Performing logical segmentation based on remote device attributes

The invention claimed is: 1. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for: receiving a first data message sent by a first remote device through a first tunnel that connects the mobile-device to the network; identifying a first set of remote device management (RDM) attributes associated with the first data message, wherein the mobile-device supplies at least a subset of the first remote device management (RDM) attribute set in a header of the first tunnel; based on the first RDM attribute set, associating the first data message with a first logical network; and forwarding the first data message to a destination within the network along a second tunnel, and inserting a first logical network identifier (LNI) for the first logical network in a header of the second tunnel. 2. The non-transitory machine readable medium of claim 1 , wherein the LNI is a logical layer 2 network identifier. 3. The non-transitory machine readable medium of claim 1 , wherein the LNI is a VXLAN network identifier. 4. The non-transitory machine readable medium of claim 1 , wherein the LNI is a logical layer 3 network identifier. 5. The non-transitory machine readable medium of claim 1 , wherein the first data message is part of a first data message flow, the program further comprising sets of instructions for: receiving a second data message from the first remote device, said second data message part of a second data message flow from the first remote device; identifying a second RDM attribute associated with the received second data message; based on the second RDM attribute set, associating the second data message with a second logical network of the first tenant; and forwarding the data message to the message's destination within the network along a second tunnel, and inserting a second LNI for the second logical network in a header of the second tunnel. 6. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for: receiving a first data message sent by a first remote device through a first tunnel that connects the mobile-device to the network; identifying a first set of remote device management (RDM) attributes associated with the first data message, said identifying comprising receiving at least a subset of the first RDM attribute set from an RDM server that is used to authenticate a request from the remote device to establish a VPN session through the first tunnel; based on the first RDM attribute set, associating the first data message with a first logical network; and forwarding the first data message to a destination within the network along a second tunnel, and inserting a first logical network identifier (LNI) for the first logical network in a header of the ssecond tunnel. 7. The non-transitory machine readable medium of claim 6 , wherein the set of instructions for identifying the RDM attribute set further comprises a set of instructions for retrieving from a header of the first tunnel another subset of the RDM attribute set that is supplied by the remote device. 8. The non-transitory machine readable medium of claim 6 , wherein the set of instructions for receiving the RDM attribute subset comprises a set of instructions for receiving the RDM attribute subset as part of an authentication approval from the RDM server. 9. The non-transitory machine readable medium of claim 6 , wherein the program further comprises a set of instructions for receiving an authentication approval from the RDM server, wherein the set of instructions for receiving the RDM attribute subset comprises a set of instructions for receiving the RDM attribute subset in a communication from the RDM server that is separate from the authentication approval. 10. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for: receiving a first data message sent by a first remote device; identifying a first set of remote device management (RDM) attributes associated with the first data message; based on the first RDM attribute set, associating the first data message with a first logical network, said associating comprising using the identified first RDM attribute set to identify a first logical segmentation (LS) rule that identifies a first logical network identifier (LNI) for data messages associated with the identified first RDM set, the first LS rule stored in a rule storage that stores a plurality of logical segmentation rules, and at least two logical segmentation rules specifying two different LNIs for two different RDM attribute sets; and forwarding the first data message to a destination within the network along a first tunnel, and inserting a second logical network identifier (LNI) for the first logical network in a header of the first tunnel. 11. The non-transitory machine readable medium of claim 10 , wherein the LNI is a logical layer 2 network identifier, a VXLAN network identifier, or a logical layer 3 network identifier. 12. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network within a multi-tenant datacenter, the program comprising sets of instructions for: receiving a first data message sent by a first remote device that is associated with a first tenant; receiving a second data message sent by a second remote device that is associated with the first tenant; identifying a first RDM (remote device management) attribute set and a second RDM attribute set associated with the received first and second data messages, respectively; based on the first RDM attribute set, associating the first data message with a first logical network of the first tenant, and based on the second RDM attribute set, associating the second data message with a second logical network of the first tenant; and forwarding (i) the first data message to a destination within the network along a first tunnel and inserting a first logical network identifier (LNI) for the first logical network in a header of the first tunnel and (ii) the second data message to a destination within the network along a second tunnel; and inserting a second LNI for the second logical network in a header of the second tunnel. 13. The non-transitory machine readable medium of claim 12 , wherein the first logical network is for a first set of users of the first tenant, and the second logical network is for a second set of users of the first tenant. 14. The non-transitory machine readable medium of claim 12 , wherein the first logical network is for a first set of devices of the first tenant, and the second logical network is for a second set of devices of the first tenant. 15. The non-transitory machine readable medium of claim 12 , wherein the first and second tunnels are the same tunnel. 16. The non-transitory machine readable medium of claim 12 , wherein the first and second tunnels are different tunnels. 17. The non-transitory machine readable medium of claim 12 , wherein the first or second LNI is a logical layer 2 network identifier, a VXLAN network identifier, or a logical layer 3 network identifier. 18. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network within a multi-tenant datacenter, the program comprising sets of instructions for: receiving a first data me