VMware Workspace ONE

Horizon Cloud Service with Hosted Infrastructure – July 2017 Technical Updates

There are several technical updates to the VMware Horizon Cloud Service with Hosted Infrastructure this quarter. The updates for this release focus on expanding capabilities from the initial release in February. VMware will contact all customers individually to schedule the upgrade of their tenant(s) to the new release (17.1). For more details on this release, see the Horizon Cloud with Hosted Infrastructure 17.1 Release Notes.

New Data Center Availability Added!

VMware is continuing its partnership with IBM to bring VMware Horizon Cloud Service to more regions. Since Februrary, we have added capabilities to host Horizon Cloud in the United Kingdom (May), Germany (June) and in California (July). We now have three data centers in the U.S., one in Japan, and two in Europe. The Horizon Cloud team will continueto add more data centers in the next few months. Stay tuned!

Native Applications with App Volumes Technology Is Generally Available

In February, we enabled a few select customers to use VMware App Volumes technology to create and leverage AppStacks in Horizon Cloud. This feature is now generally available to any customer who requests it. Note that add-on storage is required to use this feature. If you are a HorizonCloud customer and would like to use Native Applications powered by App Volumes technology, consult with your VMware sales team.

Smart Policies Support

You can now leverage Smart Policies in Horizon Cloud. Smart Policies allow you to have fine-grain control over a user&#rsquo;s desktop experience. You can dynamically enable, disable, or control access to user features in Horizon Cloud based on who the user is, and how they are accessing Horizon Cloud. Smart Policies were released as an integration between VMwareHorizon 7 and VMware User Environment Manager in 2016.

For example, with Smart Policies, an administrator can decide to disable access to USB devices or to cut-and-paste from within the Horizon Client if a user is attempting to access the HorizonCloud environment from an untrusted or external network. You can also dynamically control display-protocol configurations based on the type of device that is being used.

Smart Policies in Horizon Cloud work the same as they do in Horizon 7. VMware Senior Product Line Manager Aaron Black wrote an excellent blog post pointing out some great use cases for Smart Policies. If you want to try out Smart Policies in your Horizon Cloud deployment, download the Reviewers Guide for View in VMware Horizon 7: Smart Policies.

Windows Server 2016 Support

Horizon Cloud continues to provide support for customers wanting to use the latest editions of Windows operating systems. With this release, Horizon Cloud with Hosted Infrastructure now supports Windows Server 2016 for RDSH hosts and for skinned Windows Server based virtual desktops. For full details on OS support in Horizon Cloud with Hosted Infrastructure, see the Horizon Cloud with Hosted Infrastructure Service Description document, which can be found in the Horizon Cloud Service with Hosted Infrastructure Terms of Service page.

Horizon Virtualization Pack for Skype for Business Support

Full support for the Horizon® Virtualization Pack for Skype for Business isreleased for Windows clientswith Horizon Cloud. This solution enables customers to use Skype for Business within Horizon desktops to make optimized audio-video calls and telephony features using the native Skype client. Please note that this functionality is only available on VDI desktops today, but will be made available on RDSH desktops / apps in the future. Details on what features are supported with this release can be found in the release notes for Horizon 7.2.

Enhanced Troubleshooting Capabilities through Console Access (BETA)

We have added more troubleshooting features to the Horizon Air Console Access - HACA tool. HACA, which is currently in Beta,gives administrators direct access to individual desktop consoles for troubleshooting purposes. The tool has been enhanced to allow administratorsthe abilitytotroubleshootvirtual machines that get stuck during the Windows OS startup process, before the Horizon Agent starts.

Horizon Agent 7.2 / Client 4.5 Support

Horizon Cloud with Hosted Infrastructure supports the latest Horizon clients and agents. Organizations can take advantage of new feature enhancements in the latest clients including enhanced security with Blast Extreme with support of SHA-256 encryption. You can download the latest clients from the Horizon Clientdownload page.

The post Horizon Cloud Service with Hosted Infrastructure - July 2017 Technical Updates appeared first on VMware End-User Computing Blog.

Read more..

Gartner: VMware Scores Highest in 3 Use Cases

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit and to learn more about the Device Enrollment Program.


Read more..

Announcing the VMware Workspace ONE Dev Center on VMware {code}

Developers and app enthusiasts rejoice! We are excited to announce that VMware {code}&#rsquo;s latest addition: the VMware Workspace ONE Dev Center! VMware {code} will now host a wealth of ongoing developer focused content and support for Workspace ONE and VMware AirWatch unified endpoint management (UEM) and enterprise mobility management (EMM).

As we look at customer&#rsquo;s top-of-mind IT initiatives and trends, we consistently see a need for enabling employees with consumer simple and secure experiences that drive productivity. The Workspace ONE Dev Center helps enable enterprise developers to easily add enterprise security and management features and improve the mobile app experience.

Within the Workspace ONE Dev Center, developers will find in-depth overviews of how to securely integrate their enterprise mobile apps with Workspace ONE for:

  • Single sign-on (SSO);
  • Application passcode;
  • App tunneling;
  • Data leakage protection; and
  • More.

The resource section will include sample code, product updates, tutorials and other developer-friendly documentation updated on an ongoing basis.

Keeping Up with the Workspace ONE Developer Community

Our product teams consistently focus on making it easier for developers to build additional security, user experience enhancements and productivity workflows into enterprise mobile apps. The Workspace ONE Dev Center will have an ongoing blog series targeted toward developers, which will feature updates on releases, new sample code and tutorials, enterprise developer insights and more.

Get Involved: Join VMware {code} Alongside Nearly 3,800 Developers & Experts

VMware {code} has the fastest-growing developer community devoted to virtualization, cloud computing, DevOps and other topics. When you join VMware {code}, you have the opportunity to connect with VMware experts in the community and participate in outreach programs, including the VMware {code} Speaker Bureau. Sign up now.

Jump into the Conversation on Slack

Anyone who signs up for VMware {code} automatically receives a personal Slack invite within seconds. The VMware {code} communityalready has over 2,500 participants on Slack. Join todayand receive your personal Slack invite.

Want to learn more about Workspace ONE, our award-winning digital workspace solution? Simply click here to sign-up for a free hands-on lab.

Because you liked this blog:

  • Welcome to VMware: A New Hire’s True Story of Lost Luggage, Bug Registers & Workspace ONE
  • VMware Acquires Apteligent: Analytics for the Digital Workspace
  • Better Together: Workspace ONE & Office 365

The post Announcing the VMware Workspace ONE Dev Center on VMware {code} appeared first on VMware End-User Computing Blog.

Read more..

What’s New in VMware Horizon 7.2 and Horizon Client 4.5

We have just announced the general availability of VMware Horizon 7.2 and Horizon Client 4.5. This is a significant release for our flagship product, with improvements across the board—from scalability and user experience to deep technical innovations and improved policy controls. Let us dive straight in and highlight the key technical advances this release delivers.

Horizon 7.2

What&#rsquo;s New Highlights

Horizon Help Desk Tool
  • Provides user-session details for the Horizon 7 environment.
  • Single console for troubleshooting and solving user issues.
Workspace ONE mode
  • Forces using Workspace ONE when the client supports it.
  • Optionally blocks clients that do not support it.
Reuse AD account for instant-clone pool
  • Create a new computer account only if it does not exist.
Graphics settings from snapshot
  • SVGA settings / vGPU profile from master snapshot.
ADM template removal
  • Only ADMX in 7.2.
Increased scale
  • Pod , Cloud Pod Architecture, and Connection Server.
Storage improvements
  • Storage DRS cluster, storage policy-based management, encryption, local storage.

Horizon Help Desk Tool

The Horizon Help Desk Tool provides a tailored troubleshooting interface for the help desk that is installed by default on the Connection Servers. To access the Horizon Help Desk Tool, navigate to https:///helpdesk, where CS_FQDN is the fully qualified domain name of the Connection Server, or click the Help Desk button in the Horizon Administrator console.

The Horizon Help Desk Tool reduces workload for administrators and provides quick troubleshooting and metrics for the help desk.

The tool allows help desk staff to easily perform the following tasks on the user machine:

  • Restart, Logoff, Reset, and Disconnect
  • Remote Assistance
  • Send Message

You can obtain the following metrics for the client and virtual machine:

  • Client
    • Username
    • Client IP, Name, and OS
    • Protocol, TX Bandwidth, and Frame Rate
  • VM
    • Computer Name
    • Agent Version
    • Session State and State Duration, Logon Time and Duration, and Session Duration
    • CPU, Memory, Latency, and Logon Segments
    • Connection Server
    • Pool
    • vCenter

To get logon segments in the help-desk feature, you need to enable timingProfiler writes to the event database on each Connection Server:

vdmadmin -I -timingProfiler -enable

For detailed information on the Horizon Help Desk Tool, see the VMware blog post Help&#rsquo;s on the Way with the New VMware Horizon Help Desk Tool.

Watch this quick demo of the Horizon Help Desk Tool to see it in action:

Workspace ONE Mode

Workspace ONE mode secures access to Horizon 7 by allowing applications and desktops to launch only from Workspace ONE. This setting enforces access policies per application or per desktop. You enable Workspace ONE mode on the Connection Servers. When a user connects to a Workspace ONE mode-enabled server in Horizon Client, they are redirected to the Workspace ONE portal to launch desktops or applications, and the Horizon Client will no longer show other items that are available to launch. You also have the option to disable clients that do not support Workspace ONE mode.

See Workspace ONE mode in action in this short demo:

Reuse AD Account for Instant-Clone Pool

You can now rebuild a virtual machine in an instant clone and keep all machine assignments by reusing the computer account.

Graphics Settings from Snapshot

Instant-clone desktop pools inherit graphics settings from the vCenter Server parent-VM snapshot:

  • Memory
  • Number of monitors (with a new maximum of four)
  • Resolution

Just as with the SVGA settings, the vGPU profile for an instant-clone desktop pool is automatically selected when you select the snapshot of the vCenter Server parent VM.

All Active Directory Group Policy Templates Are Available as ADMX

All policy settings have been migrated to ADMX, and ADM is now deprecated and no longer included with Horizon 7. With all settings now in the ADMX templates, managing Horizon 7 is more streamlined and simpler than ever because now all templates can be placed in a central store, and no redundant copies need to be made into Sysvol.


Horizon 7.2 increases scalability for Cloud Pod Architecture deployments to now support up to 120,000 sessions across 12 View pods and five sites. Additionally, Horizon 7 can now support 4,000 desktops with a single VMware vCenter Server for linked-clone, full-clone and instant-clone deployments.

Local Storage Support for Instant Clones

You now have the option to use local storage as a low-cost storage tier for instant clones. However, for high-availability events, this requires careful pool capacity planning and adds complexity to vSphere host maintenance, which you would not have with vSAN.

Ability to Select Storage DRS Clusters for Full Clones

It is no longer required to select all storage devices belonging to a Storage DRS Cluster; you can now directly select the cluster for easier administration.

vSAN and Storage Policy-Based Management Improvements

Horizon 7.2 adds support for vSAN encryption and provides updated storage policy-based management for finer granularity.

Horizon Agent 7.2 for RDSH

What&#rsquo;s New Highlights

Smart Policies for applications
  • Extend support from desktop to remote applications.
Session pre-launch
  • Launch application on broker login.
  • Can be enabled per application.

Smart Policies for Applications

Smart Policies give administrators granular control of a user&#rsquo;s desktop experience. You can dynamically control a variety of Horizon 7 features based on user, device, and location. Horizon 7.2 now introduces Smart Policies for RDSH applications. Smart Policies for applications, together with tags, can control the behavior of published applications.

Following are client properties mapped to User Environment Manager properties:

Volatile Registry Key User Environment Manager Property Value
viewClient_Broker_GatewayLocation Client location Internal/External
viewClient_Launch_Matched_Tags Launch tag(s) Tags (comma)
viewClient_Launch_ID Pool name Pool ID

Edit the Connection Server settings to add a tag for a desktop pool. The tag can be any string value, for example, Internal or External.

Then, from User Environment Manager, create a Smart Policy and reference the tag name.

Or if you want this policy to apply only to specific applications, you can make the condition more specific, for example, only for applications that have Secure in their pool name:

But remember that the pool name that launched the session is evaluated at user-session launch time, so you cannot differentiate between applications on the same farm. If you want to differentiate, separate the applications with nonmatching settings into different farms and use OR to add all the applications to the conditions.

Session Pre-Launch

Administrators can configure a published application so that an application and remote desktop session are launched immediately after a user has authenticated to the Connection Server. When the user starts the session from Horizon Client, the session loads almost instantly. The pre-launch setting enables faster start times for frequently used applications. From the Horizon 7 Administrator console, you can configure pre-launch, as follows:

It is recommended to enable this option only for applications that the user will almost certainly use immediately after launching, to minimize unnecessary load on the farm. To further reduce impact, you can set a timeout for unused pre-launched applications, as follows:

To minimize impact even further, you can set a reasonable maximum amount of users, as determined by testing on the RDSH servers, and configure session load-balancing based on CPU and memory load, leaving enough headroom for boot storms.

For more information, see Configuring Load Balancing for RDS Hosts in View Administration.

Horizon Agent 7.2

What&#rsquo;s New Highlights

Recursive Unlock
  • Single unlock of the client device also unlocks the virtual desktop or published desktop.
USB over virtual channel
  • USB-redirection port consolidation.
HTML5 content redirection (beta)
  • Redirect HTML5 from agent to client.
Blast Extreme SHA-256
  • Upgraded to use the latest security algorithms.
Horizon Agent DX11
  • Complete rewrite of the D3D9 renderer.
Skype for Business GA
  • General availability.

Recursive Unlock

The Recursive Unlock feature unlocks all remote sessions after the client machine has been unlocked. After the user logs in to the server, remote sessions such as published applications, RDSH desktops, and Windows desktops are unlocked. This feature removes unnecessary authentication steps for the user.

Requirements for this feature include:

  • The Windows client device must be domain-joined
  • The user logging in to the client must be the same user logged in to the remote session
  • Enable the client setting Log in as current user
  • Enable the Group Policy setting Unlock remote sessions when the client machine is unlocked in ComputerPoliciesVMware Horizon Client ConfigurationSecurity.

USB over Virtual Channel

You can enable USB redirection without opening the firewall port 32111. USB over virtual channel allows USB over a side channel.

Configure this registry setting as follows:

  • Key path: HKEY_LOCAL_MACHINESOFTWAREVMware, Inc.VMware VDMAgentConfiguration
  • Key name: UsbVirtualChannelEnabled
  • Key value: true

HTML5 Redirection (Tech Preview)

The HTML5 redirection feature allows video content redirection for websites that do not use Adobe Flash Player. Benefits of this feature include reduced CPU usage and smoother video playback.

HTML5 redirection requires:

  • Windows 7 or Windows 10 Enterprise for the agent and client OS, with VMware Horizon 7 HTML5 redirection package (available by request)
  • Google Chrome 58 with extension, from Chrome Web Store
  • Setting URL lists in the registry, for example:






Note: Tech Preview features and capabilities arenot supported for production deployment. These features are available to test in a lab or UAT environment as a preview of potential upcoming innovations. You can provide feedback to improve these features throughVMware Communities.

Horizon Virtualization Pack for Skype for Business

Optimized audio and video calls are now possible with Skype for Business inside a virtual desktop without negatively affecting the virtual infrastructure and overloading the network. All media processing takes place on the client machine instead of in the virtual desktop during Skype audio and video calls. Using native Skype codecs, bandwidth usage is equivalent to native Skype for Business calls.

For detailed information on this feature, which is now generally available, see the VMware blog post VMware Horizon Virtualization Pack for Skype for Business (Beta) Is Now Available!.

Horizon Client 4.5

The Horizon Client has been updated, too, with availability of an XBox One Client in the Windows store, a new installer UI for Windows, dual-monitor support for HTML Access, SSO for RHEL/CentOS 7.x, and KDE and CDR support for Linux.

What&#rsquo;s New Highlights

For more information, see the Release Notes on the Horizon Clients Documentation page.

With all these great additions, it is easy to see why we are so excited about this release. We invite you to see it all yourself by visiting the Horizon 7.2 download page and the Horizon Clients download page.


The post What&#rsquo;s New in VMware Horizon 7.2 and Horizon Client 4.5 appeared first on VMware End-User Computing Blog.

Read more..

Announcing the Introduction to VMware Horizon 7 for Citrix Administrators

We are excited to announce the Introduction to VMware Horizon 7 for Citrix Administrators white paper. This guide is for Citrix administrators or anyone with a Citrix background who wants to learn about VMware Horizon 7. It offers a tour of Horizon 7, how the Citrix components map to a Horizon 7 deployment, and the steps to get you started in evaluating Horizon 7.

This guide covers some of the recent advances in Horizon 7, as well as how VMware JMP technologies deliver an enterprise-class, innovative solution. We also detail the key areas where Horizon 7 delivers a modern, enterprise-secure, and consumer-simple virtual desktop and application solution:

  • Enterprise-class application-publishing and virtual-desktop solution
  • Simple, fast, efficient management at scale
  • Consistent, adaptive user experience
  • Flexible, robust security

Did you know that Citrix XenApp and XenDesktop are very similar in architecture to VMware Horizon 7? Both solutions use a combination of connection brokers, web-based application catalogs, and RDSH or VDI servers to securely deliver virtual desktops and applications.

The following diagram compares the major Citrix XenApp and XenDesktop components to those of VMware Horizon 7.

For details on this diagram and more, download the Introduction to VMware Horizon 7 for Citrix Administrators now.

The post Announcing the Introduction to VMware Horizon 7 for Citrix Administrators appeared first on VMware End-User Computing Blog.

Read more..

Transform IT with VMware Workspace ONE

It’s an age of disruption, of shifting technologies, increasing competition and expanding security threats. Employees have become digital nomads, constantly seeking out new tools and technologies to work successfully from anywhere and demanding more choice and simplicity to compete in a fast-changing world. Each day brings new challenges and, for the organizations who adapt, new possibilities.

VMware Workspace ONE is the enterprise-secure platform that aligns with your business needs, transforming IT with:

  • One unified solution that breaks down traditional silos between technologies so you can deliver any application to any device,
  • One platform to easily manage and secure all your endpoints,
  • One common contextual policy framework and
  • One easy-to-use application catalog that empowers your users with flexible self-service functionality, customized to your business.

It is an age of disruption. Embrace the possibilities by transforming IT with Workspace ONE. To learn more, visit today.

The post Transform IT with VMware Workspace ONE appeared first on VMware End-User Computing Blog.

Read more..

One Device for On-the-Go Mobility & Desktop Productivity—Eliminate Compromise with VMware & Samsung

VMware Workspace ONE and VMware Horizon Client 4.5 are now available on the Google Play store. Both can be installed on Samsung Galaxy S8 and S8+ smartphones and used with Samsung DeX Station, which enables USB connectivity to peripherals.

The joint Samsung and VMware solution delivers a unified, digital workspace to keep end users productive. Users can seamlessly transition between their on-the-go mobile device and their full-size desk workspace that includes a monitor, mouse and keyboard.

With Samsung and VMware, end users can quickly move from mobile device to desktopfor continuous productivity at work.

Workspace ONE is a simple and secure enterprise platform for delivering and managing any application on the Galaxy S8 and S8+ smartphone. Integrating identity management, real-time application delivery and enterprise mobility management, Workspace ONE helps IT engage digital employees, reduce the threat of data leakage and modernize traditional operations for the mobile-cloud era.

With the Samsung DeX Station, end users can turn their Galaxy S8 or S8+ into a true PC experience. When docked at the DeX Station, Galaxy S8 and S8+ phones launch a special DeX mode on the connected, external monitor, and applications can be opened in multiple, separate windows. We recommend connecting a mouse, keyboard and Ethernet cable for added productivity.

With Workspace ONE and Horizon Client 4.5 installed on the device, DeX users can take advantage of on-the-go access to their Windows, mobile and cloud applications. Without compromising corporate security, this combination is an ideal choice for bring-your-own-device (BYOD) users.

Here&#rsquo;s an example of a Galaxy S8 running DeX mode on a monitor with a Horizon virtual desktop and Workspace ONE.

With Horizon, DeX users will also experience Blast Extreme adaptive transport for high-performing cloud applications and virtual desktops—right from Samsung Galaxy S8 and S8+ devices.

Meanwhile, users can easily multitask between their personal and corporate worlds and even take phone calls. While docked in the DeX Station, call functionality works seamlessly with a Bluetooth headset, without interrupting the desktop experience.

Organizations that want to test the Galaxy S8 or S8+ with Horizon and/or Workspace ONE can quickly sign up at VMware TestDrivefor End-User Computing. IT can conveniently access a free, cloud-based demo environment within minutes—without spinning up internal resources and/or infrastructure.

Go to VMware TestDrive

Learn More

  • See the announcement:Introducing New Samsung Galaxy S8 + VMware Workspace ONE
  • Read more from VentureBeat: Samsung&#rsquo;s DeX dock turns the Galaxy S8 into a PC
  • Watch a demo at KRON 4: Samsung&#rsquo;s Dex Turns Your Phone into a Work or Home Computer

The post One Device for On-the-Go Mobility & Desktop Productivity—Eliminate Compromise with VMware & Samsung appeared first on VMware End-User Computing Blog.

Read more..

VMware Mirage Speeds Windows 10 Migration for Physical PCs

You&#rsquo;ve decided that Windows 10 is in your future. Maybe you&#rsquo;ve even got designs on what that future should look like. But how do you get there? How do you move your legacy XP machines? How do you move your 32-bit Windows 7 machines?

Your existing PC estate is vast, complex and interlinked. Regardless of how amazing you are as an administrator, it contains many unknowns and &#rsquo;gotchas&#rdquo; that have been burned into the images and control scripts by countless admins before you.

VMware can help. We have a sophisticated portfolio of tools that can help you break your problem into discrete, manageable tasks.

  • We have VMware User Environment Manager, which can decouple the PC from its user data, bloated profiles and help you tackle your unmaintainable logon scripts.
  • We have VMware App Volumes, which ring fences your applications, including the user-installed ones, and packages them for dynamic delivery to whole groups of people in a single click.
  • We have VMware Horizon 7, which can deliver the entire Windows experience dynamically to any device of your users&#rsquo; choosing.
  • We have VMware AirWatch, which is probably the most scalable and flexible way anyone can manage remote devices—be they phones, laptops or whatever.
  • And finally, we have VMware Workspace ONE, a single solution that brings all these tools together in one framework to help you realize your future Windows designs.

So how exactly do you complete the one-time operation of moving what you physically have, to what you want—virtual or otherwise? The answer is VMware Mirage.

Migrating to Windows 10 with Mirage

Mirage streamlines the two most common migration approaches: 1) upgrading an existing Windows device, in place, to Windows 10 or 2) migrating a user&#rsquo;s profile and files in a hardware-refresh process from their previous device to a new one.

When performing an in-place upgrade, you can deploy a Windows 10 base layer (with Win10-compatible apps already built in) to a collection of users. That base layer will upgrade the local operating system (OS) to Windows 10, but it will not delete or overwrite the users&#rsquo; personal files or profile. This approach greatly reduces the time you have to spend getting users back up and running, and it greatly reduces downtime.

When leveraging a hardware refresh cycle, you can seamlessly migrate all the users&#rsquo; personal files and profile from the old devices over to the new Windows 10 devices.

In addition, Mirage takes a full snapshot of the original Windows system before the migration begins. Should a failure occur on any endpoint during the migration, the user can be quickly restored to their previous system, without downtime or fire drills.

Read More

Read more about how renting Mirage for six months can fast track your Windows 10 adoption.

Try It

VMware offers an extensive library of online tools so you can experience our products without installing the software. Try the Windows 10 Mirage Migration Hands-on Lab #1753 today.

The post VMware Mirage Speeds Windows 10 Migration for Physical PCs appeared first on VMware End-User Computing Blog.

Read more..

Driving Toward a Digital Workspace? 6 Reasons to Attend vForum Online Summer 2017 (With 2 Bonuses)

Thanks to the modern workforce, Software-as-a-Service (SaaS) apps and mobile workflows, traditional ways of managing and securing users, apps and devices (and all that associated data) are starting to show some cracks in effectiveness. While this presents a challenge for IT, it also presents an opportunity—out with the old, in with the new.

For many IT departments, now is the time to progress toward a digital workspace. With an ideal digital workspace solution in place, IT gains the simple, secure infrastructure needed to deliver the apps and data teams need across any work device—as well as an application delivery platform that handles both native and cloud applications.

To learn how, register to join vForum Online on June 28. In this free, half-day event—our largest online conference—you&#rsquo;ll get what you need to take the first steps on the path to a modern, digital workspace, right from the convenience of your desk.

If you&#rsquo;ve attended previous vForum Online conferences, you&#rsquo;ll see this one is a little different. We&#rsquo;ve broken it down into specific, goal-oriented tracks so you can more easily pursue a specific aim. But whether you&#rsquo;re returning or just starting out at vForum, you simply cannot miss this opportunity to enhance your IT expertise.

Need a reason to register? Here are six—with two special bonus reasons:

  1. Discover ThreeWays to Start Your Transformation:What does it take to migrate to a new workspace that actually works? In our breakout session, &#rsquo;Empowering the Digital Workspace: ThreeKey Initiatives for Moving to a Digital Workspace,&#rdquo; you&#rsquo;ll see how the four pieces of the workspace puzzle fit together. One of them is to virtualize desktops and apps. Know what the other three are?
  1. Then, Have Your Big Questions Answered:Questions, comments or high-level concerns you have about moving to a digital workspace? Ask a VMware pro. In one of our Chats with Experts on the digital workspace, you&#rsquo;ll talk live and get your issues resolved right on the spot.
  1. See How to Simplify App and Access Management:If you&#rsquo;re looking to give your teams a smarter, more reliable way to do mobile work—without compromising on security—the &#rsquo;Putting the User First: Simplify App and Access Management&#rdquo; breakout session is one vForum Online talk you need to hear.
  1. Take the Mystery out of Managing Mobile Devices:Just beginning to manage mobile devices? Without a helpful, interactive guide, enterprise mobility management (EMM) and mobile device management (MDM) can seem a little confusing. In our &#rsquo;Introduction to VMware AirWatch&#rdquo; Hands-on Lab, you&#rsquo;ll log in to the AirWatchconsole as an admin to write a policy, then enroll a device into your newly configured environment.
  1. Gain a Guide to Windows Endpoint Management:Know how the VMware digital workspace platform allows IT teams to manage Windows 10 PCs—wherever they are, and however they&#rsquo;re owned? You will. Start in the breakout session, &#rsquo;Modernizing Windows Endpoint Management: Leveraging Windows 10 and Cloud-Based Management,&#rdquo; and then head to related Chat, where you&#rsquo;ll be able to discuss things in more detail with a VMware expert.
  1. Do a Deep Dive on the Digital Workspace:In the demo, &#rsquo;VMware AirWatch: Workspace ONE, Single Sign-on and VMware Identity Manager,&#rdquo; you&#rsquo;ll walk through the latest on the VMware Workspace ONE solution. Then, you&#rsquo;ll configure its integration with AirWatch to enable single sign-on (SSO) from any device to any application, thanks to VMware vCenterSSO.
  1. BONUS #1: Hear From Our CEO:Ever wonder what&#rsquo;s on the mind of our distinguished CEO Pat Gelsinger? Now, you have a special chance to find out for yourself. vForum Online Summer 2017 kicks off with his keynote, entitled &#rsquo;5 Myths of IT.&#rdquo; In it, Pat will challenge some conventional (but questionable) IT wisdom as he shares hispersonal perspective. You won&#rsquo;t want to miss this.
  1. BONUS #2: Win a Cool Prize:Learn something new; win something new. We&#rsquo;re handing out some awesome prizes to several lucky attendees of vForum Online, like an Oculus Rift VR headset, a voice-controlled Amazon Echo speaker and so much more. Will you win a prize?

The big day is quicklyapproaching, and we hope to see you there. But first things first:Register for the June 28 vForum Online today.

The post Driving Toward a Digital Workspace? 6 Reasons to Attend vForum Online Summer 2017 (With 2 Bonuses) appeared first on VMware End-User Computing Blog.

Read more..

Don’t Leave Holes in Your Office 365 Security Strategy

Secure every access point to Microsoft Office 365 emails and data with VMware Workspace ONE.

If your organization is like most, you&#rsquo;re either using Microsoft Office 365 or thinking about an Office 365 implementation. Since the data and email in Office 365 are vital to your business, you&#rsquo;ve probably thought through how to protect Office 365 with application access control policies. You need to ensure, however, that your policies protect all apps with access to Office 365.

Imagine that one of your end users goes to visit family for the holidays. While at her parent&#rsquo;s house, she borrows her father&#rsquo;s laptop to check work emails. Although you require multi-factor authentication (MFA) for access to Office 365, she logs into Outlook 2010 using nothing more than a username and password. Outlook downloads her mailbox, she checks her email, and after a few days, she returns home.

All her emails, however, stay on the laptop. That data is out of her control and out of IT&#rsquo;s control, creating data loss risks if the laptop is sold, lost or compromised with malware. How did your user (unwittingly) bypass your conditional access rules, and what can you do to protect your data and email?

In this blog post, we&#rsquo;ll cover how this data leak occurred, and how VMware Workspace ONE allows you to avoid similar Office 365 data losses and security holes.

Applying Access Policies to Office 365 Authentication Methods

To understand how your user bypassed your MFA requirement, you have to understand that Office 365 supports two ways to log users in: Modern authentication and legacy username/password authentication. In the example above, your user logged in with a legacy username/password client, accidentally bypassing the policies you created to protect Office 365.

To control access to Office 365 emails and data no matter what client your user chooses, you need a solution such as Workspace ONE that protects both authentication methods. Although many Office 365 client apps use newer modern authentication, older Office 365 apps, Android and iOS native mail (using ActiveSync), and third-party Office 365 apps (such as Thunderbird) use legacy username/password authentication.

Protecting both authentication types is vital for most organizations. Workspace ONE controls access to Office 365 no matter which client app a user chooses with policies based on group, network range, device type or OS and more.

Modern vs. Legacy Authentication

Here&#rsquo;s how to tell the difference Office 365 modern authentication and legacy username/password authentication:

Modern Authentication

If the end user is redirected to an IDP in a browser, it&#rsquo;s modern authentication.

Microsoft modern authentication redirects the end user in a browser from the Office 365 app to an identity provider (IdP), such as Workspace ONE, to authenticate. Modern authentication takes advantage of Microsoft&#rsquo;s Azure Active Directory Authentication Libraries (ADAL). For more details on modern authentication, see Microsoft&#rsquo;s summary here.

This is modern authentication. The user is redirected to Workspace ONE in a browser.

Legacy Authentication

If the end user enters credentials into the client&#rsquo;s UI (and there&#rsquo;s no redirection to an IDP), it&#rsquo;s legacy username/password authentication.

In username/password authentication, the Office 365 client collects a username and password in its own UI (rather than sending the user to an IDP in a browser). Because the user enters their credentials into the client rather than using standard browser single sign-on (SSO), legacy username/password authentication doesn&#rsquo;t support advanced features such as MFA or VMware mobile SSO. Microsoft sometimes calls legacy username/password authentication by a more specific name such as basic authentication or the Microsoft Online Services Sign-In Assistant.

This is legacy username/password authentication. The user enters credentials directly into the client UI—there&#rsquo;s no browser redirect to Workspace ONE or another IDP.

Many identity solutions can only protect access to Office 365 for clients using modern authentication. Workspace ONE protects access to Office 365 without requiring additional products or servers, no matter what client a user chooses.

Use Cases for Controlling Access to Office 365

Because modern authentication supports MFA, certificate authentication, VMware mobile SSO and all other standard authentication features of Workspace ONE, organizations have fine-grained control over how they allow access for Office 365 clients using modern authentication.

Controlling legacy username/password clients, on the other hand, is tricky. Because legacy username/password clients only support one authentication method (username and password), organizations can&#rsquo;t rely on the enhanced security of MFA, VMware mobile SSO or other authentication features. Instead, many organizations take the following approaches:

  • Allow legacy username/password access to Office 365 for mobile email only. In this approach, an organization could block legacy username/password access to Office 365 apps and data for all apps and add an exception for native mobile email clients that use Exchange ActiveSync. This approach works well with the mobile email management features in Workspace ONE. Many organizations choose this path because Exchange ActiveSync clients don&#rsquo;t download the user&#rsquo;s entire mailbox, reducing the risk of data loss. Your organization can also choose to limit mobile email access to the extra-secure VMware Boxer app.


  • Allow legacy username/password access to Office 365 only under more secure conditions. Because legacy username/password clients such as Thunderbird or older versions of Office don&#rsquo;t support MFA, some organizations want to limit these clients to only connect to Office 365 under more secure circumstances. For example, you might only allow Thunderbird on your corporate network to ensure users are not downloading their mailboxes on multiple computers. This approach can reduce the risk of data loss.
  • Allow legacy username/password access only for specific users or groups. Organizations may want to limit which users can connect to Office 365. For example, IT could block retail employees from accessing mobile email while they are offsite.
  • Block all access to Office 365 for username/password clients. Some organizations want to ensure all users access Office 365 with MFA, mobile SSO or other secure methods. Because modern authentication supports these methods but legacy username/password authentication does not, these organizations should block username/password client apps. Users will still be able to access Office 365 through Office 2016 apps (or Office 2013 apps, if they are configured correctly).

Workspace ONE & Office 365

Workspace ONE makes securing and deploying Office 365 easier, with industry-leading enterprise mobility management (EMM) to keep your devices and users safe. Learn more about how Workspace ONE protects Office 365, while providing end users with consumer-level ease of use. Visit, or contact your VMware account representative for more details.

Because you liked this post:

  • Better Together: VMware Workspace ONE & Office 365
  • Enable Consumer Simple, Secure Access to Office 365 with New VMware Workspace ONE Enhancements
  • VMware Named a Leader in Gartner Magic Quadrant for Enterprise Mobility Management (EMM)

The post Don&#rsquo;t Leave Holes in Your Office 365 Security Strategy appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom