VMware Workspace ONE provides a digital workspace platform that aims to address challenges related to managing diverse devices, applications, architectures, and ownership models in end-user computing. It offers identity and access management, a unified catalog, single sign-on, adaptive management features, and other capabilities to help secure access across devices and applications from the datacenter to individual devices and apps. Workspace ONE Intelligence provides enhanced visibility and analytics capabilities to help organizations make more data-driven decisions.
2. End-User Computing
used to be easier …
… now it’s all about
choices:
§ Devices
§ Applications
§ Architectures
§ Ownership
§ Mobility
… AND it has to add tangible
value to the business!!
The Changing IT Landscape
… everything was locked down,
easy to manage …
3. § Operating costs are high and rising
– so busy farming the old technology, can’t embrace the new
§ Management / security processes configuration-based
– discourages diversity and inhibits change
§ We no longer own all the assets
– control and relevance is already slipping away
Fundamentally,
the Old Ways Just
No Longer Work
6. • iTunes
• Apple ID
• App Store
• iWork
• iCloud
• GmailAccount
• Google Play
• G Suite
• Google Drive
• Microsoft ID
• AD/Azure AD
• Office 365
• Windows Store
Update Service
• SCCM
• Salesforce 1
• Concur
• Workday
• Slack
• Dropbox
• Docusign
Mobile Team Desktop Team LOB
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
A Platform Approach Breaks Silos and Delivers a Digital
Workspace
Connected
Things
(Rugged / IoT)
Identity and Access Management
Unified Catalog Single-Sign On Authentication Access Policy
Digital Workspace Platform
End-User Services Team
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
7. New Approach
Manage and secure
apps and content
Device Trust established
through enrollment
Access Controlled by
Identity Management
Drive a New Approach to Mobile Security and Identity
Old Mindset
Only trust devices where
you manage the OS
Device Trust established
by the Domain
Access Controlled by
Network Management
8. Challenges Organizations Face with Identity
Protecting apps and data
from unauthorized
access is important but
authentication and ease
of use needs to be
straightforward
Enforce security
and compliance
without hampering
workers
Employees and their devices
are increasingly on the go.
Access control to apps
becomes more important
than networks. Device
diversity adds to the
complexity
Time and complexity
in delivering new
apps and services
Real-time visibility, proactive
alerting, reporting and
analytics are all required to
know what apps are being
used, when, and by whom.
This helps manage licensing,
SLAs, and maintenance
windows
Gaining visibility
into user access.
Who has access to
when, and when
Complexity of scale
and growth
(Operations,
Helpdesk)
A general state of readiness to
scale as traffic, users and devices
grow in number across the
organization
CONSUMER
EXPECTATIONS
DELAYS IN APP
DEPLOYMENTS
COMPLIANCE
NIGHTMARES
OPERATIONS
UNDERWATER
9. 7 “Must Haves” for a Cloud / Mobile Identity Management Solution
1
Directory Integration2
Policy Management
3
Application Provisioning
4
Analytics / Reporting
5
Cross-device Catalog and Launcher
• Be easy to use and reduce complexity
• Increase productivity
• Meet security & compliance requirements
• Automate and streamline onboarding and revocation
• Reduce help deskticket costs
• Support any type of device and OS
• Support mobile and SaaS apps
ANDTHESOLUTIONMUST
6
Single-Sign-on
7
Multi-Factor Authentication
11. App Access Through Workspace ONE
Native
mobile apps
Web apps
On-prem
apps
Virtual apps
OR
In-house mobile apps
Public mobile apps
Unified Workspace
with entitled apps
Workspace ONE
12. Self Service Access - Mobile Single Sign On
Workspace™ ONE™
Secure App Token System
SaaS Apps
TRUST
Trust ID Key
Cloud
13. Mobile SSO - Secure App Token System
• Commonly known as “Cloud KDC”
• Provides Single Sign-On (SSO) for iOS SAML enabled apps
• No need for Corporate VPN
• No need for manually entering credentials
• Uses:
• iOS 9 built-in Kerberos functionality
• IDM hosted Kerberos adapter
• IDM hosted KDC
14. One-Touch mobile SSO
CONFIDENTIAL 14
• Industry’s first one-touch single-sign on (SSO) for public
mobile apps
• Device Trust Authentication: the device itself becomes a
factor of authentication to anchor an SSO experience.
• The app is only available to that device, and the user must
still be able to unlock the device.
• Many people associate touch ID as a form of authentication
for SSO, but...
• touch ID only unlocks a device, taking the place of pin code
entry, which is always a backup to touch ID.
• Workspace ONE supports pin-code entry or touch ID as
another quick assurance that a device is still with its owner.
16. 16CONFIDENTIAL
Launch and SSO to
non-SAML web apps
Capture, store, and
replay password
Chrome, Firefox, IE
supported
Training mode for
customer admins
New Browser Extension for password vaulting
and SSO to Non-Federated Apps
16
DEMO VIDEO
https://www.youtube.com/watch?v=0lk-
nXL16ik&feature=youtu.be
17. Workspace ONE: Keep Barriers Between Work and Personal
17
Separate work and personal apps
Prevent data flow between work
and personal apps
Allow IT to only manage and secure the
work apps and data
X
18. Security Across Key Applications
18
Content Locker
Browser
Boxer
Secure and Integrated Access Across Apps
Open attachments
Browse links
Open downloads
Browselinks
Share content
19. Workspace Services Profile
More diverse app ecosystem
Better security and configuration capabilities
Requires profile on the device
Privacy concerns in BYOD deployments
2
O/SMAM
App Container1
Doesn’t require profile installation
Ideal for BYOD deployments
Limits app ecosystem
Requires proprietary SDK
STANDALONEMAM
Only approved, authorized apps
installed in corporate container
Organizations can detect jailbroken or
rooted devices and take compliance
action
Separate workand personal apps
Stand Alone MAM vs. O/S MAM
19
NATIVEO/SMAM
STANDALONEMAM
20. Enterprise Secure
Adaptive Management: Productivity Without Compromising Privacy
20
Download Secure
App
Access All Business
Apps
Enhanced Security and
Experience
Workspace ONE for All Use Cases
ADAPTIVE MANAGEMENT
21. iOS
• Adaptive Management
– User can see upfront what features they get by enrolling their device
– Privacy notice: to enable the user to see exactly what information is collected by AirWatch
– Device management using a limited MDM capabilities
• Container Functionality
– Support for AirWatch productivity apps without enrollment
– Ability to install native public apps from the app store without device management
• Kerberos Based SSO for Native Applications
21
22. Android
• Adaptive Management
– User can see upfront what features they get by enrolling their device.
– Privacy notice: to enable the user to see exactly what information is collected by AirWatch.
– Device management using Android for Work.
• Container Functionality
– Support for AirWatch productivity apps without enrollment.
– Ability to install native public apps from the app store without device management.
• Certificate Based SSO (requires agent, tunnel server and client)
– Will require agent with version 2 of the app
– Requirement for agent will be removed with version 2.1
– Requirement for tunnel server will be removed in version 2.1
22
23. Windows 10
• Adaptive Management
– User can see upfront what features they get by enrolling their device
– Privacy notice: to enable the user to see exactly what information is collected by AirWatch
– Device management using native MDM for Windows
23
24. Create Compliance Policies for User Groups and Devices
24
App
whitelists
App
blacklists
Required
apps
Current
app
version
Assignment
criteria
Remediate
immediately
Send push
notifications
Uninstall
apps
Policies Actions
25. Pervasive Security: Datacenter to Device to App
Data
Center
Multi-layered Defense for the Secure Digital Workspace
25
Virtual
DesktopDevice
Per-app
micro-VPN
NSX Micro-
segmentation
+
AirWatch Horizon 7
26. VMware NSX for AirWatch
26
Device Level VPN
Full Network Access
App Level VPN
Select Network Access
Micro Segmentation with NSX
App Level VPN
Full Network Access
27. VMware NSX for AirWatch
CONFIDENTIAL 27
Advanced security between an
AirWatch-managed device and
the NSX micro-segmented
cloud data center
28. VMware Workspace ONE – an Identity Management Summary
Build an App Catalog
• Install apps directly onto springboard or access through responsive HTML5 app portal
• Auto-Provisioning Workflows
Federate User Identity
• SSO with Domain Login
• Permits Strong Authentication - Provision and revoke access instantly
One-Touch Authentication
• No configuration or login required
• Leverage device ownership and unlock to establish authentication
Conditional Access
• Managed or Unmanaged devices, Network Scope, Authentication Strength
• Set policy levels by app
Secure Data on Device
• Encrypt and wipe application data using optional AirWatch Mobility Management
• Apply Device-based restrictions (cut/copy/camera/GPS/Open in)
✔ ✗
29. Identity and Access Management
Unified Catalog Single-Sign On Authentication Access Policy
AirWatch Unified EndpointManagement(UEM)
Management Context
End-User Services Team
iOS / MAC ANDROID / CHROME WINDOWS SaaS APPS
Unified Endpoint Management - One Platform For All Use Cases Open
Ecosystem
App Config
Community
Mobile
Security
Alliance
Authentication
and Identity
Providers
Connected
Things
(Rugged / IoT)
Virtualize
30. Onboard Devices Quickly And Without IT Hassle
Configure devices to be automatically
configured during initial power ON
Corporate Owned Devices
Out of Box Enrollment
Enable users to activate work services
on devices through a simple workflow
BYOD
End User Self Service
31. • Restrictions
• Device layout
• Settings access
• Notifications
• Location services
• Bluetooth
• Branding
• Internal and public apps
• Volume purchased apps
• Enterprise app catalog
• Single sign-on
• DLP and security policies
• App tunneling
• Corporate email
• Calendar and contacts
• Wi-Fi
• VPN
• Content repositories
• Intranet sites
Configure Devices with Apps and Resources
Devices Apps Systems
32. Manage Industrial Devices in Modern Framework
Industrial
• Device staging
• Provisioning framework
• Multi app launcher
• Remote management
• Developer tools
33. Gain Visibility Over Peripherals
Centrally
Deploy
• Standardize
onboarding
Closely
Monitor
• Asset tracking
• Device pairing
• Usage and life
expectancy
Proactively
Manage
• Alerts and settings
• Automated reports
34. Control Device Layout and Manage Apps
App Kiosk
• Single or Multiple apps
• Custom branding
• Layout defined
• Restricted settings
35. Enable Multiple Employees to Share a Single Device
Multiuser
• User check-in and out
• Custom profile by user
• Settings restricted
• Custom branding
36. Secure the Endpoint and Prevent Data Loss
Encryption
Device level
encryption
Hardware security
Biometric integration
Passcode
Complexity
Expiration
Device and app
Data
Sharing permissions
Copy / paste
Geofencing
Watermark
Data backups
Wi-Fi
TLS
Siri
Always-on
VPN
Whitelist
Blacklist
Tethering
Settings
ConfigurationsCompromised
Jailbroken
Remote wipe
Malware
37. Gain Real-time Insights and Remotely Support Users
Dynamic and modular dashboards
Detailed and exportable reports
Comparative industry analytics
Advanced event and device logging
Integration to BI tools
End user self-serviceportal
Remote management and troubleshooting
Remote commands and notifications
38. Dynamic Dashboards Based on User Roles
HelpdeskAdmin
Security
Officer
App Admin
Content &
VideoAdmin
System Admin
Email
Admin
40. Easy Policy Configurations with Industry Templates
Configuration
Can Be
Overwhelming…
100s of devices
1,000s of configurations
Millions of apps
Industry Templates
Simplify device setup with right configurations, apps
and policies based on use cases within your industry
41. Intelligently Assign Based on Dynamic Groups
Smart
Groups
Automatically Configures
Dynamic Updates
SalesforceApp >
GlobalSales Team
Conference Room App >
Only Android v2.0+
APAC EmailServer>
All APAC Employees
Devices
Platform
OS and Versions
Ownership Model
Users
Executives
Engineering
Sales
Tags
Location
History
42. Integrate and Automate with Robust API Framework
Allow external systems to invoke core product functionality
Enrollment
Authentication
Admin Users
Applications
Content
Products
Tags
Device Groups
Custom Attribute
Device Details
Device Profiles
Email
Smart Groups
User Groups
Notifications
Third Party Solutions
(examples)
Internal Systems
Operations
Services
Proprietary
< extend >
44. Customizable Experience for Your Users
Branding
Console | Apps | Self-Service Portal
Globalized
Available in 19 Languages
45. Extend Best-in-Class EMM with Critical PC Management Needs
Comprehensive unified endpoint management (UEM) features transforming the way IT manages Windows 10
Self-Service
Access & SSO
Co-exist with
Systems
Management
Deploy
Updates Off
the Network
Device Health
Attestation
Win32 App
Lifecycle
Management
Instant Push
Configuration
for Policies
GPOs On or
Off the
Domain
Windows
Information
Protection
Patch
Auditing
Granular
Updates
Management
5. Client Health &
Security
3. OS Patch
Management
4. Software
Distribution
2. Configuration
Management
1. MDM for Windows
Asset
Tracking
Device and OS Lifecycle Management
App Managementand
Delivery
End-to-end Security
Management
App
Inventory
BitLocker
Encryption
Enterprise
App Store
Imageless
Provisioning
In-place or
custom image
migration
Modern
Management
IntelligentInsights and Rules Engine
BIOS
Management
Delivery
Optimization
Automated
Compliance
48. What are the Issues with the Digital Workspace
48CONFIDENTIAL
Data Overload
Data
Reactive
Events
Visibility
Siloed Visibility
Processes
Manual Processes
49. Introducing Workspace ONE Intelligence
49CONFIDENTIAL
Complete Visibility
Proactive Automated Actions
ONE Data Lake
Workspace
ONE
Intelligence
50. Workspace ONE Intelligence
50CONFIDENTIAL
Enables data driven decisions
and actions from a single
source of truth
Apps
Networks
Sensors
Devices
Workspace
ONE
Intelligence
Security
Alerts
Reports
APIs
Dashboards
Is a new set of capabilities that
provide deep insights into the
entire digital workspace, enable
smart EMM planning and offer
powerful automation that
together increase security,
compliance and user experience
across the entire environment.
51. 51CONFIDENTIAL
Workspace ONE Intelligence
CONFIDENTIAL
Rules engine
to automate
actions
Automation
Visibility into entire
environment
Insights
Data to make the
right decisions
Planning
Machine learning
to predict and
remediate
anomalies
Prediction
FUTURE