. The Diagnostic Reports List displays a list of diagnostic tests results. When users experience a networking problem—for example, an application is not working as expected or there is no network access—they can generate a diagnostic report to help identify the problem and provide possible troubleshooting solutions.
New Wi-Fi Connection map
Locate areas with poor Wi-Fi coverage, that are over saturated with too many users, are experiencing failing Wi-fi access points, or that may need access point upgrades.
New Mobile IQ Cost Control Dashboards
- SIM Cards – Last Used Plans
Save costs by quickly finding unused cellular data plans that may be candidates for plan termination or redeployment.
- SIM Cards - Low Plan Usage
Control costs by identifying underused cellular data plans. Identify cellular data services that could be redeployed to other mobile workers and identify low-use devices that could better utilize shared data plans.
VPN Tunnel Usage
Monitor the volume of data sent through your network over a secure tunnel to identify the applications, destinations, devices, and users that are generating traffic. Sending non-sensitive data outside a secure tunnel can improve application performance, and in some cases can reduce data costs. However, traffic sent outside a secure tunnel can be a data-security risk. Understand which applications are and are not using a secure tunnel.
New Mobile IQ Inventory Dashboards
Gain insight into mobile device battery charging and discharging behavior. Compare all the devices in your organization to identify devices that are unable to fully charge or drain at a high rate. Take a proactive approach to replace failing batteries, as well as identify applications or device settings that impact battery life.
Summarizes cellular network adapter models in your NetMotion-enabled deployment, providing details on each adapter. Utilize this new dashboard to manage device inventory and make decisions about replacing aging cellular devices.
Cellular Adapter Firmware Audit
Improve device reliability and reduce support costs by identifying device adapters that do not have the proper firmware version installed.
New Mobile IQ System Dashboards
Monitor the 30-day history of your NetMotion license usage to determine trends that may require a change in licensed capacity. Monitor subscription license expiration terms.
Mobile IQ Status
View your NetMotion Mobile IQ server’s heath, including inventory and usage statistics. Use this dashboard to ensure that your Mobile IQ server is running the correct software versions, using expected disk space, and to identify unexpected server resource usage.
Mobility Connection Status
View devices Mobility connection state over time. Correlate the connection status with multiple devices to diagnose connection problems for that user or group of users. Identify devices that are experiencing unexpected connection activity, such as devices that are unable to connect to your Mobility server, devices that are unreachable, and devices that remain connected during non-work hours.
Reduce security risks by identifying devices that frequently disconnect Mobility. Diagnose possible network-related issues, as well as locate users that manually disconnect often.
Monitor alerts triggered by your Mobility servers and clients.
Monitor quarantined devices and users. Determine quarantined connection trends and overall daily volume.
- Reputation Category Groups
Analyze Reputation category assignments to develop acceptable use policies. Viewing current category group assignments allows administrators to make grounded policy enforcement decisions.
Improved Console Access Layout and Control
Redesigned console access and user management makes it easier for administrators to review the entire list of console users and take less steps to apply user profile changes. A new feature also allows administrators to force a user to log off the console when applying server updates or altering a user’s role.
Single sign-on to Mobile IQ and Mobility consoles
Administrators can now authenticate with and seamlessly transition between the Mobility and Mobile IQ management consoles using Mobility console credentials. Leveraging a SAML identity provider on the Mobility server, the Mobility and Mobile IQ consoles can now share administrator credentials for seamless transitions between them. NetMotion Mobility customers using Active Directory group/user console authentication can establish single sign-on between Mobile IQ and Mobility consoles. Console access roles defined in Mobility carry-over to Mobile IQ Console users. User management functions, such as adding/removing a user or resetting passwords, can now be performed within Active Directory. Mobile IQ also supports user authentication to other SAML Identity Providers, such as Azure AD.
User time zone preference
By default, Mobile IQ displays all date/time data based on the Mobile IQ server’s time zone. Individual users can now configure their specific time zone to see dashboard dates and times in their chosen locale.
Mobile IQ Automated Back-up
The Mobile IQ data and system configuration settings can be scheduled to automatically back-up on a recurring schedule. Schedule daily or weekly backups. Automated back-ups minimize the impact of data loss in the event of a disaster recovery situation. As in previous Mobile IQ releases, on-demand back-ups are available.
Mobility 12.0 Lifecycle Announcements
Mobility Analytics Module end-of-sale
With the release of NetMotion Mobility 12.0, the Mobility Analytics module has reached end-of-sale. The Analytics module is replaced by the advanced data visualization capabilities in Mobile IQ. The Mobility 10.x and 11.x Analytics module will receive limited support until their respective versions of Mobility reach end of life. Current customers should plan to migrate to Mobility 12.0 and Mobile IQ 3.0.
NetMotion Diagnostics end-of-sale
With the release of NetMotion Mobility 12.0, NetMotion Diagnostics is end-of-sale. On May 1, 2021 all current versions of NetMotion Diagnostics will be end-of-life. The Diagnostics function has been folded into Mobility 12.0 and Mobile IQ 3.0. Customers should plan to upgrade to Mobility v12.0 and Mobile IQ 3.0.
Mobility v10 end-of-life
All versions of Mobility 10.x are end-of-life on May 1, 2021. Mobility 10.x users should plan on migrating to Mobility 12.0 as soon as is practical. Contact support for assistance in planning your migration.
Microsoft Server 2012 R2
Mobility version 12.0 is the last version of Mobility that supports Windows server 2012 R2. Customers are encouraged to migrate to Microsoft Server 2019 as soon as practical.
Microsoft Windows 7
Microsoft Windows 7 was end-of-life on January 14, 2020. Accordingly, it is not supported by Mobility 12.0. Customers requiring support for Windows 7 can continue to run the Mobility 11.x clients with Mobility 12.0 servers.
Appendix A: Maintenance Releases
NetMotion Mobility 12.10 Servers and Clients.
NetMotion Mobility 12.10 is a significant maintenance release for servers and clients. The 12.10 release incorporates the fixes and improvements and can be installed instead of the 12.02 server security update. Mobility 12.10 includes the following:
- Mobility reputation configuration supports web proxies. Organizations that use web proxy servers can now configure the Reputation service to connect to an organization’s web proxy server for updates instead of connecting directly to the NetMotion cloud infrastructure.
- Improved security role delegation. Administrators can now delegate permission to specific users, who can also delegate less-privileged access roles to other users.
- Captive portal for Windows clients now supports configuration using proxy.pac files.
- Added support for Verizon MiFI 8800L mobile hotspot.
Consult the list of known and resolved issues for details on bugs fixed in this release.
Supported server platforms supported
Mobility 12.10 supports Windows Server 2016, Windows Server 2019. Windows Server 2012 and variants are no longer supported.
Supported client platforms
Windows 8.1, Windows 10, Android 6 and above, macOS 10.14 or later, iOS 12.1 or later, iPadOS 13.1 or later.
NetMotion Mobility 12.02 Servers
NetMotion Mobility 12.02 server is an important security update. It removes a security vulnerability in the Mobility web server. Customers should upgrade immediately to 12.02 servers. In addition, customers should verify that the Mobility servers are behind a commercial firewall and only the VPN port is exposed to untrusted networks. The default port for the VPN is UDP 5008. If you have changed the default VPN port, ensure only that VPN port is exposed.
Download the updated versions of Mobility servers from our customer portal, or contact support for assistance. Consult the v12.02 documentation for guidance on securely configuring your Mobility deployment. See the support advisory page for more details.
NetMotion Mobility 12.02 Clients
NetMotion Mobility 12.02 is a client only bug fix release addressing potential high resource utilization on macOS, iOS, and Android.
Administrators should test and deploy Mobility 12.02 at their convenience.
Mobility 12.01 Clients and Servers
NetMotion Mobility 12.01 is a bug fix release that includes client and server improvements to:
- Warehouse performance at scale
- Compatibility with Windows firewall and anti-virus vendors
- DNS request handling on Android
- Client stability and resource utilization
Administrators should test and deploy Mobility 12.01 at their convenience.