How to enforce that all traffic from iOS app goes through VPN? [duplicate]

As one of the business feature the upcoming iOS 7, Apple has announced the ability to configure VPN on application basis. However, details about this feature are hard to find on the web. I am wondering, if this configuration will be something that can be done on the Device itself, or if it has to be something that has to be set up by an IT administrator in the network?


Here's how I understand it. Mobile apps that run on iOS 7 can indeed be set up to (either manually or automatically) connect via VPN, but the devices have to be managed with OS X 10.9 as the backend VPN server and MDM. This is intended to separate the corporate connection (which may be carrying sensitive data) from the personal one.

Functionally, a payload (XML file) will be pushed to the iOS device. The VPN payload is designated by specifying com.apple.vpn.managed as the PayloadType value. The VPN payload contains VPN connection information, but relevant to VPN-By-App, the OnDemandMatchAppEnabled key is enabled:

If true, the Per-App VPN connection starts automatically when apps linked to this Per-App VPN service initiate network communication.

Additionally, there is a VPNUUID key:

A globally-unique identifier for this VPN configuration. This identifier is used to configure apps so that they use the Per-App VPN service for all of their network communication.

And a SafariDomains key:

This array contains strings, each of which is a domain that should trigger this VPN connection in Safari.

So, the short answer to your question is Yes.