VMware Workspace ONE Announcements Employee Experience Events Insights VMware Horizon Workspace Security

VMworld 2021: Anywhere Workspace and End-User Computing Announcement and Keynote Recap

VMworld 2021 begins today, and I am incredibly excited to share all our VMware Anywhere Workspace and end-user computing news and insights.

This morning, after our general session with CEO Raghu Raghuram, Shanker Iyer, SVP and general manager for EUC, presented our VMware Anywhere Workspace keynote. Next, I had the privilege of presenting part one of our end-user computing keynote

As a reminder, if you’re reading this during VMworld, please join us for our special end-user computing live tracks, DeskCon and VDIscover, as well as part two of our EUC keynote, tomorrow. I’ll also invite you to explore the session catalog, read top announcements at VMware newsroom and dig deeper into our EUC announcements here on the blog. 

With that, I want to say how gratified we are to have all of you join us from around the world for another edition of VMworld. Thank you! Now, let’s get started.

VMware Anywhere Workspace and the state of work in 2021 

Today, we’re past the initial rush to go to remote, which we can all agree started the one of biggest IT transitions in our careers.

As Shankar outlined this morning, the convention wisdom about remote work is gone. Clearly, hybrid work is here to stay. As a result, IT, human resources, security and workplace leaders must invent new ways of supporting the people in their organizations. This also means that we must rethink the technology platforms that support EUC and hybrid work, at much larger scales than ever before. All of this leads to efforts concerning security, employee experience and ease of management. 

However, as I spoke about today, I hear from customers that are still dealing with the fundamental challenges of supporting huge numbers of remote users with legacy technologies that just weren’t designed with this situation in mind. These challenges range from onboarding remote users and devices, dealing with VPNs and network-centric management and security tools, maintaining compliance and providing user experience that is consistent regardless of whether a user is inside or outside the office.

We know that moving away from a perimeter-centric security model and towards Zero Trust security is the way to go, but this is a big shift. In this new world, we need to rethink deployment, management, security, patching, compliance and more. Our customers are looking at this and asking us how VMware can help.

It is for all these reasons and more that we launched VMware Anywhere Workspace earlier this year. We have seen that there is incredible value in bringing VMware Workspace ONE, VMware SASE and VMware Carbon Black together into a single solution, and we are dedicating significant resources to make sure these products can be used together in an integrated fashion.

At the same time, each of these products are leaders in their own categories, and we are committed to providing our customers with flexibility in purchasing and deploying them. As I mentioned in the EUC keynote, you can think of Anywhere Workspace as similar to what we did when we brought together UEM and VDI into Workspace ONE.

We are already pleased with the response to Anywhere Workspace. Anywhere Workspace allows customers to address their needs in three broad categories – employee experience, Zero Trust security and automating the workspace.

Employee Experience 

Today, customers continue to be passionate about providing an engaging and productive employee experience.

Unfortunately, there’s long been a belief that security and good experience are opposites. Security means locked down devices, long passwords and a bunch of different agents slowing things down. And we all know the joke about the most secure computer is the one buried in concrete.

But we believe there is another approach. At VMware, you’ve heard us talk about making EUC consumer simple and enterprise secure for years.

There are many ways experience and security can go hand in hand. For example, think of identity federation and single sign-on. This is a win-win that reduces the number of passwords users have to worry about while also reducing security risks.

One of the pillars of employee experience efforts is Intelligent Hub, to provide colleagues with streamlined access to all the resources they need to be engaged and productive. But how do you actively make sure that employees can maintain this access? More and more of our customers are asking how they can measure this, and how they can make it easier to fix problems when they do arise.

This is where our Digital Employee Experience Management solution, or DEEM, comes into play. With DEEM, customers can monitor things like login failures, boot up and shutdown times, app usage and performance, device health, crashes and many other metrics. DEEM is built on Workspace ONE Intelligence, the data platform in Workspace ONE that aggregates, correlates and analyzes metrics from across your environment, and enables data-driven decisions for user experience, management and security used cases. Customers can use this real-time data to create a unified experience score in DEEM. With our robust remediation capabilities – including those powered by Workspace ONE Unified Endpoint Management, Intelligent Hub and ONE Assist – they can elevate the level of experience offered.

Enhancements in Digital Employee Experience Management 

Today, we are announcing several major enhancements for DEEM, to enable a broader scope and more ways to analyze data.

New employee sentiment capabilities will provide micro surveys surfaced via Intelligent Hub. These surveys can be triggered by events in DEEM, and then the data correlated alongside other metrics in DEEM. As a result, they’re much more contextual and dynamic than traditional quarterly or yearly pulse surveys.

We’re also introducing machine learning-enabled anomaly detection. As an alternative to setting and tuning manual alert and trigger thresholds on metrics in DEEM, the anomaly detection features will learn based your data, cutting down on the work and noise.

Another way we’re cutting out manual work is through new guided root cause analysis, which will help IT solve problems by surfacing correlating factors in incidents.

Employee sentiment, machine learning-enabled anomaly detection and root cause analysis and remediation are expected to be available in DEEM soon, and you can learn more in today’s blog.

Now, with the rise of remote work, network performance is more critical than ever before. So, we are excited to also announce that in the near future, we intend to integrate data from VMware Edge Network Intelligence (ENI) into DEEM. ENI is a cloud-based network analytics platform that provides visibility and uses machine learning to detect anomalies, such as issues caused by the wide area network, the LAN, wireless networks, DNS or security services when interacting with cloud apps.

All of these enhancements make the visibility, analysis and remediation capabilities in DEEM broader and more powerful. If you’re responsible for providing the best employee experience you can, this broader view is extremely valuable.

Employee Essentials 

Our customers want to bring employee experience to all types of employees, in any location, with any device. So today, we are excited to announce Employee Essentials, a new offering that packages together key elements of our existing employee experience offerings in a new combination suitable for these needs.

The user-facing core of Employee Essentials is Workspace ONE Intelligent Hub, our digital workspace app. In addition, Employee Essentials includes the core platform services needed to power Intelligent Hub and enable access to corporate data and apps, including Workspace ONE Access, Workspace ONE Tunnel and VMware Unified Access Gateway, along with essential reporting and automation features.

Employee Essentials is ideal for unmanaged and BYO devices, as well as devices managed by third-party tools. We’re excited about what Employee Essentials can offer for scenarios such as contractors and mergers and acquisitions scenarios, and we think it‘s great for both office-based and frontline workers. Employee Essentials is generally available now.

Enabling employee experience anywhere 

Enabling employee experience across all types of scenarios is incredibly important to us. Here are a few more examples.

Customers have long trusted us for rugged device management, but frontline is about more than just endpoint management. Employee Essentials will enable situations where frontline employees work from their personal devices, a trend that more of our customers are embracing. And on Android rugged devices, we’re working to provide the most modern and familiar user experience with Workspace ONE Launcher.

Another area where we’re continuing to invest is extended reality devices, such as head-mounted displays for virtual, augmented, and mixed reality. We have long managed these devices with Workspace ONE UEM, and we have customers using them at scale. But now, with our new Workspace ONE XR Hub, which is in beta, we’re bringing many more of the benefits of the broader Workspace ONE platform to these rapidly evolving devices.

The broad role of Zero Trust security 

Of course, organizations must balance employee experience with security, and we have plenty to talk about here. To get this balance, it is crucial to embrace Zero Trust security.

Today, most customers have security and management tools spread across different teams. EUC teams do security and management for devices, while infosec teams define network risk, remote access and other policies. Often, traditional security policies and agents can weigh down performance, and affect the end user experience. So, how can EUC and security teams get aligned?

While Zero Trust is a concept, not a single product, many VMware EUC customers are already using technologies that contribute towards a Zero Trust approach, such as UEM, Workspace ONE Access and Workspace ONE Tunnel. These are part of VMware’s wide range of offerings that contributed towards Zero Trust, like VMware SASE, Carbon Black and NSX. 

What this means is that EUC admins already own and are involved in key parts of a Zero Trust strategy. Furthermore, our EUC products are increasingly integrated with our other security offerings, like Carbon Black and SASE, leading to a unified approach.

EUC and security teams can also come together through vulnerability management, something we’re helping customers do with our dashboards and reporting in Workspace ONE. And finally, a big place where EUC and security have shared reasonability is around device compliance.

To that end, as Shankar announced today, we’re building a new compliance engine for desired state management into the heart of Workspace ONE. We expect this to be available soon.

We like to think of this as “endpoint hygiene on autopilot,” which will enable richer posture checks with more attributes, using real time data instead of fixed intervals and leveraging on-device capabilities to directly remediate any drift in state. To do this, we’re putting significant investments into the Workspace ONE platform itself, which we believe are going to prepare us for much greater performance, and set the stage so that individual customers can scale to millions of devices. 

Another important capability that Shankar announced today are continuous access controls using VMware Tunnel and Unified Access Gateway. We expect this new capability to be available soon. Continuous Access is a key part of a Zero Trust strategy, and is the next evolution from conditional access. Beyond assessing posture at the initial access request, posture is evaluated continuously. If anything changes and goes outside of policy, access can be revoked immediately.

You can learn more about our Anywhere Workspace security updates in today’s blog.

The Intel vPro® platform and VMware Workspace ONE 

To further security and management for our customers, this morning we announced a unique partnership with Intel to bring forward a joint solution that creates a direct link between Intel vPro® powered silicon and VMware Workspace ONE cloud-native endpoint management. Shankar was joined by Gregory Bryant, executive vice president and general manager of the Client Computing Group at Intel.

With this partnership, customers will be able to manage endpoints independent of the operating system. Key capabilities include the ability to remotely wake a device, patch it and place it back into sleep; remotely wipe a device out-of-band for device recovery; and gain better insights into experiences such as Wi-Fi performance and battery health. This can result in better security, faster remediation of issues and less disruption.

Unified endpoint management 

For now, I want to turn to unified endpoint management. We’re proud that Workspace ONE UEM truly embodies the promise of unified endpoint management with an immense array of best-in-class management capabilities. We do this not just across mobile or a single desktop platform, but across iOS, Android, Windows, Chrome, Macs, rugged devices, Linux, wearables and more. The combination of depth and breadth is a key reason why customers choose us over single-platform solutions.

Within UEM, Windows modern management continues to be an exciting area. Customers are transforming what is generally the mainstay of their EUC environment, with decades of legacy technology, with a modern, cloud-based approach that is much more suited for a distributed enterprise. We have customers who are managing tens or hundreds of thousands of Windows devices, and have shut down their legacy on-premises platforms. Unlike legacy tools, we can move your most advanced enterprise workloads fully to the cloud. If you thought that moving to full modern management for Windows isn’t possible, I’m here today to tell you that it is.

I encourage you to head to our DeskCon track to hear more about Windows modern management at scale from our customers, community members, and VMware experts. 

Having wide-ranging management capabilities is important, but it’s also important to have ways to make that management easier for the administrator. One way we’re enabling this is with Freestyle Orchestrator, our workflow-based management UI we revealed last year at VMworld.

Today, I’m excited to announce that we expect it to be generally available with support for Windows and macOS in SaaS environments soon. We also expect to have support for mobile devices in Freestyle Orchestrator in Tech Preview1  in the near future. Combined with the compliance and remediation capabilities I covered earlier, this will revolutionize the EUC management experience. 

You can read more about updates for Workspace ONE UEM in today’s blog

VMware SaaS App Management by BetterCloud 

Shankar concluded this morning’s Anywhere Workspace keynote with one more significant partnership and product announcement: VMware SaaS App management by BetterCloud.

Today, our customers face challenges discovering, managing and securing SaaS apps with fine-grained controls. Most of our handle federation and user provisioning with SAML and SCIM, and UEM and network security can provide controls around SaaS app clients and traffic. But there are also many more settings that IT must configure in SaaS apps. Many SaaS apps have published APIs for addressing these settings programmatically, but leveraging them means more manual work for IT admins.

BetterCloud is a leader in the category known as SaaS Management Platforms, or SMPs. SMPs handle the integration of the APIs provided by SaaS apps in order to discover, manage and better secure them. Integrating the wide range of APIs, normalizing them and applying operational intelligence is a huge task, and that’s why we wanted to provide immediate value to our customers by partnering with BetterCloud.

VMware SaaS App Management by BetterCloud extends Workspace ONE’s visibility and management of SaaS apps, enabling IT admins to have broader control over the end user computing environment. We’re very excited to bring this to our customers.

Join us for VMware SASE and Horizon tomorrow in part two 

Shankar and I covered a lot in today’s keynotes, but of course there is more to talk about tomorrow in part two. I will start off with a discussion of what VMware SASE means for end-user computing, which is sure to be a popular topic in the virtual halls of VMworld. Then, I’ll be joined by Shikha Mittal, senior director of product management for Horizon, for a deep dive on many exciting Horizon announcements that you won’t want to miss.

Thank you! 

Most importantly, I want to thank all of you for your continued support, for attending VMworld and being part of an incredible community. Our circumstances are having a tremendous impact on the way we work and on IT in general, and the transformation is not yet over. Our goal is to adapt to this new way of working and provide ways to be more agile and dynamic.

We want to thank you – our customers, partners and community – for trusting us with your transformation and for providing us great feedback and ideas. You’ve helped us grow and evolve our portfolio. We’re not done, and there’s more to come, but we’re optimistic about bringing forward a new way for working, changing the way people interact with technology, and improving their lives. 

Thanks again, and enjoy VMworld 2021!

Read more

1 The development, release and timing of any features or functionality described for VMware’s offerings in this presentation remain at the sole discretion of VMware.