It’s time for VMworld 2017! As usual, Gabe and I did some live blogging for the keynotes.
Monday morning general keynote
7:30: The day’s press releases are live, right here.
8:11 Jack: Since this morning’s keynote is general news, we expect to be fairly quiet.
As expected, the top announcement is the initial availability of VMware on Amazon AWS. However, there is one EUC item: HP is partnering to put Workspace One / AirWatch on HP Inc devices that.. Wait for it... they’re calling “DaaS” because it’s Devices as a Service. (Did we really need another “DaaS”?)
9:07 We’re getting started!
9:19 Jack: The HP Inc device partnership is getting a callout right now, with a pre-recorded video from HP Inc. CEO Dion Weisler. Next up, Sanjay Poonen, the longtime leader of EUC at VMworld, is on stage for a customer conversation with Capital One, talking about EUC.
Gabe: The world needed to repurpose another acronym, I guess. HP does UEM and DaaS now, but it’s not User Environment Management and Desktops as a Service, it’s Unified Endpoint Management and Device as a Service. I’m hung up on the marketing here, but I actually like what they had to say.
9:34 Jack: Andy Jassy is up to talk about the AWS partnership. Back in October 2016 when this was announced, Gabe looked into whether this could ever be a desktop thing. The answer was nothing definite any time soon, and we still haven’t heard anything along those lines. We’ll actually be more interested in hearing about Horizon on Azure, which Gabe called the “Synergy Thunder Stealer,” since it happened the week before Citrix’s show in May.
Gabe: This partnership makes sense, because VMware was competing against AWS in the public cloud space. VMware decided not to fight that fight, presumably because the other providers had the ability to scale faster and better. Now, customers can use the VMware tech that they’re familiar with while migrating to a cloud provider that they trust. It just doesn’t support desktops right now. You might think AWS has a problem with the fact that desktops are going to Azure first, but VMware has always said their cross-cloud architecture will work with all the big public clouds.
10:00 Jack: On to security, and Pat is starting off by talking about getting back to basics with cyber hygiene. The five pillars are least privilege, micro-segmentation, encryption, multi-factor authentication, and patching.
Now we’re at the VMware AppDefense announcement. It can establish a known-good state, look for deviations (from the hypervisor), and then automatically respond.
Gabe: Boy I can’t wait to talk to Simon Crosby about this! It’s cool that VMware has the level of insight that they have, but it looks like it’s doing a whole lot of detection and not a lot of remediation, relying on third party products and external processes to kick off workflows when anomalies are detected.
What we’re looking at from both VMware and Citrix are AI-based security and analytics platforms that require you to be invested in VMware or Citrix. The more you do with them, the more data you get. But what happens when you have a mix? Or are using traditional servers/desktops/laptops? Are those in a gray area? Is this really that valuable then? (These are legit questions that I have)
Jack: To be clear, this sounds really cool and I can’t wait to dig in.
That’s a wrap, we’ll be back at 3:30 for the EUC super session.
Monday afternoon EUC super session
3:22 Jack: Okay, we’re seated and getting ready!
3:32 Gabe: Sumit is on stage. “It may be cold in here, but we’re gonna make it sizzling hot.” Challenge accepted.
3:35 Jack: A video is outlining all the accomplishments of Workspace One over the last year. (It’s been a more than a year, but actually it seems like it’s been much longer.)
3:38 Gabe: Costs are going up. We got desktop under control, then mobile came in. We get that under control, then cloud kicks in. So our overall EUC costs are on the rise. We have teams for each of those, separate management, separate platforms. None of that helps. We need to do more.
Jack: Mobility is also hard because users expect privacy for all the personal things on their devices.
Gabe: Workspace One is about integrating Identity and Context to create a platform to deliver workloads/manage across all of these platforms. It’s also about enabling users to use their own devices to do enterprise work while ensuring both security and privacy.
3:44 Gabe: Here comes Shawn. To the hoots and hollers of Dane Young. Sumit called Shawn “The best CTO.” Damn straight!
Jack: Jason Roszak is joining Shawn on stage to talk Windows 10. He’s comparing and contrasting mobile device provisioning with traditional Windows provisitioning, and to illustrate the point, he’s going to demo a Windows 10 “out of box experience.” (Gabe: Didn’t they demo this last year?) (Jack: Yes, we have seen Windows 10 MDM enrollment a couple of times.) Now they’re talking more about provisioning Win32 applications and how much of a footprint this takes to do in the traditional way.
Gabe: They have a new partnership with Adaptiva that allows you to use AirWatch to deliver large Win32 apps via MDM without requiring the same server infrastructure that you use today. This is a pretty big deal, because until now MDM was really only capable of delivering MSIs that were relatively small. This is great, but my biggest question here is how customers will respond to this as a separate SKU for a partner product. Would they feel more comfortable if VMware just had this, so that there was one vendor involved? Don’t get me wrong...it’s great...but it’s so important I think I’d prefer to have a single vendor.
Jack: Next up is macOS. Apple File System (APFS) really changes the way Mac management works, and apparently imaging will be a thing of the past here, too. They have a new native app for Workspace One. AirWatch is doing a combination of MDM and delivering packaged applications. It sounds like they’re really going to be going after Jamf a lot harder now.
They’re also hitting up on Chrome OS management, which I looked at in depth last week. By integrating both management and identity, you can have users log into Chromebooks directly with their usual credentials. The management runs through Google’s own Chrome Device Management console, which is essentially now able to run as middleware.
3:59 Gabe: I’m impressed. As Shawn just said, “IT can become a publisher of services” across all these platforms. Now, they haven’t yet spoken about what they can do to bridge the gap between the features we have with traditional Windows management and what you can do with MDM, but I’m sure we’ll get there.
Jack: The HP Inc partnership, announced this morning, also got a call out. (Gabe: at least he didn’t call it DaaS.)
And now the customers are on stage—DXC and Capital One. Capital One is implementing a lot of the new Windows 10 management features. Next up is a video of Sumit losing a Chromebook and getting another.
4:09 Jack: Next topic is BYO and privacy. They’re talking about device trust versus app-level management APIs—anybody that’s followed me for a while knows that this is the tip of the iceberg in a deep conversation about mobile app management. In a video demo, they showed what looks like support for the Microsoft Graph API for Intune. (Though they haven’t used that term yet, but it’s the way you do some of the things they showed :)
And now onto another partner message: Samsung is talking about Samsung DeX (the hybrid phone/desktop thing that the Galaxy S8 and Note8 can do.)
4:19 Gabe: This Nirvana Phone thing WILL NOT DIE! I suppose the use case they just showed, a one-off use in a pinch, is ok. I’m still not sold on this as a strategy though. It’s a “nice to have,” for sure. (Jack: Samsung’s take on it works pretty well, though.)
4:23 Gabe: Talking about automating desktop management, and letting you focus on building images while VMware automatically handles infrastructure. It's the setup for Dell's VDI Complete offering, which they advertise as a complete solution from Dell (hardware and software) that delivers apps and desktops for as a little as $7/user/month. That sort of conveys a subscription, but it's not. That's the number you get with certain financing terms.
Additionally, VMware is launching a service that delivers apps from Azure (The Horizon Cloud for Azure support that they first talked about around Citrix Synergy). This is a subscription, so the sign-up process is easy. You can import a base image, or use an existing one from the marketplace. Then you select the instance types, followed by assigning apps to users. This runs $8/user/month, plus whatever Azure compute resource charges you incur.
On the surface, it looks like $7/mo from Dell versus $8/mo + compute from VMware, but it’s not that simple. The $7/mo from Dell is the average price when leasing or financing is involved, and it is the lowest possible price. Odds are you’d incur higher prices, plus you still have all that hardware taking up space. So really, this boils down to “on-prem” or “off-prem,” and there’s an offering for each of those situations. Cool stuff.
4:32 Gabe: Taking Just-in-time Management (JMP) and how they've built automation around it to automatically create and provision the desktops. So, not only is the provisioning instant now, but the image creation is now really fast and easy, too.
Now showing the updating process, upgrading the OS and adding/removing apps. It was like six clicks, and everything is there. That's pretty slick. They also snuck in a Skype for Business plug, which they fully support now. The only problem I have is that they’re showing a video demo, not live.
4:36 Jack: TIme for more customer conversations.
4:40 Gabe: Interesting that the Red Cross has been featured a lot at this show, this time as a Workspace One customer, and the number of Win 10 machines they manage via Workspace One is only in the hundreds.
4:42 Jack: On to security, as Sumit talks about the Mobile Security Alliance, which debuted several years ago at AirWatch Connect. Sumit invites Matt Brennan, head of enterprise strategy for Apple, on stage. This is a first (as far as I can remember) for an EMM conference!
4:48 Gabe: Feels like we’re wrapping up soon, and no talk about bridging the gap between Windows management capabilities between traditional and UEM. I’ll have to look for that info elsewhere.
4:50 Jack: Sumit is announcing Workspace One Intelligence: Deep insight into everything that matters to you. Every device, every app, user experience, security. They've built a fully automated rules engine around this. The demo shows looking up endpoints that are up vulnerable to WannCry, quarantining them, and then pushing down updates to remediate. Another demos shows the service spotting a poorly-performing app update, and then taking several remediating steps, like slowing down the rollout, filing a Jira ticket, etc.
Gabe: I'm certain that there are differences between this and Citrix's Analytics Service, but at a high level this seems similar. As with Citrix, my biggest issue is that this kind of thing requires you to be fully invested in Workspace One. So, traditional computers aren't a part of this. That means that while you may have this intelligence around your Workspace One users, you non-Workspace One users still represent a security risk that must be separately managed.
Jack: Next announcement is Mobile Flows, the workflow app that Colin Steele scooped recently. Right now they’re showing it all in Boxer, VMware’s email app, but it can be surfaced in other apps, too. They’re partnering with Capriza, Sapho, Powwow, and Dell Boomi.
Now we’re really getting close to the end. VMware EUC should really get its own dedicated conference!
5:07 That’s a wrap. We’ll be back tomorrow with the Day 2 Keynote.
Tuesday Morning Update:
Jack: The official EUC press release is out, with a few more details and news items building on Monday afternoon's session.