RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

VMware Workspace One

Product
The name of the base system (platform): VMware AirWatch
Developers: VMware
Last Release Date: 2022/07/12
Technology: ITSM - IT Service Management Systems,  Mobile Device Management (MDM),  Network Health Monitoring - Network Monitoring or IT Infrastructure Health-Performance Management

Content

VMware Workspace One is a platform for managing users, their access to data from various devices within the enterprise.

Through cooperation with VMware, telecom operators and service providers can offer their customers a range of corporate mobile access services at all stages of the transition to a digital work environment. VMware Workspace ONE based on AirWatch technology is a platform for managing and securing any customer devices (including personal and operator-acquired devices). With Workspace ONE, carriers can offer digital workspace services to improve mobile user productivity and ease of use. This experience can be described as "any application on any device." All applications - mobile, web and Windows, virtual or cloud - are available through a single application portal with integrated user identification (single sign-on). Thus, telecom operators maximize revenues from corporate data transfer plans, resale software licenses and additional service offers.

2022

Add support for native iOS and Android devices to Workspace One Assist

On July 12, 2022, it became known that Workspace ONE Assist now supports iOS and Android devices that are not included in the MDM (mobile device management) infrastructure. ONE Assist allows you to remotely support users (in the cloud and your own data center) using the built-in collaboration tool, a utility for requesting user rights, highlighting screen areas, recording a session, and more.

Using the Workspace ONE Intelligent Hub, technical support can start a session to resolve problems with the user's device. This provides additional support opportunities for private devices of users, as well as phones and tablets of contract workers who do not need to buy equipment at the expense of the company.

Illustration: vmgu.ru

Recall that within the framework of the digital employee experience (DEX) concept, it is possible to implement the following functions on user devices using the Workspace ONE Assist solution:

  • Start remote sessions with Workspace ONE Intelligent Hub installed within seconds from the Workspace ONE console.
  • View and manage devices in real time, including tasks to solve hardware and software problems, configure the network, manage applications, and more.
  • Use the drawing functions on the Screen Draw screen to communicate with the user and conduct him through the onboarding process.
  • Notify the user that his screen is visible to the administrator, as well as the ability to interrupt the session on the part of the user at any time to comply with his privacy.
  • Provide secure access and separation of environments for users who share their devices with others as part of work shifts.
  • Recording screenshots and videos of remote sessions for training and advanced support purposes[1] for[2].

Fix a vulnerability that allows attackers to gain administrator privileges

VMware has fixed a critical vulnerability in some of its products. This became known on May 19, 2022.

The authorization bypass vulnerability affected users of local domains.

The virtualization giant has warned of a CVE-2022-22972 vulnerability with a CVSSv3 score of 9.8. The vulnerability allows attackers to gain administrator privileges. The company is urging customers to install security updates as soon as possible.

File:Aquote1.png
CVE-2022-22972 must be corrected or fixed immediately in accordance with the instructions in the VMSA-2021-0014. The consequences of exploiting the vulnerability are extremely serious, says VMware.
File:Aquote2.png

CVE-2022-22972 affects Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation.

File:Aquote1.png
vIDM, Identity Manager and vRealize Automation contain an authorization bypass vulnerability affecting users of the local domain, the company said in a summary. An attacker who has network access to the user interface can gain administrator rights without requiring authorization.
File:Aquote2.png

Bruno Lopez, an employee of Innotec Security, discovered the vulnerability.

VMware also fixed a serious vulnerability in the CVE-2022-22973 with a score of 7.8 on the CVSSv3 scale. The vulnerability affects VMware Workspace ONE Access and Identity Manager. CVE-2022-22973 allows an attacker to elevate to root.

The company has provided workarounds for administrators who can't immediately install VMware security patches[3]

Exploitation of a vulnerability by an Iranian cybercriminal group in order to gain initial access to systems and install a Core Impact backdoor

On April 26, 2022, it became known that the Iranian cybercriminal group Rocket Kitten is actively exploiting a remote code execution vulnerability in VMware in order to gain initial access to systems and install the Core Impact backdoor.

The critical vulnerability CVE-2022-22954 received a score of 9.8 points out of a maximum of 10 on the CVSS scale and affects VMware Workspace ONE Access and Identity Manager.

Although the problem was fixed ​​postavshchikom virtualization services on April 6, 2022, the company warned users about the confirmed exploitation of the vulnerability in real attacks.

According to experts from Morphisec Labs, attack chains that exploit the vulnerability include the distribution of a PowerShell-based stager, which is then used to download the next stage payload called PowerTrash Loader. PowerTrash Loader installs the Core Impact tool in memory for subsequent malicious actions.

VMWare customers are urged to check their VMware architecture for vulnerable components available on the Web[4].

Discovery of a vulnerability that allows you to inject a template and execute an arbitrary OS command

The UserGate Monitoring and Response Center reported a vulnerability in VMware Workspace ONE Access (Access) on April 13, 2022. The product is designed to interact between storage and credential providers and work users with enterprise applications and is used by a large number of organizations in a wide variety of industries, including in retail, financial organizations and medical institutions.

The vulnerability allows potential attackers to inject a template with one request and execute an arbitrary operating system command. The vulnerability poses an extremely serious danger, according to CVSSv3.1 the vulnerability is rated: 9.4

The UserGate Monitoring and Response Center recommends that users:

  • Install the latest updates from the manufacturer's website.
  • Add the signature "VMWare Workspace ONE SSTI" to the IDPS blocking rule.
  • Check the relevance of the subscription to the Security Updates module.

The UserGate Monitoring and Response Center has added a signature to the UserGate Intrusion Detection System (IDS) to detect attacks using the CVE-2022-22954 vulnerability. This means that when using the UserGate signature profile, all new signatures start working automatically.

On April 14, 2022, it became known that Networks the PoC code was published to operate vulnerabilities remote code execution (CVE-2022-22954), which is already used in real hacker attacks. The vulnerability affects VMware Workspace ONE Access software products and. As VMware Identity Manager noted, criminals during attacks install on the systems of victims. miners cryptocurrencies

The developer released a security update that fixes the problem on April 6, 2022. However, many cybersecurity researchers soon developed working exploits for CVE-2022-22954, with at least one PoC code to exploit the vulnerability being posted on Twitter. Bad Packets specialists discovered attempts to exploit the vulnerability in real attacks. One of these attacks used the Tsunami backdoor for Linux systems.[5]

2021: Integration with Intel vPro

On October 5, 2021, VMware announced a partnership with Intel for security, maintenance, and intelligence on commercial PCs. Integrate the Intel vPro platform with VMware Workspace ONE cloud management tools to keep PCs safe at the component, system, and application levels, and automate device service anywhere, even outside the network or office. Read more here.

2020

How to transfer tens of thousands of employees to remote work in three weeks using IT solutions

In the context of the 2020 pandemic, the criticality of a number of business solutions has increased sharply, their standard deployment times have decreased by 10 times, and companies sometimes needed to transfer several tens of thousands of workers to remote work in three weeks. TAdviser asked VMware how the load on the network infrastructure has changed in recent months, what difficulties their customers have faced and what to expect next. article > >

2019

HID Mobile Access Connection

On December 23, 2019, HID Global announced its cooperation with VMware. The collaboration is designed to support the implementation of mobile access to digital and physical locations by connecting HID Mobile Access to VMware Workspace One, a digital workspace analytics platform that enables easy and secure delivery and administration of any application on any device. Read more here.

Zero trust end-to-end access control and privacy protection

On December 6, 2019, VMware unveiled updates to the VMware Workspace ONE digital workspace platform to help organizations improve employee engagement throughout the lifecycle, from accepting a job offer to retiring or retiring. In addition, a zero-trust security architecture was launched, as well as a hybrid and multi-cloud VDI infrastructure. The company also shared news of an expanded partnership with Microsoft to accelerate the transition to modern management.

File:Aquote1.png
For too long, enterprise security and the digital experience of employees have been pitted against each other. There is a misconception that by prioritising one of these areas, we infringe on the other. That's not the case. With many announced updates, Workspace ONE empowers organizations to provide productive and engaging employee engagement while mastering the zero-trust security model.

narrated by Shankar Iyer, Senior Vice President and CEO of VMware End-User Computing
File:Aquote2.png

According to the company, based on the principle of zero day, Workspace ONE provides employees with secure access to the corporate resources they need from the first working day, for example, an employee address book or intranet using the Intelligent Hub. In addition, employees will be able to use the Intelligent Hub to perform certain procedures before entering the company, for example, to select the technological equipment provided on the first day of work.

In an effort to ensure a seamless transition between seamless and unobstructed worker transition in physical and digital interaction with technology, VMware introduces Intelligent Hub integration with HID Global, the world leader in access control solutions. Using the new "passport" function, employees will be able to use the application on a personal or corporate mobile device to enter buildings. This is the first solution on the market that allows you to instantly identify an employee and check the level of access. As a result, the staff has the feeling of easy, unhindered movement, and the physical security department gets a modern tool for controlling and controlling access.

In addition to all of the above, VMware announced the launch of Workspace ONE Intelligence for Consumer Apps, which helps companies improve customer experience when using a mobile app. With this service, organizations can collect and track mobile application performance data and, based on them, make better decisions to fix errors, increase engagement, and reduce customer outflows.

Workspace ONE Privacy Guard will provide transparency and awareness to employees about how IT professionals manage their devices and service applications. For example, employees will be able to obtain information about the collected data and functions to which the application requests access, what data is collected and what permissions to use device functions are requested by applications on both personal and corporate devices. Employees will now receive notifications in the Intelligent Hub from Privacy Guard if any application or device management policy changes.

VMware has built the Privacy Guard Software Development Kit (SDK) into productivity applications on Workspace ONE, including Boxer, Content, Notebook, Web, and more, to protect employees' personal information when using these business applications. In addition, VMware has made the Privacy Guard SDK available to all application developers so that they can provide transparency to their users at the same level.

Flexible work requirements, migration of applications to the cloud, changes in the fleet of devices that the company uses - all these factors become a threat to the security perimeter, and the traditional approach to its protection is no longer relevant. It is replaced by the principle of zero trust and other similar security models.

VMware introduced a zero-trust architecture to help customers modernize their approach to digital workspace security. The architecture provides insights into how to bring together device management and compliance, conditional access, application and proxy tunnel, risk analysis, and automated recovery and orchestration to end up with a zero-trust security model.

Workspace ONE is a digital workspace platform that can combine these critical technologies for zero-trust security.

The main advantages are:

  • Device Management and Compliance: Workspace ONE Unified Endpoint Management (UEM) enables customers to manage all devices - mobile, stationary, specialized, secure, and IoT devices - across all platforms with a single console.
  • Conditional Access: Workspace ONE Access is a conditional access mechanism that supports the customer's existing infrastructure for identifications the individual. Its effectiveness is ensured by checking compliance in continuous mode using Workspace ONE UEM analysts and Workspace ONE Intelligence. Workspace ONE Access can also run multifactor authentication according to policy requirements.
  • Tunnel access to applications and proxies: The ability to access the company's local applications with the smallest set of rights is provided by using the VMware Tunnel and the Unified Access Gateway (UAG) and/or by opening virtual access to the application using VMware Horizon. The application infrastructure is naturally protected by virtualization and can be accessed through UAG endpoint services.
  • Automated remediation and orchestration: Workspace ONE Intelligence enables automated remediation and orchestrates enterprise IT Services Management (ITSM) processes for incident management, notification, and other activities.

Continuing to enrich its ecosystem, VMware introduced the Trust Network Ingest API. With this API, partners get faster integration with Workspace ONE, which ultimately allows customers to take advantage of it faster. In addition, VMware announced that Zscaler, Wandera and Zimperium intend to release their integrations with Workspace ONE Intelligence using the Trust Network Ingest API soon.

Among other announcements, it was announced that multifactor authentication (MFA) is now built directly into the Workspace ONE Intelligent Hub and Workspace ONE Access. This gives IT departments the ability to enforce stricter authentication requirements if necessary without inconvenience to employees trying to access their applications and workflows from the Intelligent Hub. These capabilities are already included in the Workspace ONE platform, so no additional applications or integrations are required to include MFA in the customer's digital workspace.

VMware Workspace Security will combine Workspace ONE Intelligence with Carbon Black Cloud Endpoint Advanced as an added service for Workspace ONE Advanced. The offering brings together next-generation cloud antivirus (NGAV) and Intelligence's behavioral threat detection feature across the digital workspace, which is further complemented by security threat response capabilities and Carbon Black LiveOps on demand.

Simplified management of hybrid and multi-cloud VDIs and applications improves VMware's operational efficiency and simplifies management of virtual workstations and applications ranging from on-premises to cloud.

A monitoring service is now available that allows administrators to display Horizon performance data. So they can actively monitor, troubleshoot, and remediate their environments from a single cloud console.

Additionally, the first quarter 2019 shared version of App Volumes for Horizon 7, including Horizon 7 on VMware Cloud on AWS, will allow customers to simplify application packaging and lifecycle management by taking advantage of AppStack delivery algorithms. By separating package management and application delivery, app owners and packers can work more freely and more quickly to respond to user requests.

Improvements to Horizon Cloud on Microsoft Azure continue to emerge at an increasing pace. Updates in the latest release include high availability for Pod Manager, support for custom Azure Resource Tags for workstations and farms, advanced registration and auditing capabilities in the Horizon Cloud administration console, and enhanced alerts during container group (pod) updates. These updates help simplify administrative work for enterprises and implemented systems of any size.

Finally, Workspace ONE now allows administrators to manage their stored Horizon virtual workstations along with all other physical and virtual workspaces using Workspace ONE UEM. Using UEM to perform routine workstation operations such as patching and setting policies, deploying applications, etc., minimizes the need to create workstation images for minor updates.

2018

Update the platform for efficient operation in heterogeneous work environments

On November 16, 2018, VMware presented the updated capabilities of the VMware Workspace ONE analytical platform. The updated solution provides customers with advanced tools to manage heterogeneous IT environments and improve customer experience across more applications and devices. In-platform changes and integrations with ecosystem partner solutions expand the scope of the Workspace ONE platform and provide additional opportunities for companies.

VMware Workspace One Intelligence

As noted in VMware, modern workspaces are becoming more heterogeneous as employees use a wide range of devices and applications based on different operating systems to solve work problems. Workspace ONE balances employee needs with IT requirements, reduces costs, and eliminates complexity by automating the management and security of digital workspaces.

Workspace ONE offers customers a wide range of opportunities to transform digital workspaces by partnering with leading technology companies. VMware has identified several important updates to the VMware Workspace ONE platform, such as:

  • Workspace One Intelligence Automation Connector. Workspace ONE Intelligence is compatible with third-party systems with Workspace ONE Intelligence Automation Connector. Based on out-of-the-box integration tools with Slack and ServiceNow, it allows customers to connect automated notifications and activities defined in Workspace ONE to their own systems, such as service desk platforms.
  • Workspace ONE Sensors for macOS allows customers to monitor the health of any hardware or software component of Apple devices (firmware, BIOS, peripherals, applications, etc.) to ensure transparency and compliance with security policies. Previously, this feature was only available for Windows 10.
  • Dell Provisioning for Workspace ONE with Dell ProDeploy Client Suite Dell Provisioning for VMware Workspace ONE is a device preconfiguration service that provides end users with fully ready-to-use devices for all Windows applications from the first launch. Dell Provisioning for VMware Workspace ONE has become part of the Dell ProDeploy Client Suite. For November 2018, this service can be purchased along with the Workspace ONE license at a special combined rate as part of ProDeploy.
  • Integration with Flexera AdminStudio to simplify the launch of Win32 applications: clients can run desktop applications directly from Flexera AdminStudio to their Workspace ONE directory, avoiding expensive and difficult repackaging of Win32 applications.

According to the developer, with built-in Workspace ONE platform security tools, customers can protect any application on any device with leak prevention, encryption, and access control policies.

File:Aquote1.png
"The workflow has become more open, flexible and collective, so IT departments have a responsibility to help employees work on devices that are convenient for them without threatening corporate and personal privacy. Digital work platforms with built-in security capabilities are critical to shaping business strategy. With it, employees can safely access relevant enterprise content and applications on any device. "

Angela Salmeron, IDC Research Manager
File:Aquote2.png

Workspace ONE Intelligence services provide analytics that enable organizations to increase understanding of what is happening from endpoints to the network and automate remediation of operational environments. On November 16, 2018, VMware introduced Workspace ONE Intelligence Identity Analytics. Using VMware Identity Manager data, Workspace ONE Intelligence is able to prevent security incidents by analyzing user identities. In addition to the built-in Workspace ONE protection tools, customers can use security products for companies in the Workspace ONE Trust Network partner ecosystem. By connecting to third-party solutions through Workspace ONE Intelligence, organizations have access to a complete overview of all devices, applications, and related potential information security threats, the developer noted.

As part of this initiative, in November 2018, VMware also presented a solution developed in collaboration with Carbon Black, one of the partners in the Trust Network. The preview notes that the solution brings together Carbon Black, Workspace ONE Intelligence and VMware AppDefense to expand threat detection in the data center, automate their elimination and increase the overall level of security. Two additional features have been announced to help Workspace ONE customers take advantage of the Okta Identity Cloud solution. The partnership between Okta and VMware links the trusted device to the user ID through advanced conditional access policies and provides employees with a centralized, secure hub for access to all applications, services, and devices.

VMware also announced several improvements for Workspace ONE Secure Productivity Apps in user experience and performance for more applications and devices:

  • VMware Workspace ONE Boxer supports enterprise, email G-Suite enabling organizations to manage mail. Google
  • Workspace ONE Intelligence for Workspace ONE Secure Productivity Apps: With integration tools for Workspace ONE Intelligence, organizations can collect information about application performance, number of crashes, authorization speed, user behavior, etc.
  • Samsung DeX support: Workspace ONE supports connecting Samsung Galaxy S8, Note8, S9, Note9 and Tab S4 devices to a monitor, keyboard and desktop mouse with Samsung DeX. Using their phone, employees can open VMware applications, use keyboard shortcuts, and manage files on the big screen.

VMware Workspace ONE AirLift Release

On October 2, 2018, VMware announced the release of VMware Workspace ONE AirLift, designed for co-management of Microsoft System Center Configuration Manager (SCCM) environments.

VMware Workspace ONE AirLift

The idea of ​ ​ jointly managing a fleet of devices based on Windows 10 was presented by Microsoft itself. It is assumed that SCCM will be used to preserve traditional schemes for managing device configurations, and Workspace ONE for those devices that are integrated into the VMware cloud environment, offline devices, and those that do not have Microsoft Active Directory support.

All this allows you to maintain deeply embedded SCCM policies, and on the part of Workspace ONE, provide a single point of control and ease of use for this solution.

A virtual machine with Workspace ONE AirLift on board downloads SQL Express and MongoDB, creates two services running under the Network Service account, and then tightly connects to SCCM services.

AirLift integration includes 3 phases:

Phase 3 AirLift Integration

"'Planning Phase (Plan):

  • Workspace ONE AirLift maps the SCCM device collections to Workspace ONE UEM, which allows you to manage them from UEM.
  • Uses complex query-based rules for collections.
  • Uses one-to-many mappings between collections and Workspace ONE instances.
  • Mapit collections to Workspace ONE Smart Groups.
  • Synchronizes Workspace ONE with the SCCM environment.

Execute phase:

  • Enable SCCM devices in Workspace ONE UEM configuration management environment.
  • Automatic creation of ConfigMgr Workspace ONE enrollment app.
  • Selective migration of devices to UEM management workflows.
  • Simply rolling back the inclusion of devices in UEM if something went wrong.
  • An inventory of all SCCM managed applications and their migration to the UEM environment.
  • Supports MSI, EXE, scripting, and deployment options.
  • Possibility of plant validation.

Monitoring Phase (Monitor):

  • AirLift itself is installed in% ProgramFiles %\VMware\VMware AirLift.
  • Workspace ONE enrollment application - contains AirWatch Agent, SCCM Integration Client, and environment component icons.
  • AppSettings.JSON - contains some settings, such as connection parameters with SQL Express and MongoDB, as well as the logging level.
  • The% ProgramData %\VMware\VMware AirLift folder contains the MongoData log and other logs in addition to Activity Log.

Workspace ONE Updates for Business Transformation

On September 06, 2018, it became known that the company VMware introduced updates to the analytical-centric platform for digital workspaces Workspace ONE. Organizations can now benefit from solutions that accelerate the transition to advanced management as they migrate to Windows 10 both platforms and Mac iOS Android laptops Chromebook enterprise environments. Another result of the platform upgrade is an improved user experience with the Workspace ONE Intelligent Hub for employees.

Workspace ONE on Mac, iOS, Android and laptops
File:Aquote1.png
In the process of digital transformation, Chief information officers have to quickly address a variety of management challenges related to the variety of user access device platforms, as well as the constant increase in security risks and the growing number of mission-critical applications that are required for productive employees. The basis of Workspace ONE is a modern management system, the functionality of which is expanded by solutions of the partner ecosystem. With it, organizations will receive a highly automated on-demand workspace platform. The benefits of this platform are smart analytics, improved user experience, significant cost savings, and increased security.
File:Aquote2.png

End-to-end management with analytics and automation tools

Workspace ONE Intelligence has received updates that will accelerate business transformation. Predictive patching for Windows 10 based on OS and application availability and CVE vulnerability scores provides proactive device maintenance and troubleshooting.

In addition, with UEM support covering all Group Policy Objects (GPOs), IT teams can manage these objects through the custom Internet Security Center (CIS) using Microsoft security policy templates.

Dell and VMware are working together to deliver ready-to-use solutions to customers with Dell Provisioning for Workspace ONE. Employees will have access to Win32 applications preinstalled on Dell PCs that can be run immediately after registration and restored as needed.

The Workspace ONE AirLift for Microsoft System Center Configuration Manager (SCCM) is available to a wide range of customers for September 2018. With it, you can accelerate the transition to a modern Windows 10 management system that spans the entire PC life cycle and improve the security of this process. The solution automates the migration of SCCM collections and applications to Workspace ONE for standalone or collaborative advanced asset management with SCCM. Businesses will be able to easily place ordinary workloads in the cloud to reduce costs and improve protection throughout their PC lifecycle.

The main goal of the Workspace ONE Trust Network ecosystem is to increase the visibility of threats and the effectiveness of security policies on mobile and endpoint devices and on cloud-based systems. To do this, the solution combines analytical findings from trusted partners and from Workspace ONE Intelligence. It features preview versions of integrations with Carbon Black, Netskope and Lookout. VMware continues to work on consolidating previously standalone security tools to enable customers to reap additional benefits from their investments. The expanded ecosystem of integrated partner solutions includes software from the following vendors: TrendMicro, Check Point, Palo Alto Networks and Zscaler.

The key to improving employee productivity - modern management systems

For modern employees, flexibility and convenience of work operations are very important. To equip organizations and workers with services that will consolidate the success of business transformation, VMware has developed the Workspace ONE Intelligent Hub application. It includes the AirWatch Agent component with support for working with your own and corporate devices.

Workspace ONE end-user services leverage the latest application innovations: notifications, integrated contacts, simplified search. Below are features and features that improve platform experience.

  • Through the beta version of Workspace ONE Notebook, employees will receive secure tasks and notes in containers on personal devices. This solution will help companies implement mobility efficiently and securely.
  • The advanced Workspace ONE SDK is designed to accelerate enterprise application development to meet the requirements of IT and business for security, manageability, privacy, analysis, content, and user experience. This is necessary for the successful transformation of processes related to the main activity of the company.
  • Workspace ONE Boxer enhancements include meeting NIAP's general IT security criteria, an optimized interface and additional ENSv2 capabilities - VIP notifications, visual selection of external recipients, sending calendars as attachments, and the ability to view secure email messages on iOS and Android mobile devices.

Advantages of modern management tools in virtual applications and desktops

The transformation of desktops and applications is a necessary stage in the transition to a modern digital workspace. Taking advantage of the advanced management of VMware implemented in Workspace ONE, IT will reduce costs and accelerate the transformation of legacy Windows applications so that they can be represented and accessed from a digital workspace along with other SaaS, web, and mobile applications.

Realizing a vision of a unified approach to managing physical and virtual devices, VMware introduces pre-release integrations with Horizon 7 that enable IT to monitor, set policies and update OS images for persistent desktops from Workspace ONE, as well as integrations of Horizon 7 with Workspace ONE Intelligence to so that the users of the solution have a better understanding of the use of virtual desktops and applications.

To accelerate ROI, VMware offers these solutions to seamlessly migrate companies to the cloud.

  • Horizon 7 on VMware Cloud on AWS is a preliminary version of the Just-in-Time class platform. A preview of support for Instant Clones, App Volumes, and User Environment with Horizon 7 on VMware Cloud on AWS offers other ways to address disaster recovery challenges. These tools will also support IT in the transition to distributed stateless architectures.
  • Improved support for Horizon Cloud on Microsoft Azure. To help customers choose the most appropriate Azure virtual machines based on cost and performance, Horizon Cloud supports additional VM locations and types, including Azure Government. Knowing their individual needs, companies will be able to connect to segments of existing Azure networks, implement Horizon Cloud, and import optimized images directly from the Azure Marketplace online store.

By implementing enhanced vGPU support for AMD the Radeon Pro v340 MxGPU, high-resolution graphics support for NVIDIA Tesla the V100 graphics card vMotion , and graphics technology, processors NVIDIA VMware has improved the user experience and productivity of enterprise employees, and reduced downtime of the digital workspace infrastructure.

Availability and price

Workspace ONE updates will be publicly available in the third quarter of fiscal 2019. The Workspace ONE Intelligent Hub solution will go on sale in the third quarter of fiscal 2019. Dell Provisioning for Workspace ONE is scheduled for the third quarter of fiscal 2019. VMware's fiscal 2019 third quarter ends on November 2, 2018.

Анонс Workspace One Trust Network и Workspace One AirLift

In March 2018, VMware introduced updates for Workspace One. Advanced capabilities turn the platform into the industry's first and only workspace digitalization solution, which uses analytical data and artificial intelligence technologies to improve user experience, as well as proactive information security measures, according to a press release.

One of the innovations in Workspace One is the Workspace One Intelligence cloud service, which offers the ability to aggregate and correlate data on user, application, network and endpoint activity. 

VMware Workspace One

The solution uses the obtained data to prepare practical recommendations and automation. With an intelligent digital workspace, IT professionals can detect and immediately troubleshoot problems, set access policies that meet user needs, support features equally across all devices and platforms, and address security issues at the right scale.

VMware also announced the Workspace One Trust Network software, with which Workspace One data and analytics can be used in conjunction with technology partner solutions. VMware partners leverage Workspace One Intelligence and the Application Programming Interface (API) to share and coordinate threat data with Workspace One.

In addition, VMware introduced Workspace One AirLift. This shared management technology under Windows 10 allows organizations to modernize the approach to maintaining personal computers over the entire lifetime.

Other innovations in Workspace One are worth noting:

  • simplified implementation; Mac
  • VMware Cloud on Azure VDI beta;
  • VMware Boxer with intelligent workflows to support employee mobility
  • Enhanced security for Office 365 applications.[6]

2017

Workspace ONE powered by AirWatch updates announced

On August 30, 2017, VMware announced innovations in Workspace ONE powered by AirWatch, a single platform that combines usability and management with end-device security capabilities.

Customers will now be able to use Workspace ONE for Unified End Device Management (UEM) and provide user experience across all platforms, including, Windows,,, and macOS Chrome OS. iOS Android In addition, Workspace ONE now integrates with application software interfaces () from API leading software platforms providers.

Overall, the Workspace ONE platform integrates application and access management, unified end-user end-device management, and AirWatch end-user identification to make it easy and easy to use the enterprise-class platform. Workspace ONE also extends this experience and security to traditional Windows environments with VMware Horizon virtual application and workstation technology.

VMware ONE Intelligence is an optional Workspace ONE service that provides complete information and automated actions to help accelerate planning, improve security, and optimize end users, VMware said. Data on application deployment and usage, device security, and end-user experience will help IT assess the performance and security of their digital workspaces.

Workspace ONE Developer Resource Available

On July 17, 2017, VMware announced the availability of the VMware Workspace ONE Dev Center developer portal. It combines resources for developers working on products and utilities to expand the capabilities of VMware vSphere's virtual infrastructure and other vendor IT products.

The portal contains links to resources for developers of Workspace ONE and VMware AirWatch within the unified endpoint management (UEM) and enterprise mobility management (EMM) concepts[7]

Dev Center of Workspace ONE will give mobile application developers answers to the following questions:

  • Single sign-on (SSO) engine integration
  • adding support for Application passcode and App tunneling
  • data protection against leaks and more

VMware Workspace ONE Update

On April 7, 2017, VMware introduced updates for VMware Workspace ONE technology.

File:Aquote1.png
Since the benefits of digital transformation are relevant not only for the company, but also for a wider range of employees and end devices, it is necessary to solve the problem of technological fragmentation and eliminate shadow IT resources by standardizing through the platform for the digital working environment. VMware Workspace ONE is an integrated platform that provides contextual access to applications while providing end-device management with AirWatch.

Noah Wasmer, Senior Vice President, Mobile End User Products, VMware
File:Aquote2.png

VMware made it easier for IT to provide unified access and support single sign-on to intranet applications that use Kerberos certificates or HTTP headers, and offered advanced conditional access capabilities that combine real-time protection support and automated compliance. Updates to the AirWatch Unified Endpoint Management portfolio will improve support for all platforms for mobile devices (iOS, Android), desktops (Windows 10, macOS), specialized devices (field applications) and end IoT devices. With Workspace ONE licensing, customers can expand their investments to create a broad and comprehensive computing environment that encompasses applications, users, and end devices.

The upgraded access and security control systems include the following functions:

  • Using Mobile One-Touch Identification (SSO) across all applications with Unified Access Control - Workspace ONE enables a single plane of control across all cloud, native, and intranet applications. With the VMware Unified Access Gateway with Kerberos delegation capability, users can access intranet applications using biometric device data and certificates stored on them using one-time authentication technology.
  • Multi-Factor Authentication (MFA) with the Apple Watch - MFA protection can now be used with the Apple Watch, allowing users to verify their identity from the watch and take advantage of mobility to increase their productivity.

2016

VMware Workspace One Essentials

On October 19, 2016, VMware introduced an addition to its VMware Workspace One Essentials portfolio. It's a standalone solution that provides secure, unified access to business data and applications.

With it, the Workspace One solution portfolio will help companies standardize the digital workspace, including all endpoint types and deployments across the company. It also includes data loss prevention (DLP) in Office 365 and improved capabilities for users with single sign-on (SSO) access to all of the company's web applications.

File:Aquote1.png
Since its launch in early 2016, many of the innovations available in VMware Workspace One have demonstrated VMware's success in this category. Good customer feedback demonstrates Workspace One's ability to meet today's challenges. We are also excited to continue our partnership with Microsoft, through which we introduced Skype for Business preview technology for Horizon. This is an important part of the Workspace One platform that enables customers to optimize delivery and use industry-leading collaboration software on any device.
Sanjay
Punen, Executive Vice President and General Manager, End-User Computing, Head of Global Marketing and Communications, VMware
File:Aquote2.png

Companies are using Workspace One to enhance digital transformation. VMware Workspace ONE Essentials is a solution for companies that have implemented BYOD initiatives and provided access to business applications and services from devices that they do not have access to manage through a user-identity-based work environment.

The solution includes user authentication and application directories to enable IT administrators to control access to business applications for enterprise security.

Employees will benefit from ease of use and unified access to any trusted corporate resources, self-service applications, and single access (SSO) from any device or platform.

With the current Worksapce One portfolio, companies can deploy a business-wide digital workspace strategy that will be available to all types of users with Workspace One.

VMware has added Data Breach Prevention (DLP) to protect the Office 365 app from connecting to personal accounts in online file sharing. Workspace One's policy management engine allows these file-sharing applications to share personal data and containerizes Office 365-type work applications . This solution helps organizations safely implement Office 365, integrate it with other enterprise-approved applications and services, and store files and data in an enterprise container on your device.

Automatic delivery of Office 365 resources

On August 31, 2016, VMware announced the upgrade of VMware Workspace One - automatic delivery of Office 365 resources and easy registration for users.

Workspace ONE with VMware Identity Manager helps customers solve their Office 365 implementation and management issues. Upgrading this solution will help administrators automatically allocate and withdraw resources from users, depending on their location in the Active Directory group. When employees leave the company, their access to Office 365 cloud resources is automatically recalled through access control system, as authentication tokens can remain valid for hours or days after termination. Push updates in the VMware Verify mobile app offer a simple registration process that eliminates the need for users to download and register two-factor authentication tools.


The company announced the availability of the VMware Workspace One and VMware Identity Manager update in the third quarter of 2016.

Upgraded VMware Workspace ONE functionality

On June 28, 2016, VMware, Inc. introduced additions to VMware Workspace ONE based on the latest VMware AirWatch 8.4 update and VMware Identity Manager. Together, they create a managed workspace based on Identity-Defined Workspace technologies.

Following the principle of simplicity at the consumer level and reliability at the corporate level, VMware Workspace ONE adaptive management technology is designed to eliminate the limitations of individual mobile application management (MAM) solutions and IDaaS products, to ensure data protection within applications without the need for device control. This technology will accelerate the implementation of BYOD initiatives.

VMware Workspace ONE View, (2016)

File:Aquote1.png
VMware is the first company in its industry to combine user identification, device management, and application delivery in a single integrated platform. It will support corporate mobility initiatives in those companies that abandon outdated infrastructure in order to be competitive in the mobile cloud era. Introducing new SaaS and mobile applications is critical to transforming your business, but it can pose significant risks. New VMware Workspace ONE capabilities will help improve overall enterprise protection and take control of managed and independent devices.

Dave Grant, VP of Product Marketing for VMware desktops
File:Aquote2.png

The upgraded VMware Workspace ONE supports scenarios for users to work with devices - from completely uncontrolled, when employees work from personal devices through a browser, to fully managed, when all actions are performed from corporate gadgets.

VMware Verify is a built-in two-factor authentications (2FA) solution that uses personal smartphones and staff tablets as tokens. To log into corporate applications from any device, the user just needs to click on the "confirm" notification on the screen for instant authentication.

For uncontrolled devices, VMware Workspace ONE includes native data protection at the OS level, which eliminates the need to create traditional MDM profiles. By downloading VMware Workspace ONE and entering a corporate email address, users will automatically receive a single login window to any enterprise application - online, native, mobile, or Windows. To access applications that require more protection, users activate the Workspace Services option to enable native OS-level data protection. Activation of workspace services is designed to internally protect the user's privacy. It prevents IT from tracking and reporting BYO user-sensitive information such as location, device restrictions, and personal applications.

Enterprise devices will be able to see VMware Workspace ONE Unified Endpoint Management in a managed workspace that enables them to leverage the power of VMware AirWatch EMM technology for complete standard configuration, advanced conditional access policies, device auditing, automated recovery, and lifecycle management.

Innovation in Workspace ONE is a single directory that supports Microsoft Windows Store for Business technologies, a one-stop location where IT managers and administrators can find, purchase, manage, and distribute Windows 10 applications within their departments. VMware Workspace ONE simplifies application delivery and lifecycle management by integrating its application catalog and delivery technologies with the Microsoft Windows Store for Business. This creates several advantages for IT administrators at once, including the ability to massively purchase public applications, cache licenses for offline distribution, fix and reuse, the ability to implement approved Windows applications while restricting access to public application stores, as well as support for downloading and delivering internal proprietary applications.

VMware Workspace ONE has support for the unified educational technologies Apple introduced iOS in 9.3, including Apple School Manager, Apple ID-managed and Classroom App. These updates are designed to streamline workflows, help administrators and users find lost devices, allow device exchange while maintaining personalization and the ability to manage application notifications. For orderly implementation, the console VMware AirWatch 8.4 provides a special section "," Education which will allow schools to manage students, teachers, lessons and devices as required by educational systems.

VMware Workspace ONE Announcement

On February 15, 2016, VMware announced VMware Workspace ONE integrated with AirWatch for enterprise mobile device management[8].

The product uses the developments of VMware Identity Manager and the cloud service of hosting virtual PCs and VMware Horizon Air applications.

Management and Service Delivery Platform (2015)

Workspace One is a comprehensive tool with extensive features and capabilities for traditional and mobile users:

  • Unified App Store is the ability to build an "enterprise App Store" of enterprise user apps built on iOS, Android or Windows platforms. This is all integrated with web applications, the enterprise cloud, and VMware Horizon. It provides both the ability to preinstall applications into user workflows, and a workflow for self-requesting users and gaining access to new applications from the directory.
  • Email and Content Apps - integrated mail and calendars for business, an integration platform for the most common corporate processes. Mail is reliably protected from malware (attachments), platforms are supported: Gmail, Exchange, Outlook, Yahoo, Hotmail, iCloud, Office 365, IMAP & POP3.
  • Compliance Check Conditional Access is a policy-based data access protection mechanism implemented by the engine AirWatch (AirWatch Content Locker). Policies can be applied, for example, based on geographical location (by), GPS add potentially dangerous applications to blacklists, etc.
  • One Touch Mobile SSO - the ability not to enter passwords when authenticating in services and applications. To do this, DTS (Device trust service) technology is used.

By integrating VMware Identity Manager with Enterprise Active Directory Services (for different domain and forest configurations), you can build a password-free architecture for accessing enterprise services. Multiple AD services can be connected using the Identity Manager connectors.

This is handled by Secure App Token system (SATS) technology:

Authentication Process Diagram (2015)

VMware Identity Manager does not require a separate connector - the AirWatch connector is used.

The main task of Workspace ONE is to unify the user interface for accessing their data, applications and PCs, regardless of the devices used, the OS and the environment in which it gains access. For the administrator, control all possible devices and environments so that they comply with corporate policies.

All these aspects will create a unified and convergent environment for managing users, their applications, and their environments with powerful virtual infrastructure access and information security capabilities.

VMware Workspace One

As of February 15, 2016, VMware Workspace One is a platform for managing users, their access to data from various devices within the enterprise.

Notes