VMware Workspace ONE

Today VMware is releasing a major update of their datacenter and end user computing portfolio. I’ve been honoured to be given an insight just before the launch so I can share what is announced already.
In this article I will go into the announcement around Workspace ONE.
YES a rebrand, we got to learn a new name for something we knew already. Well that partly true, it’s a rebrand but the options in the new Workspace ONE are different depending on the license you acquire.


Let’s start of with a basic overview of what is coming, high level overview.
The Workspace ONE announcement is all about four pillars;
  1. A Unified Enterprise App store
  2. Apps for content and Email
  3. Compliance checks and conditional access – Read my blog about UEM
  4. One Touch Single Sign One
Based on the license you acquire you get certain features, starting with basic, going to Advanced and ending with an Enterprise license which basically is Workspace suite Enterprise as we know it now.
One thing we see in all the announcements is the integration of VMware Airwatch kicking in, for a while it looked like the marriage as only on paper but now they found each other. 

Unified Enterprise App store

So the first announcement is the Unified Enterprise App store, one store for catalog and launch. and remember from this app store you can launch VMware Desktops, VMware published apps, web apps (SAAS or internally hosted) and Citrix apps and desktops. 
Deployment of the app store is possible both in the cloud and on-premises, flexibility maximised. The console is redesigned and all components are integrated in one console, remember project Astro?. 
Through REST API’s components will get acces to the functionality and that will make it easy for VMware to give access to 3rd party providers or new internal products.

Secure App token system

Next integration aspect you see that comes from VMware Airwatch is the Secure App Token system. Certificate based authentication for iOS. The pictures they have shown you will show other platforms as well but at the release only iOS will be available. 
What is the good thing about certificate based authentication?
  • No need for password anymore
  • No need for VPN connections
  • No secureID to get access
It’s a KDC (Kerberos Distribution Center) that distributed session tickets and temporary session keys to users and computers but ran from the cloud. It’s industry first and it’s pretty cool I think. 
Again it’s also available on-premises which makes your deployment option broader.

Loose the Identity Manager

I don’t think many people are a fan of the identity manager, I know I’m not. With the new release of Workspace ONE the connection to your internal resources is can be ran over the Airwatch Cloud Connector (ACC) so you don’t need the vIDM  connector and less ports to open in your firewall. Less software to deploy, less security discussions.


If we put all of what we heard in a diagram we get something like this.
Workspace ONE will provide you with building blocks to offer security and offer a catalog to users from which they can launch apps or desktops securely.
Of course in a cloud environment you will also have some kind of automation and orchestration around it provided with vRA. not in the scope but something that can’t be left out.

Employees in control

With all that together you just need to work out the user segmentation, persona’s we used to call them. The current world of employees is changing faster than before. Mobile solutions are making it possible for us to do our work on more devices than before.
Take a look at Microsoft Continuum and you see the possibilities, who needs a desktop if you can work from you mobile phone. who needs a desktop anyway if all the apps you need are SAAS or web apps. Of course like shawn wrote in his blog, flying cars and internet connected fridges are cool but over 60% of all environment run a old school VDI/SBC desktop due to app demand.  
to meet all these different scenario’s user segmentation is required. Depending on the amount of control you have over the device the functionality goes up.
employees that want no control over there device will get access to resources webbased but employees that allow you to manage the device (of course transparant on what you are gathering) all get all benefits and integration.
employees are in control and depending on their own choices they get what can be offered.


Sure after reading all this you wonder what license model do they have, what will it cost me?
There are three different licenses available for Workspace ONE as said before.
With the Standard license you will get a very basic solution that will offer you SAAS and web  apps and well as some social stuff. This model will work for e.g. a student scenario where they work with Office365 but won’t do with classical customers wth 300+ application some written in 1860.
The license comes with a cloud version that is 8 dollar per month per user subscription. The on-premises subscription is higher which brings me to something you should understand, VMware is Cloud first in their products.
Next is the Advanced license which adds the Blue Airwatch capabilities to the license, app wrapping, SDK, mobile app security, compliance and device management. So if you want to manage your devices, deploy some apps and configure them and you work only with web apps and SAAS apps, this is your license. 
It sells at 12 dollar per month per user for a cloud solution and much higher for the on-premises version.
The last license is the Enterprise license, this is more or less the current Workspace suite license and offers everything mentioned before and added virtual desktops and apps. This if you are not ready yet for a cloud deployment and stuck with your hundreds of apps.
If sells at 400 dollar per user perpetual for the on-premises.


I hope this overview gives an insight on what is coming, release date is Q1 (might change this as soon as they mention it, not wanting to break NDA).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.