Archives

VMware Workspace ONE

Unlocking Mobile Moments with VMware Workspace ONE Productivity Apps

Do you wonder how often you pull your smartphone out of your pocket (or purse)? Do you feel &#rsquo;separation anxiety&#rdquo; (and I use that term loosely here) if the smartphone is not within arm&#rsquo;s length, especially if you&#rsquo;re not wearing your smartwatch?

If you answered yes to those questions, I don&#rsquo;t believe you are alone. An Internet Trends report famously suggests that an average user pulls out their smartphone 150 timesa day, and each mobile micro-moment lasts between 60 and 90 seconds.Other research estimates the heaviest users touch—tap, type, swipe, click—their smartphones 2,617 times a day, on average.

This paradigm shift requires us to design apps for what we call &#rsquo;mobile moments.&#rdquo; In essence, developers must understand what a user is trying to accomplish during a mobile moment based on considerations—device form factor, information context, aggregated intelligence from multiple business systems and, increasingly, machine learning—to provide the most delightful user experience possible.

VMware Workspace ONE is a digital transformation platform, and we&#rsquo;d like to show you how our suite of mobile productivity apps use the mobile moments design paradigm to deliver consumer-simple, enterprise-secure experiences.

5 Common Mobile Moments in the Enterprise

Rather than focusing on my experiences like in previous blog posts, I asked Adam Chow for his top mobile moments during his summer internship here at VMware. He graciously summarized these moments and recorded videos to showcase them.

1. Joining conference calls.

In our everyday life, we often dial into conference calls on the go. VMware Boxer is a secure email, calendar and contacts app that allows users to dial in with literally two taps. Yes, you heard me right. No more fiddling with finding the right number and the associated passcode. I know it sounds too good to be true, so don&#rsquo;t take my word for it, check it out for yourself.

2. Scheduling meetings.

Oftentimes, we wait to get back to our desk to respond to one-line emails like, &#rsquo;Do you have time for a quick chat?&#rdquo; See how easily you can send your availability and quickly create meetings with co-workers and external business partners using the Boxer app. It is simply amazing.

3. Triaging emails.

A lot of industry research has been done on categorizing email users as pilers, filers and purgers. Pilers are users (like myself) who keep all their emails in the inbox so unread emails are actionable. Filers are users who meticulously aim for a zero inbox and file important emails into folders. Purgers are users who delete emails that are no longer actionable and expect others to send another email if there is a follow-up.

In an enterprise setting, a lot of mobile moments are spent triaging emails. The Boxer app provides features like:

  • Custom swipe gestures so users can personalize how they triage their emails and take quick actions,

  • Bulk triage emails by deleting or moving all at once,

  • Propose new meeting times and

  • Customize quick reply templates and send quick replies to one or more emails.

4. Accessing intranet sites.

A lot of customers roll out Boxer, VMware Browser and VMware Content Locker apps in a mobile app management (MAM) mode. The encryption, data loss prevention, integrated authentication, shared passcode and compliance are built into the app itself without requiring a mobile device management (MDM) profile on the device.

In these environments, users do not have an operating system level per-app VPN tunnel, so the Workspace ONE platform provides a secure tunnel to resources behind the firewall, like intranet sites. This means that when users click an intranet link within an email, they do not get the &#rsquo;404: Page Not Found&#rdquo; error. Instead the site opens seamlessly, and the user can complete their workflow within the mobile moment.

5. Collaborating on enterprise files.

The Content Locker mobile app can aggregate files and folders from over 30 enterprise content repositories. IT can set data loss prevention (DLP) controls in one place and users can securely access, sync and share all their content.

Content Locker supports on-premises repositories, such as Microsoft SharePoint and file shares, as well as cloud repositories, such as Microsoft OneDrive for Business, SharePoint Online, Dropbox and Box. Watch how a team of people interviewing a candidate were able to quickly collaborate during this mobile moment.

These videos offer a quick teaser of how VMware&#rsquo;s suite of mobile productivity apps cater to mobile moments. Stay tuned for exciting innovations that will take this much further. If you are attending VMworld in Vegas, be sure to attend the Monday breakout session, &#rsquo;Learn How to Deliver an Enterprise-Grade Mobile Email Experience with Boxer.&#rdquo;

 

VMworld 2017 Breakout Session

“Learn How to Deliver an Enterprise-Grade Mobile Email Experience with Boxer”

Add #UEM2222BU via VMworld U.S. schedule builder.

The post Unlocking Mobile Moments with VMware Workspace ONE Productivity Apps appeared first on VMware End-User Computing Blog.

Read more..

Security Update: 8 Advances in End-User Computing from VMware

Employees across enterprise organizations in today&#rsquo;s mobile-cloud world expect simple user experiences to help them be productive. IT often runs into challenges supporting these expectations while keeping their environments secure.

Our team has focused on empowering organizations with an enterprise-secure approach and consumer-simple experience through a digital workspace. Employees can securely access any app, on any device in their own digital workspace provided by VMware Workspace ONE, powered by VMware AirWatch unified endpoint management technology.

Over the course of 2017, we&#rsquo;ve introduced many security capabilities across the Workspace ONE platform, which includes advancements in VMware Horizon 7 and VMware Horizon Cloud. Let&#rsquo;s take a closer look at those security capabilities, as well as existing security integrations and security features that elevate Workspace ONE to the digital workspace platform that organizations can trust.

1. Derived Credentials

Earlier this year, we announced our derived credentials solution as part of Workspace ONE. This was huge news for organizations mandated by certain directives, such as FIPS 201, that require use of smart cards, personal identification verification (PIV) or common access cards (CAC) for access to physical, logical and network resources.

Smart cards, PIV and CAC worked great on desktops and laptops, but the experience on mobile devices was poor and costly because special hardware was needed to read the cards. To help with this issue, the National Institute of Standards and Technology (NIST) updated FIPS 201 in 2013 and the following year released SP 800-157, with guidelines on how to generate and utilize alternative tokens, which they refer to as a derived PIV credentials, also commonly referred to as derived credentials or PIV-D. This helped provide better experience, implementation and deployment on mobile devices accessing physical, logical and network resources.

We released our derived credentials app, called VMware PIV-D Manager, that enables the use of derived credentials with native apps and profiles, VMware apps and third-party AirWatch SDK-enabled apps. PIV-D Manager even integrates with other derived credentials solution providers such as Entrust and Intercede.

2. Boxer S/MIME

VMware Boxer, one of our Workspace ONE productivity apps, is an integrated mobile email, calendar and contacts app that helps increase productivity by giving end users a great user experience. Security was a big focus on our Boxer app this year.

We started by enabling S/MIME support for sending and receiving signed and/or encrypted mail. S/MIME is a standard for public key encryption and signing of MIME (Multipurpose Internet Mail Extensions) data that allows for secure email exchange. Organizations have the option of signing an email for authenticity and/or encrypting email messages for an added layer of security.

3. Boxer Classification Markings

In various regulated industries, such as public sector, healthcare and financial, sensitive emails often need to be specifically marked or classified when they are sent and received. When it comes to email, messages typically get a classification appended in the subject line, top or bottom of the body, etc. For example, an email message should be marked &#rsquo;unclassified&#rdquo; or &#rsquo;secret&#rdquo; depending on the content of the email.

Earlier this year, we announced support for classification markings in the Boxer app, which integrates with the built-in Microsoft Exchange transport rules. This capability also integrates with TITUS, Boldon James and janusNET.

4. Boxer Information Rights Management

In addition to S/MIME and classification marking support, we added full support for information rights management (IRM). IRM is a form of data loss prevention (DLP), which can specify access permissions to email messages, including the ability to restrict copy-paste, restrict email forwarding, enforce email message content expiration and more. As you can tell, we put a lot of emphasis on email security through our Boxer app!

5. AirWatch & NSX Integration

AirWatch and NSX integration was introduced over a year ago, and the amount of customer interest in it hasn&#rsquo;t slowed down since. When apps on mobile devices have access to communicate to any resource in the data center, this represents a challenge for IT as the attack surface within the data center can be large.

The AirWatch and NSX integration aims to solve this problem by limiting each mobile app to only communicate to the server that it needs to talk to, using the tunneling capability in AirWatch and the micro-segmentation capability in NSX. Combining these two technologies vastly reduces the access footprint from the mobile device and the attack surface in the data center.

Organizations, like Vallejo Sanitation and Flood Control District, can raise their security posture from the mobile device to the data center using the AirWatch and NSX integration.This type of integration can also help organizations along their journey towards General Data Protection Regulation (GDPR) compliance, as data in transit utilizes AES-256 bit encryption.

VMworld 2017 Panel Discussion:

“Data Privacy, theGDPR &the Globalization of Compliance”

Add GRC3109PU via VMworld U.S. schedule builder.

AddGRC3109PE via VMworld Europe schedule builder.

6. Horizon & NSX Integration

We know that apps on mobile devices and data center resources can be tunneled and micro-segmented for an extra layer of security. We can take that same concept and apply it towards desktop virtualization.

Integrating Horizon and NSX, customers can effectively secure east-west traffic within the data center, preventing malware from spreading across the data center if a virtual desktop is compromised because each desktop is effectively isolated from other desktops. IT can quickly and easily administer networking and security policy that dynamically follows end users&#rsquo; virtual desktops and apps across infrastructure, devices and locations. This extra level of security takes desktop virtualization to a whole new level!

VMworld 2017 Breakout Session:

“Securing Your Horizon Virtualized Apps & Desktop Investments with NSX”

Add SIE2034BU via VMworld U.S. schedule builder.

Add SIE2034BE via VMworld Europe schedule builder.

7. Just-in-Time Management Platform (JMP)

We introduced JMP earlier this year, our next-generation desktop and application delivery platform, which enables fust-in-time desktops and apps. Imagine a virtual desktop that is created when a user logs in and destroyed when that user logs out. IT can set up a pool of virtual desktops that fits this model, including pools that can access the internet and pools that cannot, effectively creating separation parameters for higher security. Virtual desktops in each pool only get created when a user logs into a specific pool.

With the JMP platform extending across Horizon 7 and Horizon Cloud, IT has the ability to inject apps and user environment settings into the desktop the moment a user logs in. Having pristine desktops created at every login and destroyed at every logoff eliminates malware that the user may have accidentally installed during the session.

8. Smart Policies

Smart Policies are available in Horizon 7 and Horizon Cloud for IT to provide end users with a truly contextual user experience. For example, policies dynamically change depending on the device used or the location services are being accessed from.

True single sign-on (SSO) enables end-to-end authentication from Workspace ONE to Horizon virtual desktops and apps, for a secure and simple user experience. Users aren&#rsquo;t prompted for multiple logins once they&#rsquo;ve authenticated into the Workspace ONE portal. Client policies such as enabling or disabling clipboard redirection, USB, printing and more can be set by IT using Smart Policies. Horizon is certified to meet FIPS 140-2 and Common Criteria requirements as a result of the secure policies powered by Smart Policies.

For organizations looking for even more advanced security capabilities across Workspace ONE, look no further than Workspace ONE integrations with our ecosystem of mobile security leaders in the VMware Mobile Security Alliance. Workspace ONE integrates with technologies from our Mobile Threat Defense partners, Cloud Access Security Brokers partners and more to further enable comprehensive cybersecurity across mobile devices, apps, networks and cloud services.

Learn more about our end-user computing (EUC) security initiatives at VMworld U.S.andVMworld Europe. If you&#rsquo;re not attending VMworld, you still have time to register!

To learn more about the security capabilities in Workspace ONE, visit vmware.com/workspaceone.

The post Security Update: 8 Advances in End-User Computing from VMware appeared first on VMware End-User Computing Blog.

Read more..

VMware + Google: New Collaboration Helps Companies Support & Manage Chromebooks Smarter

Companies can now enable, secure and manage Chromebooks and other Chrome OS devices alongside all the its enterprise devices, thanks to a deeper collaboration between Google and VMware. Today’s announcement makes VMware Workspace ONE powered by VMware AirWatch the first unified endpoint management (UEM) solution to support and manage Google Chromebook devices.

Dive into the details on the AirWatch Blog.

“Partnering with one of the leading UEM providers shows Google’s commitment to bring Chrome OS to the enterprise. Simplifying the deployment and management of Chrome devices will only further incentivize IT leaders to allow end users choose Chrome for their work needs.”

—Phil Hochmuth, program director, Enterprise Mobility at IDC

Before today, enterprises had to manage Chromebooks and other Chrome devices separate from other enterprise devices in their environment. Now, as the only UEM provider capable of truly unifying management of all endpoints—even &#rsquo;things&#rdquo;—AirWatch customers can unlock even greater benefits from enabling Chromebooks within their enterprises, including:

  • Frictionless management of Chrome devices;
  • Reduced total cost of ownership (TCO);
  • Robust enterprise security capabilities;
  • Enhanced user experience with access to all apps; and
  • Much, much more.

&#rsquo;Today&#rsquo;s modern worker uses multiple form factors every day, from mobile devices to PCs and increasingly purpose-built devices and even wearables. Plus, IoT &#lsquo;things&#rsquo; continue to emerge, often managed by UEM technologies like AirWatch. Through this partnership, VMware will be the first UEM provider to manage Google Chromebooks and provide true unified endpoint management of all enterprise platforms.&#rdquo;

—Jeff McGrath, senior director of product marketing, VMware End-User Computing (EUC)

Learn more about the expanded partnership between VMware and Google in today&#rsquo;s press release.

Ready to learn more about Workspace ONE for simply and securely delivering any app to any device? Try it out for yourself in our free hands-on lab.

Chrome OS management by AirWatch is expected to be generally available in fall 2017. Workspace ONE and Horizon support on Chrome OS devices is available today.

The post VMware + Google: New Collaboration Helps Companies Support & Manage Chromebooks Smarter appeared first on VMware End-User Computing Blog.

Read more..

VMware Workspace ONE Makes Constellation ShortList for Cloud Identity Management

For the second year in a row, VMware Workspace ONE has been included in theConstellation ShortList for Cloud Identity Management.We&#rsquo;re proud to accept the award!Ithighlights our ability to deliver theadvancedidentity and mobility featuresearly-adopter organizationsneed to delight end users and securevital apps and data.

Because&#rsquo;identity management and authentication are rapidly evolving fields and deliver mission-critical functionality,&#rdquo;Constellation Research evaluates&#rsquo;the strength of the provider&#rsquo;s R&D program and looks for vendors committed to innovation and technological excellence&#rdquo;to determine shortlist members.Our product team is committed to delivering the customer-centric features you need, as well as information on the identity and access best practices you should follow for security and ease of use.

Market-Leading Capabilitieswiththe Knowledge to Use Them

Whether you&#rsquo;re an early adopter who&#rsquo;s already improving security at your organization by eliminating passwords orsomeone who&#rsquo;s learning the basics of identity and access management, thecentralityof identity and access to the daily work of your users can make change intimidating.Most organizations needmore than just advanced features; they needbest practicesasrecommended by security researchers andimplementedby best-in-class IT teams.

The upcoming end-user computing (EUC) sessionsatVMworld 2017 give attendees the perfect chance to consider the identity and access approaches pursued by other organizations and to learn about Workspace ONE directly from the people who build it.

VMware attendees interested in identity and access management should make sure to attend the EUC spotlight session and showcase keynote:

Delivering New User Experiences with Digital Workspaces

Add #EDW7002KU via VMworld U.S. schedule builder.

The Transformation of Identity and Access Management in the Age of the Digital Workspace

Add #SAAM3157SU via VMworld U.S. schedule builder.

Attendees interested in identity and access management will also likely want to attend breakout sessions spotlighting powerful identity features:

Introduction to Access Management in Workspace ONE

Add #SAAM2288BU via VMworld U.S. schedule builder.

Introduction to Password-Less Single Sign-On for Mobile Devices with Workspace ONE

Add #SAAM1084QU via VMworld U.S. schedule builder.

Secure and Seamless Access to All Your Applications with Workspace ONE Conditional Access and Mobile Single Sign-On

Add #SAAM2204BU via VMworld U.S. schedule builder.

More Information on Identity, Access and Workspace ONE

Even if you&#rsquo;re not visitingVMworld, you can contact VMware to learn more aboutthe ways organizations are improving end-user experiences and tightening security.Visit vmware.com/products/workspace-oneor contact your VMware account representative for more details.

Source: Constellation Research, Inc., ” ConstellationShortList™ Cloud Identity Management”, Steve Wilson, Vice President and Principal Analyst, August 9, 2017

The post VMware Workspace ONE Makes Constellation ShortList for Cloud Identity Management appeared first on VMware End-User Computing Blog.

Read more..

Delivering a Seamless Digital Workspace Experience with Horizon Cloud

VMware Workspace ONE integrates with VMware Horizon Cloud to provide a simple and secure enterprise platform that allows end users to access their applications, data and services from any device, anywhere. Both platforms were built to integrate with each other, which provides a single user interface (UI) through the Workspace ONE enterprise catalog, to deliver applications to end users.

Explore Workspace ONE further in a Hands-on Lab.

About Workspace ONE

Workspace ONE combines identity, real-time application delivery and mobility management to provide a digital workspace to your end users. This digital workspace delivers Software-as-a-Service (SaaS) applications, public native mobile applications—and when integrated with Horizon Cloud, virtual applications and desktops—all from a single, unified application store.

About Horizon Cloud

Horizon Cloud enables the delivery of cloud-hosted or on-premises virtual desktops and applications. With Horizon Cloud, you can leverage a cloud-based management plane and even infrastructure, instead of deploying an entire infrastructure to support VDI desktops and RDS applications traditionally. Your IT organization can focus on delivering applications and desktops, instead of spending time maintaining the infrastructure.

Benefits of Integration

The integration of Workspace ONE and Horizon Cloud provides a number of benefits:

Single Sign-On

One of the primary advantages that Workspace ONE and Horizon Cloud provide is secure, single sign-on (SSO) to both desktops and applications. This provides simplicity and ease of access while maintaining security. Users can utilize either the Workspace ONE web-based portal from any HTML 5 web browser or the Workspace ONE mobile application. And when used with an iOS-based device, users can utilize touch ID for SSO.

Two-Factor Authentication

Workspace ONE provides multiple multi-factor authentication methods, such as RSA, Radius, Certificate, Kerberos, and VMware Verify to protect your environment beyond the basic user ID and password. Workspace ONE also provides two-factor authentication (2FA) for Horizon Cloud to secure your Digital Workspace.

In addition, you can utilize step-up authentication, which allows additional multi-factor authentication beyond the initial authentication into Workspace ONE when accessing a desktop or application. This increases the security by requiring two-factor authentication to access a specific desktop or application, even if you don&#rsquo;t require it to access Workspace ONE.

Three Integration Options

Both Horizon Cloud and Workspace ONE have a cloud hosted option and an on-premises option. You can integrate the Horizon Cloud options with the Workspace ONE options in the following configurations:

Figure 2: Possible Integration Configuration Options

Although the two types of deployment have unique architecture requirements, both require an on-premises component. The on-premises component can be a virtual appliance or a Windows server, based on the type of deployment. For more information on the different deployments and their architecture, see VMware Workspace ONE Documentation.

Integration 1: Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud

Horizon Cloud with Hosted Infrastructure supports only Workspace ONE Cloud.

Figure 3: Integration 1: Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud

The following Figure 4 illustrates the integration option for Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud. The VMware Identity Manager Connector (a) is deployed on-premises in your data center. This integrates with your Active Directory and synchronizes the resources between Horizon Cloud and Workspace ONE, along with desktop and application entitlements. This synchronization between the VMware Identity Manger Connector and Horizon Cloud occurs over the VPN or Direct Connect (b), which connects your data center to your Horizon Cloud tenant (c). The VMware Identity Manager Connector then synchronizes the resources and entitlements to the VMware Identity Manager (IDM) Cloud service (d).

Figure 4: Integration 1: Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud

Integration 2: Horizon Cloud On Premises and Workspace ONE On Premises

Horizon Cloud with On-Premises Infrastructure supports both the on-premises and cloud versions of Workspace ONE.

Figure 5: Integration 2: Horizon Cloud On-Premises and on-premises version of Workspace ONE

You can use Horizon Cloud with On-Premises Infrastructure to run desktops and applications in their data center using Hyper Converged Infrastructure (HCI) Appliances, but with abut with a cloud base control plane.

Figure 6 illustrates the integration option for Horizon Cloud On-Premises Infrastructure and on-premises version of Workspace ONE. VMware Identity Manager (a) is deployed as a virtual appliance in your data center. This provides integration with your Active Directory (b) and also performs the synchronization of the resources between Horizon Cloud and Workspace ONE (c), along with desktop entitlements.

Figure 6: Integration 2: Horizon Cloud On-Premises and on-premises version of Workspace ONE

Integration 3: Horizon Cloud On Premises and Workspace ONE Cloud

Horizon Cloud with On-Premises Infrastructure supports both the on-premises version of Workspace ONE and Workspace ONE Cloud.

Figure 7: Integration 3: Horizon Cloud On Premises and Workspace ONE Cloud

For Workspace ONE Cloud, the VMware Identity Manager Connector (a) is deployed on-premises in your data center (b). This provides integration with your Active Directory and also performs the synchronization (c) of the resources between Horizon Cloud and Workspace ONE, along with desktop entitlements. The VMware Identity Manager Connector then synchronizes the resources and entitlements to the IDM Cloud service (d).

Figure 8: Integration 3: Horizon Cloud On Premises and Workspace ONE Cloud

Tips on How to Integrate

To integrate Horizon Cloud with Workspace ONE, you deploy VMware Identity Manager or VMware Identity Manager Connector on-premises with one of the Horizon Cloud Service options described earlier. To start the integration, ensure that VMware Identity Manager or VMware Identity Manager Connector is configured and integrated with your Enterprise Directory.

For more information, see the VMware Horizon Cloud Service Documentation or VMware Workspace ONE Documentation.

Enable Horizon Cloud Desktops and Applications in VMware Identity Manager

With a Horizon Cloud and Workspace ONE integration, you can use the VMware Identity Manager Administration Console, a component of Workspace ONE, to enable desktops and applications.

  1. Log in to the VMware Identity Manager Administration Console.
  2. In the Catalog tab, select Manage Desktops and Applications > Horizon Cloud.
  3. Select Enable Horizon Cloud Deployments and Applications.
  4. Enter the following information for your environment:
  5. Click Save.
  6. Click Sync now to sync Desktop and App entitlements from the Horizon Cloud environment.

Configure SAML Authentication

You should configure a a SAML authentication between Horizon Cloud and VMware Identity Manager, the identity provider, to enable trust between the two. To establish trust, you first create a Federation Artifact for Horizon Cloud, then set up custom user ID mapping, and finally configure SAML authentication.

Create Federation Artifact for Horizon Cloud

To enable trust between Horizon Cloud and VMware Identity Manager, you create the Federation Artifact in the VMware Identity Manager Administration Console and add a SAML authentication in the Horizon Cloud Administration Console.

  1. In the VMware Identity Manager Administration Console, click the arrow on the Catalog tab and select Settings.
  2. In the left pane, select Horizon Cloud.
  3. Enter the following information for your Horizon Cloud environment:
  4. Click the Accept Certificate link next to the Tenant Appliance URLs.
  5. Click Save.

After creating a federation artifact, set the custom User ID mapping.

Custom User ID Mapping

You can use custom User ID Mapping to customize the user ID that is used in the SAML response when users launch Horizon Cloud Desktops and Applications. You can resolve SSO launch failures that are caused by a mismatch of the user ID attribute between VMware Identity Manager and Horizon Cloud.

  1. In the VMware Identity Manager Administration Console, click the arrow on the Catalog tab and select Settings.
  2. Click Horizon Cloud on the left.
  3. In the Horizon Cloud page, specify the name ID format to use.
  4. Click Save.

After setting the custom User ID mapping, configure the SAML authentication.

Configure SAML Authentication in Horizon Cloud

To configure SAML authentication in Horizon Cloud:

  1. In the VMware Identity Manager Administration Console, click the arrow on the Catalog tab and select Settings.
  2. In the left pane, click SAML Metadata.
  3. Click the Identity Provider (iDP) metadata link.
  4. Make a note of the URL from the browser&#rsquo;s address bar, such as https://VMwareIdentityMangerFQDN/SAAS/API/1.0/GET/metadata/idp.xml
  5. Log in to the Horizon Cloud Tenant.
  6. Navigate to Settings > General Settings > Edit.
  7. In the VMware Identity Manager section, enter the following required information:
  8. Click Save.

Enforce User Authentication through Workspace ONE Portal

You can set Horizon Cloud to enforce end user authentication through the Workspace ONE portal, requiring SAML-based authentication.

Figure 13: Enforcing User Authentication

  1. In the Administration Console, navigate to Settings > General Settings, and click Edit.
  2. In the User Account Configuration section, make selections according to your organization’s needs.
    • Force Remote Users to vIDM – When set to Yes, users that are trying to access their desktops from locations outside of your corporate network must log in to their Workspace ONE portal and access desktops and applications from that portal.
    • Force Internal Users to vIDM – When set to Yes, users that are trying to access their desktops from locations within your corporate network must log in to their Workspace ONE portal and access desktops and applications from that portal.
  3. Click Save to confirm the configuration to the system.

After you verify that user authentication is enforced, your users can launch desktops and applications securely from Workspace ONE.

Launch a Desktop or Application using Horizon Client or Supported Browser

Your end users can use either the Horizon Client or any supported HTML 5 browser to launch desktops and applications.

  1. In the Workspace ONE portal, click Bookmarks
  2. Double-click the desktop or application to launch.

To Wrap this up….

Step-by-step documentation on how to integrate Horizon Cloud with VMware Identity Manager can be found in the VMware Horizon Cloud Service Documentation and VMware Workspace ONE Documentation. If you want to try configuring the integration yourself, but do not have a Horizon Cloud or Workspace ONE environment yet, you are in luck. At VMworld, we are releasing a Hands-on-Labs for Horizon Cloud, which contains an entire module that walks you through the configuration of the integration. Make sure to check out HOL-1856-ADV-1 in the Hands-on-Labs at VMworld in Las Vegas!

 

The post Delivering a Seamless Digital Workspace Experience with Horizon Cloud appeared first on VMware End-User Computing Blog.

Read more..

Empowering the Digital Workspace: How Corona-Norco Unified School District Does It

The award-winning Corona-Norco Unified School District serves more than 54,000 K-12 students from the California cities of Corona, Norco and Eastvale, as well as unincorporated parts of Riverside County. One of the 10 largest districts in the state, it employs approximately 5,000 people.

Like many public school districts, Corona-Norco has a goal to reduce capital expenses and technology costs overall for its schools to ensure equal access to technology. With costs rising and a small IT team challenged to drive all over a large, traffic-choked area to deliver services, the district faced a big choice when they decided to upgrade in-school computing: Buy more sophisticated and expensive hardware for each school, or take a different approach. They chose a suite of digital workspace solutions that make it simple and cost-effective to manage mobile devices, upgrade to Windows 10 and distribute and maintain apps using virtual desktops.

 

Digital Workspaces Put the Emphasis on Education, Not Patching

In 2012, the district started to roll out virtual desktops on zero clients at schools. Corona-Norco now supports 8,000 zero clients and around 5,000 virtual desktop infrastructure (VDI) concurrent desktops—with a full-time staff of two. &#rsquo;We don&#rsquo;t see the support number changing dramatically as we significantly ramp up the number of devices,&#rdquo; said Brian Troudy, the district&#rsquo;s director of networking and infrastructure. Adding to the device count is the district&#rsquo;s embrace of the bring-your-own-device (BYOD) model for maximum flexibility and choice. VMware AirWatch and VMware Workspace ONE extend the district&#rsquo;s digital workspaces beyond classroom computers to tablets and laptops, allowing faculty, students and staff to access any app on any device at any time.

VMware end-user computing solutions have simplified application management and updates, including the district&#rsquo;s upgrade to Windows 10. With the ability to test and patch images &#rsquo;behind the scenes&#rdquo; from a central location, instead of sending IT staff to schools and taking computers out of service, operating system (OS) and app updates are easy to deploy. Said Troudy, &#rsquo;Using the Horizon suite, App Volumes, Thin App and UEM, we&#rsquo;re able to layer into a user’s connection the applications that they need based on certain criteria—the location, class that they&#rsquo;re enrolled in—and all of that can be done dynamically and automatically based on the integrations that we have with other business systems.&#rdquo; IT staff can now spend their efforts working one-on-one with their end users on effective use of technology instead of managing and maintaining the underlying technology.

Teacher Peter D&#rsquo;Agostino noted that he used to have to stay at school after hours and come in early to maintain and patch classroom computers. It could take weeks to get new software installed. Now with VMware Horizon VDI, apps for engineering, history, music production and many more topics run faster and more reliably. &#rsquo;I no longer have to spend time updating computers on my own, taking time away from students. Now I spend my time looking for ways for kids to learn better. It just changes the game.&#rdquo;

 

Money Saved on Technology Goes Back to Student Programs

The district estimates it&#rsquo;s saved $5 million on hardware so far, and more than $75,000 on energy costs alone, by switching to a VDI model. &#rsquo;We&#rsquo;re able to, with VMware technologies, deploy labs of computers to our students at a quarter of the cost,” said Troudy. &#rsquo;It&#rsquo;s also allowed us to keep the experience of the desktop that they&#rsquo;re using up to date and relevant. It&#rsquo;s a night-and-day experience for our students.&#rdquo;

&#rsquo;With VMware … we were able to provide end-user computing at a much lower cost than we did six or seven years ago. There&#rsquo;s nothing that makes me happier as a CIO than to be able to say, I get out of the way, and let the school do what they need to do to make sure the students receive the education they deserve.&#rdquo;
—Ben Odipo, CIO and Assistant Superintendent of Information Technology, Corona-Norco Unified School District

Related:

  • [Video] Western Carolina University Extends Digital Workspace Solutions Campus-Wide
  • VMware + Ellucian: Smart BYOD & Apps with VMware&#rsquo;s Secure Digital Backpack for Education
  • Empower the Digital Workspace: The VMware Customer Perspective

The post Empowering the Digital Workspace: How Corona-Norco Unified School District Does It appeared first on VMware End-User Computing Blog.

Read more..

Apteligent by VMware: Now Available for Sale from VMware & Partners

Through powerful Apteligent by VMware app analytics, customers can &#rsquo;harness the power of data&#rdquo; to boost mobile app performance with powerful new features, including four new insights reports.

We are been incredibly fortunate to have the Apteligent team join VMware a couple of months ago. Today, we are excited to announce the availability of the Apteligent by VMware service with a new set of features.

Starting today, existing Apteligent customers can renew their Apteligent service that they know and love. New customers can buy Apteligent directly from VMware or from one of our channel partners.

Using Apteligent, customers can measure the user experience of their mobile apps and fix performance issues in real-time to optimize engagement, adoption and revenue.

[Related: VMware Acquires Apteligent: Analytics for the Digital Workspace]

By Popular Demand: 4 Powerful New Insights Reports

The Apteligent team has been hard at work updating the service with new capabilities. Since Apteligent launched Custom Insights last year, customers asked for the ability to analyze more of their performance and engagement data in the Report Center.

Today, four new Insights Reports are available in the Apteligent Report Center.

These new reports help mobile teams prioritize their work based on a quantified view of how app performance affects end user experience in an analysis-friendly CSV format:

  1. Performance by OS: Analyze which operating system version is causing users the biggest headache, deprecate support for unstable OS versions, and stay ahead by prioritizing your test suite based on adoption.
  2. Detailed Endpoint List: Easily access all of the endpoints called over the last two days through the click of a button instead of having to write scripts.
  3. App Load User Experience: Identify app versions with slow app load times that are posing an increased churn risk. Overlay this with adoption data and decide whether it is worth investing resources to fixing the problem.
  4. Impact of App Latency on Engagement: Slow app load times often impact adoption and usage. Use this data to understand how to prioritize decreasing app load time to crease engagement and adoption of apps.

To access any of these reports, simply go to the Report Center in the left navigation and select the &#rsquo;On-Demand CSV Reports&#rdquo; tab. These four new reports will appear at the bottom of the list and are available with the click of a button.

Join Us at VMworld to Learn More about Our Vision for Digital Workspace Analytics

Apteligent by VMware is our first stepping stone into analytics, and this technology is a key part of our vision for digital workspace analytics. IT admins are drowning in device, application and user data and no single tool can give a clear picture of what is happening across the entire environment.

To learn more about VMware&#rsquo;s vision for analytics in the digital workspace, please join us at VMworld and attend one of the sessions dedicated to analytics. You will get a chance to learn more about our broader efforts around device, application and user analytics in VMware Workspace ONE.

In the meantime, if you would like to improve user experience by analyzing how app performance, crashes, and other slowdowns influence user behavior, request a demo of the Apteligent by VMware service.

Hear first hand how leading companies empower the digital workspace for transformation during VMworld. Register for the EUC Showcase Keynote to hear their stories, dive into brand new innovations and much more. Seats are going fast, so register today!

The post Apteligent by VMware: Now Available for Sale from VMware & Partners appeared first on VMware End-User Computing Blog.

Read more..

Apteligent by VMware: Now Available for Sale from VMware & Partners

Through powerful Apteligent by VMware app analytics, customers can &#rsquo;harness the power of data&#rdquo; to boost mobile app performance with powerful new features, including four new insights reports.

We are been incredibly fortunate to have the Apteligent team join VMware a couple of months ago. Today, we are excited to announce the availability of the Apteligent by VMware service with a new set of features.

Starting today, existing Apteligent customers can renew their Apteligent service that they know and love. New customers can buy Apteligent directly from VMware or from one of our channel partners.

Using Apteligent, customers can measure the user experience of their mobile apps and fix performance issues in real-time to optimize engagement, adoption and revenue.

[Related: VMware Acquires Apteligent: Analytics for the Digital Workspace]

By Popular Demand: 4 Powerful New Insights Reports

The Apteligent team has been hard at work updating the service with new capabilities. Since Apteligent launched Custom Insights last year, customers asked for the ability to analyze more of their performance and engagement data in the Report Center.

Today, four new Insights Reports are available in the Apteligent Report Center.

These new reports help mobile teams prioritize their work based on a quantified view of how app performance affects end user experience in an analysis-friendly CSV format:

  1. Performance by OS: Analyze which operating system version is causing users the biggest headache, deprecate support for unstable OS versions, and stay ahead by prioritizing your test suite based on adoption.
  2. Detailed Endpoint List: Easily access all of the endpoints called over the last two days through the click of a button instead of having to write scripts.
  3. App Load User Experience: Identify app versions with slow app load times that are posing an increased churn risk. Overlay this with adoption data and decide whether it is worth investing resources to fixing the problem.
  4. Impact of App Latency on Engagement: Slow app load times often impact adoption and usage. Use this data to understand how to prioritize decreasing app load time to crease engagement and adoption of apps.

To access any of these reports, simply go to the Report Center in the left navigation and select the &#rsquo;On-Demand CSV Reports&#rdquo; tab. These four new reports will appear at the bottom of the list and are available with the click of a button.

Join Us at VMworld to Learn More about Our Vision for Digital Workspace Analytics

Apteligent by VMware is our first stepping stone into analytics, and this technology is a key part of our vision for digital workspace analytics. IT admins are drowning in device, application and user data and no single tool can give a clear picture of what is happening across the entire environment.

To learn more about VMware&#rsquo;s vision for analytics in the digital workspace, please join us at VMworld and attend one of the sessions dedicated to analytics. You will get a chance to learn more about our broader efforts around device, application and user analytics in VMware Workspace ONE.

In the meantime, if you would like to improve user experience by analyzing how app performance, crashes, and other slowdowns influence user behavior, request a demo of the Apteligent by VMware service.

Hear first hand how leading companies empower the digital workspace for transformation during VMworld. Register for the EUC Showcase Keynote to hear their stories, dive into brand new innovations and much more. Seats are going fast, so register today!

The post Apteligent by VMware: Now Available for Sale from VMware & Partners appeared first on VMware End-User Computing Blog.

Read more..

6 Criteria That Help You Separate the EMM “Sheep” from “Goats”

Sheep Versus Goats

My high school German teacher had a saying: &#rsquo;Midterm exams separate the sheep from the goats.&#rdquo; From a sheep-herder&#rsquo;s perspective, sheep are superior. I grew up in cattle country with little regard for the neighboring county&#rsquo;s sheep-herder population, but I still held onto the idea. Someday, I would understand its meaning. When I accepted a position to evaluate enterprise mobility management (EMM) products, I was reminded of Herr Samson&#rsquo;s words, and I wondered:

&#rsquo;How does one separate the EMM sheep from the goats?&#rdquo;

With the myriad of EMM solutions on the market today, it&#rsquo;s difficult to know how to recognize the leader in the flock. For the seventh consecutive year, the Gartner Magic Quadrant for EMM gave a nod to VMware Workspace ONE, the integrated platform powered by AirWatch unified endpoint management (UEM) technology. That&#rsquo;s all well and good, but how do I know the solution has everything my organization needs?

I asked the smartest technical people I could find in Canada, California, Georgia and Texas.

Together, we came up with a list of the top six EMM buying criteria for enabling a totally mobile workforce, with our own workforce being a great testing ground:

  1. Does the solution support all our use cases?
  2. Can it scale with our organization?
  3. Do I need a PhD to use it?
  4. Will it support our existing application vendors and future security providers?
  5. Does it include Windows 10 management capabilities?
  6. Will it help us troubleshoot issues with our devices?

See It for Yourself

We liked the idea so much, one of the engineers, Stan Hunter, created a demo video showcase Workspace ONE&#rsquo;s unique capabilities in addressing these criteria and why we like to use it so much ourselves.

Summary of Our Findings: 6 Selection Criteria for Enabling a Totally Mobile Workforce

1. Does the solution support our use cases?

Yep. Workspace ONE the most complete endpoint management solution on the market. No matter the use case, the vertical industry or the region of the world, Workspace ONE has the capabilities to meet your specific needs. Stan&#rsquo;s demo video shows a quick example of Workspace ONE accessing any app from any device by launching a native app from an iPad without requiring any added configuration.

Over the last 11 years, Workspace ONE grew to meet the needs of thousands of customers in all verticals and regions of the world. Customers often say, &#rsquo;you can grow into AirWatch (and Workspace ONE), but you can&#rsquo;t grow out of it.”

2. Can it scale with our organization?

Yep. Scaling means more than just adding compute power. It also means including the management chops to enable a large enterprise deployment. Workspace ONE has several layers of &#rsquo;multi-tenancy&#rdquo; for ease in separating disparate groups.

At its core, Workspace ONE offers a multi-tenant architecture by using organization groups. These groups can separate customers within a single instance or can separate business units or geographical regions within a single customer&#rsquo;s tenant. In addition to organization groups, Workspace ONE has smart groups.

Smart groups live inside an organization group and provide an additional layer of separation between devices and users. This allows administrators to easily apply profiles and applications to specific groups of users or devices—at scale and with ease.

3. Do I need a PhD to use it?

Nope. Workspace ONE&#rsquo;s administration console is an easy-to-use tool that provides admins with a best-in-class console to easily access its superior features and functions. The admin console also supports role-based administration, which provides the ability to restrict access for certain administrators or groups. Seeing is believing.

In his demo, Stan shows the powerful and easy-to-use Workspace ONE admin console. Industry curated templates make it easy for admins to rollout out industry-standard policies and apps to their users with a simple mouse click, among other time-saving capabilities.

4. Will it support our existing application vendors and future security providers?

Yep. Workspace ONE provides application security by integrating with application vendors and identity solutions to ensure users are properly authenticated in a quick and easy manner. Workspace ONE also provides conditional access to applications based on device posture.

Workspace ONE provides second-to-none integrations with third-party certificate authorities using both SCEP and direct API integrations. These integrations allow customers to distribute certificates to all device types and can be used in many authentication scenarios, such as Wi-Fi, VPN and email. Existing and future security vendor support is enabled with our open ecosystem and easy API access.

4. Does it include Windows 10 management capabilities?

Yep. VMware partnered with Microsoft to provide the most complete Windows 10 endpoint management solution on the market. Workspace ONE manages not only typical mobile device management (MDM) features, but also application deployment and Windows updates. It combines the management features of MDM with those of PC Lifecycle Management (PCLM) solutions to provide customers with a complete Windows 10 management solution.

5. Will it help us troubleshoot issues with our devices?

Yep. Workspace ONE provides administrators the ability to quickly and easily troubleshoot an individual device or groups of devices. Admins can add and remove device profiles and applications directly from a device without requiring the user to un-enroll and re-enroll the device. In addition, the console provides individual device events and targeted logging for enhanced troubleshooting.

Admins can also create custom reports about device status, application installation status, all from a single console.

There Is More

VMware partners with best-of-breed solutions to provide a complete security solution for mobile devices. Workspace ONE supports the VMware Mobile Security Alliance (MSA), the AppConfig Community and has a complete set of APIs.

Custom configuration of applications on devices has typically required a custom SDK or application wrapping—a process that requires application developers to create multiple versions of their application to support different EMM vendors. VMware created AppConfig to be a standard interface that takes advantage of features that are native to iOS and Android, making it easier for developers to create transportable apps.

Guess Who?

Stay tuned later this month for a detailed comparison report that shows which vendors we used for comparison in this exercise. Feel free to &#rsquo;guess who&#rdquo; in the comment section below, and sign up for our EUC Blog newsletter to get the alert when it is live.

Sheep It Is

After this evaluation, I could see the wisdom in Herr Samson&#rsquo;s philosophy. Like midterm exams, there are winners and losers.

Workspace ONE aced this group&#rsquo;s midterm test and easily made it into the sheep category above the rest. The team of experts who worked on this evaluation include: Stan Hunter, Leon Letto, Roger Deane, Josue Negron, Prab Kalra and Camilo Lotero.

Disclaimer

No sheep or goats were injured in the writing of this article and no biases are held by the author. Both species offer advantages. In doing research for this article, I learned Herr Samson&#rsquo;s reference comes from the Bible and feel compelled to add that this article has no religious affiliation

Hear first hand how leading companies empower the digital workspace for transformation during VMworld. Register for the EUC Showcase keynote to hear their stories, dive into brand new innovations and much more. Seats are going fast, so register today!

The post 6 Criteria That Help You Separate the EMM &#rsquo;Sheep&#rdquo; from &#rsquo;Goats&#rdquo; appeared first on VMware End-User Computing Blog.

Read more..

Is Standardization IT’s Friend or Foe—or Both?

Exploring Part I of the *New* Digital Workspace Story Map

Getting the Digital Workspace Story Map Straight

Here at VMware, we have talked about the digital workspace story for years. But if you put 10 people in a room and ask them what a digital workspace is or how to get there, you will get at least 25 very interesting and very different answers.

The Journey to the Digital Workspace Story Map

Many of us technologists jump right into an architectural discussion or show off a cool demo focusing on self-service access. Others might point to an app catalog. Still others talk about a &#rsquo;virtual workspace,&#rdquo; where their virtual desktop is their &#rsquo;digital workspace.&#rdquo; Of course, they are all wrong and they are all right. This makes discussions about what it takes to create a digital workspace extremely tough.

Recently, a team across VMware—from product managers and marketers to engineers, designers and professional services architects—sat down with some talented artists and storytellers to create a digital workspace &#rsquo;story map.&#rdquo; The goal of the story map was to replace reams of fluffy whitepapers and never-ending slide decks (I get to say that since I am one of those marketing types who create them). We wanted to foster a richly visual dialog about the journey to the digital workspace. No products. No technology. Just the journey itself.

We took these ideas to some of our best customers and partners, and it was amazing to hear the excitement in their voices. They too struggled to articulate their own vision of the digital workspace to colleagues and management. We took their feedback and further refined the story map into the image we are proud to share with you today.

In some ways, I am loathe to annotate the story. Like the MAD magazine cartoons some of us grew up with (sorry if that reference is beyond your years … wait, no, I&#rsquo;m not…) the discovery and the details are half the fun. If you also enjoy a good puzzle, STOP NOW! Take a look at this section of the story map yourself and draw your own conclusions. When you&#rsquo;re ready to proceed, READ ON!

Part 1 of the Digital Workspace Story: Is Standardization IT&#rsquo;s Friend or Foe—or Both?

Standardization is in the DNA of probably anyone in IT, learned from process-oriented organizations. The concept of interchangeable parts popularized by Eli Whitney in the production of guns and cotton gins allowed manufacturers to better specialize labor, reduce production costs and permit better serviceability of increasingly complex machines. It is no surprise that we want to apply the same logic to IT by supplying modern tools of production (namely apps and devices) to today&#rsquo;s workforce.

By waging war on variables, IT is better able to achieve economies of scale.

  • If an organization standardizes on laptops, three standards are better than five.
  • If an organization is looking at office productivity apps, one is better than three.
  • And on and on from there.

From a serviceability perspective, I get it. Why reimage a laptop over the network if I can pop the top, plug a fresh SSD into the slot that I just took off a drive burner and then button it back up?

In the digital workspace story map, we show this idea of standardization with the Beetles and station wagons clogged on the packed highway. Every user should look like either a Beetle or a station wagon; depending on their job role, they get the keys to their car. It might not be the car they would choose, but it&#rsquo;s reliable—or at least IT will be there to fix it with their stash of backup parts.

This does not mean standards are unimportant. It just means the standards we need to care about in 2017 changed. Instead of standardizing on apps and devices or even web browsers, we standardize on APIs and service level agreements (SLAs), which are the new production frameworks for the mobile-cloud world.

Regardless of the standards, culture and policies of nearly every company, executives, line-of-business leaders and rogue-but-well-meaning employees do not want a Beetle or a station wagon. They want different apps and different devices. No matter how much IT wants to support these users, their production line is not equipped, ultimately leading to shadow IT.

Keeping with the transportation theme, it is no accident that IT is out fixing the &#rsquo;IT budget&#rdquo; potholes in the road. Under the weight of our legacy systems and continued focus on devices as assets, an increasing portion of our shrinking budgets continue to be spent on keeping the road open and drivable.

We believe the status quo is unsustainable.

Application growth, device advancements driven by consumer technologies and the ever-increasing expectations of both users and line-of-business leaders will cause traffic jams an emergency pothole crew cannot clear. Like many modern transportation systems, building a bigger road or a new bridge is not enough. We must think differently about how to move people from one place to another … and where those people are going.

That sets the stage for where many of us our today. In the next blog, we will talk about the transition to a digital workspace, the IT initiatives laying the groundwork for next-generation infrastructure and how organizations can plan for transformative change.

See the Digital Workspace Vision for Yourself—Live & In Technicolor

Thinking about heading to VMworld? VMworld is now the leading-industry event for End-User Computing (EUC) with nearly 100 dedicated sessions and a must-see showcase keynote specifically about the digital workspace. If you have not registered yet, there is no time like the present! Click here to get started.

Already registered for VMworld U.S.? Here&#rsquo;s your Vegas to-do list:

  • Click here to dive into the &#rsquo;empower the digital workspace&#rdquo; session catalog.
  • Click here to claim your seat to the digital workspace showcase keynote. Hurry! Seats are selling out fast!
  • Click here to see the four EUC sessions all VMworld attendees should join.

Joining us in Barcelona? Here are the links to the top digital workspace content at VMworld Europe:

  • Digital workspace session catalog.
  • Digital workspace showcase keynote.

Hear first hand how leading companies empower the digital workspace for transformation during VMworld. Register for the EUC Showcase keynote to hear their stories, dive into brand new innovations and much more. Seats are going fast, so register today!

The post Is Standardization IT&#rsquo;s Friend or Foe—or Both? appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom

Categories