The VMware Workspace ONE Cloud-Based Reference Architecture is now available and is a must read for anyone considering, designing, or undertaking a VMware Workspace ONE or a VMware Horizon Cloud Service on Microsoft Azure–based project.

Just like Emmet in The LEGO Movie, you too can become a master builder and architect. Maybe not for LEGO building but for your Workspace ONE project.

Emmet wanted to become a master builder and is guided and advised by the ancient and heroic wizard Vitruvius. This character is named after Marcus Vitruvius Pollio, sometimes called the first architect of Rome, who authored De architectura (On Architecture). Vitruvius tries to make Emmet see that the specifications for any project may need some modifications from time to time, and the task of the Master Builder is to know when and how to modify the instructions.

One message throughout The Lego Movie is seemingly contradictory: Don’t blindly follow instructions, but do follow a plan of instructions. This is the essence of architecture. Architecture practices that are highly creative without the structure of planning will quickly fail. Likewise, those who strictly follow directions without questioning or understanding might find themselves too rigid, unable to adapt to the particular needs, and not achieving their objectives. To successfully architect, both structure and flexibility are necessary.

The VMware Workspace ONE Cloud-Based Reference Architecture provides this through a framework for architecting, guidance, best practices, and detailed configuration information for deploying all Workspace ONE products in an integrated manner.

VMware Workspace ONE is an intelligence-driven digital workspace platform that simply and securely delivers and manages any app on any device by integrating access control, application management, and multi-platform endpoint management. It combines identity and mobility management to provide frictionless and secure access to all the apps and data that employees need to work, wherever, whenever, and from whatever device they choose.

  • VMware Workspace ONE UEM (powered by AirWatch) unifies endpoint management across all major operating systems, including modern management of Windows 10, regardless of ownership mode while still maintaining employee privacy.
  • VMware Identity Manager simplifies application access for end users and provides identity integration. Users can single sign-on (SSO) to different types of applications through a unified application catalog, while enterprise security, conditional access, and compliance controls ensure that the right users have access to the right applications.
  • VMware Workspace ONE Intelligence provides deep insights and app analytics into the entire digital workspace, and offers powerful automation that together enhance user experience, help optimize resources, and strengthen security and compliance across the entire environment
  • VMware Horizon Cloud Service enables the delivery of cloud-hosted virtual desktops and apps to any device, anywhere, from a single cloud control plane. This enables the choice of where virtual desktops and apps reside: VMware-managed cloud, BYO cloud, or both. Horizon Cloud Service on Microsoft Azure provides customers with the ability to pair their existing Microsoft Azure infrastructure with the Horizon Cloud Service to deliver feature-rich virtual desktops and applications.

The VMware Workspace ONE Cloud-Based Reference Architecture guide illustrates how Workspace ONE, and Horizon Cloud Service on Microsoft Azure, can deliver a modern digital workspace that meets key business requirements and common use cases for the increasingly mobile workplace. This reference architecture uses a modular approach to building services by integrating the components of Workspace ONE when consumed as a cloud-based service, including Horizon Cloud Service resources.

This guide documents both high- and low-level design for deployment and highlights integration points. It gives design guidance on how to architect and design all the products or components in VMware Workspace ONE, including VMware Workspace ONE UEM, VMware Identity Manager, Horizon Cloud Service, User Environment Manager, and Unified Access Gateway.


This reference architecture has undergone testing and validation with regards to component design and build, service build, integration, and user workflow to ensure that all objectives are met, that use cases are delivered properly, and that real-world implementation is achievable.

Go read the VMware Workspace ONE Cloud-Based Reference Architecture guide now to get started planning your digital workspace using Workspace ONE. And remember don’t Kragle (Krazy Glue) your designs and everything will be awesome. Make them modular, flexible, and able to adapt to your changing needs.