Connection Manager

The Connection Manager provides a gateway through which mobile computing devices on a range of external networks connect securely to resources on your organization's private internal network.

The Mobile Connect administrator determines the types of devices and networks that the Connection Manager supports. A single multi-homed Connection Manager can support connections from multiple networks and device types. You can add support for HTTP access services, mobile access services, and messaging services.

Typically, organizations deploy the Connection Manager within a perimeter network or DMZ that is established between two firewalls, one Internet-facing and one enterprise-facing. From here, the Connection Manager accepts incoming traffic from the Internet or other untrusted networks, authenticates the originator, and routes traffic to the requested internal application server.

You can run multiple Connection Managers on your network and install them on different operating systems. You can remotely administer a Connection Manager that is installed on any operating system from any Gatekeeper. For example, you can administer a Connection Manager that is installed on Windows from a Gatekeeper that is installed on Linux.

After you install the Connection Manager and enable the required network support, you use the Gatekeeper administrative application to define a Connection Manager resource and specify its properties.

The Connection Manager server runs as two processes:

wgattachd: The process that is responsible for starting and monitoring recovery operations on the main driver process. On AIX®, the system resource controller is used to start, manage, and stop the Connection Manager processes.
wgated: The process that is the main driver of the Connection Manager. If the wgated process is stopped or ends unexpectedly, the wgattachd process restarts it.

You can configure the Connection Manager to control how it interacts with other components in your network. The following list provides an overview of some of features that you can use to control how the Connection Manager functions:

Security: There are several ways to enforce the security of your network, your applications, and their data. See Figure 1 and use Table 1 to determine options and review planning and configuration information.

Clustering: The Connection Manager can be configured to be a principal or subordinate node in a cluster. In this manner, the Connection Manager distributes and services communication requests and provides load-balancing efficiency. A cluster manager is automatically installed when you install the Connection Manager. Clustering is supported for VPN connections only. For more information about clusters, see Multiple cluster node support.

Directory server lookup: To take advantage of existing user account databases, the directory server provides the definition of how to contact another directory service server (DSS). For more information about directory servers, see Directory service servers.

Groups: Provides a way to pool resources and assign them collectively, rather than individually. For more information about using groups, see Groups.

Logging: The Connection Manager provides message, account, and trace log facilities. For more information about logging, see Viewing Connection Manager logs.

Network management: The Connection Manager can be configured to send traps to a simple network management protocol (SNMP) management station. For more information about configuring the Connection Manager to send network management traps, see Sending network management traps.