Manage Learn to apply best practices and optimize your operations.

VPN clients for mobile devices

As more and more business users need the ability to access data and voice services anywhere, any time, with a single client device, their companies have to tackle both technological and security issues. Robbie Harrell looks at both in this tip.

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our tip contest and you could win a prize.


In the traditional sense, IPsec was the predominant software used to enable VPN tunnels from a client to a VPN server in order to provide VPN connectivity. There are multitudes of VPN clients in the market for personal computers that support Windows operating systems. However, this is not the type of client I want to discuss in this article.

The industry is evolving to next generation mobility. My definition of "next generation mobility" is "the ability to have data and voice services anywhere, any time, with a single client device." This capability is offered in a limited capacity today through several vendors (Motorola, Avaya and Sprint), but the technology is in its infancy and most enterprise organizations are just beginning to think about utilizing the technology.

The ability to offer voice and data on a single client with ubiquitous access is indeed a novel concept. Technology-wise this can be done, but the same issues and challenges are present. Like the legacy VPN solutions, if an enterprise is looking at utilization of a client for mobility and access, then the data on that client must be secured as it traverses the airwaves. So how does one go about securing the data? The answer is relatively straightforward -- the client that is used to interconnect to the network must support some form of encryption. Federal regulations have driven corporate standards to require encryption of a company's data.

Today's cellular companies are offering data (primarily e-mail) capabilities via their phones. Examples of this are the BlackBerry and PalmTREO from Cingular. Both of these clients support both voice and data connectivity over Cingular's GSM network. The TREO supports enterprise mail via the Xpress mail VPN solution and BlackBerry supports e-mail via the Blackberry enterprise VPN solution. In both cases, this is a VPN client/server solution that provides a seamless VPN solution for e-mail, utilizing push technology that is always on (you don't have to log in every time).

However, these clients are enabled for e-mail only. In the event that other data services are needed, you will actually need to install a secondary VPN client. This is where it gets confusing. BlackBerry touts that their e-mail solution will also support data. TREO supports the ability to load external VPN clients to support this capability. It would appear at first glance that the BlackBerry VPN solution is the way to go, as there is no need to purchase and load an external VPN client (and server at the host site). However, BlackBerry does not guarantee this capability and even has a disclaimer indicating that additional application development may be required. This is very important when looking at VPN support on a mobile client.

In a nutshell, secure corporate data communications from a handheld is basically no different than VPN connectivity from a PC today. However, these technologies are rapidly emerging and the potential is for the ubiquitous mobile device supporting both voice and data from one client. Caution must be used when evaluating these technologies and a proof of concept is highly recommended.

About the author:
Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has over ten years of experience providing strategic, business and technical consulting services. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.

This tip originally appeared on


I agree whole-heartedly with you. I have sales people who want to access our systems via BlackBerry , but we could not get it to work via our Citrix servers. I gave some of them laptops with Sprint cards and we are using MCI's Access Manager and the Cisco VPN client.
—Chuck A.

Do you have comments on this tip? Let us know.

Dig Deeper on Lotus Notes Domino Data Management and Storage

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...