Introduction
The past year has been a challenging time for businesses. In a time where remote working – from home – has become not just a nice-to-have, but a must have, IT Operations have been forced into some very imaginative and innovative approaches to allow traditionally office-bound workers to continue to function during the COVID-19 induced lockdown restrictions.
However, many of the solutions put in place have been a mix of ill-fitting, ill-scaling technologies and include approaches that have often sacrificed security, reliability, and performance in order to deliver quickly. While this may have worked in the sense of a workable solution to meeting the conditions, the rise in security incidents, the duration of the epidemic and, in some cases, the prospect of remote working being the organisation’s “new normal” is now raising the prospect of re-visiting these ‘interim’ solutions to establish something more suitable.
Newly announced ‘VMware Anywhere Workspace’ intends to provide an integrated, end-to-end offering that answers the need to support working from anywhere.
VMware Anywhere Workspace – why now?
VMware have been working through a set of priorities for several years. Primarily at the back-end infrastructure, the focus was on “App & Cloud Modernisation” – by pushing a hybrid cloud model, app development and publishing meant needing to support a vast array of app topologies in different contexts, whilst still maintaining security and supportability.
In line with the direction that many industries are generally moving, VMware adopted the ability to support a SaaS-first strategy. Given the growing prevalence of application and data services leaving the data centre – Google Docs, Microsoft Office being prime examples – the approach to support any app in any cloud makes sense.
The final piece of the puzzle – emphasised most clearly in the past year – is the need to be able to work anywhere. Taken together, we end up with VMware Anywhere Workspace – providing a Trusted Digital Foundation integrating App Modernisation, Multi-Cloud support, Virtual Cloud Networking and Digital Workspace.
What is VMware Anywhere Workspace?
This is the million-dollar question. It is best described as taking three existing VMware products and bringing in tighter integration to provide a solution greater than the sum of its parts.
VMware Workspace ONE
Unified Endpoint Management and Virtual Apps and Desktop Delivery
In many ways, this provides the glue that binds the solution together and brings the service to the user. Workspace ONE already provides device and identity management, policy-driven conditional access, and authentication. And being cloud based, Workspace ONE already provides much of the ability to work anywhere.
It already has components such as Workspace ONE Content Locker, Secure Email Gateway and VMware Tunnel that provide the ability to connect securely to both cloud and on-premises resources, controlled by a combination of device compliance and conditional access controls for users.
For those requiring Virtual Desktops or publishing Remote Applications, Workspace ONE can provide presentation and authentication into both VMware Horizon 8 and VMware Horizon Cloud.
Thanks to its AirWatch heritage, Workspace ONE’s ability to manage an array of different client devices and guest operating systems is well proven – Configuration profiles, device compliance checking and the ability to manage and deploy applications and update have been available for some time.
VMware Carbon Black
Cloud native endpoint and workload protection
In the context of VMware Anywhere Workspace, Carbon Black is a cloud-native endpoint security solution. It combines intelligent hardening and behavioural prevention via a lightweight agent leveraging analysis of over a trillion security events per day.
Although Carbon Black has its own dedicated agent, Workspace ONE can be used to deploy and configure this, as well as providing input with respect to Workspace ONE’s compliance policies.
VMware SASE
Zero trust security and network performance management
SASE (Secure Access Service Edge – pronounced ‘sassy’) is a relatively new offering that leverages several VMware network technologies, such as VMware SD-WAN and VMware NSX Firewall, to deliver a cloud based secure access layer.
Traditionally, organisations would deploy an on-premises VPN solution with a gateway appliance in the data centre and a client agent on the endpoint device. While adequate in the past where most services were located within the company perimeter, modern working increasingly leverages cloud services as well. While it is possible to route traffic to cloud resources via the data centre, or even directly through Split Tunnel configurations, these are often complex to configure and maintain and can provide architectural difficulties (particularly in the case of Split Tunnel networking and providing resilience). Routing via the data centre can also be inefficient in both the performance impact (traffic hairpin into the data centre and back out) as well as leading to an all-or-nothing single point of failure of services in the event of a data centre outage.
SASE answers this by providing cloud-based Points of Presence (PoP) that endpoints connect to. Configuration is set up here that provide forward connections to either on-premises or cloud resources. As SASE has many PoPs across the world, users reach to the nearest available PoP, so providing improved performance and resilience.
The endpoint component used for this is the VMware Tunnel component of Workspace ONE – though instead of being directed to an on-premises Unified Access Gateway, it points to SASE instead.
Closing Thoughts….
By combining these solutions, VMware achieve a complete end-to-end solution. Using VMware Anywhere Workspace, we can:
- Manage the lifecycle of the device itself from deployment, through maintenance and change of applications and updates.
- Secure the endpoint itself – managing device encryption with Workspace ONE and providing threat protection with Carbon Black.
- Provide full risk-based conditional access to corporate assets. Device Posture and User identity managed via Workspace ONE while Carbon Black provides threat data with the access to resources themselves provided by SASE.
In doing so, we optimise the user experience though the elimination of differing solutions from a scattering of vendors with different mechanics and operational philosophies that do not necessarily fit together that well. In turn, this leads to greater supportability and operational efficiency as support are not having to deal with complex interactions between different vendor products.
Request a call
Got specific questions about VMware Anywhere Workspace? Why not request a call back and put your questions directly to one of our experts?
Book a demo
Sign up to experience VMware Digital Workspace solutions first-hand in our virtual Customer Experience Centre
Listen to the podcast
Learn more about VMware Anywhere Workspace in this podcast
Alternatively, you can learn more about VMware Anywhere Workspace by visiting the VMware website.