Employee Experience

Introducing VMware Workspace Portal 2.1

Last week at VMworld U.S. 2014, VMware introduced VMware Workspace Suite, a unified platform that delivers enterprise mobility management from AirWatch, application and desktop virtualization from Horizon, and file sync and share with Secure Content Locker. After introducing the idea of a user-centric, secure virtual workspace over 4 years ago it only made sense that we combined the leading EMM solution with the leading virtual desktop platform to deliver against our vision.

While Kit Colbert outlined the direction of our integration investments in his earlier blog, I’d like to provide some additional detail on the first of these integrations between AirWatch and VMware Workspace Portal to deliver an absolutely seamless experience for users.

VMware Workspace Portal 2.1 – Single VA architecture

This latest release of Workspace Portal delivers a new Single Virtual Appliance Architecture that simplifies deployment. A simple guided install takes less than 30 minutes and additional VA’s can be easily scaled out as necessary to meet the requirements for even the most complex deployments. Further, the new dashboard delivers powerful information to administrators. In just a glance, admins can get a sense of system health, utilization trending and errors and then gather deep dive audit information for user activity and utilization for regulatory auditing or simply improving service levels.


Now you might be thinking, how does VMware Workspace Portal 2.1 fit into the bigger picture and how does it work? Keep reading as I get into more detail below.

Delivering VMware Workspace application entitlements to AirWatch enrolled users

When we say that we are integrating application catalogs, the next question is usually something like, “which one are you keeping?” The answer is both.

With the introduction of AirWatch 7.3 this month, and the new Workspace Portal 2.1, available today, administrators don’t just get the best of both, but actually leverage their unique policy engines to get something much better than either tool on their own.

Workspace Portal provides the entitlement, access policy and single sign-on capability for all but native mobile applications. From laptops and desktops, it is truly a one-stop show for any app or service. When that same user is using their tablet or smartphone, now, there is no need to “go” to Workspace Portal as AirWatch can deliver the Workspace Portal entitled apps directly through to the “springboard” (what Apple iOS calls their “home screen”) or container on the device.

In short the infrastructure is completely invisible to the user – just the way it should be. Lets take a deeper look.


Provisioning new apps with Workspace Portal:

Pic3Let’s say an organization wants to deploy a new application. It could be a web-based app, a Windows app hosted by Horizon or XenApp, a local Windows app packaged and streamed through Thinapp, a Google app, or Office 365 app, or nearly any SaaS app like ADP, SalesForce, Workday, or Box. In our example, we’ll use a SaaS App.

From the Workspace Portal catalog tab, the administrator can entitle users or groups and then apply policies based on network parameters (internal, external, IP ranges, etc.) and authentication strength.

Once the application is entitled, it appears in the users Workspace Portal App Catalog (if set to User Activated) or directly in the user’s Portal view if set to Automatic.

The application is now available on any device with a browser once the user navigates to the URL. So, sure you could pull up a browser on a tablet, navigate to a bookmarked Workspace Portal URL and launch the application all without AirWatch, but the user has to be trained how to do something that they didn’t already have to know, and further, if the organization is also deploying native mobile apps, it would be yet another procedure for the user to learn.

Delivering VMware Workspace application entitlements to AirWatch enrolled users

Enter integrated application catalog via AirWatch 7.3 and Workspace Portal 2.1. With the integration work performed between the AirWatch and VMware Workspace teams, the Workspace Portal can establish a trusted connection between the user, enrolled device, and application entitlements to streamline application provisioning and deliver a seamless, single-sign-on experience.

To establish the connection, the AirWatch administrator selects “VMware Workspace” from the Application Integration menu in the administrative settings menu.


Additionally, “Integrated Authentication” is selected using the OpenID NAPPS authentication option and then entering the Workspace Portal URL as the Authentication Server.


Now, in less than a minute, the AirWatch system and the VMware Workspace Portal appliance are joined, allowing the Workspace Portal to seamlessly present it’s application entitlements, identity and policy services to the AirWatch App Catalog.

To the end user, they now have ONE catalog to navigate to on their smartphone or tablet to subscribe/install any application, not just the native mobile apps.



When a user then clicks on the application, the policy engine of the Workspace Portal is still in full force, enforcing authentication strength and network restrictions and maintaining full identity management permitting internal web, SaaS, and Windows apps to single-sign-on access leveraging domain credentials.

Adding to that is an additional layer of security from the AirWatch enrolled device where the device policy can be set to assure that the device in in compliance (not reported stolen, no blacklist apps installed, not jailbroken, not outside of a GPS “geofence,” strong PIN protection and enforced screenlock… the list goes on and on…)  before permitting the user to get access to any of the VMware Workspace entitled applications.

With this nearly invisible layer of security and management, it can arguably  be said that it is easier AND more secure for users to work from their tablet on a mobile network than being on a domain-joined laptop.

VMware Workspace Suite

For the many customers who already own VMware Horizon and AirWatch independently and are current on support, these features will be available  as part of the pruduct updates you are entitled to. For those who don’t yet own these technologies, VMware has made it simple to get easy per-user licensing that delivers the full power of these integrations and the ability begin transforming their IT strategy from managing device assets to manging services. VMware Workspace Suite is now available, today, for inclusion into VMware ELA licensing.