Dell and VMware Extend PC Management to the Firmware
Greetings from #DellEMCWorld in Las Vegas, where all of the Dell Technologies brands have come together on one stage. These are not only exciting times for us, but also for our mutual customers embarking on their digital transformation journey. Customers are now seeing the collective strength of the Dell Technologies portfolio come to market—and see how possibilities are turned to reality.
In today’s keynote, VMware CEO Pat Gelsinger spoke about the constantly expanding partnership between VMware and Dell. One such example is the Dell and VMware integration of our industry-leading solutions VMware AirWatch and Dell Client Command Suite client systems management tools. AirWatch is a key component of VMware Workspace ONE, an industry leading platform that enables our IT customers to empower their workforce to securely bring the technology of their choice (devices and apps) at the pace and cost the business needs.
The integration extends AirWatch management and remediation capabilities to the system firmware or BIOS. This is another significant proof point of AirWatch’s evolution from enterprise mobility management (EMM) to a unified endpoint management (UEM) solution that goes beyond managing mobile devices to comprehensive Windows 10 and desktop management. At VMware, we see this as just the beginning of a long-term strategy to integrate our digital workspace solutions with Dell devices.
Extending PC Management to the BIOS with Dell and VMware
Windows devices have many system attributes that IT admins may want to monitor and manage. Typical client management tools allow admins to take actions in the operating system (OS), but fail to extend management capabilities to a lower firmware level. AirWatch integration with Dell Command | Monitor creates an extensible platform that now allows IT admins to:
- Query and retrieve key system attributes;
- Configure critical BIOS settings and
- Take remediation actions.
All this from the same AirWatch admin console used for managing all the Windows OS policies, apps and other endpoints in your organization. Customers can take advantage of this unique integration as part of the AirWatch 9.1 console release and enable several IT use cases and benefits that improve user uptime, reduce costs and improve security. Let’s examine some of these use cases and benefits:
Proactive Device Management: Minimize User Downtime & Ensure Business Continuity
IT admins can now query and report key system attributes—including device service tag information, current BIOS version and battery health status—for their Dell hardware. This enables admins to create policies that proactively manage Dell devices, minimizing user downtown and ensuring business continuity. Here are two examples:
1. Admins can create custom notifications based on BIOS reporting of the battery health and the recommended threshold for replacement. This allows them to proactively ship replacement batteries to the users before a failure happens and thus avoid any downtime.
2. Admins can quickly report on the BIOS versions across their deployment and immediately locate devices that need attention based on the associated service tag. Implementing the most current BIOS version is critical not just from a usability and security standpoint, but this may also influence the overall life of the device.
BIOS Security & Remediation: Improve Alignment with Compliance & IT Security Policies
The BIOS security features in the AirWatch console enable IT admins to remotely configure BIOS passwords, enable use of Trusted Platform Module (TPM) and take remediation actions on non-compliant devices. This ensures a stronger alignment with the recommended IT security and compliance policies within the organization. Here are two examples:
1. For many organizations, the BIOS passwords are typically difficult to change with the requirement to physically touch the device to make any updates. With the integration, admins can now remotely manage BIOS passwords. You can set different passwords based on custom smartgroup assignments, instantly change passwords in case they are leaked or compromised and even revoke passwords when the device is un-enrolled or an employee leaves the organization.
2. Most enterprise-grade Dell PCs now carry a TPM, which is a tamper-resistant physical chip that ensures overall system integrity. TPM helps encrypt passwords by generating and storing digital certificates and authentication and encryption keys. Thus, the TPM forms a critical element for Windows 10 security and is recommended for a variety of OS security features. These include Windows Hello, BitLocker encryption, Health Attestation and the virtualization-based security features new to the OS (e.g. Secure Boot, Device Guard, Credential Guard and others). With the integration, IT admins can now remotely enable and configure the use of TPM for the organization.
Zero-Touch System Configuration Over-the-Air: Simplify IT Tasks & Reduces Admin Overhead
Traditional BIOS management approaches were high touch, requiring IT admins to access physical machines to change configuration settings. AirWatch, however, adopts a cloud-first management model that enables instant push-based endpoint and app configuration. With Dell Command | Monitor integration, the same over-the-air management approach is now extended for BIOS security and CPU virtualization settings, without admins needing to physically touch the machines. For example, admins can now remotely enable and provide automated support for CPU virtualization features that are required for deployment of VMware desktop products or Hyper-V.
At Dell EMC World this year, we are only beginning to see solutions come to market as a direct result of the Dell and VMware partnership. As we continue this journey for the benefit of our mutual customers, expect to see new solutions that are a true testament of this “better together” partnership. Make sure to tag along as we head into VMworld 2017 for even more exciting innovations.