by Davina Armstrong-Cruz
Sterling Senior Technical Architect and Master Specialist – Digital Workspace
As we were saying in our recent Pt. 1 of this blog [ https://sterling.com/the-hybrid-workforce-is-here-to-stay-part-1/ ]: The ‘work anywhere’ workforce gained traction with urgency during the pandemic, as people decamped to home or other off-site locations and discovered they needed more flexibility from their smart devices. IT administrators, meanwhile, were facing difficulty in securing access to those devices. To that was added the challenge of supporting a wide variety of apps — legacy, modern, and virtualized applications. This is where an intelligence-driven digital platform like VMware Workspace ONE comes in.
Workspace ONE delivers and manages any app on any device by integrating access control, application management, and unified-endpoint management (UEM). The platform allows IT to deliver a digital workspace that includes the devices and apps of the enterprise’s choice, without sacrificing the security and control that IT professionals require.
One of the key features of Workspace ONE is its consumer-simple app authentication. This provides easy access to all your apps, either through the Workspace ONE Intelligent Hub or through the browser-based catalog. The employee-onboarding process is transformed by enabling self-service access to the apps end-users need. Workspace ONE uses certificates to establish trust, providing a password-less, SSO (single sign-on) experience.
Workspace ONE features Unified Endpoint Management options that support different desktop operating systems, mobile OS’s, smartphones, and much more. It has management support for BYODs [bring-your-own devices], corporate-owned devices, kiosks, etc. And Workspace ONE’s Intelligent Hub makes BYOD super simple for the end user, even providing per-app tunneling.
For the sake of security, access to Workspace One is somewhat curtailed. Conditional access policies are applied on a per-app basis to enforce authentication and to restrict access by network scope, location, and device compliance. A range of advanced device-restrictions and policies must be applied. Real-time visibility is possible with application, device, and console events that provide detailed information for system monitoring and log viewing in the console or export pre-defined reports.
Allow your IT professionals to automate application distribution and updates on the fly. Whether you’re deploying Windows or mobile apps, Workspace ONE can automate the application-delivery process to allow better security and compliance.
- Eliminate the need for laptop imaging with Workspace ONE’s simplified device-management and provisioning. With Dynamic Smart Groups, you can ensure devices always have the necessary configurations, such as Wi-Fi or VPN.
- Automatically install, update, and remove software packages. Create automated workflows for software, apps, files, scripts, and commands to install on laptops.
- Secure your hosted virtual apps and desktops with VMware Horizon. Users can access their Horizon virtual apps and desktops from the Workspace ONE Intelligent Hub app.
Drop Ship Provisioning
With Workspace ONE Drop Ship Provisioning, you can dynamically assign Workspace ONE UEM payloads like profiles and applications. You can also provision your Windows devices with assignments at the manufacturer (OEM) and ship devices directly to your end users.
Basically, Drop Ship Provisioning is an alternative to provisioning devices before shipping to your workplace or to your end users. This provides a more dynamic way to assign and provision because you can add and update what you want provisioned ‘over the air’. Make changes anytime, and the system stores these changes. This means your IT professionals will no longer need to sit down and spend hours or days physically provisioning laptops on PXE BOOT. Drop Ship Provisioning cuts down IT’s laptop-deployment process from days to minutes.
Workspace ONE Architecture
Workspace ONE can be deployed on-premises, in the cloud, and in a hybrid environment. Since the purpose of Workspace ONE is to manage secure application delivery to your end users, it’s critical to connect Workspace ONE to an existing directory infrastructure. Workspace ONE can use Active Directory or other LDAP-based directories for user synchronization, authentication, and application access.
The illustration below shows a simplified Workspace ONE software-as-a-service-SaaS-based architecture:
Workspace ONE components
Workspace ONE access (formerly known as VMware Identity Manager) provides SSO to an application store for SaaS-based Horizon, Citrix, ThinApp, and web applications. It also provides a set of networking and authentication policies to control application access. Workspace ONE Access requires a Workspace ONE Access connector within your internal network.
Workspace ONE UEM (formerly known as AirWatch) provides a comprehensive enterprise-mobility platform that delivers simplified access to enterprise applications, secures corporate data, and allows mobile productivity. It also works with the public application stores to handle the provisioning of native mobile applications to mobile devices. Workspace ONE UEM provides compliance-checking tools to ensure the remote-access devices meet corporate security standards. Workspace ONE UEM requires an Airwatch Cloud Connector within your internal network.
Workspace ONE Intelligence is a cloud-only service, hosted on AWS, designed to simplify user experience without compromising security. It also has a built-in automation engine that can create rules to take automatic action on security issues.
VMware Unified Access Gateway (UAG) is a platform that provides secure edge services and access to defined resources that reside in the internal network. The edge services include a secure email gateway, content gateway, VMWare Tunnel, Web Reverse, identity bridging, and Horizon access.
Workspace ONE has so many components and can do so much to facilitate the modern management of end-user computing. There are several editions of Workspace ONE, and it does also have an offline (on-premises) version. Here at Sterling, our engineers can help your organization navigate the edition and version type of Workspace ONE that will work best for your workforce.