VMworld session notes: Noah Wasmer: Future of Business Mobility

On Sunday afternoon at VMworld, I attended Noah Wasmer's session Peek into the Future: Our Vision for Business Mobility. There weren't actually any new announcements in the session since the main VMworld press releases haven't gone out yet, but Noah's 30-minute overview is good for anybody that wants to get up to speed on VMware's mobility plans.

On Sunday afternoon at VMworld, I attended Noah Wasmer’s session Peek into the Future: Our Vision for Business Mobility.

There weren’t actually any new announcements in the session since the main VMworld press releases haven’t gone out yet, but Noah’s 30-minute overview is good for anybody that wants to get up to speed on VMware’s mobility plans. I took notes at the session—this article is a cleaned-up version.

Session notes

VMware sees desktops and mobility coming together. Their product to address all of this is the VMware Workspace Suite, which comprises Horizon 6, AirWatch, Content Locker, and Identity Manager (formerly Workspace Portal).

Mobile teams and desktop teams at companies are often still separate from each other, but come together for identity projects and line of business app projects.

In surveys, VMware sees lots of interest in individual mobile productivity (this is essentially what we all do already.) For more advanced and organized mobility efforts, 17% of their respondents have actually gotten started, and 75% want to.

Content has to be easily available to everyone, and old-style heavy-handed DRM systems don’t work anymore. This means Content Locker (enterprise file sync and share) which is a part of the Workspace Suite.

Noah asked how many in the audience were aware the Apple OS X has enterprise mobility management capabilities, and not many were. Same thing for the Apple Device Enrollment platform. (This is a general EUC audience, by the way. Things will be a lot different in a few weeks at AirWatch Connect.)

By using DEP, you can enroll into a brand new Apple device with just your corporate credentials, and then have all your enterprise apps get pushed down. Android for Work and Windows 10 has similar features, too. The audience was much more familiar with Windows 10 enrollment.

Noah said some big announcements around Windows 10 are coming. There was a brief demo of Windows 10 EMM enrollment. It seems like managing Windows 10 with EMM will be a huge theme this week. Noah says IT should be excited about this—it’s making Windows act much more stateless, like the way we think of and treat iOS and Android.

In the old world, Windows, Windows file shares, Windows applications, and Active Directory dominated end user computing. But now our world is lots of different operating systems, different types of apps, lots of different types of content (including huge videos, chats, social media, and 60MB PowerPoint presentations), public and private clouds, and lots of new ways of doing identity. (See the slide below. Sorry about the odd angle.)

He said that he didn’t want all of this stuff to seem like intimidating FUD (and really, this is just the way things are now). But by using EMM and identity and access management, you can get a better user experience and better security in this new world. (For more on this concept, read here.)

For the rest of the session, Noah outlined three themes that VMware is working on:

  1. Endpoint management
  2. Security and Access
  3. Onboarding

Noah outline how modern devices—recent versions of iOS, Android for Work, and Windows 10—have work/personal separation features built in. This isn’t a VMware thing, this is the direction that all the OD makers are going in.

What can you do with all of this? He made an analogy comparing IFTTT and AirWatch—you can build all sorts of conditional policies to change what data and apps a user gets, how they have to authenticate, where their data is saved, etc, based on where they are, what device they’re on, whether or not it’s managed, etc.

Horizon FLEX (Centralized management for Fusion) is a part of this, too. This is like ACE from way back in the day, but their are two big differences: FLEX includes Macs (which ACE didn’t) and most laptops are way more powerful.

The big challenge across all of this is identity, but that’s where VMware Identity Manager comes in. SAML for SaaS SSO is getting a lot more prominant these days, and so is SSO for native mobile apps.

Noah demonstrated a few different forms of mobile SSO. In one demo, he showed the Box, with the username prepoluated using Apple MDM’s app configuration capabilities. In another, he showed a standard native mobile app SAML scenerio. 

VMware is hard at work at ACE (App Configuration for Enterprise, which is unrelated to the client hyperisor ACE effort), which leverages configuration capabilites that are a part of the Apple MDM protocol and Android for Work. Noah mentioned that other EMM vendors are supporting these as well. This week we should get announcements about ISVs supporting ACE, and it sounds like ACE might get renamed. You can read more about ACE here, here, and here.

VMware is also linking all of its EUC efforts with NSX-based network micro-segmentation. Using software-defined networking, VMware can ensure that apps only access the parts of the corporate network that they need to—and nothing else—with obvious security benefits. On the device side, per-app VPNs ensure that users’ personal apps stay out of the network, too. The idea of connecting an entire mobile device to the network and letting it have access to everything is outdated.

The last area Noah addressed was user privacy. Role-based access control in the AirWatch console is an important part of this, and they’ll have more to say about it later this week.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

@Jack @Noah

Agree that desktop and mobility are coming together. Anything VMware does to enable this is good. I don’t think you can call a group of products with no/ltd integration a suite…

No the identity teams at most places have nothing to do with Mobile or Desktop. They all hate each other and are competing. I.E. The Active Directory teams owns the infrastructure and don’t give a F what the mobile or desktop team thinks. Identity is owned by the CSO… who doesn’t give a F about the mobile or desktop team either.

Content Locker is a POS, nobody in their right mind would use it in anger. Curious if anybody has tried it. My colleagues laugh at it.  It was really crappy.

Ok I give up. Some EMM for Windows 10 use cases may be just fine. Just don’t make it a requirement for all things.

Horizon Flex. Another POS. Why bother? Moka 5 hands down years ahead. If image management is dead, why is VMware wasting time with Flex, which introduces Mirage into the equation? Move on it’s 2015…

I like the Identity message from VMware. However Okta? Why would I bother if going beyond AD, and VMware is starting from scratch?

EMM BTW is an invasion of privacy… I need to trust you not to take things from my personal device. EMM = (Everybody Meh Meh).

Does NSX work? Anybody had any success?

Overall, reading these four articles from the Sunday sessions. VMware is really upping the ante. Good smart team now in place, so no doubt they are an emerging force that is formulating a very different play from what we hear from Citrix. I think it’s good for all of us, although hands down Citrix in the XenApp/Experience space wins almost every time. They just need to find a new party trick. VMware seems to be making those moves, but time will tell what’s real.


Great comments.

> No the identity teams at most places have nothing to do with Mobile or Desktop

Agreed.  Most modern Identity and Access solutions integrate with EMM solutions and that is enough for most CSOs

> Content Locker is a POS

Yep, that's the consensus. Is it even encrypted?