AirWatch®, for some time now a VMware® product, has been one of the most successful Enterprise Mobile Management solutions on the market (enough to justify VMware spending over $1bn to acquire them!).
Although its origins are predominantly based upon cloud based management of mobile phones, the product has spread its wings considerably in recent times.
Although it originated as a cloud based offering, and this is still very much the pushed approach, there are in fact several ways that an AirWatch solution can be deployed.
The most obvious one is the original cloud flavour.
Here, the solution is entirely hosted in the cloud. Applications and data services are directly accessed from the estate, leveraging as the customer desires (VPN, direct access to the application in the DMZ etc.) This has zero footprint in the estate and works well where services onto the internet are already established.
The next approach, referred to as Integrated Cloud, provides a hybrid approach; a VMware AirWatch Cloud Connector is deployed within the estate.
This server provides both integration with cloud (for notifications and management), an on-premise presence for administration, as well as providing AirWatch Tunnel. This is a secure gateway for AirWatch managed devices to access corporate resources directly – a ‘VPN-less’ VPN.
The final approach is an on-premise solution. This leverages one or more AirWatch servers, carrying out all the AirWatch functionality on premise, including the tunnelling capability above. For small deployments, a single DMZ based server is used. In a larger deployment, with multiple servers, the DMZ server provides AirWatch Secure Email Gateway and AirWatch Tunnel, while AirWatch Servers on the corporate network carry out the remaining provisioning services.
Further, the solution can be fully integrated with VMware Identity Manager Advanced Edition to extend the app catalogue capabilities to include single-sign-on access to web applications, Citrix® and VMware Horizon. VMware Identity Manager Advanced is included as part of the AirWatch Suite blue and yellow licensing tiers.
VMware AirWatch coverage of devices is impressive. From a mobile phone/tablet perspective, Android, iOS, BlackBerry and Windows Mobile are all supported. In addition, there is also support for Rugged devices, such as scanning handsets used in warehouses etc. Typically, these run Android, Windows Mobile or Windows CE.
Perhaps most interesting of all is the support for laptops (and essentially desktops) running Windows 10 or MacOS. This functionality is quite powerful. For example, not only can it provide configuration management and asset tracking, as you’d expect with an MDM solution, but it can also provide software distribution (in the case of Windows 10, this includes Win32 and Universal Apps), remote assistance (screen sharing) and endpoint protection such as configuring encryption and malware prevention measures.
There are a few standout features beyond the ability to manage devices and application publishing in a secure manner.
This provides a secure web browsing capability. It can be centrally controlled, allowing white/blacklisting of sites, cookie handling control and restricting copy/print functionality. On top of this, it provides a built in SSO capability and can leverage an AirWatch App Tunnel to access intranet sites without a third-party VPN.
AirWatch Content Locker
This is a clever data management solution allowing devices (including browsers) to access corporate data in a secure, rights-managed environment. It can integrate with cloud provisions (Box, Office 365, Google Drive) and on-premises solutions such as SharePoint and WebDAV and traditional File Servers as well. In the case of On-Premise, these leverage AirWatch Tunnel for secure access.
This is a secure video distribution solution, a corporate YouTube to some extent.
VMware AirWatch provides a big play towards VMware’s any device, anywhere mantra. Whether used in combination with VMware Horizon or other solutions, this provides not only management and control of corporate devices, but also the means to deliver applications and services in a secure manner to practically any compute device.