Overview

Protecting and auditing enterprise network traffic is a challenge for all organizations, and one that can directly affect any company’s bottom line. Creating a solution to this challenge can be difficult without extensive coordination between IT departments and Mobile Device Management (MDM) vendors.

The Knox SDKs simplify the process of creating a solution by providing the means to build tools such as Virtual Private Network (VPN) clients, split-billing clients, and bandwidth optimizers. Using Knox SDKs ensures that your software can be deployed quickly on a fleet of enterprise-ready Knox devices. Broad MDM support of Samsung’s Knox interfaces reduces the risk of compatibility issues, which means that your software can be quickly adopted and managed across multiple devices.

Many services can use the Knox VPN Service SDK, but it's most commonly used to build VPN client solutions. Virtual Private Networks are a common tool used by today's mobile workforce. Any organization with remote workers who need to transmit sensitive data over the Internet can use VPNs to secure their communications using protocols such as IPSec and SSL.

Some examples of VPN services that were built using the Knox VPN Service SDK include: F5 Edge, Pulse Secure (Juniper JunOS Pulse), Cisco AnyConnect, and Android VPN for Knox (StrongSwan). You can use the Knox VPN Service SDK to build your own VPN service or adapt an existing VPN service to run over our industry-leading secure Knox platform.

Requirements

  • SEAP Partner account: If you are not yet a partner, click the button below to enroll as a partner.
  • Samsung Approval: If you are already a partner, click the button below to contact our team about SDK access.

How it works

The diagram above highlights three types of apps that the Knox VPN framework supports:

  • VPN client apps — You can use the Knox VPN Service SDK to develop a VPN client or other networking solution that provides a VPN to users. You can distribute your software privately to enterprises or publicly through an app store like Google Play or this SEAP website. Enterprise IT admins can then install and manage your software on their corporate devices.
  • MDM apps — You can use an MDM app to push a VPN configuration to a user. You can work with MDM vendors to have them support your solution in their product, or you can use the Knox Standard and/or Knox Premium SDKs to create your own MDM software to control mobile device management policies. For example, you can use the Knox SDKs to configure your VPN client to control which apps use its VPN tunnels when transmitting data.
  • Enterprise apps — You can create apps that always use a VPN connection to transmit data between the device and the enterprise. Having the app request a VPN tunnel ensures that all data is encrypted and transmitted via a secure connection.

The Knox VPN Service SDK provides the IknoxVpnService.aidl file, which defines a set of interfaces that you can implement to support communication between VPN client apps and the Knox VPN Framework. For example, you must implement the appropriate interfaces from the AIDL file to add the ability to configure a VPN client by an MDM.

Samsung Knox supports comprehensive IPSec and SSL-based VPN solutions for the most demanding enterprise requirements. Your solution can leverage the followed advanced features provided by our SDK:

Connectivity

  • Full-device VPN
  • Per-app VPN inside and outside the Knox container
  • VPN chaining for multiple levels of encryption

Separation between personal and enterprise

  • Separate VPNs for traffic inside and outside the Knox container
  • Separate personal and enterprise data usage for split-billing

Flexibility

  • Support from leading MDM vendors
  • Up to 5 simultaneous VPNs
  • Automatic tunnel re-establishment
  • On-demand VPN connections (lower battery use and server load)
  • Knox-secured key management
  • Traffic-shaping based on app UID/PID

High-security apps

  • FIPS mode configurable by MDM
  • CAC support for US Government apps

Broad industry support

  • Cisco, Juniper, F5, Android (StrongSwan)
  • MobileIron, AirWatch, and many more MDMs

Next steps ...

  • Request the SDK, which includes the AIDL interface definition, Java JAR library, and Java API Reference.
  • Browse the API Reference. This describes all the available Java API methods, grouped by package and class.
  • Read the Developer Guide. This describes the Knox VPN framework and how to use the AIDL and Java API methods to handle VPN setup requests.
  • The Knox VPN Service SDK does not require any licensing, but if you use management features in the Knox Standard or Knox Premium SDKs, you need to get the licenses required for those SDKs.

Later, when you start coding and have questions, check the FAQs and Developer Forum for support.