Menu

Overview

Protecting and auditing enterprise network traffic is a challenge for all organizations, and one that can directly affect any company’s bottom line. Creating a solution to this challenge can be difficult without extensive coordination between IT departments and Mobile Device Management (MDM) vendors.

The Knox SDK simplifies the process of creating a solution by providing the means to build tools such as Virtual Private Network (VPN) clients, split-billing clients, and bandwidth optimizers. Using the Knox SDK ensures that your software can be deployed quickly on a fleet of enterprise-ready Knox devices. Broad MDM support of Samsung’s Knox interfaces reduces the risk of compatibility issues, which means that your software can be quickly adopted and managed across multiple devices. Many services can use the Knox SDK, but it's most commonly used to build VPN client solutions.

Some examples of VPN clients that were built using the Knox VPN service include: F5 Edge, Pulse Secure (Juniper JunOS Pulse), Cisco AnyConnect, and Android VPN for Knox (StrongSwan).

About the Knox VPN framework

How VPN works

The diagram above highlights three types of apps that use the Knox VPN service:

  • VPN client app: VPN Providers use the Knox SDK to develop a VPN client that deploys VPNs over their VPN infrastructure in the Internet. These apps use the Knox SDK package com.samsung.android.knox.net.vpn.serviceprovider.
  • MDM app: MDM Providers use the Knox SDK to handle VPN setup requests issued by enterprise IT admins through their web-based MDM consoles. These apps use the Knox SDK package com.samsung.android.knox.net.vpn. Instead of calling proprietary APIs from different VPN Providers, MDM apps can access all VPN clients through the same set of interfaces in the Knox VPN framework.
  • Enterprise app: Enterprise IT admins can use MDM consoles to set up multiple VPN profiles with differentiated policies, and select which enterprise apps (browser, email, etc.) use which VPN profiles.

This section focuses on how VPN Providers create VPN clients. The Knox SDK provides a set of proprietary VPN APIs that VPN providers can use to extend and build upon the VPN APIs provided by the Android SDK.

Advanced VPN features

Samsung Knox supports comprehensive IPSec and SSL-based VPN solutions for the most demanding enterprise requirements. Your solution can leverage the followed advanced features, such as:

Connectivity:

  • Full-device VPN
  • Per-app VPN inside and outside the Knox Workspace
  • VPN chaining for multiple levels of encryption

Separation between personal and enterprise:

  • Separate VPNs for traffic inside and outside the Knox Workspace
  • Separate personal and enterprise data usage for split-billing

Flexibility:

  • Support from leading MDM vendors
  • Up to 5 simultaneous VPNs
  • Automatic tunnel re-establishment
  • On-demand VPN connections (lower battery use and server load)
  • Knox-secured key management
  • Traffic-shaping based on app UID/PID

High-security apps:

  • FIPS mode configurable by MDM
  • CAC support for US Government apps

To get started building your VPN client, see Implementation.