Embed Size (px)
Citation preview
© 2014 VMware Inc. All rights reserved.
VMware Workspace ONE
Lorenzo Di PalmaVMware EUC Specialist
End-User Computing used to be easier …
… now it’s all about choices:
§ Devices§ Applications§ Architectures§ Ownership§ Mobility … AND it has to add tangible
value to the business!!
The Changing IT Landscape
… everything was locked down, easy to manage …
§ Operating costs are high and rising – so busy farming the old technology, can’t embrace the new
§ Management / security processes configuration-based– discourages diversity and inhibits change
§ We no longer own all the assets– control and relevance is already slipping away
Fundamentally, the Old Ways Just No Longer Work
The transformation of end user computing is inevitable …
… but to what?
Mobile andCloud FIRST
DoingWindows BETTER
TransformationChoices
Traditional End-User Computing
Eg.• Physical PCs• HW refresh• PCLM• Windows XP/7/8• Windows apps• MS Office
Windows Transformed
Eg.• Virtualized desktops• Remoted apps• Device diversity
PCLM and EMM• Windows apps• MS Office
Native Mobility
Eg.• Any device• Any OS• EMM• SaaS and Web apps• MS Office 365
?
• iTunes • Apple ID• App Store• iWork• iCloud
• Gmail Account• Google Play• G Suite• Google Drive
• Microsoft ID• AD/Azure AD• Office 365• Windows Store
Update Service• SCCM
• Salesforce 1• Concur• Workday• Slack• Dropbox• Docusign
Mobile Team Desktop Team LOB
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
A Platform Approach Breaks Silos and Delivers a Digital Workspace
Connected Things
(Rugged / IoT)
Identity and Access Management
Unified Catalog Single-Sign On Authentication Access Policy
Digital Workspace Platform
End-User Services Team
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
New Approach
Manage and secure apps and content
Device Trust established through enrollment
Access Controlled by Identity Management
Drive a New Approach to Mobile Security and Identity
Old Mindset
Only trust devices where you manage the OS
Device Trust established by the Domain
Access Controlled by Network Management
Challenges Organizations Face with Identity
Protecting apps and data from unauthorized
access is important but authentication and ease
of use needs to be straightforward
Enforce security and compliance
without hampering workers
Employees and their devices are increasingly on the go.
Access control to apps becomes more important
than networks. Device diversity adds to the
complexity
Time and complexity in delivering new apps and services
Real-time visibility, proactive alerting, reporting and
analytics are all required to know what apps are being used, when, and by whom.
This helps manage licensing, SLAs, and maintenance
windows
Gaining visibility into user access.
Who has access to when, and when
Complexity of scale and growth
(Operations, Helpdesk)
A general state of readiness to scale as traffic, users and devices
grow in number across the organization
CONSUMEREXPECTATIONS
DELAYS IN APPDEPLOYMENTS
COMPLIANCENIGHTMARES
OPERATIONSUNDERWATER
7 “Must Haves” for a Cloud / Mobile Identity Management Solution
1Directory Integration2
Policy Management
3
Application Provisioning
4
Analytics / Reporting
5Cross-device Catalog and Launcher
• Be easy to use and reduce complexity
• Increase productivity
• Meet security & compliance requirements
• Automate and streamline onboarding and revocation
• Reduce help desk ticket costs
• Support any type of device and OS
• Support mobile and SaaS apps
AND
THE
SOLU
TIO
N M
UST
6
Single-Sign-on
7
Multi-Factor Authentication
10
Web Apps
ThinApp
Horizon Desktop
Horizon Hosted App
Office 365
Citrix XenApps
App Catalog
Context Aware
Custom Branding
App Access Through Workspace ONENative
mobile apps
Web apps
On-premapps
Virtual apps
OR
In-house mobile apps
Public mobile apps
Unified Workspace with entitled apps
Workspace ONE
Self Service Access - Mobile Single Sign On
Workspace™ ONE™Secure App Token System
SaaS Apps
TRUST
Trust ID Key
Cloud
Mobile SSO - Secure App Token System
• Commonly known as “Cloud KDC”• Provides Single Sign-On (SSO) for iOS SAML enabled apps • No need for Corporate VPN• No need for manually entering credentials• Uses:
• iOS 9 built-in Kerberos functionality
• IDM hosted Kerberos adapter
• IDM hosted KDC
One-Touch mobile SSO
CONFIDENTIAL 14
• Industry’s first one-touch single-sign on (SSO) for public mobile apps
• Device Trust Authentication: the device itself becomes a factor of authentication to anchor an SSO experience.
• The app is only available to that device, and the user must still be able to unlock the device.
• Many people associate touch ID as a form of authentication for SSO, but...
• touch ID only unlocks a device, taking the place of pin code entry, which is always a backup to touch ID.
• Workspace ONE supports pin-code entry or touch ID as another quick assurance that a device is still with its owner.
Workspace ONE: Multi-Factor Authenticationvmware verify
15CONFIDENTIAL
16CONFIDENTIAL
Launch and SSO to non-SAML web apps
Capture, store, and replay password
Chrome, Firefox, IE supported
Training mode for customer admins
New Browser Extension for password vaultingand SSO to Non-Federated Apps
16
DEMO VIDEOhttps://www.youtube.com/watch?v=0lk-nXL16ik&feature=youtu.be
Workspace ONE: Keep Barriers Between Work and Personal
17
Separate work and personal apps
Prevent data flow between work and personal apps
Allow IT to only manage and secure the work apps and data
X
Security Across Key Applications
18
Content Locker
Browser
Boxer
Secure and Integrated Access Across Apps
Open attachments
Browse links
Open downloads
Brow
se lin
ks
Share content
Workspace Services ProfileMore diverse app ecosystem
Better security and configuration capabilities
Requires profile on the device
Privacy concerns in BYOD deployments
2
O/S
MA
M
App Container1
Doesn’t require profile installation
Ideal for BYOD deployments
Limits app ecosystem
Requires proprietary SDK STA
ND
ALO
NE
MA
M
Only approved, authorized apps installed in corporate container
Organizations can detect jailbroken or rooted devices and take compliance action
Separate work and personal apps
Stand Alone MAM vs. O/S MAM
19
NAT
IVE
O/S
MA
MST
AN
D A
LON
E M
AM
Enterprise SecureAdaptive Management: Productivity Without Compromising Privacy
20
Download Secure App
Access All Business Apps
Enhanced Security and Experience
Workspace ONE for All Use Cases
ADAPTIVE MANAGEMENT
iOS• Adaptive Management
– User can see upfront what features they get by enrolling their device– Privacy notice: to enable the user to see exactly what information is collected by AirWatch– Device management using a limited MDM capabilities
• Container Functionality– Support for AirWatch productivity apps without enrollment– Ability to install native public apps from the app store without device management
• Kerberos Based SSO for Native Applications
21
Android• Adaptive Management
– User can see upfront what features they get by enrolling their device.– Privacy notice: to enable the user to see exactly what information is collected by AirWatch.– Device management using Android for Work.
• Container Functionality– Support for AirWatch productivity apps without enrollment.– Ability to install native public apps from the app store without device management.
• Certificate Based SSO (requires agent, tunnel server and client)– Will require agent with version 2 of the app– Requirement for agent will be removed with version 2.1– Requirement for tunnel server will be removed in version 2.1
22
Windows 10• Adaptive Management
– User can see upfront what features they get by enrolling their device– Privacy notice: to enable the user to see exactly what information is collected by AirWatch– Device management using native MDM for Windows
23
Create Compliance Policies for User Groups and Devices
24
App whitelists
App blacklists
Required apps
Current app
version
Assignment criteria
Remediate immediately
Send push notifications
Uninstall apps
Policies Actions
Pervasive Security: Datacenter to Device to App
DataCenter
Multi-layered Defense for the Secure Digital Workspace
25
VirtualDesktopDevice
Per-app micro-VPN
NSX Micro-segmentation
+AirWatch Horizon 7
VMware NSX for AirWatch
26
Device Level VPNFull Network Access
App Level VPNSelect Network Access
Micro Segmentation with NSX
App Level VPNFull Network Access
VMware NSX for AirWatch
CONFIDENTIAL 27
Advanced security between an AirWatch-managed device and
the NSX micro-segmented cloud data center
VMware Workspace ONE – an Identity Management SummaryBuild an App Catalog• Install apps directly onto springboard or access through responsive HTML5 app portal• Auto-Provisioning Workflows
Federate User Identity• SSO with Domain Login• Permits Strong Authentication - Provision and revoke access instantly
One-Touch Authentication• No configuration or login required• Leverage device ownership and unlock to establish authentication
Conditional Access• Managed or Unmanaged devices, Network Scope, Authentication Strength• Set policy levels by app
Secure Data on Device• Encrypt and wipe application data using optional AirWatch Mobility Management• Apply Device-based restrictions (cut/copy/camera/GPS/Open in)
✔ ✗
Identity and Access Management
Unified Catalog Single-Sign On Authentication Access Policy
AirWatch Unified Endpoint Management (UEM)
Management Context
End-User Services Team
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
Unified Endpoint Management - One Platform For All Use Cases Open Ecosystem
App ConfigCommunity
Mobile Security Alliance
Authentication and Identity Providers
Connected Things
(Rugged / IoT)
Virtualize
Onboard Devices Quickly And Without IT Hassle
Configure devices to be automatically configured during initial power ON
Corporate Owned Devices
Out of Box EnrollmentEnable users to activate work services on devices through a simple workflow
BYOD
End User Self Service
• Restrictions• Device layout• Settings access• Notifications• Location services• Bluetooth• Branding
• Internal and public apps • Volume purchased apps• Enterprise app catalog• Single sign-on• DLP and security policies• App tunneling
• Corporate email• Calendar and contacts• Wi-Fi • VPN• Content repositories• Intranet sites
Configure Devices with Apps and Resources
Devices Apps Systems
Manage Industrial Devices in Modern Framework
Industrial• Device staging• Provisioning framework• Multi app launcher• Remote management• Developer tools
Gain Visibility Over Peripherals
Centrally Deploy
• Standardize onboarding
Closely Monitor
• Asset tracking
• Device pairing
• Usage and life expectancy
Proactively Manage
• Alerts and settings
• Automated reports
Control Device Layout and Manage Apps
App Kiosk• Single or Multiple apps • Custom branding• Layout defined• Restricted settings
Enable Multiple Employees to Share a Single Device
Multiuser • User check-in and out• Custom profile by user• Settings restricted• Custom branding
Secure the Endpoint and Prevent Data Loss
Encryption
Device level encryption
Hardware security
Biometric integration
Passcode
Complexity
Expiration
Device and app
Data
Sharing permissions
Copy / paste
Geofencing
Watermark
Data backups
Wi-Fi
TLS
Siri
Always-on VPN
Whitelist
Blacklist
Tethering
Settings
ConfigurationsCompromised
Jailbroken
Remote wipe
Malware
Gain Real-time Insights and Remotely Support Users
Dynamic and modular dashboards
Detailed and exportable reportsComparative industry analytics
Advanced event and device logging
Integration to BI tools
End user self-service portalRemote management and troubleshooting
Remote commands and notifications
Dynamic Dashboards Based on User Roles
Helpdesk AdminSecurity Officer
App Admin Content & Video Admin
System Admin
EmailAdmin
Multitenant Architecture with Role-based Access Controls
Easy Policy Configurations with Industry Templates
ConfigurationCan Be
Overwhelming…
100s of devices1,000s of configurations
Millions of appsIndustry Templates
Simplify device setup with right configurations, apps and policies based on use cases within your industry
Intelligently Assign Based on Dynamic Groups
Smart Groups
Automatically Configures Dynamic Updates
Salesforce App > Global Sales Team
Conference Room App > Only Android v2.0+
APAC Email Server > All APAC Employees
DevicesPlatform OS and VersionsOwnership Model
UsersExecutivesEngineeringSales
TagsLocationHistory
Integrate and Automate with Robust API Framework
Allow external systems to invoke core product functionality
EnrollmentAuthenticationAdmin Users
ApplicationsContentProducts
TagsDevice Groups
Custom Attribute
Device DetailsDevice Profiles
Smart GroupsUser GroupsNotifications
Third Party Solutions(examples)
Internal Systems
Operations
Services
Proprietary
< extend >
Automated Compliance and Remediation
Set Rules
Define Actions
Perform Escalations
>
>
>
Customizable Experience for Your Users
BrandingConsole | Apps | Self-Service Portal
Globalized Available in 19 Languages
Extend Best-in-Class EMM with Critical PC Management NeedsComprehensive unified endpoint management (UEM) features transforming the way IT manages Windows 10
Self-Service Access & SSO
Co-exist with Systems
Management
Deploy Updates Off the Network
Device HealthAttestation
Win32 AppLifecycle
Management
Instant Push Configuration
for Policies
GPOs On or Off the Domain
Windows Information Protection
Patch Auditing
Granular Updates
Management
5. Client Health & Security
3. OS Patch Management
4. SoftwareDistribution
2. ConfigurationManagement1. MDM for Windows
Asset Tracking
Device and OS Lifecycle Management App Management and Delivery
End-to-end Security Management
App Inventory
BitLocker Encryption
Enterprise App Store
Imageless Provisioning
In-place or custom image
migration
Modern Management
Intelligent Insights and Rules Engine
BIOS Management Delivery
OptimizationAutomatedCompliance
New Windows 10 PC Management Features for Next-Gen PCLM
Deploy
Patch
Configure
Apps
Windows 10 Provisioning Service for Dell devices ensuring instant productivity
Windows Update Analytics & Automation powered by Workspace ONE Intelligence
New use cases for hands free management of Dell BIOS
Peer Distribution of software for scale, infrastructure reduction and speed
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Productive User, ITself-service features for peak user and IT experience
Reduced Costssilo-less management at reduced TCO
Improved Securityreal-time compliance on any network
Mitigates risks; drives productivity and cost
savings.
AdminGPO and app migration from ConfigMgr/SCCM to AirWatch
Windows 10 Provisioning Service for Dell DevicesEliminate manual configuration of PCs and drop-ship straight to user
Business
Modern deployment solution
Employees productive day one
IT
Eliminate high touch PC setup
Respond faster to users in need
© 2017 VMware Inc. All rights reserved. Confidential – Not for Distribution
Trusted securityenable hardware and OS level security at boot
Setup at initial boot drop ship PC directly to user; auto configuration upon first booth
Auto configure apps, security settings and system policies over the airFactory End userDistributor System
Integrator(Staging / Kitting)
ITDepartment
Factory End userWith
Win
dow
s 10
Prov
isio
ning
Ser
vice
Cur
rent
Ap
proa
ch
Instant Productivitynew first launch experience with Workspace ONE
47
What are the Issues with the Digital Workspace
48CONFIDENTIAL
Data Overload
Data
ReactiveEvents
Visibility
Siloed Visibility
Processes
Manual Processes
Introducing Workspace ONE Intelligence
49CONFIDENTIAL
Complete Visibility
Proactive Automated Actions
ONE Data Lake
Workspace ONE
Intelligence
Workspace ONE Intelligence
50CONFIDENTIAL
Enables data driven decisions and actions from a single source of truth
Apps
Networks
Sensors
Devices
Workspace ONE
Intelligence
Security
Alerts
Reports
APIs
Dashboards
Is a new set of capabilities that provide deep insights into the entire digital workspace, enable smart EMM planning and offer powerful automation that together increase security, compliance and user experience across the entire environment.
51CONFIDENTIAL
Workspace ONE Intelligence
CONFIDENTIAL
Rules engine to automate
actions
Automation
Visibility into entire environment
Insights
Data to make the right decisions
Planning
Machine learning to predict and
remediate anomalies
Prediction
FUTURE
THANK YOU!!
