Gateway Servers in Acronis Access 5.1 or newer support authentication using Kerberos Constrained Delegation.
This can be used in scenarios using Kerberos Constrained Delegation to authenticate Acronis Access iOS clients through a reverse proxy using client certificates (e.g. TMG). In this scenario you will need to install a user certificate in the Access Mobile Client app. This certificate needs to be bound to Active Directory.
Another scenario is to authenticate mobile devices with client certificates using MobileIron AppTunnel. In this scenario you must have Acronis Access and Mobile@Work installed on your device and a MobileIron Sentry setup on a server. The Sentry is a standalone component which provides access control and tunneling. It provides the secure infrastructure that AppTunnel uses for app data. You don't have to install a client certificate in the Acronis Access app, as the MobileIron AppTunnel will take care of that.
Note: Please visit the Using AppConnect with Kerberos Constrained Delegationsection for more information on configuring MobileIron and Acronis Access with Kerberos Constrained Delegation.
The Apache Tomcat used by the Acronis Access Server does not support either Kerberos or client certificate authentication. In order to use any of these authentication methods, you must have a Gateway server installed on the same machine as the Acronis Access Server and the mobile clients must enroll using the Gateway Server's address. When a user enrolls with the Gateway Server instead of the Access Server, all authentication is done by the Gateway Server, thus allowing the use of Kerberos Constrained Delegation and client certificates. All management features are still enforced by the Acronis Access Server but the authentication is done by the Gateway Server.
Note: When using this method, if the Gateway Server service crashes or is disabled, clients enrolled with it will not be able to connect to the management server even though the Acronis Access Server is still running.
Note: When using this form of authentication, mobile clients cannot access Sync&Share Data Sources.