Sections: Mobility 12.50 Mobile IQ 3.50 NetMotion Cloud and MSP Maintenance Releases
NetMotion expands its ZTNA platform to detect, protect, and repair with new self-healing SaaS or On-prem infrastructure that supports both local and global organizations, tightened security controls, and expanded network and event visibility.
NetMotion Complete, powered by Mobility v12.50 and Mobile IQ v3.50, adds support for new user authentication modes, adds resiliency for geo-dispersed deployments, bolsters security with new policy enforcement modes, and supports new ARM processors powering the next generation of mobile devices.
Key new features:
- SAML authentication support.*
- New active-active warehouse support–offers automated failover, self-healing, and improved distributed pool support.*
- New ZTNA policy action strengthens security by forcing user reauthentication when security contexts change.
- New ZTNA policy actions for enabling/disabling data collection improve compliance and enforcement.
- New visibility for ZTNA policy enforcement to evaluate the impact of applying ZTNA policies and make proactive security policy decisions.
- New resilient client option for Windows monitors, detects, and automatically repairs problems with client files and processes.
- Client support for Windows 11*
- Client support for ARM processors on macOS and Windows devices.*
- Improved support for Intune autopilot with hybrid-domain joined machines.
- New and enhanced Mobile IQ dashboards including 5G signal quality and network coverage, Wi-Fi signal quality mapping, and Mobility connection status.
Support for Modern, Federated Authentication Solutions
Organizations are adopting modern, federated, and cloud-hosted authentication solutions for both remote and on-premises personnel. NetMotion customers can easily convert all or some of their users or administrators to any standards-compliant SAML identity provider, gaining instant access to the out-of-band, multi-factor authentication options, federated identity management in the cloud, and other capabilities available from their chosen identity provider.
- Standards-compliant SAML authentication
- Supports MFA options like push notification, voice calls, or SMS available in your SAML provider’s solution
- Easy integration with cloud-hosted authentication solutions, regardless of where your NetMotion servers are deployed.
- Simplifies administrative access to the Mobility console, consolidates account management into a single directory service and facilitates single sign-on for apps sharing that identity provider.
- Configurable “session token” option creates a persistent authentication session for a specific length of time, controlling how often users are prompted for SAML/MFA credentials.
- Map SAML groups defined in the IdP to Mobility groups and leverage Mobility Policy and Role-Based Access Controls to manage their access to Mobility services.
Mutual Authentication Protects all Authentication Protocols*
Regardless of which authentication method you configure, Mobility v12.50 now automatically protects all authentication exchanges between clients and server.
- AES encryption protects client & server communications for all authentication methods
- Mobility clients and servers automatically establish a mutually authenticated tunnel to positively identify the user’s device and the Mobility server before authenticating a user.
- Protects against ‘pass the hash’ attacks on NTLM authentication exchanges.
Easy-to-implement, zero-trust, security controls provide the visibility and control administrators need to enforce a strong security posture without reducing user productivity. This release offers greater visibility to blocked and allowed traffic, and fine-grained controls over what behavior is allowed, denied, routed, or optimized by policy.
Reauthenticate Policy Action
Re-challenge a user’s security credentials when the context changes. For example, if a user moves to a public, unsecured network or to a network they’ve never used before, Mobility can ask them to reauthenticate before accessing allowed resources.
- Challenge for authentication credentials when security parameters such as time of day, network name, connection name, access point ID, the presence of external conditions, and the like change.
- Challenge the identity of the person in possession of the device.
- Mandate compliance with corporate security policies for authentication.
Control Data Collection and Privacy
To respect user privacy on COPE or BYOD devices, policies can now disable data collection. Disable data collection by policy conditions like time of day, network name, connection name, access point ID, the presence of external conditions, etc.
- Automatically disable/reenable data collection by policy to comply with relevant privacy regulations and agreements.
- Fine grained control to limit data collection to legitimate business purposes.
- Supports over 25 different policy conditions.
Set Interface Selection Preference – force traffic over a specific interface
Mobility supports ordering the network interfaces in policies to solve routing issues caused by network interfaces that report inaccurate speeds.
- Fine-grained control over the order in which network adapters are used to route traffic on mobile clients.
- Override hardware vendors’ claims of performance with custom routing preferences.
Self-Healing and Super-Distributable
When Mobility v12.50 is deployed with redundant warehouses, if any warehouse becomes unavailable, other warehouses in the deployment automatically take over without administrator intervention. Administrators no longer need to promote a secondary warehouse in the event of a failure.
- Mobility pools are fault tolerant and automatically self-healing in the event of a warehouse failure.
- All warehouses are active-active backups for each other. If one goes offline, the others automatically take over and administrators are notified.
Improved Support for Geographically Distributed Pools*
The new active-active architecture now supports pools with up to 300 milliseconds of latency between warehouses. Support for higher latency enables using public networks–not just expensive, private circuits—to deploy a distributed pool for fault tolerance or geographically distributed teams between cities, countries, and continents.
- Supports distributed pools with up to 300 milliseconds of latency between zones.
- Increased fault-tolerance supports combining multiple smaller pools into a single pool with a single management UI
- More flexibility in designing for disaster recovery or global deployments
Encrypted Warehouse Communications*
Mobility v12.50 now uses TLS encryption by default for communication between the warehouses and Mobility servers to ensure the confidentiality and integrity of the data-replication.
- Strong encryption, enabled between all v12.50 warehouses and NMSs.
- Secure data within and between data centers, regardless of their physical location.
5G Network Intelligence
Mobility and Mobile IQ are now fully 5G-aware. Mobility clients collect and monitor 5G networks including signal quality, availability, technology generation (5G) and network technology (5G Sub6, 5GMM).
Note: Apple platforms do not provide cellular signal information.
- Track and analyze 5G network availability, coverage, signal quality and usage in Mobile IQ.
Ensure Mobility Client Health
Protect against malicious or inadvertent tampering with the Mobility client. Beginning with Mobility version 12.50, Mobility clients are available in an optional Resilient version. The Resilient Mobility client monitors client files and processes. If it detects tampering, the client will automatically repair or reinstall itself using a known good copy from a trusted source in our cloud infrastructure.
- Continually monitor the state of the Mobility client’s health and automatically remediate as necessary
- Automatically restart if key processes aren’t running
- Automatically reinstall the client in the case of file corruption
Automatically Detect Authentication Certificates
When presented with multiple choices for authentication certificates, Windows users often struggle to choose the correct one. With Mobility 12.50, administrators can easily pre-select the proper user or device authentication certificate and minimize the chance that users select the wrong certificate and fail to authenticate.
- Pre-configure the Mobility 12.50 client for Windows to automatically use the correct certificate
- Supports multiple criteria for matching certificates and wild card logic when specifying certificate attributes
- Configure new Windows certificate matching criteria from the Mobility administration console
Windows 11 Support
Mobility 12.50 supports the latest version of Microsoft’s Windows desktop operating system. Leverage Mobility to improve your productivity on Microsoft’s newest platform for enterprises with the only VPN available that has been designed specifically with mobile workers in mind, providing seamless remote access in a way that actively improves the employee experience.
ARM Platform Support
The Mobility v12.50 client supports ARM processors in Windows and Apple device tablets and laptops that offer low power consumption and powerful mobile computing.
Near line-speed macOS downloads
We tripled the performance to near line-speed when downloading large files that are split-tunneled (local proxy) outside the VPN. (Up to 900 Mbps under ideal circumstances.)
Enhanced Drop-ship Deployment Options
Administrators can now drop-ship new Windows laptops to end users and script the initial configuration process. Improved support for Hybrid/Azure AD Join with a VPN when using Microsoft Intune. This allows for “zero-touch” remote deployment of Windows PCs using Windows Autopilot or other Windows system management tools.
Mobile IQ v3.50
Visibility of ZTNA policy enforcement
New and enhanced dashboards provide visibility into traffic policy-blocked to hosts/websites, addresses/ports, and web reputation. Administrators can now evaluate the impact of applying Mobility ZTNA policies and make proactive security decisions.
New Connection Status History dashboard
A new Mobility Connection Status History dashboard compliments the Mobility Connection Status dashboard by providing more granular filtering and the ability to export all data to CSV, XML and JSON files. This allows administrators to better analyze Mobility client usage history, including identifying when mobile users are actively connected and working remotely.
New Mobile IQ Access Audit dashboard
Administrators can now see a history of every dashboard that has been viewed, who viewed that dashboard(s), when viewed, and what specific filters were applied.
5G Network Reporting
Mobile IQ shows 5G-specific data on dashboards that display cellular coverage, signal quality and usage. Dashboards with maps include Technology Generation (5G) and Network Technology (5G Sub6, 5GMM), as well as signal quality.
Wi-Fi Signal Quality Mapping
The Device Details dashboard provides a visual map of a device’s movement and signal quality when connected to Wi-Fi networks. Customers can use this dashboard to identify problem Wi-Fi access points and poor Wi-Fi coverage areas.
Option to Display and Export More Data
Several dashboards with tables are no longer restricted to 1,000 rows. Customers with more than 1,000 devices and/or users can now view and export all the data.
Filter to Display all Carriers in Cellular Coverage Maps
The Cellular Coverage Map dashboard can now be filtered to show an individual carrier or all carriers on a single map. This is helpful for customers that rely on multiple carriers and want to better understand their end user’s overall experience.
Display PCI and Cell ID
Dashboards that display cellular telemetry data now include the Physical Cell Identifier (PCI) and Cell ID, when available. Customers can use this information to work with their cellular providers on improving service and coverage.
Personalize Wi-Fi Network BSSID Names
Mobile IQ administrators can now create a look-up table to map non-friendly Wi-Fi BSSID names to user-friendly names displayed in dashboards. This makes it easier for customers with many Wi-Fi access points to quickly identify an access point that may be having problems.
New Server Connections Over Time Chart
The Deployment Status dashboard now includes a line chart that displays the number of Mobility Client connections to each Mobility Server over a selected time. This helps Mobility administrators determine if the Mobility servers are properly loaded and identify any historical outages.
Updated Carrier Definitions
The Cellular Coverage Map has an updated list of carriers to reduce “unknown” carrier color assignments.
Include Grid Cell Statistics in Cellular Coverage Map KML Exports
The Cellular Coverage Map can be exported to a Keyhole Markup Language (KML) formatted file for use in 3rd party mapping tools. Mobile IQ now includes the actual grid cell statistics to display in the KML imported map.
Administrative and Management Enhancements
Improved Console SSO Log-Off Experience
Mobile IQ now provides the option to configure where the user’s browser is redirected after log-off to reduce user confusion after console log-off.
License Management Enhancements
More information about applied licenses appears in the Mobile IQ Management tool and Licensing dashboard, making it easier for customers to view their license history and better understand when subscription licenses expire.
Self-Hosted Map Tile Servers
The maps displayed in several Mobile IQ dashboards are generated by an Internet- hosted map tile server (Microsoft Bing maps). Customers that do not want to permit Internet access to the Mobile IQ server can now manually configure Mobile IQ to render maps using a self-hosted map tile server.
NetMotion Cloud and MSP Enhancements
Automated Server Deployment
Mobility v12.50 contains new installer features for scripting server deployments and upgrades. Managed Service Providers (MSPs) and other organizations that frequently install or upgrade Mobility infrastructure can integrate those operations into their existing Ansible or other automation environments to reduce human error and scale deploying infrastructure.
Custom Domains for NetMotion Cloud Deployments
Customers deploying to NetMotion cloud can choose custom domain names, simplifying, access and configuration of their cloud subscription.
- Choose your custom name and simplify access to the cloud environment for example – customer_name.on.netmotioncloud.com
- Create a name that’s easy for end users and administrators to recall and use.
Full Mobile IQ Scalability in NetMotion Cloud
For customers with large SaaS deployments, the NetMotion Cloud platform supports up to 30,000 devices in Mobile IQ. Mobile IQ in NetMotion Cloud offers all the capabilities of our on-premises product with full scale in a managed cloud environment.
- Scale parity between Mobile IQ and Mobility in NetMotion Cloud
- Mobile IQ in NetMotion cloud also supports large, on-premises NetMotion pools.
* Feature also available in NetMotion Core.