Lesson 12 - Integrating AirWatch with your corporate resources



  • Installing the ACC
  • Installing the MAG


Installing the ACC



 Watch the Video!

AirWatch’s Cloud Connector (ACC) allows organizations to securely integrate with back end enterprise systems from either the AirWatch SaaS environment or a remote network zone (e.g. DMZ). This allows an organization to leverage the benefits of using SaaS while seamlessly integrating with existing Email, LDAP, CA, and other systems.


ACC supports integration with the following internal components

    • SMTP (Email Relay)
    • Directory Services (LDAP / AD)
    • Microsoft Certificate Services (PKI)
    • Simple Certificate Enrollment Protocol (SCEP PKI)
    • Email Management Exchange 2010 (PowerShell)
    • BlackBerry Enterprise Server (BES)
    • Third-party Certificate Services (On-premise only)
    • Lotus Domino Web Service (HTTPS)
    • Syslog (Event log data)



ACC is a windows service that can be installed on a physical or virtual server running Windows 2008 R2 or higher. It operates from within your internal network and can be configured behind any existing Web Application Firewalls (WAF) or load balancers. By initiating a secure HTTPS connection from ACC to the AirWatch Cloud Messaging Service (AWCM), ACC can periodically transmit information from your internal resources such as AD, LDAP, etc. to the AirWatch Admin Console without any firewall changes. The ACC is also supported as part of an on-premise production deployment. If you plan on proxying ACC traffic through an outbound proxy then there are settings in ACC that will allow for proxying.


ACC supports the following characteristics 

  • Using HTTPS transport
  • Supporting HTTP traffic through an outbound proxy

The ACC installer can be found by navigating to  Groups & Settings > All Settings > System > Enterprise Integration > Cloud Connector.


Additional documentation regarding installation and configuration for the ACC can be found here. 


Installing the MAG



 Watch the Video!

In addition to the ACC, AirWatch also provides a secure and effective method for individual applications to access corporate resources via the AirWatch Mobile Access Gateway (MAG). When your employees access internal content from their mobile devices, the MAG acts as a secure relay between the device and enterprise system. The MAG is able to authenticate and encrypt traffic from individual applications on compliant devices to the back-end system they are trying to reach.


Use the MAG to access:

  • Internal document repositories and content using the AirWatch Secure Content Locker (SCL).
  • Internal websites and web applications using the AirWatch Secure Browser
  • Internal resources via internal and public applications using AirWatch Tunnel with Per-App VPN on iOS7 and above



Additionally, your employees can use the MAG to access any other enterprise system from your business applications using AirWatch App Tunneling technology. Whereas, common methods of remote enterprise access including SSL-VPNs introduce the potential for sensitive data to be collected and distributed from mobile devices rendering your network susceptible to data loss and/or malicious attack because mobile devices gain complete access, AirWatch App Tunneling allows only select applications to authenticate and securely communicate with back-end resources. This is especially beneficial if your employees use their personal devices to access corporate resources because access to personal content and business applications is completely separate.

From an administrator perspective, MAG usage is beneficial because mobile access information is available for viewing directly from the AirWatch Admin Console. This allows admins to better identify security risks as well as manage any exceptions if applicable. And, because the MAG operates as a central managed entry point for device connectivity to corporate content and data, access can automatically be controlled by device, app, and user based on corporate policy.


MAG supports the following configurations

  • Sitting behind a network load balancer for high availability deployments

  • Supporting SSL offloading

  • Using HTTP or HTTPS transport

  • Supporting HTTP authentication of traffic from a network reverse proxy or Web Application Firewall (WAF)

  • Acting as a relay (MAGR) node to secure traffic through multiple network zones


The MAG installer can be found by navigating to  Groups & Settings > All Settings > System > Enterprise Integration > Mobile Access Gateway.

  • Windows Installer: download this onto a Windows Server if you want to configure Content, Internal Browsing and App Wrapping to use the MAG
  • Linux Installer: download this onto a Linux Server if you want to use the AirWatch Per-App VPN application on iOS7 or above devices 






Have more questions? Submit a request


Article is closed for comments.