We greet you from VMworld 2021 which, for the second year now, is being held in the digital halls of virtual space. Many sessions this year, including the End-User Computing (EUC) keynote by EUC CTO Shawn Bass have detailed the ways VMware is accelerating the Anywhere Workspace with an incredible array of advances.
Once again, we can report that our innovative posture has been recognized industry-wide. Gartner recently announced that VMware was named a Leader in the 2021 Gartner® Magic Quadrant™ for Unified Endpoint Management (UEM) Tools for the fourth straight year.1 In addition, VMware once again scored highest in three out of four use cases in the 2021 Gartner® Critical Capabilities for UEM Tools, Modern Windows PC (3.64/5), Security-Centric Management Use Case (4.22/5), and Remote Worker (4.06/5) use cases. (Read our blog to learn more.)
As leaders in the UEM space, we recognize that as our customers’ needs evolve and the scale and complexity of their deployments grow, so too must our solutions. Over the past year and more we’ve invested our focus and energy into not just incredible new features and capabilities around IT modernization, such as Freestyle Orchestrator and Digital Employee Experience Management, but also in reimagining the very foundation of our Workspace ONE Unified Endpoint Management (UEM) platform as a whole.
Through these efforts, we are transforming UEM into highly scalable micro-services-based architecture featuring new services such as Desired State, Search Hub, Entitlements and Sampling. These micro-services are built for scalability, optimized performance, extensibility (with support for 100+ step complex workflows) and innovation. It is through this new architecture that exciting new features like Freestyle Orchestrator – and more to come – are made possible.
In this blog, we’ll touch on improvements we’ve made in three key areas.
- Managing to outcomes, not tasks, with intelligent compliance, workflow, and performance management with no code/low code workspace automation.
- Putting employees first with device choice, flexibility, and seamless, consistent, high-quality experiences by managing multi-modal employee experiences
- Easing the move to Zero Trust with situational intelligence and connected control points by delivering security as a distributed service.
Automated Management
Too many organizations are still using multiple tools to manage devices across all their required use cases, including corporate knowledge workers, warehouse or delivery workers, devices used in stores and BYO. This is expensive, inefficient and insecure, and the disjointed nature of these solutions creates blind spots for IT.
VMware Workspace ONE allows organizations to consolidate on a single solution that integrates management, identity, analytics and remote support in a single console. As an industry-leading device management solution, Workspace ONE UEM is more comprehensive than ever now that we’ve added full distribution-agnostic support for Linux endpoint management. While Workspace ONE did provide basic support of Linux devices in the past, we’ve now added first class support for most Linux distributions including CentOS, Debian, Linux Mint, Raspbian, RHEL, SUSE, TENS, Ubuntu and more.
Consolidation and simplification have taken companies to new levels of efficiency and productivity. The next step in evolution is to unify IT services using automation and orchestration tools, so IT teams can manage to strategic outcomes instead of working on the tedious and repetitive manual tasks that are still necessary in siloed environments.
As part of our strategy to build automation in throughout the Workspace ONE platform, today we announced that VMware has teamed with BetterCloud to provide customers with a SaaS Management Platform that will provide visibility over all apps used across an organization, identify app redundancy and track license utilization. BetterCloud optimizes operations by automating app configuration, access and manual workflows across the user lifecycle, from onboarding to offboarding, while also mitigating security risks by setting up guardrails for user activity. And to keep corporate assets more secure, it manages least privilege access to apps.
And when it comes to automation, there is no more effective tool than Freestyle Orchestrator, our low-code IT orchestration platform that provides a visual tapestry for laying out workflows. Admins can create workflows that pull in configurations and scripts, do sequencing, pull in packages and more, all in one interface. This tool will provide the levels of automation required to manage devices at scale.
Freestyle Orchestrator is available today as Tech Preview2, and we expect it to be generally available soon, with workflows for Windows 10 and macOS. By the end of the year, we also expect to have support for mobile devices in Tech Preview2.
We are also working to bring you the convergence of Workspace ONE and VMware Horizon. The unification of physical and virtual endpoints means that persistent Horizon virtual machines can now be managed with Workspace ONE, bringing a common experience to users through Workspace ONE Intelligent Hub, and a common experience for IT teams who can now easily manage both physical and virtual endpoints. This integration is a wellspring of efficiency, allowing for consistent and comprehensive policy coverage (such as domain, user profiles and MDM) and strong data protection policies for sensitive apps to prevent data leakage from the virtual environment. Admins can also provision certificates and per-app VPN using Workspace ONE for more secure client access and limited exposure to the corporate network. You can also learn about using VMware Dynamic Environment Manager with UEM.
The convergence of Workspace ONE and Horizon also opens up the opportunity for integrations with other Workspace ONE solutions as well. Available now, Workspace ONE Assist for Horizon help techs troubleshoot Horizon virtual machines by placing full remote view and control at their fingertips directly from the Horizon Universal console. As with Assist for physical machines, this is a user-friendly solution that notifies employees when their screen is visible and allows them to pause a remote session is necessary for privacy reasons. Techs can access the virtual machine’s command line to execute PowerShell commands, guide employees through tasks with Screen Draw, view an on-screen version of the remote desktop’s keyboard to provide support across various layouts and record sessions in the event an escalation is required, or it can be used for training purposes.
And coming soon, Workspace ONE Intelligence for Horizon will provide monitoring, analytics and automation for virtual desktops and apps as well as physical. All the same invaluable capabilities that make Intelligence a must-have or Enterprise are now brought to bear for virtual desktops. With advanced analytics, admins gain visibility over system health, resource consumption, metrics on pods, user-session, capacity and more with custom dashboards and reports. Machine learning models automatically identify anomalies and notify admins. Intelligence supports Digital Employee Experience Management (DEEM) by monitoring KPIs impacting employee experience such as desktop and app launch performance, errors, and failures, as well as by enabling guided root cause analysis, contextual dashboards, recommendations and automation.
Multi-modal Employee Experiences
DEEM “2.0” will put employees first with device choice, flexibility and seamless, consistent, high-quality experiences. 96% of employees indicate higher engagement when they get to use the device of their choice.3 It could be a desktop, Chromebook, tablet or mobile device. It may be a personal device or company owned. DEEM empowers employees to access any app on any device while balancing usability, security and privacy.
DEEM includes user experience scores, made up of quantitative data across device, access and app performance. And, through employee sentiment analysis, announced today at VMworld, qualitative feedback will be fed into the experience score to provide a more comprehensive score. Micro-surveys will be delivered to employees through notifications in Intelligent Hub, and can be either staged by the admin or triggered after an event or action is completed.
Also announced today, DEEM will make use of machine learning to enable guided root cause analysis and remediation to keep employees productive across desktops and mobile devices and help IT admins resolve issues more quickly with telemetry collection, observability, incident analysis and remediation. And machine learning-based anomaly detection will reduce alert fatigue by providing notifications and insights based on learned behavior rather than pre-defined thresholds. With machine learning, thresholds are self-adjusted over time as “normal” ranges change.
To bring DEEM to market in the quickest and easiest way possible, we have introduced Workspace ONE Employee Essentials. This solution enables new and existing customers to more securely deploy Employee Experience solutions to any device for any employee with full Intelligent Hub capabilities, even without device management. More specifically, this means we can cover every use case, enabling standalone employee lifecycle experiences for VMware-managed, BYO and unmanaged, and third-party managed devices. Employee Essentials includes Intelligent Hub, Workspace ONE Access, Universal Access Gateway and Tunnel.
We are also committed to providing the best possible employee experience for all types of employees and devices, and this includes head-mounted displays, smart glasses and AR and VR headsets (also called extended reality or XR headsets). We’ve supported a variety of these devices with Workspace ONE Unified Endpoint Management for a long time. Now, we want to bring more employee experience capabilities to these devices, via Workspace ONE Hub services (the backend services that power many of the employee experience capabilities in Workspace ONE Intelligent Hub and across our platform). This is especially important when it comes to VR headsets, which have complex virtual environments and interfaces.
To that end, today we are announcing Workspace ONE XR Hub, which will enable customers to more securely deploy XR devices at scale and deliver an exceptional employee experience with customization options and identity and access controls. With Workspace ONE XR Hub, customers will be able to customize device UI/UX; lock devices into a unified app catalog; support multi-factor authentication, conditional access and single sign-on (SSO); access any app in XR; and stream XR apps from a virtual desktop. Workspace ONE XR Hub is available now in beta.
Zero Trust Security
Even before the pandemic, VMware was helping to pioneer the concept of Zero Trust as the best possible means of better securing the increasingly distributed and hybrid workforce. With more and more employees operating outside the secured perimeter, and the pandemic accelerating that at hyper speed, we have seen acceleration in some of the trends that were in motion, including app migration to the cloud, adoption of any device (including BYO) and “work from anywhere” work environments.
All of this has, of course, put focus on advancing the technologies that underpin the Zero Trust security paradigm. One such improvement coming soon is continuous access. Think of this as a real-time approach to Zero Trust conditional access, monitoring around the user, device, application and network to see if anything changes during the session, and having the ability to interrupt the session and force an additional MFA push notification if red flags are detected. If follow-up challenges fail or if the risk posture is no longer suitable for access to the application, the session will be blocked according to policy setup. This enables enterprises to grant access to applications with high confidence that they are more secure from start to finish.
Coming soon, we will extend this concept of continuous monitoring to device compliance as well in our upcoming capability, providing continuous device trust. Our next-generation compliance engine in UEM will take a more granular approach to how we define a desired compliance state – on any app, file, OS and more. With real time signaling mechanisms, we will detect any deviation and take the necessary action to bring the device back to the desired state. Setting up compliance rules will be simple and intuitive, and the compliance engine will take care of the rest. We expect the next-generation compliance engine to be available soon.
Improvements to the VMware SASE platform are here as well to bolster Zero Trust. Please see our blog for information on our Cloud Access Security Broker (CASB) and our upcoming out-of-the-box Data Loss Prevention (DLP) dictionaries.
Continuing with our efforts to offer end-to-end security, we are excited to also announce our integration with Intel that will allow us to offer customers the ability to better secure their endpoints remotely even when devices are in sleep mode. We are working to integrate Workspace ONE with the Intel vPro® platform to provide out-of-band device support to better secure and manage endpoints in ways that are independent of the OS state. This will enable critical OS, security and app updates anywhere and after hours by remotely waking, patching and placing devices back to sleep. We will be able to remediate crashed devices remotely using full video, keyboard and mouse for faster support resolution and recovery, and more securely erase SSDs for end-of-life management of devices using firmware-level control. Ultimately this will allows us to improve user experiences via better insights on the device fleet (e.g., Wi-Fi performance, battery health).
Learn more
At VMware, we strengthen our position as industry leaders in the only meaningful way possible – through innovation. With these new additions to UEM, and others yet to come, we are listening and reacting to the market and to our customers to create the best Unified Endpoint Management solution on the planet.
You can learn more about the latest updates for the individual OS platforms that Workspace ONE UEM supports, as well as advancements for administrators, in our Workspace ONE UEM breakout sessions at VMworld 2021.
Read all our VMworld 2021 Anywhere Workspace and EUC announcements
- All our VMworld 2021 Anywhere Workspace, Workspace ONE and Horizon Announcements
- VMworld 2021: Anywhere Workspace and End-User Computing Announcement and Keynote Recap
1 Gartner®, Magic Quadrant™ for Unified Endpoint Management Tools, Dan Wilson, Chris Silva, Tom Cipolla, August 16, 2021. Gartner, Critical Capabilities for Unified Endpoint Management Tools, Dan Wilson, Chris Silva, Tom Cipolla, August 17, 2021.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
2 The development, release, and timing of any features or functionality described for VMware’s offerings in this presentation remain at the sole discretion of VMware.
3 “New Study Reveals What Happens When Employees Can’t Work with Their Apps and Devices of Choice: Low morale, burnout and turnover are no longer the only side effects of negative workplace cultures.” Inc. Marcel Schwantes. October 15, 2019