Workspace One - Device Management, Identity and Remote Access Demonstration
Updated: Feb 15, 2018
Workspace One is a platform that comes in different offerings ranging from mobile device management with Airwatch through to full mobility combining the power of Airwatch with Horizon 7. What I love about Workspace One is that this is a solution that really impacts on the end user, their experience and how they consume services provided by IT. It's a great way of "starting with the user". It combines the best of both worlds, for the business it's a secure, scalable and unified application catalog. For end users it allows a BYOD, work from anywhere approach - all with an easy to consume single sign on experience. In this blog I will cover the components of Workspace One Enterprise explaining how this all comes together.
I have recorded a simple demonstration of an end user accessing the Workspace One unified catalog. On the left hand side is from a laptop, on the right hand side is from a tablet.
1. I connect to the public facing URL and enter my credentials
2. Selecting Office 365 will create SAML authentication and authorize me to the SaaS application without any prompt to enter any password again.
3. To showcase the Access Control capabilities I then select another SaaS application that needs an additional level of security. In this demo we have Salesforce as the example application.
4. Workspace One Enterprise provides 2FA called named VMware Verify. The Salesforce application has access control assigned that requires 2FA. This prompts my tablet (That has the verify app installed) to authenticate and prove who I say I am. In the VMware verify app I can approve the login request. This in turns approves the Salesforce application automatically and I am authenticated and proceed.
5. I then select a virtual desktop that is presented to me based on my AD group or user membership. Here we are leveraging True SSO so that credentials are passed directly into the windows session (no passwords requested here either).
6. In the desktop I then select Vitrea to showcase how we could open a medical type application. (Could be any type of desktop application here).
7. I then move over to the tablet and open the workspace one app, I use TouchID that uses Kerberos KDC that then passes SAML to Identity Manager (Workspace One unified Catalog).
8. You will notice that the look and feel is the exact same. I select the same desktop and the session on my laptop will automatically disconnect and continue on the tablet. I have gesture control available so can navigate without having to use the mouse cursor. I then disconnect from the desktop session.
9. I log back into the workspace one app and head over the the "catalog" view. In here I am presented with native applications that have been provided to me by the Airwatch administrator.
10. I select VMware Boxer (Containerized secure email client) and choose to install. It will automatically deploy with preconfigured settings and ready to use.
Workspace One Enterprise integrates Airwatch, Identity Manager (vIDM) & Horizon 7. In the next blog I will go into each technology and show how we integrate the components.