IPSecVPN MOST DDF File
4/8/2010
This topic shows the Device Description Framework (DDF) file for the IPSecVPN MOST Configuration Service Provider. DDF files and examples in this topic are used only for OMA DM provisioning. For more information, see OMA Device Management.
IPsecVPN</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Root of the tree with the parameters, policies and settings that define the behavior of the Mobile VPN connection to corporate network using an IPsec VPN.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFTitle>IPsec VPN root node for Mobile VPN access</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
<MSFT:AccessRole>8</MSFT:AccessRole>
<MSFT:RWAccess>1</MSFT:RWAccess>
</DFProperties>
<Node>
<NodeName>MOST</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The MOST feature allows MO defined traffic outside of IPSecVPN tunnel. Examples are MMS, IMS and FOTA. VPN will allow through MOST traffic based on MOST filter URLs matches. MOST URL rules are defined in Connection Manager to direct traffic to correct MetaNetwork or APN. Please see CM_Mappings DDF for more details.
CM_Mappings -> CM_Network -> GPRSEntries (APN)
CM_Mappings -> GPRSEntries (APN)
VPN is monitoring traffic after traffic sent to GPRSEntries (APN). MOST filter URLs will enable VPN to let the traffic go and not drop the traffic.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFTitle>Mobile Operator Service Traffic (MOST)</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
<MSFT:AccessRole>4</MSFT:AccessRole>
<MSFT:RWAccess>3</MSFT:RWAccess>
</DFProperties>
<Node>
<NodeName>Service[#]</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
<Delete />
<Replace />
</AccessType>
<Description>A node containing list of resources for each mobile operator service allowed under MOST while Mobile VPN is active. Sub nodes will contain filter rule resources (URLs) that map to specific MO traffic. This node is really for organization of sets of filter rules (URLs). It will allow MO to logically group sections of filter rules (URLs) and update individual sections. The filter rules define which type of traffic VPN will let go outside of VPN IPSec tunnel.
You can have multiple Services nodes by defining the following, where [#] represents a number between 1 and 100. For example, Service1, Service2..., Service100 etc.
The filter rules (URLs) are a set of shorten URLs. It allows for domain name (www.contoso.com) or IP address (10.10.10.1) only. Protocol, port number, path and filename are NOT allowed.
See URL description in the DDF for more information.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrMore />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>MOST Service</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
<MSFT:AccessRole>4</MSFT:AccessRole>
<MSFT:RWAccess>3</MSFT:RWAccess>
</DFProperties>
<Node>
<NodeName>URL[#]</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
<Delete />
<Replace />
</AccessType>
<Description>Represents a filter rule (URL) for a single MO service that Mobile VPN will allow outside of its tunnel. It can be the hostname or IP address associated with the corresponding MO service. The parent node, Service, can contain a number of these filter rules (URLs), where [#] represents a number between 0 and 100. The total number of all URLs in ALL Services must not exceed 100.
For example, Service1 -> URL1, URL2... URL50. Service2 -> URL1, URL2... URL30. Service3 -> URL1, URL2... URL20.
Each filter rule (URL) is in the following format: DomainORIPAddress. For example, contoso.com. or mms.contoso.com or 10.10.10.1.
Not allowed are port number, path and filename. Example of URL that is not allowed: https://contoso:8080/users/authentication.aspx.
This is not needed in a filter. Each MO application will know the location.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<ZeroOrMore />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>A URL for MOST Service</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:AccessRole>4</MSFT:AccessRole>
<MSFT:RWAccess>3</MSFT:RWAccess>
</DFProperties>
</Node>
</Node>
</Node>
</Node>
</MgmtTree>