A few weeks ago, Jack and I visited VMware at their Palo Alto campus to learn more about their recent product announcements from the VMworld and VMworld Europe.
One announcement I had particularly liked from VMworld was Dell provisioning for Workspace ONE, and senior director of product management Jason Roszak and project marketing manager Aditya Kunduri were available to explain in more detail how it works.
What we knew already from the VMworld and VMworld Europe announcements
VMware first unveiled Dell provisioning for Workspace ONE at VMworld 2018. Rather than having a distributor, integrator, and even IT spend time prepping new desktops for customers, the devices will get set up right at the Dell factory. A generic Windows 10 image is installed and then a customer’s apps and configurations are downloaded and installed on the device.
On the customer’s end, all they have to do is send Dell a provisioning package for the apps and an Unattend.xml file to tell the device how to configure once powered on. The provisioning package can be updated afterward by the customer from the cloud.
I mentioned liking the Dell provisioning announcement during our VMworld podcast with Brian and Gabe, but no one else seemed as enthused then. I hadn’t heard of anyone else doing this, and it seemed like a good idea from a productivity standpoint. The cool thing is that it’s fast: the employee is good to go once they receive the device, with no need to spend a day downloading and installing all their apps and security updates.
At VMworld Europe, VMware announced that customers can purchase a one-year Workspace ONE license through Dell’s factory sellers as part of a pre-packaged SKU. Customers purchase the desktops through Dell and get the factory provisioning as well as a discounted license, with or without ProDeploy.
No-touch restore could be a game changer
Now that we’ve covered what VMware previously announced, we can focus on what Jason and Aditya explained to me during my visit.
Jason explained that VMware want to move customers away from imagining; in fact, they don’t really want customers handling that at all. Under VMware and Dell’s program, the generic OS image installed at the factory will come with no bloatware—it’s just a clean image ready for apps and personas to be added on. It also doesn’t require an Azure AD premium license; on-prem domain join is an option.
They called the Dell provisioning the Ready to Work experience. Having apps pre-installed is faster than the user or IT downloading and installing them, even considering all the app distribution optimizations that VMware have made, which Gabe has written about.
But, what drew our attention the most during this conversation were Jason’s favorite features: the ability to keep apps up to date and easily restore devices.
Before each device is shipped, Dell ensures that each one has the latest security and OS updates, so that there should be no need for the user to do any updating (unless something was released during shipping).
The no-touch restore feature ensures users are back up and running within 5 to 10 minutes, should they decide to restore the device. All the original apps will be ready to go—thanks to a hidden storage partition. This also includes any apps that the user later installed; each app is saved to the hidden partition after the initial download. Additionally, the app versions saved in this hidden cache will remain always up to date.
Jason explained that the user-installed apps feature will be ready in November, while the always up to date functionality (i.e., the ability to update apps in the partition) comes online in February 2019. Eventually, the user’s personalizations (things like wallpaper, start menu, etc.) will also be included as part of no-touch restore. VMware are working on this feature and hope to have it ready sometime later next year (maybe in time for VMworld).
One more capability that is coming is support for Windows 10 Device Guard. Workspace ONE will make sure that Device Guard whitelists apps from the Workspace ONE catalog. This is a one-time setting: just turn it on and feed it a whitelist/blacklist and IT’s job is done. Device Guard can also enforce where a whitelisted app is downloaded from, i.e., if a user tries to download an approved app from the internet, they’ll get sent to Workspace ONE catalog.
No-touch restore and always up to date features sure got our attention fast. Seems to me that it could potentially make IT’s job a lot easier—allowing them to focus attention elsewhere instead of constantly setting up new desktops or re-image an existing one. If there’s an issue and the user would prefer to restore their device to fix it, they can easily do so and be back up and running in minutes. Keeping one's desktop personalization will just be the cherry on top, once it’s ready to go.