Gateway Servers in Acronis Access 5.1 or newer support authentication using Kerberos Constrained Delegation.
This can be used in scenarios using Kerberos Constrained Delegation to authenticate mobilEcho iOS clients through a reverse proxy using client certificates (e.g. TMG). In this scenario you will need to install a user certificate in the mobilEcho client app. This certificate needs to be bound to Active Directory.
Another scenario is to authenticate mobile devices with client certificates using MobileIron AppTunnel. In this scenario you must have mobilEcho and MobileIron@Work installed on your device and a MobileIron Sentry setup on a server. You don't have to install a client certificate in the mobilEcho app, as the MobileIron AppTunnel will take care of that.
In order to use any of these scenarios, you must have a Gateway server installed on the same machine as the Acronis Access Server and the mobile clients must enroll using the Gateway Server's address.
Note: When using this method, if the Gateway Server service crashes or is disabled, clients enrolled with it will not be able to connect to the management server even though the Acronis Access Server is still running.
Note: When using this form of authentication, mobile clients cannot access activEcho shares.