- Now that Sentry, the gateway component of MobileIron’s EMM solution, is compatible with Azure, the vendor has a fully cloud-based offering for the first time.
- For MobileIron, the move should accelerate product development, boost cloud-based EMM sales, and increase its competitiveness with rivals Microsoft and VMware AirWatch.
Just before the holidays, enterprise mobility management vendor MobileIron quietly revealed that it had completed the first stage of its long-planned effort to port the centerpiece of its EMM architecture to the cloud. Despite the lack of fanfare, the move represents a significant pivot point that not only enables MobileIron’s first fully cloud-based EMM solution, but also positions the vendor to compete more broadly and effectively.
The focal point of MobileIron’s EMM architecture is Sentry, which the company calls an “intelligent” in-line gateway that manages, encrypts and secures traffic between mobile devices and back-end enterprise systems. The multifaceted server authenticates and authorizes users, devices and apps, providing conditional access to back-end resources and serving as the product’s primary policy enforcement point.
Sentry is a big part of what differentiates MobileIron’s EMM offering. Because all of a MobileIron enterprise customer’s managed mobile traffic passes through Sentry, it creates an opportunity to layer on additional security features. For instance, Sentry is what enables end-to-end TLS-encrypted connections between an organization’s mobile devices and the services they access. MobileIron Access, a SAML compatibility add-on released last spring, offers the ability to block access to a select set of cloud applications from unauthorized devices and leverages Sentry as the point of authentication for cloud application access.
However, Sentry has also hindered the evolution of MobileIron’s product portfolio. Because of Sentry’s role at the center of MobileIron’s network architecture, Sentry has had to reside on-premises only. Even as MobileIron Cloud has remarkably grown in recent years to the point where it represents about 50% of the company’s business, those customers have still been required to deploy Sentry on-premises. Sentry was one of MobileIron’s first technologies, dating back to the company’s founding nearly a decade ago. Re-architecting Sentry for cloud compatibility was a daunting proposition for the vendor. Key tasks included redesigning the core networking aspects of Sentry to function in a cloud environment, and adding support for cloud-based site-to-site VPN between Sentry and on-premises data centers, in order to support connectivity with local resources.
Now, with the December debut of Sentry for Azure, the vendor not only can offer a completely cloud-based enterprise-grade EMM offering for the first time, but can also counter Microsoft’s claims of having the best and only EMM solution that can safeguard Office 365 data. MobileIron believes that by locating its policy enforcement mechanism in the same IaaS environment as Office 365, near the applications and data, the geolocation of end users and devices becomes insignificant. Sentry compatibility with Amazon Web Services is expected early in the New Year, and soon organizations will be able to incorporate a mix of Azure, AWS, and on-premises-based Sentry clusters to improve performance and ensure uptime.
So while Sentry’s move to the cloud will not be widely heralded, it’s a significant step forward for all the reasons noted above. Additionally, it makes MobileIron Cloud more competitive with EMM market leader VMware AirWatch, which already offers an entirely cloud-based EMM solution in AirWatchExpress, plus eliminates the last big technical hurdle before leveraging Sentry for additional features related to security and beyond. This development will accelerate overall product development and cloud EMM sales for MobileIron, new momentum that increasing the likelihood of a strong 2017.