We are thrilled to lift the curtain on the next-generation Workspace ONE SaaS platform! The radical changes to the Workspace ONE architecture unveiled today have silently powered some of our most recent advances — such as Freestyle Orchestrator — and will remain the bedrock for future VMware end-user computing (EUC) innovations.
The modern architecture will unlock significant performance and scale increases for customers — at least 10x improvement to applications and profiles delivery, smoother device management, and a seamless admin experience.
The new cloud-native Workspace ONE SaaS architecture is designed to meet the needs of modern businesses that require high performance, scalability, and security, yet it also helps VMware to significantly boost the velocity of feature development — delivering new and exciting capabilities to our customers with even higher quality.
Why did we need an architecture modernization effort?
We believed the ongoing evolution of where and how we use work devices — and the associated challenges — necessitated further modernization of the Workspace ONE architecture for several reasons. Allow us to unpack this a bit.
1. Explosion of heterogeneous endpoints and Workspace ONE adoption in enterprise
We live in a multi-device world where endpoints have become a critical aspect of keeping employees satisfied and productive. Over the past decade we’ve seen tremendous growth in mobile and desktop endpoints managed and secured by Workspace ONE. While the heterogeneity of endpoints expanded horizontally, we also saw the number of endpoints scale vertically for every one of our customers. This clearly called for a much more powerful architecture that would perform at scale and thrive in this ever-growing endpoint complexity.
2. New business challenges that require new solutions
Workspace ONE has constantly pushed the innovation envelope in end-user computing over the years: starting from the evolution from MDM to EMM to UEM for multi-platform management, to addressing the increasing need for digital employee experience and zero trust security. The Workspace ONE solution has always stayed ahead of these business needs. But to continue to do so in the future, we had to pave the path from what got us here to a newer path of limitless engineering scale and innovation possibilities.
3. Evolving endpoint technology landscape
As the UEM market matures, we recognized the commoditization of basic device management functions and quickly prioritized customer value creation by solving for higher-order functions with a much faster pace of feature delivery and quality. One example is the shift in the management paradigm from an “imperative” to the “declarative” cloud management model.
What did we do?
Our EUC team began what we knew would be an arduous yet rewarding journey to redefine a vision for a modern architecture for the next few decades.
This vision will allow Workspace ONE to deliver unprecedented customer value. Organizations that deploy Workspace ONE will be able to scale their deployments to millions of devices while experiencing a supercharged performance on resource workloads, plus automation and analytics that prioritize business outcomes over IT tasks.
1. Refactoring a monolith to modern microservices
The first step of the journey involved reshaping the monolithic architecture of Workspace ONE UEM. This required extracting legacy functions to create newer self-contained, modular, loosely coupled microservices that deliver high performance, scalability, and quality.
In fact, it was this “under-the-hood” refactoring to microservices that powered one of the first “modern” solutions that we launched a couple of years ago: Workspace ONE Freestyle Orchestrator. For any of you who wondered how we made Freestyle Orchestrator possible, now you know!
But that isn’t where this story ends. It is where it begins.
The vision for the new services-based architecture is to be the bedrock to power all future innovations as part of the Workspace ONE platform. As customers, you will see this take shape with many of the capabilities across endpoint management, experience, and security — such as multi-user for Windows desktops, Linux endpoint management, new OS updates, vulnerability management, and more.
2. Embracing desired state management: A new paradigm of management and security
Traditionally, endpoint management has primarily been imperative — requiring a set of disparate instructions to achieve a desired state on the device end. In simple terms, to get an application installed on a device, there needed to be a set of instructions relayed in sequential form to reach the end state of having the app installed. With platform modernization, we marched down a different path of desired state management, or DSM.
DSM isn’t a new concept. It is, in fact, a well-established model in server configuration management, wherein the focus of management is less on the instruction set and more on the higher-order state of the device itself.
Workspace ONE is now architected to be aware of the desired state of the device, and when it detects the device drifts from that desired state, it promptly performs the necessary task to return the device to the desired state. This compute can be offloaded to the client (in the case of desktops) for low-latency, offline remediations where possible, as well as on the server-end for lightweight endpoints (mobile). This new paradigm shift unlocks significant opportunities for better security, device compliance, and even more streamlined device management.
Now, due to Apple’s Declarative Management and Google’s AMAPI, we couldn’t be more elated with our foresight into this evolution from the imperative to declarative management model. We’re proud to have started the re-architecture early to comfortably embrace this exciting new world.
What benefits can customers realize from this new Workspace ONE architecture?
Customers will benefit in many ways from the new, modern architecture. Here are a few examples.
1. Supercharged performance and scalability
With the new Workspace ONE architecture, businesses can expect to see significant improvements in performance. The architecture is designed to handle large volumes of traffic and users, ensuring that IT can deliver apps and services at a high performance — quickly and efficiently.
The architecture modernization will unlock at least 10x improvement to applications and profiles delivery, as well as at least 10x improvement to the admin experience via smoother device management functions and seamless screen loads in a fraction of seconds — even for environments with millions of devices.
2. Faster feature velocity and improved product quality
Service-based architecture allows our engineering teams to significantly improve the ability to develop and deploy changes to the self-contained modular services. Test coverage, automation, and low dependencies between services will lead to high product quality as well.
This new architecture will also allow us to decouple specific functions to be updated in a modular fashion for same-day support. For example, data-driven UI for profiles will allow our customers to render any new same-day support features with a simple refresh of the console in the browser (without needing a full upgrade of Workspace ONE UEM).
3. Powerful low-code capabilities, advanced security features, and innovation
The notion of Workspace ONE constantly maintaining the desired state of the device unlocks significant opportunities for advanced security and locally enforced device compliance in the future. With DSM coupled with the low-code orchestration capabilities offered by Freestyle Orchestrator, there will be a formidable toolkit for end-user computing IT teams to solve higher-order business problems that were previously elusive.
This new architecture will also be an underpinning for newer innovations — including Microsoft Windows Updates and multi-user functions, Linux Management, Google’s AMAPI, and Apple’s Declarative Management.
How and when can we see the modern Workspace ONE architecture in action?
SaaS UAT environments will begin to see the new architecture and performance improvements rolled out in the first half of 2023.
Production shared SaaS and dedicated SaaS environments will begin to see the new architecture and performance improvements rolling out in the second half of 2023.
All newer innovations built on top of the new architecture will roll out shortly after the above timelines, respectively.
Want to learn more?
Read this Tech Zone blog for more details on the new architecture.