Application Tunneling

Top  Previous  Next


Application tunneling allows 3rd party applications to take advantage of the mSuite infrastructure with benefits that include:


Secure data transmission through the mSuite AES 256 bit encrypted (FIPS140-2 compliant) tunnel.
Connection management services - mSuite will automatically maintain the connection for the application when moving though low service communication areas where loss of signal may occur.  These physical outages are hidden from the connected application.



The 3rd party client software must be configured to connect to 'local host' (on the mobile device) on a specific TCP port.  The TCP traffic will then be tunneled through the mSuite secure channel to the mSuite Connection Manager Server (CMS) which will connect to the relevant 3rd party application server and forward any data over this connection between the client and the server.


mSuite configuration is carried out on both server and client (mobile device) via registry settings.  Client registry settings can be deployed via mSuite application packages to simplify the configuration of the client devices.


3rd party application configuration

Configure the application to talk to local host ( on your chosen port (which must not conflict with any other ports in use on the device).  In the example below, we have chosen to use port 81.


mSuite client configuration

To configure the mSuite client:


1.Add a subkey to the registry at HKCU\\Software\\CommonTime\\ProxyListeners - the name of the subkey doesn't matter, but would normally reflect the name of the application that you are wanting to tunnel.  So, if my application is called Briefcase, I would create a new subkey called Briefcase
2.Now, in the new subkey (in our example, this is HKCU\\Software\\CommonTime\\ProxyListeners\\Briefcase), add the following values:


a)DWORD Port - this is the port that the 3rd party application will connect to.  If you are also wanting to use HTTP tunneling, make sure that this port is not one of the standard web ports (80 and 443).  Remember, the client software must be configured to connect on this port and to the device's local host IP address (
b)STRING Dest - an identifier for the 3rd party application (maximum of 7 characters).  This is a unique identifier that "tags" the data from this application.  When the CMS receives the data, it will look at its own configuration to determine where to forward this traffic to.


mSuite server Configuration

To configure the CMS, go to the machine running mSuite and make the following registry changes:


1.Add a subkey using the same name that you chose for the subkey added to the client to the registry key HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices.  So, if we used Briefcase on the client, we will again name this subkey Briefcase.  (In fact, it doesn't matter what name you use provided you use the same name for the client and the server but using consistent naming will help you remember what it is when you next look at these registry settings).
2.Now add the following registry values to the newly created subkey which, in or example, is HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices\\Briefcase :
a)STRING Dest - an identifier for the 3rd party application (must be less than or equal to 7 characters) - this must be exactly the same value that was entered in item 2b (STRING Dest) when you were configuring the client.
b)STRING Description - A description for the 3rd party application (only used for logging)
c)MULTI_SZ Hosts - a list of host names or IP addresses for the 3rd party application server(s).  There will normally be only one.  Use multiple values if you want the CMS to share connections between different hosts in a 'round robin' fashion.
d)MULTI_SZ Ports - a list of ports, one for each of the entries in the Hosts value above.  These are combined with the entries in Hosts, so if you have 3 hosts configured, you must have 3 ports in this list.  The first will be associated with the first host, the second with the second and so on.

Note: that the port does not have to be the same as the port specified in the client configuration, mSuite  can map the port on the client to a different port on the server.

After adding these registry values, you must restart the CMS




Problem: My organization uses a corporate web proxy to enforce web policy and so there is a requirement that all web traffic is delivered to this proxy.  However I have a mobile data replication service that also uses a web server, and this cannot be accessed through the corporate web proxy.  My mobile application is called Briefcase.


1.Activate HTTP tunneling as described here Configuring HTTP Tunneling.  Now all web traffic will be sent via the HTTP tunnel, so I need to change my Briefcase client application to use the local host IP address ( and a port other than the standard web ports.  In this case, I will change the client to use and to connect to port 81 (instead of port 80).


2.Once I have changed my client application, I now need to configure the client's registry:  


a)Create a new subkey in HKCU\\Software\\CommonTime\\ProxyListeners called Briefcase
b)Create a DWORD in HKCU\\Software\\CommonTime\\ProxyListeners\\Briefcase called Port and set the value to 81 (the port I have chosen to use).
c)Create a STRING in HKCU\\Software\\CommonTime\\ProxyListeners\\Briefcase called Dest and set the value to brfcase (must be 7 characters or less)
3.Soft reset the mobile device
4.Now I need to change the server's registry configuration


a)Create a new subkey in HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices called Briefcase
b)Create a STRING in HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices\\Briefcase called Dest and set the value to brfcase (must be the same as in 2c above)
c)Create a STRING in HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices\\Briefcase called Description and set the value to Mobile Briefcase Application
d)Create a MULTI_SZ in HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices\\Briefcase called Hosts and set the value to the hostname or IP address of the machine running the web service that the client needs to connect to (this can be an V4 IP address or a host name).  Set the value to an address that can be reached from the CMS - this will usually be a private IP address.
e)Create a MULTI_SZ in HKLM\\SOFTWARE\\CommonTime\\ConnectionManager\\3rdPartyServices\Briefcase called Ports and set the value to the 80 (I do not have to make the web server listen on the same port as the client (port 81), mSuite can map the traffic from one port at the client to a different port at the server).
5.Finally restart the Connection Manager Service (CMS) in the mSuite admin console.




Page url: