On Sunday afternoon at VMworld, I attended Noah Wasmer’s session Peek into the Future: Our Vision for Business Mobility.
There weren’t actually any new announcements in the session since the main VMworld press releases haven’t gone out yet, but Noah’s 30-minute overview is good for anybody that wants to get up to speed on VMware’s mobility plans. I took notes at the session—this article is a cleaned-up version.
VMware sees desktops and mobility coming together. Their product to address all of this is the VMware Workspace Suite, which comprises Horizon 6, AirWatch, Content Locker, and Identity Manager (formerly Workspace Portal).
Mobile teams and desktop teams at companies are often still separate from each other, but come together for identity projects and line of business app projects.
In surveys, VMware sees lots of interest in individual mobile productivity (this is essentially what we all do already.) For more advanced and organized mobility efforts, 17% of their respondents have actually gotten started, and 75% want to.
Content has to be easily available to everyone, and old-style heavy-handed DRM systems don’t work anymore. This means Content Locker (enterprise file sync and share) which is a part of the Workspace Suite.
Noah asked how many in the audience were aware the Apple OS X has enterprise mobility management capabilities, and not many were. Same thing for the Apple Device Enrollment platform. (This is a general EUC audience, by the way. Things will be a lot different in a few weeks at AirWatch Connect.)
By using DEP, you can enroll into a brand new Apple device with just your corporate credentials, and then have all your enterprise apps get pushed down. Android for Work and Windows 10 has similar features, too. The audience was much more familiar with Windows 10 enrollment.
Noah said some big announcements around Windows 10 are coming. There was a brief demo of Windows 10 EMM enrollment. It seems like managing Windows 10 with EMM will be a huge theme this week. Noah says IT should be excited about this—it’s making Windows act much more stateless, like the way we think of and treat iOS and Android.
In the old world, Windows, Windows file shares, Windows applications, and Active Directory dominated end user computing. But now our world is lots of different operating systems, different types of apps, lots of different types of content (including huge videos, chats, social media, and 60MB PowerPoint presentations), public and private clouds, and lots of new ways of doing identity. (See the slide below. Sorry about the odd angle.)
He said that he didn’t want all of this stuff to seem like intimidating FUD (and really, this is just the way things are now). But by using EMM and identity and access management, you can get a better user experience and better security in this new world. (For more on this concept, read here.)
For the rest of the session, Noah outlined three themes that VMware is working on:
- Endpoint management
- Security and Access
Noah outline how modern devices—recent versions of iOS, Android for Work, and Windows 10—have work/personal separation features built in. This isn’t a VMware thing, this is the direction that all the OD makers are going in.
What can you do with all of this? He made an analogy comparing IFTTT and AirWatch—you can build all sorts of conditional policies to change what data and apps a user gets, how they have to authenticate, where their data is saved, etc, based on where they are, what device they’re on, whether or not it’s managed, etc.
Horizon FLEX (Centralized management for Fusion) is a part of this, too. This is like ACE from way back in the day, but their are two big differences: FLEX includes Macs (which ACE didn’t) and most laptops are way more powerful.
The big challenge across all of this is identity, but that’s where VMware Identity Manager comes in. SAML for SaaS SSO is getting a lot more prominant these days, and so is SSO for native mobile apps.
Noah demonstrated a few different forms of mobile SSO. In one demo, he showed the Box, with the username prepoluated using Apple MDM’s app configuration capabilities. In another, he showed a standard native mobile app SAML scenerio.
VMware is hard at work at ACE (App Configuration for Enterprise, which is unrelated to the client hyperisor ACE effort), which leverages configuration capabilites that are a part of the Apple MDM protocol and Android for Work. Noah mentioned that other EMM vendors are supporting these as well. This week we should get announcements about ISVs supporting ACE, and it sounds like ACE might get renamed. You can read more about ACE here, here, and here.
VMware is also linking all of its EUC efforts with NSX-based network micro-segmentation. Using software-defined networking, VMware can ensure that apps only access the parts of the corporate network that they need to—and nothing else—with obvious security benefits. On the device side, per-app VPNs ensure that users’ personal apps stay out of the network, too. The idea of connecting an entire mobile device to the network and letting it have access to everything is outdated.
The last area Noah addressed was user privacy. Role-based access control in the AirWatch console is an important part of this, and they’ll have more to say about it later this week.