enterprise mobility

XenMobile 10.6/7 How To Configure a Custom Per-AppVPN XML for WIP-protected Win10 Endpoints

With the current variety of Windows 10 endpoints, such as laptops, hybrids, tablets, and smartphones, you see organizations moving to Unified Endpoint Management (UEM) solutions to provide endpoint security to different types of devices that are not managed by traditional …


Related Stories

Continue reading..

Leap Toward Unified Endpoint Management with XenMobile 10.7

It’s official. UEM has passed EMM as a common way of describing device management with the delivery of secure apps and data to endpoint devices. I’ve got proof.


Above is a Google Trends report comparing searches on UEM (in red) …


Related Stories

Continue reading..

Using Too Many Secure Remote Access Solutions? Is Now the Time to Consolidate?

Moving to the Cloud is important, but should you overlook what is happening in your data center? If you have network sprawl, you need to consolidate.

Moving user identity to the cloud is of concern for a lot of customers.


Related Stories

Continue reading..

6 Criteria That Help You Separate the EMM “Sheep” from “Goats”

Sheep Versus Goats

My high school German teacher had a saying: &#rsquo;Midterm exams separate the sheep from the goats.&#rdquo; From a sheep-herder&#rsquo;s perspective, sheep are superior. I grew up in cattle country with little regard for the neighboring county&#rsquo;s sheep-herder population, but I still held onto the idea. Someday, I would understand its meaning. When I accepted a position to evaluate enterprise mobility management (EMM) products, I was reminded of Herr Samson&#rsquo;s words, and I wondered:

&#rsquo;How does one separate the EMM sheep from the goats?&#rdquo;

With the myriad of EMM solutions on the market today, it&#rsquo;s difficult to know how to recognize the leader in the flock. For the seventh consecutive year, the Gartner Magic Quadrant for EMM gave a nod to VMware Workspace ONE, the integrated platform powered by AirWatch unified endpoint management (UEM) technology. That&#rsquo;s all well and good, but how do I know the solution has everything my organization needs?

I asked the smartest technical people I could find in Canada, California, Georgia and Texas.

Together, we came up with a list of the top six EMM buying criteria for enabling a totally mobile workforce, with our own workforce being a great testing ground:

  1. Does the solution support all our use cases?
  2. Can it scale with our organization?
  3. Do I need a PhD to use it?
  4. Will it support our existing application vendors and future security providers?
  5. Does it include Windows 10 management capabilities?
  6. Will it help us troubleshoot issues with our devices?

See It for Yourself

We liked the idea so much, one of the engineers, Stan Hunter, created a demo video showcase Workspace ONE&#rsquo;s unique capabilities in addressing these criteria and why we like to use it so much ourselves.

Summary of Our Findings: 6 Selection Criteria for Enabling a Totally Mobile Workforce

1. Does the solution support our use cases?

Yep. Workspace ONE the most complete endpoint management solution on the market. No matter the use case, the vertical industry or the region of the world, Workspace ONE has the capabilities to meet your specific needs. Stan&#rsquo;s demo video shows a quick example of Workspace ONE accessing any app from any device by launching a native app from an iPad without requiring any added configuration.

Over the last 11 years, Workspace ONE grew to meet the needs of thousands of customers in all verticals and regions of the world. Customers often say, &#rsquo;you can grow into AirWatch (and Workspace ONE), but you can&#rsquo;t grow out of it.”

2. Can it scale with our organization?

Yep. Scaling means more than just adding compute power. It also means including the management chops to enable a large enterprise deployment. Workspace ONE has several layers of &#rsquo;multi-tenancy&#rdquo; for ease in separating disparate groups.

At its core, Workspace ONE offers a multi-tenant architecture by using organization groups. These groups can separate customers within a single instance or can separate business units or geographical regions within a single customer&#rsquo;s tenant. In addition to organization groups, Workspace ONE has smart groups.

Smart groups live inside an organization group and provide an additional layer of separation between devices and users. This allows administrators to easily apply profiles and applications to specific groups of users or devices—at scale and with ease.

3. Do I need a PhD to use it?

Nope. Workspace ONE&#rsquo;s administration console is an easy-to-use tool that provides admins with a best-in-class console to easily access its superior features and functions. The admin console also supports role-based administration, which provides the ability to restrict access for certain administrators or groups. Seeing is believing.

In his demo, Stan shows the powerful and easy-to-use Workspace ONE admin console. Industry curated templates make it easy for admins to rollout out industry-standard policies and apps to their users with a simple mouse click, among other time-saving capabilities.

4. Will it support our existing application vendors and future security providers?

Yep. Workspace ONE provides application security by integrating with application vendors and identity solutions to ensure users are properly authenticated in a quick and easy manner. Workspace ONE also provides conditional access to applications based on device posture.

Workspace ONE provides second-to-none integrations with third-party certificate authorities using both SCEP and direct API integrations. These integrations allow customers to distribute certificates to all device types and can be used in many authentication scenarios, such as Wi-Fi, VPN and email. Existing and future security vendor support is enabled with our open ecosystem and easy API access.

4. Does it include Windows 10 management capabilities?

Yep. VMware partnered with Microsoft to provide the most complete Windows 10 endpoint management solution on the market. Workspace ONE manages not only typical mobile device management (MDM) features, but also application deployment and Windows updates. It combines the management features of MDM with those of PC Lifecycle Management (PCLM) solutions to provide customers with a complete Windows 10 management solution.

5. Will it help us troubleshoot issues with our devices?

Yep. Workspace ONE provides administrators the ability to quickly and easily troubleshoot an individual device or groups of devices. Admins can add and remove device profiles and applications directly from a device without requiring the user to un-enroll and re-enroll the device. In addition, the console provides individual device events and targeted logging for enhanced troubleshooting.

Admins can also create custom reports about device status, application installation status, all from a single console.

There Is More

VMware partners with best-of-breed solutions to provide a complete security solution for mobile devices. Workspace ONE supports the VMware Mobile Security Alliance (MSA), the AppConfig Community and has a complete set of APIs.

Custom configuration of applications on devices has typically required a custom SDK or application wrapping—a process that requires application developers to create multiple versions of their application to support different EMM vendors. VMware created AppConfig to be a standard interface that takes advantage of features that are native to iOS and Android, making it easier for developers to create transportable apps.

Guess Who?

Stay tuned later this month for a detailed comparison report that shows which vendors we used for comparison in this exercise. Feel free to &#rsquo;guess who&#rdquo; in the comment section below, and sign up for our EUC Blog newsletter to get the alert when it is live.

Sheep It Is

After this evaluation, I could see the wisdom in Herr Samson&#rsquo;s philosophy. Like midterm exams, there are winners and losers.

Workspace ONE aced this group&#rsquo;s midterm test and easily made it into the sheep category above the rest. The team of experts who worked on this evaluation include: Stan Hunter, Leon Letto, Roger Deane, Josue Negron, Prab Kalra and Camilo Lotero.


No sheep or goats were injured in the writing of this article and no biases are held by the author. Both species offer advantages. In doing research for this article, I learned Herr Samson&#rsquo;s reference comes from the Bible and feel compelled to add that this article has no religious affiliation

Hear first hand how leading companies empower the digital workspace for transformation during VMworld. Register for the EUC Showcase keynote to hear their stories, dive into brand new innovations and much more. Seats are going fast, so register today!

The post 6 Criteria That Help You Separate the EMM &#rsquo;Sheep&#rdquo; from &#rsquo;Goats&#rdquo; appeared first on VMware End-User Computing Blog.

Read more..

Kiss Unwanted Emails Goodbye with XenMobile 10.6.15 Swiping Gestures

XenMobile client release 10.6.15 is now available. XenMobile 10.6.15 is a public app store release which includes updated versions of Secure Hub, Secure Mail and Secure Web.

I’ve been with Citrix for more than 3 ½ years (and yes, I …


Related Stories

Continue reading..

XenMobile 10.6 provides a comprehensive update to XenMobile solutions

To help our customers further embrace the future of work, XenMobile 10.6 includes new features that deliver a virtual smartcard experience, enhanced security and calendar capabilities.

New updated versions of Secure Hub and Secure Mail for both public app store …


Related Stories

Continue reading..

Know More, Grow More: VMware Mobility Accreditation

The newly released Gartner Magic Quadrant forEnterprise Mobility Management 2017 once again names VMware as the leader with the highest rating on both ability to execute and completeness of vision.

The Enterprise Mobility Management (EMM) landscape has changed considerably over the past seven years. Continued innovation in the space by a market leader is a benefit to partners who will be well prepared to lead their customers on their digital transformation journey.

A great way for partners to participate in the upcoming Mobility, Windows 10 and IoT opportunity is to have a highly competent staff. A good place for Partner Sales Engineers to start is to achieve the VMware Mobility Management Pre-Sales Accreditation.

Penton Media recently sat down with VMware Global Performance Consultant Kevin Groat to hear more about Mobility enablement and how VMware is helping partners position themselves to obtain their share of the Mobility market. Listen to the interview as Kevin expands on:

  • How partners can become well-versed in Mobility and ways VMware can help
  • Why partners should earn the VTSP Mobility 2017 accreditation
  • Benefits of achieving accreditations for your organization

For 2017, the VMware Mobility Management Pre-Sales Accreditation is now streamlined into three courses as follows:

  • VMware AirWatch Solution Overview
  • VMware AirWatch Fundamentals
  • VMware AirWatch: Validate and Prove (using TestDrive)

Knowing more and growing more is easier than ever. Get started earning your VMware Mobility Accreditation today.


The post Know More, Grow More: VMware Mobility Accreditation appeared first on Power of Partnership.

Read more..

XenMobile Makes Transitioning to the Cloud a No-Brainer for Enterprise Mobility

If you’re at HPE Discover in Las Vegas this week, stop by the Citrix booth #105 to find out why this is the year of the cloud for XenMobile enterprise mobility management solutions. With new pricing and service programs to


Related Stories

Continue reading..

New Research: Top 10 Identity and Access Management Challenges

As organizations undergo digital transformation, they experience challenges along the way. This is due to the fact that this transformation often requires them to update and/or replace legacy solutions. They also have to implement new ways of securing access from the plethora of devices out there.

We recently fielded a research studywith several hundred respondents worldwide to better understand the top identity and access management challenges that customers are facing.

Below are my top three takeaways from the VMware survey:

Takeaway #1: Most organizations allow end users to access corporate resources other than email from a personal device.

Email is often the first app that many of us think about accessing from our personal devices, but the reality is that we need more than that. The research shows that end users also need access to files and internal websites in order to be productive.

IT professionals should be concerned about the risk of data leakage from users accessing confidential information, whether it be on a file share, Microsoft SharePoint or from internal websites. Since personal devices are often not under management by IT, there is a risk that confidential company information can be copied to personal file services.

[Related: Introducing VMware Identity Manager—Identity Management for the Mobile-Cloud Era]

Takeway #2: BYO is a critical initiative for the majority of organizations.

The majority of organizations have either already developed a bring-your-own (BYO) policy or are in the process of developing one. The reasons for this are clear. Most of us don&#rsquo;t want to go back to the old days, when we could only do work on a corporate device. We want to be able to work anywhere, on any device.

End users also want choice—the choice to pick the device that reflects their work style and personality. Supporting BYO enables organizations to modernize with a flexible, user-friendly approach.

While supporting BYO is user-friendly, organizations need to have a policy that ensures that only the right access is delivered to the right people, on the right device. As we saw in Takeaway #1, most users are doing more than accessing email on their personal devices. It&#rsquo;s not enough to just have a policy—organizations must have the tools in order enable access from any device without compromising IT security.

[Related: VMware Identity Manager—A BYOD Solution Everyone Can Agree On]

Takeway #3: Password management is the top identity and access management challenge.

We&#rsquo;ve all been there before. We waited too long, and our password expired. Or we made a change, and somehow that change didn&#rsquo;t trickle down to all of the various systems we need to access.

Password creation, update and deletion (CRUD) is a real issue with real costs that IT wants to reduce. According to various analysts, password resets handled by the help desk can cost up to $70, and unfortunately for the help desk, a significant percentage of help desk calls have to do with passwords.

IT must look at ways to reduce the impact of password CRUD issues in their organization. This is why it&#rsquo;s so important to have solutions in place that eliminate the help desk call—the main source of cost in the equation. Having self-service tools that are easy to use and integrate with existing systems can alleviate much of the pain here.

[Related: Why the Future of the Digital Workspace Hinges on Identity Management]

Take the Next Step

Click here for the full results.

With these challenges in mind, I encourage you to learn more about what other organizations are experiencing by taking a look at the full summary of the research.

Also, take a look at VMware Workspace ONE, the simple and secure enterprise platform that delivers and manages any app on any smartphone, tablet or laptop. It enables organizations to put employees in the driver&#rsquo;s seat to choose their own devices. IT is empowered with the management capabilities necessary to enable secure delivery of applications to those devices with consumer-grade simplicity.

The post New Research: Top 10 Identity and Access Management Challenges appeared first on VMware End-User Computing Blog.

Read more..

VMware AirWatch – NSX Integration


Integrate VMware AirWatch Enterprise Mobility Management with VMware NSX Network Virtualization and Security Platformto extend security policies from the data center to mobile application endpoints. VMware AirWatch – NSX Integration brings speed and simplicity to networking and micro-segmentation capabilities. By creating policies that dynamically follow mobile applications, it eliminates the need to dotime-consuming network provisioning. Keep reading to learn how to integrate NSX with VMware AirWatch.

Next Level Per-App VPN

While per-app VPN addresses some of the security concerns ofdevice-level VPN, it still exposes all the domain’s endpoints and services to an application. In comparison,micro-segmentation takes endpoint management to the next level,restricting application-level access to a specified endpoint on the datacenter.

[Related: VMware AirWatch 101: Per-App VPN]

What is NSX Micro-Segmentation?

NSX micro-segmentation is a logical, bi-directional firewall thatmonitors inbound and outbound access controls for individual endpoints. It uses the NSX virtualization tool, making it a streamlined, cost-effective alternative to a physical firewall.

VMware AirWatch – NSX Integration Health Care Use Case

Considera doctor referencing patient health records from an enterprise health app.In this use case, only the health app, and not any of the device’s other applications, can establish a per-app VPN connection. Then, micro-segmentation dictates a designated endpoint for the health app. In this case, a patient database.

This level of restriction means that the healthcare app cannot access the e-mail server, an inventory database, or other unrelated services.The application’s assigned groups also mean that data access gets filtered on an employee level as well. Nurses, or doctors from a different department using the same health app cannot access the specifieddatabase without permission.

Additional Use Cases

  • Enhanced network security and granular controls for mobile workflows
  • Accelerated digital workspace and BYOD deployments
  • Policy defined network access for mobile apps and users
  • Reduced mobile access footprint to data center minimizing attack surface
  • Accelerated mobile app delivery, testing and automation

VMware AirWatch–NSX IntegrationSolution Overview

Starting with a sucessfully installed instance of NSX, sync the NSX Security Groups thatrepresent data center endpoints and services in the AirWatch Console. This actionsharesdatacenter logic with VMware AirWatch.Then,configure and installthe VMware Per-App Tunnel. This server establishes the secure connection between mobile applications and the network.Next, configure a Per-App VPN profile todirects managed applications to specified endpoints. Finally, configure applications.

VMware Tunnel Application

Device communication with the VMware Per-App Tunnel server goes through the VMware Tunnel application.Without this application, a per-app VPN connection cannot establish.Therefore, the VMware Tunnel Application is the most important application to configure and deploy.

The other applications you configure depend on the specific scenario and use case, but are generally the apps that end users accesses internal resources from. When configuring these apps, consider using Assignment Groupswithin AirWatch Console to control access on a user level.

Plan VMwareNSX Implementation

  • Determinethe types of devices accessing your network
  • Identify the endpoints (apps) in your network access.
  • Group applications by level of vulnerability/risk
  • Define the security requirements for each level of access.

InstallVMware NSXfor vSphere 6.1.x+

  • Designate a separate network range for each Security Level to identify incoming traffic
  • Define IP set-based Security Groups in NSX
  • Define internal resource based Security Groups in NSX
  • Determine firewall rules for Security Groups
  • Identify application endpoint addresses
  • Set traffic routing patterns

Meet VMware AirWatch–NSX Integration Requirements

  • AirWatch Admin Console v8.3+
  • AirWatch Tunnel server using the Linux Installer. The AirWatch Tunnel virtual appliance deployment method is currently not supported for NSX integration.
  • AirWatch Cloud Connector (For SaaS Customers)
  • Managed Android or iOS devices

VMware AirWatch – NSX Integration Steps

This post highlights the configurations most important for VMware AirWatch integration with NSX. For comprehensive instructions in AirWatch Console v9.1, click the suggested links.

Step 1: Configure and Download the VMware Per-App Tunnel for Linux Installer

To Configure VMware Tunnel , you need the details of the server where you plan to install. Before configuration determine the deployment model, hostname(s), port(s), and which VMware Tunnel features to implement.

Available VMware Tunnel Features:

Micro-Segmentation with NSX requiresNSX integration and installation of the Per-App VPN component. However, other configuration options remain. Available features include: access log integration, SSL offloading, enterprise certificate authority integration, and more.

Then, use the configuration wizard to go through the installer settings step-by-step. Next, download the installer from the AirWatch Console, for use during Linux server installation. Please note, changing the details in this wizard creates a new configuration, and requires a reinstall of the VMware Tunnel.

AirWatch Console Configurations:
  1. Navigate to Groups & Settings > All Settings > System > Enterprise Integration > VMware Tunnel > Network Accessibility.
  2. Select Enable AirWatch Tunnel.
  3. Click Enabled for NSX Communicationand provide the NSX Manager URL and Admin Username and Password.

4. Sync Security Groups and block all non-compliant devices from the same configuration screen.

5. Select Download Linux Installer. This button downloads a single TAR file used for deploying the relay and endpoints.

6. Select Save.

Step 2: Install VMware Per-App Tunnel with NSX Enabled

After meeting the VMware Tunnel for Linux System Requirements, configuring VMware Tunnel settings, and downloading the installer, begin installation. Run the installer on a Linux server, and enable the service.

During VMware Tunnel configuration, you specify whether you are installing in a multi-tier or single-tier configuration.

  • For multi-tier configurations, continue with the Install the AirWatchTunnel Front-End Server(Linux)steps.
  • For single-tier configurations Install the VMware Tunnel – Basic (Linux).

Important: After accepting the licensing agreement during installation, specifythe components to install. Enter 1to install Per-App Tunnel only.

Step 3: Create a Per-App VPN Profile

After configuring the VMware Tunnel server,Configure Per-App Tunnel Profile for iOS or Configure Per-App Tunnel Profile for Android.This profile enables specified applications to route HTTP(S) and TCP traffic through the VMware Per-App Tunnel. However, please note that the VPN profile can only take effect on devices with the VMware Tunnel application installed.

AirWatch Console Configurations
    1. Navigate to Devices > Profiles > List View > Add.
    2. Select the appropriate platform (iOS or Android).
    3. Configure a VPN Payload.
    4. Set the Connection Type to AirWatch Tunnel.
    5. Select the Per-App VPN Rules checkbox.

Step 4: Configure VMware Tunnel App

The VMware Tunnel application enables access to internal resources through managed applications. To Access the VMware Tunnel App for iOS or Access the VMware Tunnel App for Android end users must download and install the VMware Tunnel application from the App Store.

Step 5: Apply the Per-App VPN Profile and Security Group Mapping to Apps

After you create a per-app tunnel profile, Configure Public Apps to Use Per App Profile in the application configuration screen. This tells that application to use the defined VPNprofile when establishing connections.

On the application configuration screen, select the following options:

Learn More About VMware AirWatch – NSX Integration

To learn more about VMware NSX, check out the links below:

  • NSXproduct page
  • Next Generation Security with VMware AirWatch and NSX Integration Webinar
  • NSX Integration Hands On Lab(All Labs > AirWatch – NSX Integration)
  • VMware AirWatch and NSX Integration External FAQ
  • VMware AirWatch and VMware NSX Integration Guide

Because you liked this blog:

  • VMware NSX Micro-segmentation Day 1 Book Available!
  • New! VMware 2016 State of the Digital Workspace Report
  • Challenges & Benefits of Digital Workspace Transformation: Q&A with VMware&#rsquo;s Shankar Iyer

The post VMware AirWatch – NSX Integration appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom