By: Edwin B. & Shrikant S. May 7, 2021
We present the new VMware secure desktop showcase build on the latest VMware Horizon and Workspace ONE UEM platforms.
I would like to take you through what we have done here to help our partners develop and showcase the VMware EUC, Networking and Security coming together.
This gives our partners the piece of mind that they can confidently deliver a great user experience for their customers to any device and any location in a secure and compliant manor.
With this solution it gives partners, customers and end users unprecedented flexibility and choice like never before.
The goal of this showcase is to give our partners the ability to build their own POC’s that are standardised and build using the VMware best practices.
Let me take you through the world class VMware technologies that we have built this on
VMware Horizon 8
VMware Horizon is a centralized desktop virtualization solution that enables organizations to deliver virtualized desktop services and applications to employees as a managed service. Horizon has advantages for both end users and IT administrators:
- End users are no longer restricted to one specific machine and can access their system and files across many supported devices and locations.
- As an IT administrator, you can use Horizon to simplify and automate the management of desktops and applications, and you can securely deliver desktops as a service to users from the data centre or cloud. You can quickly create virtual desktops on demand based on location and profile.
A single administration console provides detailed levels of control, allowing you to customize the end-user experience, access, and personalization to support corporate policy. End users get a familiar, personalized environment that they can access from any number of devices anywhere throughout the enterprise or from remote locations. And as an administrator, you have centralized control, efficiency, and security by storing desktop data in the data centre.
Logical Architecture for VMware Horizon
Please follow this link to find out more about VMware Horizon 8
VMware App Volumes
VMware App Volumes is a real-time application delivery system that enterprises can use to dynamically deliver and manage applications.
Applications are packaged and delivered by attaching a standard VMDK or VHD file to a virtual machine. You can centrally manage the applications with the App Volumes Manager, a Web-based interface that is integrated with Active Directory (AD) and vSphere. Administrators can assign, update, or remove applications to be delivered at the next user login without the need to modify the desktops or disrupt users while they are working.
Writable Volumes allow users to access their application data across sessions and devices.
The VMware App Volumes™ just-in-time application model separates IT-managed applications and application suites into administrator-defined application containers. App Volumes also introduces an entirely different container used for persisting user changes between sessions.
App Volumes Just-in-Time Application Model
App Volumes Logical Components
Please follow this link to find out more about VMware App Volumes
VMware Dynamic Environment Manager (DEM)
VMware Dynamic Environment Manager™ (formerly called User Environment Manager) provides profile management by capturing user settings for the operating system and applications. Unlike traditional application profile management solutions, Dynamic Environment Manager does not manage the entire profile. Instead it captures settings that the administrator specifies. This reduces login and logout time because less data needs to be loaded. The settings can be dynamically applied when a user launches an application, making the login process more asynchronous. User data is managed through folder redirection.
Dynamic Environment Manager
Please follow the link to find out more about VMware DEM
VMware Dynamic Environment Manager (DEM)
VMware Unified Access Gateway (UAG)
Use Unified Access Gateway to design VMware Horizon®, Workspace ONE Access, and Workspace ONE UEM deployments that need secure external access to your organization’s applications. These applications can be Windows applications, software as a service (SaaS) applications, and desktops. Unified Access Gateway is typically deployed in a demilitarized zone (DMZ).
Unified Access Gateway directs authentication requests to the appropriate server and discards any unauthenticated request. Users can access only the resources that they are authorized to access. Unified Access Gateway also ensures that the traffic for an authenticated user can be directed only to desktop and application resources to which the user is actually entitled. This level of protection involves specific inspection of desktop protocols and coordination of potentially rapid changing policies and network addresses, to accurately control access.
Unified Access Gateway acts as a proxy host for connections inside your company’s trusted network. This design provides an extra layer of security by shielding virtual desktops, application hosts, and servers from the public-facing Internet.
Unified Access Gateway Logical Architecture
Please follow this link to find out more about VMware UAG
VMware Unified Access Gateway (UAG)
VMware NSX-T
VMware NSX-T™ Data Centre provides an agile software-defined infrastructure to build cloud-native application environments.
NSX-T Data Centre focuses on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks. NSX-T Data Centre supports cloud-native applications, bare metal workloads, multi-hypervisor environments, public clouds, and multiple clouds.
NSX-T Data Centre is designed for management, operation, and consumption by development organizations. NSX-T Data Centre allows IT teams and development teams to select the technologies best suited for their applications.
Please follow this link to find out more about VMware NSX-T
VMware Workspace ONE UEM
VMware Workspace ONE® is VMware’s workspace solution. It’s a digital platform that delivers and manages any app on any device by integrating access control, application management, and multi-platform endpoint management. VMware Workspace ONE is built on the unified endpoint management (VMware Workspace ONE® UEM) technology and integrates with virtual application delivery (VMware Horizon®) on a common identity framework delivered by VMware Workspace ONE® Access. The platform enables IT to deliver a digital workspace that includes the devices and apps of the business’s choice, without sacrificing the security and control that IT professionals need.
Please follow this link to find out more about VMware Workspace ONE UEM
VMware Workspace ONE Access
VMware Workspace ONE Access™ (formerly called VMware Identity Manager) is a key component of VMware Workspace ONE®. Among the capabilities of Workspace ONE Access are:
- Simple application access for end users – Provides access to different types of applications, including internal web applications, SaaS-based web applications (such as Salesforce, Dropbox, Concur, and more), native mobile apps, native Windows and macOS apps, VMware ThinApp® packaged applications, VMware Horizon®–based applications and desktops, and Citrix-based applications and desktops, all through a unified application catalog.
- Self-service app store – Allows end users to search for and select entitled applications in a simple way, while providing enterprise security and compliance controls to ensure that the right users have access to the right applications.
Users can customize the Favorites tab for fast, easy access to frequently used applications, and place the apps in a preferred order. IT can optionally push entries onto the Favorites tab using automated application entitlements. - Enterprise single sign-on (SSO) – Simplifies business mobility with an included Identity Provider (IdP) or integration with existing on-premises identity providers so that you can aggregate SaaS, native mobile, macOS, and Windows 10 apps into a single catalog. Users have a single sign-on experience regardless of whether they log in to an internal, external, or virtual-based application.
- Conditional access – Includes a comprehensive policy engine that allows the administrator to set different access policies based on the risk profile of the application. An administrator can use criteria such as network range, user group, application type, method of authentication, or device operating system to determine if the user should have access or not.
- Productivity tools – Enables the Hub Services suite of productivity tools such as People Search, Notifications, Mobile Flow, Assistant, and more.
In addition, Workspace ONE Access has the ability to validate the compliance status of the device in VMware Workspace ONE® UEM (powered by AirWatch). Failure to meet the compliance standards blocks a user from signing in to an application or accessing applications in the catalog until the device becomes compliant. By integrating Workspace ONE Access and VMware Workspace ONE® Intelligence™ you can add user behavior and risk scoring into the access decision.
Cloud-based Workspace ONE Access Logical Architecture
Please follow this link to find out more about VMware Workspace ONE Access
VMware Workspace ONE intelligence
The shift from traditional mobile device management (MDM) and PC management to a digital workspace presents its own challenges.
- Data overload – When incorporating identity into device management, IT departments are deluged by an overwhelming volume of data from numerous sources.
- Visibility silos – From a visibility and management standpoint, working with multiple unintegrated modules and solutions often results in security silos.
- Manual processes – Traditional approaches such as using spreadsheets and scripting create bottlenecks and require constant monitoring and corrections.
- Reactive approach – The process of first examining data for security vulnerabilities and then finding solutions can introduce delays. These delays significantly reduce the effectiveness of the solution. A reactive approach is not the best long-term strategy.
VMware Workspace ONE® Intelligence™ is designed to simplify user experience without compromising security. The intelligence service aggregates and correlates data from multiple sources to give complete visibility into the entire environment. It produces the insights and data that will allow you to make the right decisions for your VMware Workspace ONE® deployment. Workspace ONE Intelligence has a built-in automation engine that can create rules to take automatic action on security issues.
Workspace ONE Intelligence Logical Overview
Please follow this link to find out more about VMware Workspace ONE Intelligence
VMware Digital Employee Experience Management (DEEM)
DEEM harvests telemetry from desktop devices and provides insights to take predictive actions. The Workspace ONE Intelligent Hub gets the data from devices and sends it to Workspace ONE Intelligence for display and interaction on the Devices and Apps dashboards. To harvest data, the Workspace ONE Intelligent Hub for Windows Desktop now includes an agent built on the osquery framework.
A solution in Workspace ONE Intelligence is an area where all the dashboards, automations, and reports reside for a specific feature.
Please follow this link to find out more about VMware DEEM
VMware Digital Employee Experience Management (DEEM)
VMware Carbon Black Cloud
VMware Carbon Black Cloud™ is a cloud native endpoint, workload, and container protection platform that combines the intelligent system hardening and behavioural prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console. By analysing more than 1 trillion security events per day, VMware Carbon Black Cloud proactively uncovers attackers’ behaviour patterns and empowers defenders to detect and stop emerging attacks. As a key means to realizing intrinsic security, VMware Carbon Black Cloud simplifies and strengthens your approach to security across any app, any cloud, and any device.
Please follow this link to find out more about VMware Carbon Black Cloud
VMware SD-WAN by VeloCloud
VMware SD-WAN™ by VeloCloud® is a cloud-delivered solution for network operators and application owners who want to ensure high application performance and availability for their end users while lowering networking costs. VMware SD-WAN ensures a reliable and resilient wide area network (WAN), with a choice of connection types, including: Multiprotocol Label Switching (MPLS), LTE, WiFi and broadband. VMware SD-WAN combines multiple links and uses traffic steering technology to select the best path for each application to ensure consistent performance and overcome quality issues and outages. It can detect slight degradation that would affect application performance, improve performance over a single link using congestion mitigation technology and adapt without any noticeable impact to the user experience. VMware SD-WAN enables enterprises to securely support application growth, network agility, and simplified branch implementations while delivering high-performance, reliable branch access to cloud services, private data centers and software as a service (SaaS) based enterprise applications. VMware SD-WAN is built on software-defined networking principals to address end-to-end automation, application continuity, branch transformation, and security from the data center and cloud to the edge. The VMware SD-WAN solution consists of hosted or on-premises cloud gateways; branch office appliances and data center appliances; a central orchestrator to automate policies; and virtual services insertion capabilities.
Please follow this link to find out more about VMware SD-WAN by VeloCloud
Summary
As we have highlighted above this is our end goal to work and integrate all of the above VMware technologies into a truly world class solution.
While doing this we can’t wait to bring our partners and their customers on the journey with us.
This is the first blog, and we will follow this with several blogs delving deeper into each of the areas and how it will all fit together.
I hope you have enjoyed finding out a little more about what VMware can do with its technology set and please keep an eye out for the next blog.
vCloudMakers 