These materials are © 2016 John Wiley & Sons, Inc. Any … · These materials are 1 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited

These materials are © 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.

www.vmware.com


by Pam Takahama, Josue Fontanez, and

Tricia Stream

Secure Digital Workspace

VMware Special Edition


Secure Digital Workspace For Dummies®, VMware Special EditionPublished by John Wiley & Sons, Inc. 111 River St. Hoboken, NJ 07030‐5774 www.wiley.com

Copyright © 2016 by John Wiley & Sons, Inc., Hoboken, New Jersey

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax (201) 748‐6008, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

ISBN 978‐1‐119‐34128‐4 (pbk); ISBN 978‐1‐119‐34138‐3 (ebk)

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

For general information on our other products and services, or how to create a custom For Dummies book for your business or organization, please contact our Business Development Department in the U.S. at 877‐409‐4177, contact [email protected], or visit www.wiley.com/go/custompub. For information about licensing the For Dummies brand for products or services, contact BrandedRights&[email protected].

Publisher’s AcknowledgmentsSome of the people who helped bring this book to market include the following:

Development Editor: Elizabeth Kuball

Copy Editor: Elizabeth Kuball

Acquisitions Editor: Katie Mohr

Editorial Manager: Rev Mengle

Business Development Representative: Karen Hattan

Production Editor: Antony Sami

Special Help: Karen Logsdon Landwehr

http://www.wiley.com

http://www.wiley.com/go/permissions

mailto:[email protected]

http://www.wiley.com/go/custompub

http://www.wiley.com/go/custompub

mailto:BrandedRights&[email protected]


Introduction

T here’s no denying it. Technology is changing traditional work styles and the way businesses across industries

manage systems. Meeting the computing needs of a single employee today is equivalent to meeting the needs of many.

A majority of employees require access across a range of devices — desktop PCs, terminals, tablets, laptops, smart-phones, and more. In some places, workers need web‐ or cloud‐based applications; in others, they also must have corporate application and email access. Then there are the networks. Should you provide full or partial access? Well, it depends. . . .

Employees want a seamless experience across personal devices, as well as corporate‐owned devices, without IT configuration hassles. They also want to be confident that a secure divide exists between their personal and work data — in other words, Big Brother isn’t watching! The same with applications — from legacy to native mobile and cloud to vir-tual. Workers don’t care how these applications get delivered, but they do care that every application they need is available when they need it.

How can your business support new identity‐defined work-spaces across a variety of users — retail store associates checking inventory on a PC and a smartphone, hospital cli-nicians entering test results into a mobile workstation and an iPad, or financial advisors placing trades from Android devices and laptops?

The answer is the digital workspace.

The digital workspace empowers employees with secure, remote access to corporate resources from any device. The benefit of this approach to managing identities, applications, and data (even sensitive customer data) across devices is that it solves for nearly every combination of user, device, and

Secure Digital Workspace For Dummies, VMware Special Edition 2


application imaginable: bring your own device (BYOD), out‐ of‐the‐box configuration over the air, shared workspaces, one application, many applications, and more.

A modern, integrated IT solution, the digital workspace relies on policies, identity management, the cloud, and mobile technologies to enable secure remote access to services that follow users across devices and locations. This broadens the reach of the traditional client‐server‐based computing model (with applications, workloads, and users tightly intertwined with physical hardware) of yesteryear.

The digital workspace changes the game by delivering the policy‐defined resources workers need — anytime, anywhere — on the devices they carry to improve service delivery, customer engagement, and productivity, while driv-ing operational efficiency. Keep reading if you want to know how the digital workspace is transforming your industry.

About This BookThis book provides a starting point for line‐of‐business lead-ers, technology decision makers, and IT administrators look-ing for best practices and tips about how to securely enable mobile employees with the digital workspace.

For the sake of context and continuity, here are a few defini-tions of terms we use throughout this book:

✓ Mobility: The functionality that enables users to access information remotely

✓ End‐user computing (EUC): A computing approach focused on the experience of the end user in the comput-ing environment

✓ Workspace: The attributes that make up a user’s work environment, including physical location, applications, and devices

We’ve tried hard to provide specific examples across indus-tries but if you don’t find one that exactly matches, it doesn’t mean the digital workspace doesn’t support that area.

Introduction 3


Foolish AssumptionsMost assumptions are foolish, but we’ll assume a few things nonetheless:

✓ You have a strong working knowledge of IT, including desktop and application management.

✓ You’re part of a business that relies on employees con-ducting critical functions on the go, or an organization that can benefit from mobile access to work resources.

✓ You’re a chief information officer (CIO), chief technology officer (CTO), chief information security officer (CISO), chief security officer (CSO), department head, IT man-ager, information architect, engineer, or other senior leader evaluating strategies and solutions that empower employees and improve customer engagement.

Whether you have digital expertise or not, we suspect you’ll learn a few more things about designing a secure digital workspace!

Icons Used in This BookThroughout this book, we occasionally use special icons to call attention to important information. Here’s what to expect:

This icon points out information that should be etched into your gray matter.

This icon explains the jargon beneath the jargon and is the stuff nerds love!

These tips are helpful suggestions and useful nuggets of information.

Heed this icon if you want to save some time and frustration!



Beyond the BookIf you’re looking for more information, visit www.vmware.com/products/digital‐workspace, or test drive the digital workspace at https://portal.vmwdemo.com/session/new.

http://www.vmware.com/products/digital-workspace

http://www.vmware.com/products/digital-workspace

https://portal.vmwdemo.com/session/new

https://portal.vmwdemo.com/session/new


Mobile, Your WayIn This Chapter

▶▶ Defining the digital workspace

▶▶ Identifying why you should adopt the digital workspace

▶▶ Embracing IT’s role as change agent

“Y es, we can help!” That’s what every IT organization today should be telling its end users — regardless of

where, when, and how they work. However, the reality across industries is that too many IT teams say “no” when lines of business ask because their enterprises still rely on legacy applications and desktop infrastructure, which are expensive to maintain, complex to manage, and difficult to secure.

Fortunately, innovations in end-user computing (EUC) tech-nologies make the possibility of a mobile workforce more secure, affordable, and achievable than ever. The digital work-space provides businesses with increasing opportunities to enhance employee productivity, interactions, and efficiencies in traditional offices, on retail floors, in emergency rooms, at call centers, in cockpits, in machine shops, and just about anywhere else business takes place.

Introducing the New IT ModelAs work dynamics shift to anytime, anywhere computing, business leaders across industries are intrigued by the pos-sibilities of a new IT model that transforms core processes, drives mobile workflows, and deepens engagement by unify-ing application delivery, identity, access, and policy manage-ment for all employees and all their devices. This new IT model is powered by the secure digital workspace.

Chapter 1



The secure digital workspace is consumer simple and enter-prise secure. It covers the full spectrum of employee and device‐enablement options — from completely unmanaged, browser‐based onboarding of end‐users using personal devices to enablement of fully managed corporate devices. It integrates desktop, application, identity, and enterprise mobility management to deliver complete workforce mobility. The secure digital workspace is a combination of EUC technol-ogies and virtualization powered by the software‐defined data center. It moves BYOD computing away from being a separate strategy to becoming the basis for all services. The result is an identity‐defined workplace that is available any time, across any device, with a single sign‐on (SSO) experience.

Table 1‐1 illustrates some of the ways the digital workspace is igniting transformation across industries.

Table 1-1 The Digital Workspace across IndustriesIndustry Challenge IT Transformation with the Digital

Workspace

Healthcare Improving patient outcomes

Doctors and other caregivers gain secure, real‐time views into X‐rays and charts with SSO capabilities from any location, no matter what device they use.

Retail Driving customer engagement

Associates have real‐time prod-uct and inventory information at their fingertips, as well as the ability to check out a customer from anywhere in the store from a secured corporate‐owned or BYOD smartphone.

Financial services

Improving customer ser-vice and bank operations

Wealth managers provide bet-ter customer service with secure access on tablets to the applica-tions and data they need, while IT teams remotely manage branch ATMs.

Manufacturing Increasing efficiency

Internal designers and third‐party suppliers collaborate securely with high‐performance, remote access to 3D models.

Chapter 1: Mobile, Your Way 7


Understanding Digital Workspace Adoption

Although desired outcomes differ across industries, there are five common business motivations for implementing the digi-tal workspace:

✓ To gain competitive advantage by improving efficiency and service delivery: Business leaders need a secure and powerful platform on which to build and rebuild business processes that enable more effective mobile workforces to compete in marketplaces.

✓ To protect brand and reputation by increasing cyber-security and compliance: As cyberattacks, malware (including ransomware) distribution, and other threats multiply across the computing landscape, IT teams using traditional desktop and application management tools can’t detect, remediate, and protect against data breaches fast enough.

✓ To modernize IT infrastructure to reduce capital and operational expenditures: Many businesses operate on inflexible legacy infrastructure that can’t keep up with a mobile cloud ecosystem composed of many device types, platforms, users, and applications. Access to data in computing silos, combined with traditional, cumbersome IT management, impede innovation and increase total cost of ownership (TCO).

Industry Challenge IT Transformation with the Digital Workspace

Government Meeting mission objectives

Field‐based employees access forms and other resources to improve productivity, while emer-gency workers increase situational awareness with maps delivered on BYOD or agency‐owned devices.

Education Enabling limit-less learning

Students enjoy anytime, anywhere learning, and educators advance teaching models with virtual labs hosted in public or private clouds, ensuring digital equality.



✓ To improve access to resources, reducing attrition and increasing productivity among all end‐user types (even IT): Businesses with extremely diverse workforces — retail associates, physicians, bank tellers, for example — can transform operations, service delivery, and employee morale by improving mobile access to resources. Yet enterprises today struggle with how to manage security across disparate applications, logins, devices, and users.

✓ To eliminate downtime to achieve disaster recovery and continuity of operations goals: Without high avail-ability and secure remote access to critical resources across devices and locations, organizations face planned and unplanned downtime challenges.

Seeing IT as a Change AgentPerceptions of the role of IT have changed significantly in recent years. Many business peers now view IT as an enabler of innovation, merging business priorities with technologies to achieve dramatic security, operational, and efficiency gains.

IT is uniquely positioned to drive the digital workspace agenda because the EUC platform is designed around the concepts of identity management and self‐service — where

University Hospitals enables mobile clinical workflows

University Hospitals (UH) in Cleveland is removing obstacles to patient care by reducing the time clinicians — doctors, nurses, techs, or other staff members — spend on frustrating computer logins and data re‐entry. UH is using desktop virtualization with SSO technology to enable clini-

cians to securely access informa-tion on any workstation, streamline workflows, and redirect wasted time to precious patient care. Faster pro-cesses help clinicians provide better care with fewer mistakes leading to adverse effects, which can literally be lifesaving.

Chapter 1: Mobile, Your Way 9


services are delivered in a contextual experience. This means that it isn’t simply about any application on any device with a common policy, but instead, IT teams can use the digital workspace to make risk‐based decisions about what applica-tions employees should be able to access based on the device they happen to be using at the time, and a whole host of con-ditions from location to device posture.

If you’re in IT, you have the opportunity to become the digital workspace change agent!

Change agents are responsible for delivering the vision of the digital workspace to various internal constituents (for exam-ple, executives, front‐line managers, and end users). With a thorough understanding of the organization’s readiness, they can articulate the value of the digital workspace across departments and job functions, addressing its benefits from all angles, including service delivery, efficiency, user satisfac-tion, security, and cost avoidance.

No matter your industry, change agents can catalyze business engagement and productivity by asking the following ques-tions designed to start the digital workspace revolution:

✓ Healthcare: What impact would reducing clinician log‐in times across workspaces have on patient care?

✓ Retail: Would improving in‐store experiences, satisfac-tion, and loyalty, while better safeguarding data across networks, applications, and devices increase sales?

✓ Financial services: Would improving data delivery and speeding transactions without compromising data secu-rity help attract customers (even millennials) to your business?

✓ Manufacturing: What competitive advantages could you gain by eliminating IT upgrade or disaster downtime?

✓ Government: How much closer would your agency be to achieving mission goals and improving service delivery if personnel had anywhere, anytime access to information?

✓ Education: How would increasing education accessibility, affordability, and quality while finding innovative ways to enhance learning benefit your school?



As you prioritize which business challenges and user pains to solve first, keep in mind that moving to the digital workspace is a journey that may encompass several phases. This book outlines best practices that have consistently shown quality results across digital workspace projects.


Planning the Digital Workspace

In This Chapter▶▶ Creating your digital workspace strategy

▶▶ Building a framework

▶▶ Outlining the opportunities

P lanning, architecting, deploying, and securing funding for the digital workspace is unique to each industry

and business, and it requires breaking through the legacy IT system investment cycle.

Developing Your StrategyWhen planning your digital workspace strategy, aligning with business as well as cross‐departmental goals, objectives, and key performance indicators (KPIs) is imperative. Consistently reviewing quantifiable digital workspace KPIs — such as reductions in personnel attrition, refresh costs, monthly data center costs, service desk incidents, application deployment time, and data theft from devices — against plans and refining strategies is a must.

Although deploying the digital workspace as quickly as pos-sible may be a primary goal, organizations should be sure to invest time upfront considering which policies, guidelines, and processes will govern ongoing operations, investments, standards, and management.

Chapter 2



Unfortunately, many IT organizations adhere to a fix‐as‐it‐breaks approach, reacting to business demands with piecemeal mobility tools. This is ineffective because IT can’t accurately prioritize and forecast long‐term digital projects.

Assessing your current stateGreat things start from humble beginnings. The first step in any digital workspace strategy is for change agents to assess what is working well and what can be improved (in other words, identifying major pain points).

Begin by surveying everyone expected to be impacted by the digital workspace — employees across executive, operational, technical, and end‐user roles. A diverse group of voices, knowledge, and experience will help guide your digital work-space requirements.

Ask people‐, process‐, and technology‐related questions. Discuss current IT challenges and the consequences of main-taining the status quo as you outline the operational benefits of the digital workspace. Identify all the foreseeable mobility needs of your organization during this discovery phase and prioritize cycles relative to budget, goals, and feasibility. For example, examine what has and has not worked with an exist-ing BYOD strategy.

When your survey is complete, assess the data and draw con-clusions. Identify key themes that work as starting points for formulating your digital workspace goals.

What’s next in BYOD?Across industries, IT teams have struggled to adopt BYOD initiatives. The digital workspace eliminates the need to institute a separate BYOD strategy. Instead, it unifies applica-tion delivery, identity, access, and policy management for all employees

and all their devices — both BYOD and corporate‐owned devices. This containerized approach separates the management of business and per-sonal data while enforcing specific data‐loss prevention controls.

Chapter 2: Planning the Digital Workspace 13


Identifying resourcesThe journey may be new to you, but it isn’t new to others. Seek out guidance from experts based on their experience with and in‐depth knowledge of key digital workspace technologies.

Talk with third-party advisors, colleagues in other depart-ments, and peers in other industries. Many organizations are deploying identity access management (IAM), enterprise mobility management (EMM), and virtual desktop infrastruc-ture (VDI) solutions to solve challenges similar to yours (for example, data security, IT management, and user mobility).

Researching starter projectsThere is no sense in reinventing the wheel. Leverage your resources to understand more about digital workspace projects. Regardless of your industry, the following digital workspace projects can apply to you:

✓ Speeding Windows operating system (OS), BlackBerry, and application migration

✓ Strengthening data security and compliance across users, applications, and devices

✓ Enabling secure content collaboration and file sharing on mobile devices

✓ Improving desktop and application management

✓ Managing mobile devices across the organization

✓ Enabling single sign‐on (SSO) to any application from any device

✓ Modernizing IT infrastructure

✓ Maximizing operational efficiencies in a budget‐ constrained environment

If you’re in healthcare, the following projects are also worth your time:

✓ Optimizing workflows for shared clinical workstations

✓ Enabling mobile clinical workflows

✓ Improving patient engagement through mobile devices



In retail, these digital workspace projects are also valuable:

✓ Enhancing customer engagement with mobile devices

✓ Modernizing retail IT operations

✓ Empowering employees anytime, anywhere, using any device

In the financial services industry, the following projects are also options:

✓ Transforming bank operations and gaining operational efficiencies

✓ Improving employee productivity and customer experi-ence with mobile workflows

✓ Supporting business continuity with high availability of services

In manufacturing, also look at the following:

✓ Enabling mobile access to company resources

✓ Providing an anytime, anywhere, any device 3D workspace

✓ Delivering a powerful, consistent end‐user experience

In government, also consider the following digital workspace projects:

✓ Providing field workers with secure mobile access to data and apps

✓ Enabling mobile access to government resources

✓ Achieving continuity of operations (COOP) and disaster recovery (DR) goals for all employees

And finally, in education, the following digital workspace proj-ects also are worthwhile:

✓ Securely supporting BYOD to fit student and faculty work styles

✓ Delivering a powerful, consistent campus computing experience



✓ Enabling an anytime, anywhere, any device computer lab in the cloud

✓ Supporting equal access to digital learning environment for students

✓ Aligning with school policies and complying with govern-ment mandates

✓ Supporting new mobile teaching models

Choosing technologiesComprehensive digital workspace planning also includes iden-tifying the right technologies to deliver desired business out-comes. The digital workspace integrates identity, application, and mobility management and features virtualization. You need to know how each of the components works individually and together to enable authorized end users to access what they need, when they need it, while keeping IT in control.

Forget “rip and replace.” A key benefit of the digital work-space is the ability to leverage your existing technology investments, including legacy applications and infrastructure.

Effective cloud infrastructure and business mobility solutions break the bonds that tie IT systems and end‐user environ-ments to physical hardware, providing both IT and the busi-ness greater efficiency, agility, and control.

A critical piece to integrating digital workspace technologies is an identity management solution that enables any end user to use a single set of credentials to access the resources he or she needs to do the job at hand. When evaluating vendors, be sure that the solution allows seamless access to any type of application: web, native mobile, modern Windows applica-tions, legacy Windows applications, and virtualized applica-tions with an SSO experience. IT should also be able to set up fine‐grained controls that limit or block access based on cri-teria that include device type, network location, and whether the device is jailbroken or rooted.

It’s also imperative to choose an EMM technology that can manage and secure the proliferation of data, applications, users, and devices in today’s mobile work environment.



Building Your FrameworkThe digital workspace blurs the boundary between work style and workspace to deliver unified and consistent access to work programs and applications across device types and loca-tions. Understanding your users, as well as what applications and devices they prefer (and require), is critical to digital workspace deployment success.

Recognizing common groupsAt the end of the day, the digital workspace is about people. It’s about how they work (work style) and where they work (workspace). Your business could conceivably consist of hun-dreds of different user types, but managing hundreds of differ-ent user personas is not the point of the digital workspace.

Instead, the digital workspace focuses on managing workers by core user groups, further broken down by work style. The most common user groups are office workers, field‐based per-sonnel (including clinicians, educators, and retail managers), mobile executives, contract and temporary workers, shift workers (such as call center personnel, retail associates, bank tellers, and emergency dispatchers), and intelligence and defense personnel.

With groups identified, IT can simplify management by estab-lishing a multitenant management structure that applies spe-cific access controls and applications to users within common work style groups — and those workspace identities can follow users across devices.

It should come as no surprise that different work styles require different devices or that workers choose different devices for different tasks. For example, Microsoft Office applications are not generally regarded as user‐friendly on tablets and smartphones. Customizing device types to work styles maximizes investment in the digital workspace. When appropriate, investing in multiple form factors per user type will pay off in productivity and efficiency gains.



It should also be no surprise that different work styles require different sets of applications. Some industries rely primarily on web, cloud, or mobile applications to complete work, while others rely on vertical‐specific software (for example, X‐ray apps in healthcare, planograms in retail, GIS apps for govern-ment, and so on) for a variety of job functions and user types. A list of applications by work style and user group should be included in your digital workspace discovery.

IT will also need to consider deploying vertical‐specific appli-cations from the cloud, not only to provide mobile access to business‐critical applications but to improve application per-formance. A huge benefit of the digital workspace is preserv-ing legacy investments while deploying modern applications, which often means hosting legacy applications in the cloud.

Outlining your opportunitiesDigital workspace business drivers should take into account the cost, security risks, and operational inefficiencies that current systems and processes incur. Your organization’s answers to the following questions will provide quantitative analysis that can help change agents begin to frame the digi-tal workspace conversation as one that significantly impacts (and improves) enterprise data security, operational costs,

Airbus secure desktop services protect IP and reduce TCO

Airbus employees work alongside large numbers of contractors, sub-contractors, and partners — all of whom need to be able to use the com-pany’s core IT systems. Many third parties also require access to sensi-tive company data such as aircraft designs and manufacturing sched-ules. Airbus delivered a dedicated desktop service, enabling up to 500

concurrent external users to login to shared 2D and 3D applications and access authorized files. The deploy-ment enabled Airbus to strengthen its data security and expects it to lead to significant cost savings over the next few years as contractors elect to work remotely on their own devices, rather than in the Airbus offices on the manufacturers’ systems.



employee productivity, and most important, service delivery and satisfaction:

✓ How many and what kinds of users, devices, applications, workflows, and access points does your organization support?

✓ How large is your IT team? Who is responsible for what tasks? What costs are associated with specific IT services?

✓ What are your PC and device acquisition and refresh costs?

✓ What are your IT time and staff investments to test, deploy, refresh, reimage, and update desktops and to onboard new users?

✓ How are applications deployed, managed, updated, con-trolled, patched, and supported, and by how many IT staff?

✓ What do current data protection solutions cost and how many staff manage security and compliance? How many incidents do you handle a year and at what costs to the business?

✓ What is the cost of downtime to your organization? How many systems require backup and at what costs? How many incidents do you resolve annually and how fast? How many user issues are hardware, password, and login related?

Moving forwardA well‐researched digital workspace strategy that aligns to strategic goals, both short and long term, is the best path for-ward. As your organization’s digital workspace subject matter expert, your role is to effectively guide the process of plan-ning, architecting, and deploying transformational EUC tech-nologies to solve specific data security, user mobility, desktop performance, and IT management challenges.

Your strategy will constantly evolve as goals are reprioritized, leaders change, and EUC technologies mature. Don’t be afraid to consult with trusted advisors to ensure success. The work you do upfront will pay dividends later.


Architecting the Digital Workspace

In This Chapter▶▶ Improving security and user experiences with identity management

▶▶ Managing enterprise mobility and simplifying Windows 10 migration

▶▶ Deploying applications and virtual desktops

A ny strategic architecture should begin with a solid foun-dation. The digital workspace includes a combination

of identity management (also known as identity access man-agement, or IAM), enterprise mobility management (EMM), and content and application delivery management solutions. Digital workspace architectures may also include virtual desk-top infrastructure (VDI) solutions.

Identity ManagementIdentity management enables IT to secure access to corporate resources while also improving user experiences, regardless of the devices workers are using. By providing a single appli-cation catalog, end users have one location to access their applications, taking advantage of a single sign‐on (SSO) expe-rience that removes the friction of end‐user access. Users gain the resources they need to be productive while IT maintains security and control of the environment.

This is critical because the digital workspace covers the full spectrum of employee and device enablement options (see Figure 3‐1). Identity management must have the controls in place to ensure coverage of all the different end‐user types, diverse devices, and management states to be truly effective.

Chapter 3



Mobility ManagementAn EMM platform is necessary to secure data across end-points for any organization planning to enable remote access to applications and content on mobile devices. With an EMM platform, IT can manage every mobile aspect of the digital workspace, including

✓ Devices: Smartphones, tablets, laptops, mobile kiosks, rugged devices, printers, and peripherals

Figure 3-1: Common architecture across all employees and devices.

The identity‐defined workspaceA managed workspace leverages the privacy protections inherent in iOS, Android, and Windows 10 to allow the native OS to enforce application policy—without exposing privacy‐ sensitive information to IT. Employees can have simple access to an enter-prise app store and app launcher, but also gain access to an application requiring greater protection. The digital

workspace can push a certificate to a user’s device to anchor one‐touch authentication, enforce PIN strength policy, and enable IT to wipe only a pro-tected application while enforcing cut, copy, paste, and “open‐in” controls. With this model, employees have pri-vacy and access because IT can’t view applications on the device, access any user storage, or activate GPS.

Chapter 3: Architecting the Digital Workspace 21


✓ Operating systems: Android, Apple iOS, BlackBerry, Chromebook, macOS, and Windows

✓ Applications: Native, web, remote, and legacy

✓ Email systems: Exchange, Outlook, Gmail, and iCloud

✓ Content: Internal content repositories and file‐sharing applications

✓ Browsers: Native, containerized, and intranet

✓ Telecom usage: Voice, text, and data

✓ Ownership models: Company‐furnished, shared, and bring your own device (BYOD)

A best‐in‐class EMM platform architecture scales while meet-ing deployment complexities, security requirements, and work styles. It offers both cloud and on‐premises deployment options and facilitates seamless integration with existing enterprise systems, such as Active Directory and Lightweight Directory Access Protocol (AD/LDAP), Certificate Authorities, content repositories, and email infrastructures.

With a proven EMM, enterprises gain multitenant manage-ment, role‐based access and authentication, and automated compliance monitoring. Enterprises can manage all endpoints in a single solution and support the full application life cycle (from development to deployment), as well as automate pro-cesses and deliver insight for more efficient and secure IT.

GAP IT empowers associates with data on mobile devices

GAP associates are better serving customers with detailed information at their fingertips about the products in their stores. Real‐time inventory information means associates can quickly help shoppers locate an item

in the proper size and preferred color. Using a scanner on a mobile device, GAP associates can learn if items are in stock in the store, locate them in another local store, or with customer permission, order the product online.



Application Delivery and Management

The architecture your enterprise deploys today needs to work with devices that have not yet been invented. From wearables to 3D graphics workstations, keeping employees productive means that their applications need to be available when and where they are.

The digital workspace provides consumer‐grade, self‐service access to cloud, mobile, and Windows applications, and includes powerfully integrated email, calendar, file, and social collaboration tools that engage employees.

Onboarding new applications and new employees is easy. Once authenticated through the digital workspace applica-tion, users can instantly access their personalized enterprise application catalog where they can subscribe to virtually any mobile, cloud, or Windows application — from the latest mobile cloud apps to legacy enterprise applications. With identity management, one‐touch mobile SSO is already estab-lished through the device.

Your digital workspace should include the most commonly used mobile productivity apps, including email, calendar, content management, and chat, as well as a browser. Through specific access controls, IT can granularly manage, monitor, and protect the organization from data loss while enabling seamless, consumer‐like mobile productivity.

Windows 10: Enabling a new era of EMMDevice OS and application migrations are common use cases for enter-prises interested in architecting the digital workspace. A mobile‐, cloud‐first platform, Microsoft Windows 10 is redefining how organizations treat desktop and device management by allowing IT to take full advantage of EMM capabilities:

▶✓ Streamline deployment to get users up and running quickly.

▶✓ Create a more unified application experience.

▶✓ Take endpoint and data protection to a new level.

▶✓ Streamline update management and delivery.

Chapter 3: Architecting the Digital Workspace 23


Moreover, the number of applications — both commercial and internally developed — has grown into the hundreds or thousands for some businesses, and the cost of supporting, securing, and maintaining a complex mixture of legacy, web, cloud, and mobile apps across multiple operating systems and form factors has led some IT departments to deploy appli-cation virtualization.

Just as virtual desktops decouple desktop performance from the underlying hardware, application virtualization removes an application’s dependency on the OS to simplify OS migra-tions, eliminate version conflicts, streamline management, reduce costs, and strengthen endpoint security.

Virtual DesktopsThere is no doubt desktop PCs are still popular in many indus-tries. That’s why IT change agents are also deploying VDI for certain use cases as part of their digital workspace architec-tures. In healthcare, deploying VDI for clinicians is often a logical first step in an IT modernization initiative to improve desktop manageability and security. VDI is also a common solution for government employees requiring fast, highly reli-able access to business apps, and for educators in need of secure, unified access to resources across devices.

Designing the user experienceThe following mobile user interface technologies provide the experiences that users expect:

▶✓ Single sign‐on (SSO) that removes complex logins across applications by establishing trust between user, device, and the organization

▶✓ Self‐service app catalog that enables workers to self‐select and manage preapproved apps.

▶✓ Secure productivity apps, includ-ing email, calendar, chat, and con-tent management, that support real‐time user engagement and productivity.

▶✓ Native‐device integration enabling the same user experi-ence regardless of end‐user device (for example, corporate‐owned or BYOD) and location.



Because device and application heterogeneity are part of the digital workspace, organizations interested in enabling remote access via mobile devices should deploy an EMM platform in conjunction with a VDI environment as a best practice to remove the friction of disparate systems.

Built on a software‐defined data center architecture, VDI is centrally deployed and managed. IT can improve efficiency, increase continuity of operations, reduce costs, and maintain control of applications and information because data is stored in the data center. This is in stark contrast to the traditional desktop management model that groups the physical device, OS, and applications into a bundled architecture requiring considerable IT involvement.

Although VDI reduces capital costs by requiring less hard-ware and storage expenditures over time, the real cost sav-ings are in operational expenditures due to more efficient desktop management and maintenance.

Industry leaders focused on transformation are embracing a new architecture for IT that includes the digital workspace and software‐defined data center capabilities:

✓ Virtual compute to reduce costs while improving data center efficiency and desktop performance

✓ Virtual storage to improve performance, maximize stor-age space, and reduce costs

✓ Virtual networking to eliminate manual network configu-ration changes, maximize network capacity, strengthen data security, and support continuity of operations

New demands from the business for apps to run faster, costs to be lower, and software delivery to be simpler have IT orga-nizations turning to hyper‐converged infrastructure (HCI) for simplicity, automation, and freedom of choice. HCI is com-pute, storage, and networking delivered as a service, tightly integrated in a software stack, and optimized for all‐flash stor-age with elastic scale‐out across x86 building blocks.


Managing the Digital Workspace

In This Chapter▶▶ Simplifying user, application, and data management across devices

▶▶ Driving operational efficiencies with application delivery

▶▶ Reducing costs with VDI

F or your enterprise to achieve operational efficiencies and fiscal benefits, your digital workspace strategy must

include a detailed understanding of user and group work styles and the applications powering those work styles.

Managing IdentityOptimized for the mobile‐cloud era, the digital workspace can establish conditional access between the user, his or her device, and hybrid cloud infrastructure, improving security and end‐user experiences. Through the identity‐defined work-space, IT can address complex enterprise directory structures with a modular, standards‐based architecture permitting nearly any type of authentication, from third‐party biometrics to adaptive authentication.

Managing by PolicyPolicies are the gatekeeper of any organization, and IT relies on the effectiveness of policies to enforce access rules. The more granularity in your access policies, the more you can be assured that the right information is getting to the right

Chapter 4



people and, more important, that none of your organization’s sensitive data is falling into the wrong hands.

A basic policy management system should include the abil-ity to set policies based on session length, device type, geo-graphic location, application type, authentication type, and user group membership. More robust policy management systems can streamline the management of multiple identity sources like LDAP to efficiently manage end‐user identity and access across devices.

Workspace management has a symbiotic relationship with data security because better data management across all end-points leads to improved data loss prevention.

Managing Mobile Productivity Apps and Content

The most commonly used mobile productivity apps — from browsers, to email, calendar, content management, and chat — are critical components of the digital workspace. IT can manage, monitor, and protect data contained in these apps using granular controls while enabling seamless, consumer‐like mobile productivity.

Containerized, secure instant messaging applications for iOS and Android are also possible in the digital workspace. Beyond applications, seamless access to content across devices and locations is a critical function of the digital work-space. You can protect sensitive content in a corporate con-tainer and provide users with a central application to securely access the latest resources — sales materials, board books, or financial reports — from their mobile devices.

When evaluating solutions, look for content management that enables IT to securely deliver files directly across a range of internal repositories and external cloud storage providers — including SharePoint, Network File Shares, OneDrive, Office 365, Google Drive, and Box — while maintaining access, edit-ing, and sharing controls.

Chapter 4: Managing the Digital Workspace 27


Improving Application Delivery and Management

Mobile apps drive employee productivity, requiring IT to move beyond static app distribution to meet today’s security, management, and efficiency requirements. As new versions of applications and operating systems are released in faster intervals, IT needs a more efficient way to update them while minimizing downtime and data loss.

The process of acquiring, distributing, securing, and track-ing mobile applications is easier with the digital workspace. IT can use an EMM platform to manage internal, public, and purchased applications across employee‐owned, corporate‐owned, and shared devices from one central console. Whether sourcing or developing an application, applying security poli-cies, deploying an application catalog, or analyzing applica-tion metrics, the digital workspace simplifies these processes.

Organizations can also integrate public app stores such as the Apple App Store, Google Play, and the Microsoft Store as well as deliver any app — native, web, or remote — through a single app catalog across every device. With the digital work-space, enterprises streamline the workflow for developing, reviewing, assigning, and deploying internal and third‐party applications.

For enterprises also deploying VDI as part of their digital workspace strategies, applications and user personas are decoupled from the OS and managed from the software‐defined data center, resulting in faster application packaging and deployment across endpoints. IT administrators can manage configurations based on individual work styles, which consider device information and user attributes, and update automatically as those change.

Organizations can use the digital workspace and complemen-tary technology to take desktop and application environments to the next level with radically faster application delivery and unified application and user management, while reducing IT storage and operational costs by up to 70 percent. With an end‐to‐end approach to agile services delivery, enterprises boost user productivity to drive business.



Download a free copy of Applications For Dummies at www.vmware.com/go/appsfordummies to learn how to develop a successful application strategy that will work now and into the future.

Easing Desktop ManagementRepetitive administration tasks such as application packaging, testing and deployment, patching, desktop imaging, hard-ware configuration, and help desk support are some of the most time‐consuming drains on IT resources and the highest sources of digital workspace with VDI ROI.

The digital workspace with VDI capabilities enables IT to apply patches to a single parent virtual machine across the entire desktop environment between user logins. In doing so, the digital workspace benefits from the latest OS and application updates, while users never experience disruptive patch maintenance windows. With the digital workspace, IT can deliver and manage any application, including the latest mobile cloud applications, legacy enterprise applications, RDS‐hosted applications, internal web or mobile apps, SaaS applications, native public mobile apps, modern Windows applications, and legacy Windows applications.

Unlike setting up a physical desktop, VDI allows IT to repur-pose legacy hardware to access the virtual desktop image, extending the useful life of the hardware.

Government agency experiences 100 percent uptime

Improved PC manageability enabled CENTCOM to reallocate technicians from PC support to other tasks and improve user experiences. In the past, if users needed new applications, it could take three to five weeks for their requests to be processed. Now they call CENTCOM’s help desk, and

new software can be added to their desktops within minutes. User uptime is better because everyone always has the applications they need to do their jobs. Moreover, instead of taking three to five minutes to log in, users now get their desktops in 30 to 45 seconds.

http://www.vmware.com/go/appsfordummies

http://www.vmware.com/go/appsfordummies


Securing the Digital Workspace

In This Chapter▶▶ Addressing security in the digital workspace

▶▶ Protecting the network with micro‐segmentation

▶▶ Ensuring unified endpoint security

N o technology discussion would be complete without addressing security. Legacy applications, traditional

desktop systems, complex management, shadow IT, ever‐changing compliance mandates, and user workarounds all challenge business security, efficiency, and success. Large data breaches and malware attacks have added uncertainty for IT leaders interested in integrating mobility into user workflows.

The 2016 Cost of Data Breach Study the Ponemon Institute and IBM reveals the average total cost of a data breach has increased from $3.79 million to $4 million. This is a 29 percent increase in the total cost of a data breach since 2013. Across all global verticals, the average cost per lost or stolen record is $158, but the actual global cost per record varies by indus-try where healthcare organizations lead the way, averaging $355 per lost or stolen record.

Security and risk management continue to remain a top CIO priority across industries because there is no shortage of accidental or malicious ways that sensitive corporate or cus-tomer data can be compromised. Tablets get lost or stolen. Cybercriminals launch a ransomware attack. An employee copies internal‐use‐only files to a USB flash drive.

Chapter 5



Securing DataThe digital workspace significantly enhances data security. Identity management and EMM improve security postures and help prevent data loss, while VDI inherently strengthens data security by centrally managing users, data, and applications from the data center.

Because users, devices, and data increasingly operate beyond the physical walls of the workplace, the digital workspace includes the following security features:

✓ Conditional access: Through conditional access, IT can combine policy enforcement with identity management and EMM to restrict user access to data, applications, or devices. The same technologies can also be used to apply conditional access to mobile apps and ensure that only compliant users can access internal systems.

✓ Multifactor authentication: Multifactor authentication is a requirement for many businesses; therefore, a digi-tal workspace needs to be able to enforce multifactor authentication across devices and applications, as well as support third‐party authentication services.

✓ Automated compliance: An automated compliance func-tion aligned to company policy is critical to the digital workspace. Through automated compliance monitor-ing, organizations can enforce access to data, based on a range of conditions, from strength of authentication to network or location, and remediate policy violations through customizable warnings or remote device wipe. The ability to “set and forget” granular compliance con-trols around rooted or jailbroken devices, whitelisted and blacklisted apps, open‐in app restrictions, cut/copy/paste restrictions, geo‐fencing, or network configuration, for example, removes the complexity of manually moni-toring compliance across devices.

✓ Data loss prevention: For ultimate application security, administrators should be able to set compliance policies per application and prevent data loss across content with email attachment controls, copy/paste restrictions, dynamic watermarking, and more.

Chapter 5: Securing the Digital Workspace 31


✓ Enterprise mobility management: Mobile device man-agement should include, at a minimum, the ability to remotely lock or wipe specific applications or container-ized data on a device if it’s lost or stolen, locate a missing device, and obtain real‐time device information such as OS version, last update, location, and more.

✓ Single sign‐on (SSO): Made possible by a Secure Application Token System (SATS) and an identity man-agement solution, one‐touch mobile SSO allows users to access desktop, mobile, and cloud applications without passwords or complex PIN challenges.

✓ Smart card support: Common Access Card (CAC) and Personal Identity Verification (PIV) cards are still stan-dard authentication methods among defense computer networks and systems, and should be supported across devices.

Securing the NetworkBulletproofing data security means strengthening current processes and tightening controls inside the data center. With micro‐segmentation, fine‐grained network controls enable unit‐level trust, and flexible security policies can be applied all the way down to a network interface. In a physical network, this would require deploying a physical firewall for every workload in the data center, so up until now, micro‐segmentation has been cost‐prohibitive and operationally unfeasible.

Flushing Bank IT boosts data security while reducing costs

Flushing Bank implemented a desktop and application virtualization solu-tion to gain more robust security for the customer data on its employees’ desktop and notebook PCs and elimi-nate potential data loss from a com-promised client system. By moving all

storage and processing of customer data to a protected data center envi-ronment, the bank increased security, improved user experiences, simplified client system administration, reduced costs, and streamlined desktop management.



However, with network virtualization technology, micro‐ segmentation is now a reality and organizations can

✓ Build an environment of zero trust within the data center, isolating servers from endpoints with known configura-tion vulnerabilities, and limiting hosts from accessing assets they never need to access, thereby reducing the threat landscape.

✓ Simplify network security by enabling each workload to have its own self‐defending perimeter.

✓ Align policies with logical groups (for example, office staff, associates, and others) to prevent threats from spreading to other assets.

✓ Create a matrix of policies on centralized, choke‐point firewalls to attain the correct security posture.

Download a free copy of Micro‐segmentation For Dummies, by Lawrence Miller and Joshua Soto, at http://learn.vmware.com/36350_NSX_ITAutomation_Reg?asset= networkvirtualization&cid=70134000000NvFC& touch=1&src=WWW_NVforDummies_US_NSXoverview Page_RegisterToDownload to learn more about micro‐ segmentation.

Unified Endpoint SecurityThe digital workspace combines the speed and scale of an endpoint security platform with layered OS migration tech-nology, to deliver an integrated solution for unified endpoint management and security. The solution enables rapid vis-ibility and control of every endpoint across global networks, next‐generation threat detection and remediation, endpoint and application management, and automated Windows image migration and management.

The digital workspace uses patented linear‐chaining archi-tecture technology to enable IT operation and security teams to gain rapid visibility into all information and behaviors on endpoints across global networks. In addition, business and IT teams can use natural language search to retrieve accurate and complete data about their computing environments.

http://learn.vmware.com/36350_NSX_ITAutomation_Reg?asset=networkvirtualization&cid=70134000000NvFC&touch=1&src=WWW_NVforDummies_US_NSXoverviewPage_RegisterToDownload





Chapter 5: Securing the Digital Workspace 33


To maximize security hygiene, the technology can accelerate the adoption of Windows 10 for improved endpoint security. The solution can mitigate the complex process of upgrading and managing devices and applications through automated Windows migration where a single technician can concur-rently handle 100 or more migrations from a central manage-ment console. The digital workspace also helps detect hidden, unmanaged assets across large distributed global networks quickly with minimal impact on the WAN. Once unmanaged assets are detected and identified, administrators can block them from the environment to maintain a secure network and bring the assets under control so every connected device is accounted for and in compliance with corporate security policies.

The digital workspace supports government security stan-dards, policies, and features.

Download a free copy of the Government Digital Workspace For Dummies at www.air‐watch.com/lp/ready‐to‐lead‐your‐agencys‐digital‐transformation to learn more about how government agencies are mobilizing personnel.

http://www.air-watch.com/lp/ready-to-lead-your-agencys-digital-transformation

http://www.air-watch.com/lp/ready-to-lead-your-agencys-digital-transformation




Deploying the Digital Workspace

In This Chapter▶▶ Exploring digital workspace use cases

▶▶ Identifying industry goals and outcomes

▶▶ Reviewing business outcomes

Y our specific business goals will determine how and when you deploy new EUC technologies. In this chapter,

we walk you through how the digital workspace has helped a variety of industries with a variety of use cases. Then we show you how to operationalize the digital workspace in your own organization.

The Digital Workspace in ActionHere’s how other teams across industries have implemented the digital workspace to improve data security, IT manage-ment, and end‐user mobility:

HealthcareGoal: To enable secure access to health records across a vari-ety of devices to improve patient outcomes.

Challenge: Reliable mobile access to patient care applications and information can have life‐or‐death consequences.

Chapter 6



Traditional IT outcome: Slow logins, poor images, and slug-gish application performance negatively impact clinician’s ability to rapidly respond to changing care conditions.

Digital workspace outcome: The digital workspace delivers secure, rapid access to critical information and applications (including EHRs) on any device. Through centralized and secure desktop and application management, IT can improve care team collaboration and response time while protecting data.

RetailGoal: To improve associate productivity to drive customer engagement.

Challenge: Associates represent the brand. When consum-ers experience slow and impersonal service, they think inef-ficiency; when they experience rapid inventory checks and don’t have to wait in long checkout lines, they think just the opposite.

Traditional IT outcome: Traditional workflows — from paper‐based inventory reporting to cash‐register lines — negatively impact retail associate efficiency.

Digital workspace outcome: For associates whose workspace is primarily outside an office, the digital workspace solution enables secure remote access to the full suite of applica-tions required for their work style and, in turn, delivers new levels of user productivity, efficiency, and service delivery. Increased associate engagement leads to improved customer service, which reduces costs and drives profitability.

Financial servicesGoal: To ensure security and compliance to meet industry requirements.

Chapter 6: Deploying the Digital Workspace 37


Challenge: Financial institutions face increasing internal and external threats to data security across networks, applica-tions, and mobile devices, including cyberattacks, malware infection, and theft of customer information.

Traditional IT outcome: Without proper protections on user desktops and mobile devices, financial services institutions can’t prevent sophisticated data breaches and theft. With so many applications, devices, and user types operating within a complex computing landscape, firms are discovering that they need to adopt more advanced data security measures.

Digital workspace outcome: Identity, EMM, and VDI solu-tions radically harden data security across applications and devices. Centralized management, streamlined applica-tion patching and updates, automated compliance checks, role‐based access controls, remote device wipe, multifac-tor authentication, and smart card support are among the advanced security features the digital workspace offers.

ManufacturingGoal: To achieve continuity of operations.

Challenge: Natural disasters, power outages, and cybersecu-rity breaches all stall manufacturing operations.

Traditional IT outcome: In cases of emergency or unplanned downtime, traditional desktop infrastructure inhibits access to data and applications. For some organizations, a computing environment disruption can seriously affect safety, while for others, an office closure causes significant losses in workforce productivity.

Digital workspace outcome: By eliminating dependencies on physical systems, the digital workspace supports continuity of operations and disaster recovery goals by giving employees full access to mission‐critical data and applications outside the office.



GovernmentGoal: To improve first response.

Challenge: Every second counts for first responders. When apps are used to notify mobile users of event details in real‐time, incident planning and resolution are greatly improved.

Traditional IT outcome: Without mobile access to real‐time event details, first responders lack contextual information that can greatly improve outcomes. For desk‐bound dispatch-ers, sluggish legacy desktop systems reduce efficiency and performance while increasing latency. For IT, elevated data security concerns from unpatched systems, as well as higher system equipment and maintenance costs, leave little time for innovation.

Digital workspace outcome: With the digital workspace, first responders gain real‐time mobile access to mission‐critical applications including computer‐aided dispatch, 3D, geo-graphic information systems, Windows and legacy applica-tions, increasing situational awareness and enabling more efficient resource allocation. The digital workspace enables responders to securely capture and send data, photos, and videos from incident sites while maintaining criminal justice information services compliance. From an IT management perspective, the digital workspace improves stability, perfor-mance, and user experience for in‐house personnel while IT better protects data with policy‐driven, managed access to applications across devices. The highly available digital work-space also means government agencies can meet telework and user mobility goals.

EducationGoal: For bring your own (BYO) anything to enable limitless learning.



Challenge: Students and educators now rely on a variety of computing devices to support their learning and teaching requirements.

Traditional IT outcome: Traditional desktop infrastructure inhibits anytime, anywhere learning, providing inconsistent learning environments across locations negatively impacting digital equality.

Digital workspace outcome: By removing dependencies on physical systems, the digital workspace provides full access based on user identity to all of the educational resources required.

Business OutcomesTable 6‐1 illustrates the business outcomes that enterprises across industries are experiencing with the digital workspace.

The digital workspace is making significant positive impacts across businesses and industries. With the right planning and implementation, your organization can be the next success. The role of change agent may seem daunting at first, but if you embrace it, step by step, you will find the journey and the digital workspace rewards worth the effort.

North Carolina State University encourages BYO anything computing

NC State University uses virtual-ized desktops to provide a consistent and reliable end‐user experience for faculty, staff, and students, and to address BYOD challenges. The solution

supports NC State University’s blended learning vision by enabling anytime, anywhere, any‐device access to appli-cations and data, including demanding 3D graphics applications.



Table 6-1 Digital Workspace Business OutcomesKey Digital Workspace Business Outcomes

Traditional IT Challenges

Digital Workspace Benefits

Success Metrics and KPIs

Improved data security, pro-tecting brand and reputation

Traditional desktop and application infrastructure can-not adequately secure the pro-liferation of data among disparate users, applica-tions, and devices in an increasingly complex mobile‐cloud computing ecosystem.

Centralize desktop and application management

Store data in the data center ver-sus on endpoint devices

Deliver contex-tual, policy‐driven access to data and apps

Streamline secu-rity patches and updates, and advance data loss prevention

Segment desktop or application traffic to specific workloads inside the data center

Reduced number of annual security incidents

Lower cost of security incident resolution

Reduced window of time between desktop patch/update release and deployment

Achievement of regulatory compli-ance standards

Improved workforce mobility

Traditional IT infra-structure cannot simultaneously support mobile business objectives while ensuring data security, leaving many organizations in a holding pattern that stalls mobile service delivery innovation.

Streamline access to applications and content across any mobile device

Containerize access for BYOD and shared device models

Centralize multitenant man-agement from a single console

Reduced workforce attrition

Improved personnel satisfaction

Gains in workforce productivity and efficiency

Improved service delivery, response times, and customer satisfaction



Key Digital Workspace Business Outcomes




Increased customer engagement

Traditional IT infra-structure cannot support increasing customer demands for greater cus-tomization and personalization of information, while preventing data breaches.

Deliver applica-tions and content directly to any device, at any time

Centralize multitenant man-agement from a single console

Improved customer satisfaction

Improved loyalty

Greater busi-ness continuity

Traditional desktop and application architecture cannot ensure high avail-ability or uptime following an attack, shutdown, or power outage, compromis-ing both mission‐critical operations and noncritical workloads.

Operate desktops and applications from the data center to enable on‐demand remote access to resources, even in the case of a disaster

Access informa-tion across any device type or operating system — anytime, anywhere

Reduced downtime (both planned and unplanned)

Lower operational downtime cost per hour

(continued)



Key Digital Workspace Business Outcomes




Modernized IT infrastructure that reduces costs and increases efficiencies

Traditional desk-top management, legacy applications, and siloed comput-ing environments lead to inefficient use of IT resources, higher maintenance costs, and security vulnerabilities.

Deliver virtual or published desk-tops and applica-tions through a single platform to streamline man-agement across devices and locations

Transform applica-tion management with real‐time delivery, provision-ing, and updates

Reduced hardware costs with virtual compute, storage, networking, security, and desktops

Lower operational expenses through centralized desktop, application, and identity management

Reduced IT adminis-tration and incident support

Lower power, cooling, physical rack space, and office workspace requirements

Table 6-1 (continued)


Ten Areas to Address When Operationalizing the Digital Workspace

In This Chapter▶▶ Piloting and testing

▶▶ Establishing governance

▶▶ Managing change

W ith the digital workspace, the prospect of greatly improving customer engagement, business efficiency,

and workforce productivity through a secure mobile solution is within reach. Successfully navigating the digital workspace journey involves just a few more considerations to help ensure successful implementation.

Reviewing OptionsWith survey and checklist data in hand, you’re ready to move forward. Now is the time to identify the applications you’ll mobilize and the financial resources you have to fund your first digital workspace initiative.

Setting ExpectationsAs with any corporate initiative, it’s important to set expecta-tions upfront about what the digital workspace will provide

Chapter 7



and who is most likely to benefit in phase one, phase two, and so on. This is also the time to determine and set policies about the kinds of devices — corporate or BYOD — that your organization will support.

Although deploying the digital workspace as quickly as pos-sible may be a primary goal, be sure everyone understands the policies, guidelines, and processes that will guide ongoing operations, investments, standards, and management.

Establishing Your App CatalogYour business operations depend on a variety of applications — mobile, legacy, SaaS, and so on — that can be incorporated into one application catalog. Be sure to inventory the applications and review existing licenses to ensure they are in compliance before end‐users automatically begin adding apps to their devices.

Piloting and TestingBefore any widespread digital workspace deployment, it’s best practice (and common sense) to select a pilot project with a small group of users. Establish clear goals for the pilot within a specific time frame, as well as specific roles and responsibilities.

Documenting Successes (and Failures)

Regularly document user experiences and outcomes, and adjust processes and technologies based on feedback. Continue methodically with each new EUC technology until full‐scale digital workspace deployment.

Training Internal StaffThe data security and IT efficiencies gained from the digi-tal workspace alone are enough for many businesses to

Chapter 7: Ten Areas to Address When Operationalizing the Digital Workspace 45


modernize their desktop infrastructure and approach to application and device management. Employing identity, EMM, cloud, and VDI experts to architect and implement your organization’s digital workspace is critical as your investment in the digital workspace is only as good as its ongoing man-agement. Rely on resources that can successfully oversee the digital workspace, taking advantage of the solution’s numer-ous management and security features while implementing new end‐user technologies to meet goals.

Teaming Up with Outside Experts

Outside teams — contractors, professional services, and the like — can accelerate deployment cycles, but it’s imperative that your internal IT team be able to maintain and sustain workforce mobility technologies. If not, the cost and complex-ity of the new solution is certain to rise quickly. Making the investment to bring in highly experienced staff, or train exist-ing staff, will help mitigate deployment risks.

Establishing GovernanceAt the point of deployment, you’ve clearly received support and buy‐in from those responsible for the budget. Long‐term success, however, requires ongoing governance across senior leaders, departments, and end users. An internal team, com-prised of various stakeholders that consistently review and refine the digital workspace can help mitigate issues before they become barriers to projected outcomes. Working with this team (including human resources) to foster an internal culture that embraces mobility is also critical to future suc-cess. Be sure to appoint members of your organization to be responsible for governance of the digital workspace — both short and long term.

Managing ChangeA successful change strategy includes adopting a planning approach that supports end users’ needs; delivers short‐, mid‐, and long‐term value to the business; and addresses



concerns about the digital workspace. A collaborative effort — among IT leaders, business stakeholders, and end users — will be required to reflect a “design‐in‐progress” model that is continually evolving to accommodate new busi-ness drivers, operational changes, technological advances, and end‐user dynamics.

Sharing Your StoryIn your role as change agent, it’s important to share your lessons learned with colleagues and peers struggling to architect, deploy, secure, and manage IT environments in the mobile‐cloud era. Your experiences are invaluable to others, and you are encouraged to share your story as you progress on your digital workspace journey.


http://vmware.com/mobility

http://Dummies.com

WILEY END USER LICENSE AGREEMENTGo to www.wiley.com/go/eula to access Wiley’s ebook EULA.

http://www.wiley.com/go/eula

Documents

These materials are © 2016 John Wiley & Sons, Inc. Any … · These materials are 1 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited