Scalable App Management with Workspace ONE – from BYOD to strictly managed
I had the pleasure to go through a private demo of Workspace ONE with the mobility experts at VMware AirWatch. I must say, I was quite impressed by the idea and the benefits that it brings to enterprises.
But let’s start from the beginning. VMware AirWatch integrated with VMware Horizon which made it possible to create a compact mobility solution called Workspace ONE.
Among other features, it addresses the app management challenge that many companies face, especially in the context of Bring-Your-Own-Device (BYOD). Users want to use any app, private as well as work related, on their private devices but IT wants to make sure the apps and content are securely managed. In order to do that, in most cases an MDM profile is required on the mobile device. BYOD users, however, do not want to install an MDM profile on their device.
Another challenge companies face is the variety of apps that they want to provision to the users on any device. On mobile devices, app usage can be restrictive as the screen size is not sufficient or the apps cannot be controlled with touch gestures. The portfolio of apps enterprises usually deal with are Windows apps, web apps, mobile apps (public and self-made), SaaS apps and a good number is still working with legacy Windows apps. How to be able to create a mobile strategy when all these apps need to be taken into consideration?
In addition, different kinds of apps might deal with different authentication mechanisms. Bringing all these apps to mobile devices might create a big authentication mess for the users.
The users however only care about being able to do their work and they should be able to do that from whatever device they have at hand. This is also the philosophy of VMware AirWatch. They want to enable the user to go mobile. This is why the user is in the center and it should be easiest for them to enable their mobile workspace.
With Workspace ONE, AirWatch delivers a solution that addresses exactly the three challenges above:
- How to integrate BYOD users?
- How to give access to all apps that are needed?
- How to simplify authentication by keeping the solution secure?
Workspace ONE delivers a portal that gives access to all kinds of apps mentioned above. It can be used as the general entry point to the corporation and the user simply selects the apps that are relevant to him and that he needs to work with. These apps are selected from the app catalogue that comes with pre-defined apps put together by IT. At the beginning, the user browses the app catalogue and selects all the apps he wants to work with. After selection, they are added to the Launcher (different tab in the same portal). The Launcher serves as the start screen for the user and from there all necessary apps can be launched.
Now, how does that work for BYOD users? Some apps require an MDM profile on the device and some don’t. For example, if you want to access file repositories in the backend then you can only do that from a managed device. If you, however, want to create an expenses report, then you can do that with a non-managed app on a non-managed device. The portal knows which apps require a managed device and which don’t. The user knows it, too, as the apps that require a managed device are marked with a little key icon. If the user wants to open an app without the key icon, they can simply do it and the app opens up. If the app has a key icon then the user receives a message explaining that this app requires a managed device and then the user can decide whether to enrol this device in MDM or not. This way, BYOD users are totally in control of their personal devices, however, they are restricted in the app usage and cannot use the highly secure company apps. If the company, however, wants their users to use certain company apps then it might be recommended to hand-out company devices as then the MDM profile can be “forced” onto the device. Users who want to stay BYOD users might only be able to use remote or web apps where the content remains on the server in the backend. However, these apps only function with an internet connection.
I was curious about the usability of remote apps as they are not made for touch screens. The experts at VMware AirWatch assured me that they adjusted these apps so that the users experience a local look and feel. Legacy web apps that are opened in IE via a remote session almost feel like local apps and mimic local behaviour like input feels. On an iPad, the remote IE app behaved almost like a local Safari app. This is a feature that is definitely needed because we need to provide users with the same experience across all apps if we offer such a “cross-app” portal.
I was also shown how one user accesses his personalized portal on several devices. It looked similar on all devices (ex. desktop and iPad) but, of course, only the available apps for the respective OS were shown. VMWare also gave me access to their TestDrive so that I could play around with Workspace ONE, AirWatch and Horizon. Unfortunately, the TestDrive was limited so that I could not add extra native mobile apps to the catalog and launcher. Therefore, on the screenshot below, you see the same apps in the portal on an iPad mini as on the Mac. But you get the idea and I was also shown how it works in the demo. When accessing the Workspace ONE portal as the same user on an iPad, the Launcher showed mobile apps, as well.
Furthermore, I wondered about authentication. Will users have to authenticate for each app separately or for certain app groups (ex. native, remote, web…)? Here, VMware AirWatch build in an intelligent Single-Sign-On (SSO) mechanism that allows users to log into the portal once and then the backend knows their identity. The SSO mechanism integrates all different kinds of authentication methods. This means for the user that once logged in, it will be very easy to open any app that is needed without annoying password entries each and every time. It is the VMWare Identity Manager that handles all that.
In summary, if your organization works with several kinds of apps and you would like to give access to them on mobile devices, then VMware’s Workspace ONE might be a concept you would like to look at. It is also scalable, and in combination with VMWare AirWatch, it comes with additional functionality like email, messaging, file access, device management and the above mentioned identity management. The Workspace ONE portal can also be branded with your company logo so that it really looks and feels like part of the organization to the user.
I hope I could give you a better insight into Workspace ONE and the possibilities of app management for BYOD users and managed devices.
Have you tried Workspace ONE? If so, what is YOUR experience with it? I would love to hear about it in the comments section.
Have a great day!