!

Using Acronis Access with MobileIron

March 6, 2014 Proprietary and Confidential Do Not Distribute

Overview

Bundle ID: com.grouplogic.mobilecho

The Access Mobile Client provides iPad and iPhone devices with secure access to files located on Windows file servers, SharePoint servers, Access Sync & Share volumes, as well as 'network reshare' access to SMB/CIFS compatible file servers (i.e., NAS devices, remote Windows Servers, Linux file servers).

Acronis Access servers can optionally control the mobile application's features and security settings by configuring user and/or group policies.

The Access Mobile Client application can access files on one or many Acronis Access Gateway Servers. Files can be copied or synced from servers to on- device encrypted storage within the Access Mobile Client app. These files can then be accessed even if the mobile client does not have a Wi-Fi or 3G net- work connection.

The mobile app has SmartOffice integrated, which allows files to be opened and edited within the Access Mobile Client. Files can also be opened in other mobile applications, moved, copied, printed, emailed, renamed or deleted. In addition, the Acronis Access iOS client application allows PDFs to be annotat- !ed directly within the app.

App availability

The Acronis Access mobile app is available in the Apple App Store: https:// itunes.apple.com/app/acronis-access/id429704844

Device compatibility

Access Mobile Client Application Supported devices:

▪ Apple iPad 2nd, 3rd, 4th generation

Company Confidenal 1 ▪ Apple iPad Mini 1st, 2nd generation

▪ Apple iPad Air

▪ Apple iPhone 3GS, 4, 4S, 5, 5s, 5c

▪ Apple iPod Touch 4th, 5th generation

Access Mobile Client Application Supported OS's:

▪ iOS 6 or later ! !

App-specific configuration

The following keys can be used with the Acronis Access app:

Key Description

enrollmentServerNa The value of this key should be set to the DNS me address of the Acronis Access Gateway Server that the user will enroll with. This key is required.

enrollmentPIN If your Acronis Access Server requires a PIN number for client enrollment, you can auto- complete the PIN number field in the Acronis Access enrollment form with this value. It is typical that the PIN requirement on the Acronis Access Server is disabled, since AppConnect can serve as the 2nd factor of authentication before a user has access, rather than the one-time-use PIN number. This PIN requirement is configured on the Settings page of the Acronis Access web console.

enrollmentAutoSubmi This will cause the enrollment form to be submitted t automatically, so that they user does not have to tap the “Enroll Now” button to proceed. To enable this key, set its value to: Yes

requirePIN If you are distributing a PIN to Acronis Access mobile users that they will need to manually enter into the Acronis Access enrollment form, you can specify that the PIN field is immediately shown in the form by setting this key’s value to: Yes

Company Confidenal 2 enrollmentUserName The value of this key will be inserted into the Username field in the Acronis Access enrollment form. You can use a MobileIron variable to autocomplete this value with the specific user’s username.

enrollmentPassword The value of this key will be inserted into the Password field in the Acronis Access enrollment form. You can use a MobileIron variable to autocomplete this value with the specific user’s password.

AppTunnel support

The Acronis Access Mobile Client needs to interact with all Acronis Access Gateway servers which will provide access to your files and servers. The de- fault port for the Gateway server is 443. !

This can be done both through the AppTunnel and without it.

• If you want to control the Acronis Access app through MobileIron poli- cies, all Acronis Access Gateway servers must be added to the App- Tunnel configuration.

• If you want to control the Acronis Access app through Acronis Access management policies, you are not required to configure AppTunnel.

Data loss prevention policy support

Acronis Access enforces both MobileIron’s and its own data loss prevention policies, taking the most restrictive value. If an action is denied in either one of these policies, it is denied for the clients.

Secure file I/O support ! The Access Mobile Client app encrypts all network communication using the HTTPS protocol for secure over-the-wire file transfer and stores data on the iPad using Apple Data Protection (ADP) hardware encryption.

Company Confidenal 3 AppConnect and non-AppConnect mode support

The Acronis Access mobile app can work either on its own or with AppConnect enabled. Once AppConnect is enabled, you cannot use the Acronis Access app without AppConnect.

The Acronis Access Server can be configured to only allow AppConnect-man- aged Access mobile clients to connect, ensuring that all users are protected and managed by AppConnect.

User features

Working with the Acronis Access app

For more information

Release notes

Official App Documentation

MobileIron AppConnect support

Configuration tasks

Use the following high-level steps to configure AppConnect for the app. 1. Configure a new AppConnect app configuration for the app.

2. Configure a new AppConnect container policy for the app.

Configure a new AppConnect app configuration

The AppConnect app configuration defines the app-specific parameters that are automatically pushed down to the app, as well as configurations for estab- lishing and authenticating an AppTunnel associated with the app. See the Ap- pConnect chapter of the VSP Administration Guide for details about each field.

Also, for more on AppTunnel configuration, see “Adding AppTunnel Support” in the AppConnect chapter of the VSP Administration Guide.

Use the following steps to configure the app-specific configuration: 1. On the VSP Admin Portal, go to Apps > Configurations > Add New > AppConnect > Configuration.

2. Edit the AppConnect app configuration with the Name, Description, Application, AppTunnel configuration including the identity certificate, and App-specific key-value pair configurations required for the app. Company Confidenal 4 Note: For the Application field, choose an application from the app distribution library, or for iOS apps, specify the iOS bundle ID. You can find the bundle ID by going to Apps > App Distribution Library, and clicking to edit the app. The field Inventory Apps displays the bundle ID in parenthesis.

3. AppTunnel: Click on the “+” button and enter the AppTunnel details. The AppTunnel service for this app must be pre-configured in order to use it here.

4. App Specific Configuration: Click on the “+” button to enter the key-value pair infor- mation.

Configure a new AppConnect container policy

An AppConnect container policy specifies data loss protection policies for the app. The AppConnect container policy is required for an app to be authorized unless the AppConnect global policy allows apps without a container policy to be authorized. Such apps get their data loss protection policies from the App- Connect global policy.

Details about each field are in the AppConnect chapter of the VSP Administra- tion Guide.

To configure an AppConnect container policy: 1. On the VSP Admin Portal, go to Policies & Configs > Configurations > Add New > AppConnect > Container Policy.

2. Enter the Name, Description, and Application.

Note: For the Application field, choose an application from the app distribution library, or for iOS apps, specify the iOS bundle ID. You can find the bundle ID by going to Apps > App Distribution Library, and clicking to edit the app. The field Inventory Apps displays the bundle ID in parenthesis.

3. Configure the data loss protection policies according to your requirements.

Company Confidenal 5