Today VMware is announcing Workspace One, the next version of Workspace Suite. It includes significant updates to VMware Identity Manager as well as several other big desktop virtualization-related announcements.
I’m going to cover the identity and mobility news, and you can read all the desktop virtualization news in Gabe’s post.
Identity Manager updates
Just to review, Workspace One includes VMware Identity Manager, AirWatch, and Horizon.
Today’s updates to Identity Manager are especially significant because identity plays an important role in all the other components. It’s what enables the vision we’ve been talking about for the last several years—a seamless fabric of end user computing across all types of apps and devices, and in the cloud.
Identity Manager has been around in various forms for about 5 years, and one of the more recent big advances came last year when VMware launched the first stage of integration with AirWatch. AirWatch could be used to put a certificate on a mobile device, and then the certificate could be used as a factor to authenticate to Identity Manager. This made it possible to create access policies that required devices to be enrolled in mobile device management.
Today Identity Manager is taking several more steps forward:
There’s now API-level integration between AirWatch and Identity Manager. This means that conditional access policies for mobile devices can be more robust. Instead of just looking for a certificate on a device (that would indicate that the device is enrolled in MDM), now Identity Manager can talk directly to AirWatch and check the device’s compliance status.
The integration between AirWatch and Identity Manager also means that they can share a single Active Directory connector. (Previously, both components would have needed their own AD connectors.)
VMware has created a cloud-based multi-tenant Kerberos KDC. This means that Identity Manager can do authentication on its own without customers having to expose their own KDC or have devices use a VPN connection. VMware has also built their own certificate authority, which can be in the cloud or on-premises.
Identity Manager can also work alongside other identity providers. It will take care of authentication from the device; and if a company was already doing federation with existing products (like Ping, Okta, or ADFS), those can stay in place and they’ll work together.
New app catalogue
Workspace One is introducing a new app catalogue that can be used as an enterprise app store or as a portal for single sign-on. The new app catalogue can pull data out of AirWatch, Horizon, and Identity Manager. It’s a native app for iOS, Android, and Windows 10 (with a Mac OS X app coming in a few months), plus you can also access it from a browser.
Workspace One editions and availability
Workspace One comes in three editions. Standard includes the enterprise app catalogue, basic productivity apps (i.e. Boxer) and single sign-on. The Advanced edition adds device and app management from AirWatch, and the Enterprise edition adds virtual apps and desktops from Horizon. AirWatch and Horizon will continue to be available on their own, of course. Workspace One starts at $8 per month per user for the cloud version, and $150 per user for on-premises. It will be generally available in March.
In our conversations with VMware (we talked to Sumit Dhawan, Kevin Strohmeyer, Ashish Jain, and Pat Lee) they emphasized several points: Workspace One is being built as a cloud-first service, with an emphasis on making everything work as pluggable components that can be broadly applicable to different use cases. (There will still be on-premises versions, too.)
Integrating identity management and EMM (along with virtual desktops, web SSO, and other things) is clearly the way forward for end user computing. Now that the enterprise is getting comfortable with mobility, it’s good to see the flexible, any app, any device vision finally come to life. Still, getting to that point is a long road, and many companies aren’t ready for it yet, so it’s good that Workspace One is being offered in a modular way.
Of course there are others working on this same vision—Citrix Workspace Suite, Microsoft Enterprise Mobility Suite, as well other vendors that can have a part in a similar vision like Okta, Centrify, and others. For now these are all going to have their strengths and weaknesses—there are a lot of different moving parts to work on.