Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Disclosed are various examples for dynamically generating and implementing scenario profiles for a network of devices, including IoT devices. A managed device can receive a dynamically generated scenario profile that defines tasks to be performed by the device for a given scenario. The device can also receive a scenario message that is broadcasted to all managed devices in a network and identifies an occurrence of a given scenario. If the device determines that the device is an intended recipient of the scenario message, the device can identify the scenario profile associated with the given scenario and perform the tasks defined by the scenario profile. The scenario profile can be modified and/or updated based on event data associated with the device.

Abstract: Systems herein allow a student to share media with other students in a classroom with the permission of a teacher. The student can send a sharing request to a management server with a sender student device. The management server can identify a teacher device and send the sharing request to the teacher device for approval. When the request is granted, the student device can supply an address local to the sender device, from which the media will stream. The management server can send the address and an authentication token to other recipient student devices. The management server can further lock the recipient student devices into the sharing location to ensure that each student device will stream the media. At the request of the teacher device or the sender student device, the streaming can end.

Abstract: Disclosed are various examples for dynamically generating and implementing scenario profiles for a network of devices, including IoT devices. A managed device can receive a dynamically generated scenario profile that defines tasks to be performed by the device for a given scenario. The device can also receive a scenario message that is broadcasted to all managed devices in a network and identifies an occurrence of a given scenario. If the device determines that the device is an intended recipient of the scenario message, the device can identify the scenario profile associated with the given scenario and perform the tasks defined by the scenario profile. The scenario profile can be modified and/or updated based on event data associated with the device.

Abstract: Disclosed are various examples for establishing encrypted channels or tunnels within a TCP or other communication session between a tunnel endpoint and tunnel client on a client device. A tunnel endpoint on the client device can determine an encryption key based upon whether a client device is in compliance with encryption policies of the enterprise.

Abstract: Disclosed are various examples for dynamically generating and implementing scenario profiles for a network of devices, including IoT devices. A managed device can receive a dynamically generated scenario profile that defines tasks to be performed by the device for a given scenario. The device can also receive a scenario message that is broadcasted to all managed devices in a network and identifies an occurrence of a given scenario. If the device determines that the device is an intended recipient of the scenario message, the device can identify the scenario profile associated with the given scenario and perform the tasks defined by the scenario profile. The scenario profile can be modified and/or updated based on event data associated with the device.

Abstract: Systems herein allow a student to share media with other students in a classroom with the permission of a teacher. The student can send a sharing request to a management server with a sender student device. The management server can identify a teacher device and send the sharing request to the teacher device for approval. When the request is granted, the student device can supply an address local to the sender device, from which the media will stream. The management server can send the address and an authentication token to other recipient student devices. The management server can further lock the recipient student devices into the sharing location to ensure that each student device will stream the media. At the request of the teacher device or the sender student device, the streaming can end.

Abstract: Disclosed are various examples for establishing encrypted channels or tunnels within a TCP or other communication session between a tunnel endpoint and tunnel client on a client device. A tunnel client on the client device can determine an encryption level based upon a bundle identifier of the application originating the network traffic, the destination of the network traffic, the category of the application, or other factors.

Abstract: Disclosed are various examples for prioritizing application traffic through network tunnels between a client device and a tunnel endpoint. Network traffic is received from each of a plurality of applications executed by the client device. It is determined that the network traffic of a first application of the plurality of applications is associated with a lower priority than the network traffic of a second application of the plurality of applications. A bandwidth allocation to the network traffic of the first application is limited in the encrypted tunnel as compared to a bandwidth allocation to the network traffic of the second application in the encrypted tunnel according to the lower priority. The network traffic of each of the plurality of applications is forwarded through the encrypted tunnel to the tunnel endpoint.

Abstract: Examples relate to the configuration of network connections for computing devices. In some examples, a computing device determines that a network is inaccessible through a first network connection provided by a network access node. The computing device determines that the network is accessible through a first computing device that provides a second connection to the network. The computing device generates gateway configuration data for a second computing device based on an address for the first computing device. The computing device transmits the gateway configuration data to the second computing device to cause the second computing device to use the first computing device as a gateway.

Abstract: Systems herein allow a user to load a virtual work environment on a terminal, such workstation, based on authentication mechanisms built into a user device, such as a cell phone. The user device authenticate with a management server using an SAML token. The management server can track which virtual machines and configurations make up the user's work environment, and can send that information to the user device for loading the virtual machines. When the user wishes to load the virtual machines at a terminal, the user device can send the SAML token to the terminal for use in authenticating with the management server. The management server can then provide the configurations for the virtual machines that the user selects to load at the terminal.

Abstract: Disclosed are various approaches for providing on-demand virtual private network (VPN) connectivity on a per-application basis. An application is determined to have begun execution on a computing device. The application is identified. A determination that the application is authorized to access a VPN connection is made, and the VPN connection is created.

Abstract: Examples described herein include systems and methods for creating a per-app virtual private network (“VPN”) using hooking, even though an isolated process is used for networking functions. The isolated process can include networking functions of the WebView class for ANDROID. The application can start an HTTP proxy server to receive local HTTP requests. Then, the application can trigger a broadcast to the isolated process, causing the isolated process to route its HTTP requests to the HTTP proxy of the application. The application can then hook HTTP requests and send them to a virtual private network (“VPN”) tunnel server. This can allow an application to securely connect to enterprise files or data even though the networking functions occur in the isolated process.

Abstract: Disclosed are various approaches for providing on-demand virtual private network (VPN) connectivity on a per-application basis. First, an application is determined to have begun execution on a computing device. The application is then identified. A determination that the application is authorized to access a VPN connection is made. Subsequently, the VPN connection is initiated.

Abstract: Disclosed are various examples for establishing encrypted channels or tunnels within a TCP or other communication session between a tunnel endpoint and tunnel client, on a client device. A tunnel endpoint on the client device can determine an encryption key based upon whether a client device is in compliance with encryption policies of the enterprise.

Abstract: Systems herein allow a student to share media with other students in a classroom with the permission of a teacher. The student can send a sharing request to a management server with a sender student device. the management server can identify a teacher device and send the sharing request to the teacher device for approval. When the request is granted, the student device can supply an address local to the sender device, from which the media will stream. The management server can send the address and an authentication token to other recipient student devices. The management server can further lock the recipient student devices into the sharing location to ensure that each student device will stream the media. At the request of the teacher device or the sender student device, the streaming can end.

Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.

Abstract: Systems herein allow a user to load a virtual work environment on a terminal, such workstation, based on authentication mechanisms built into a user device, such as a cell phone. The user device authenticate with a management server using an SAML token. The management server can track which virtual machines and configurations make up the user's work environment, and can send that information to the user device for loading the virtual machines. When the user wishes to load the virtual machines at a terminal, the user device can send the SAML token to the terminal for use in authenticating with the management server. The management server can then provide the configurations for the virtual machines that the user selects to load at the terminal.

Abstract: Systems herein allow a student to share media with other students in a classroom with the permission of a teacher. The student can send a sharing request to a management server with a sender student device. The management server can identify a teacher device and send the sharing request to the teacher device for approval. When the request is granted, the student device can supply an address local to the sender device, from which the media will stream. The management server can send the address and an authentication token to other recipient student devices. The management server can further lock the recipient student devices into the sharing location to ensure that each student device will stream the media. At the request of the teacher device or the sender student device, the streaming can end.

Abstract: Systems herein allow a user to load a virtual work environment on a terminal, such as a workstation, based on authentication mechanisms built into a user device, such as a cell phone. The user device can authenticate with a management server using an SAML token. The management server can track which virtual machines and configurations make up the user's work environment, and can send that information to the user device for loading the virtual machines. When the user wishes to load the virtual machines at a terminal, the user device can send the SAML token to the terminal for use in authenticating with the management server. The management server can then provide the configurations for the virtual machines that the user selects to load at the terminal.