New Option for Securely Connecting to your Organization’s Resources
Apps created using mobile app container technology from Good have long been able to securely access behind the firewall servers and other resources without requiring buildouts of VPN infrastructure or undesirable configurations in the DMZ. Secure access occurs via the Good Proxy server, a component of the Good Dynamics Secure Mobility Platform, which maintains an encrypted outbound connection from the enterprise to the NOC, which then brokers requests from apps.
This NOC-based approach provides a secure architecture that requires relatively little setup. However, some organizations may desire a slightly different approach.
A new deployment option allows organizations to route app data directly to the enterprise via a DMZ-based proxy server with which the Good Proxy server maintains a secure connection. App data remains under corporate control, flowing directly to and from the corporate network and within specified boundaries. Because of reduced data round-trips, this configuration can support apps that require low latency (e.g., video streaming). The decreased round-trip path also improves app refresh time and performance, contributing to a better user experience.
Enterprise Single Sign-on via Kerberos Constrained Delegation (KCD)
The Good Dynamics Platform already provided single sign-on across all apps on a device: an app was set as the authentication delegate and logging into that app signed a user into all containerized apps on the device. Now, because of Kerberos constrained delegation (KCD), single sign-on for enterprise resources becomes possible. Users will no longer be required to enter their enterprise credentials every time they need access to a constrained resource.
This is about enhancing the user experience. Think about it: your organization enforces complex enterprise password with uppercase and lowercase letters, numbers and symbols and requires password update every 15 days. Without this new enterprise single sign-on capability, you’d not only have to authenticate into your containerized apps, you’d also have to authenticate into constrained enterprise resources (e.g., your corporate intranet, your expense system, etc.) each and every time you wanted access. When you are waiting in the taxi line at the airport on a freezing day, on your way to pitch to a customer, that last thing you want to deal with is having to enter multiple passwords when all you need is immediate access to the corporate presentation.
The great part of this enterprise single sign-on with KCD is that it is transparent to the user. The best part is that the enterprise credentials are never stored on or even sent from the mobile device. Those credentials stay within the confines of the corporate network as the Good Control server brokers the authentication with the corporate directory system (e.g., Active Directory), which defines what resources are accessible to a user.
There are many other new capabilities – read the release notes to learn more. If you want to know how you can get the most out of your deployment of the Good Dynamics Platform, contact your account manager.