The innate ability of VMware Workspace ONE® to tackle multi-tenancy is often understated. Workspace ONE’s design principles are unique for each customer. As a VMware Professional Services expert, I believe multi-tenancy still deserves a spotlight as I’ve come across more organizations that could benefit from such architecture. In this blog, I provide several key takeaways to whet the appetites of those thinking about offering Workspace ONE services to their end users/customers in a multi-tenant service model.
The growing adoption of cloud services has shifted how IT departments have traditionally operated. Back-office IT has become a business unit in many large enterprises that provide catalogs of technology services to its end users. Similarly, it’s common for organizations in SMBs to contract external managed service providers (MSPs) to fill IT roles, leading to the global MSP market to be projected at $557 billion in 2028, up from $243 billion in 2021.1 In either case, the IT department is offered “as-a-service,” and those consuming it become the customers. Under this service provider model, technology offerings such as Workspace ONE become value-generating platforms for the providers. More importantly, these platforms must be equipped to address each customer’s unique challenges and requirements while having sound operational procedures to scale, manage and account for services by the provider.
Immediate benefits of Workspace ONE
Workspace ONE provides end-to-end management of endpoints and apps across mobile, desktop and rugged device platforms to help keep end users secured while providing a great user experience no matter where they are. For the past six months, I’ve been working with a customer that provides IT services to more than 50 organizations managing more than 50,000 endpoints in a single environment. This undertaking is part of a joint effort to develop a roadmap that maximizes the effectiveness and value of the Workspace ONE platforms. In the beginning, this customer was managing Workspace ONE UEM on-premises. They reached a critical mass where the overhead to manage such an environment was not sustainable in the long run. Hence, within the first six months, our first major milestone was to seamlessly migrate their on-premises Workspace ONE environment to a dedicated SaaS instance, where the upkeep of the platform, such as routine maintenance, upgrades and resource management, become things of the past. Offloading these responsibilities provided a quick win that demonstrates almost immediate ROI early in the journey.
Multi-tenancy architecture
Next, we implemented a multi-tenant architecture tailored to their operation. We co-developed the architecture with the customer by understanding their vision and then learning how they operate their business.
The vision
- To provide the best service and user experience possible
- Enable proactive administration, platform visibility and robust security
- Maximize operational efficiency, consistency and standardization
The plan
The hierarchical Organization Group (OG) in Workspace ONE UEM enables a multi-tenant design with apparent isolation where it’s needed. At the same time, it also provides the granularity for each tenant to individualize:
- Access, identity, authentication methods and sources (LDAP, SAML IDPs, RBAC, etc.)
- Service configurations and features
- In-line and third-party integrations
Organization Groups are the foundation of Workspace ONE service abstraction. Thus, having a clear vision and policy that define tenant boundaries, permissions and access help form a cohesive onboarding framework that sets the customer’s expectations. From a technical execution standpoint, we deployed different Organization Group types effectively to draw clear boundaries for the customer’s identified, shared and dedicated tenants. The main operation goal for shared tenants is consistency. And for dedicated tenants, we needed the flexibility to adapt to unique use cases and integrations, such as distinct AD forests, Azure AD and Workspace ONE Access.
Onboarding new tenants with speed and consistency while minimizing operational overhead is crucial to the long-term success of any service provider. Designing and automating frequently used Workspace ONE workflows reduces the variability of repetitive tasks, such as customer onboarding, device lifecycle and application management. Often, these are assembly line-style sequences that could be automated within Workspace ONE, which reduces human errors and improves the overall quality of the service. In addition, data analytics organize data and succinctly provide actionable intelligence for proactive management for a 360-degree view of the platform.
- Service health and usage trends
- Device security risk and threat mitigations
- Digital user experience gauge and feedback
Collaborative approach
Finally, we need the people! None of this would be possible without the hard work, dedication and coherent actions between VMware Professional Services and the customer working jointly to co-produce the finished products. Similar to the world of motorsport, having the fastest car with a talented driver alone is not enough for the team to make it on the podium. Extraordinary effort yields extraordinary results. Combining teamwork, focus and relentless pursuit of a vision produces success.
Workspace ONE services have built-in features to support these critical areas from a technology standpoint. Each element plays a crucial role in driving successful outcomes for service providers.
Successful service operation and management require people, processes and technology. While Workspace ONE has multi-tenant capabilities from a technology standpoint, a thought-out architecture combined with collaborative efforts to create a forward-looking operation model is essential to reaching business outcomes.
Need help realizing your vision
Are you a VMware MSP Partner considering a Workspace ONE multi-tenancy offer for your customers? If you would like help architecting and delivering the solution, VMware Professional Services for Anywhere Workspace can help. Contact your VMware sales representative for more information.
