The modern workplace has transformed. Now it’s anywhere and everywhere
Employees want the freedom to use the endpoint, application, or network of their choosing. Companies that can meet these expectations have a competitive advantage over the others, especially in the area of productivity, efficiency, and recruiting and retaining top talent. But meeting those expectations is no easy task. Organizations would have to support the growing number of personal devices and applications, secure those endpoints to protect their proprietary data and provide a consistently great employee experience. This is where the Unified Endpoint Management (UEM) tool comes into play.
A UEM is a class of software tools that provide a single console and capabilities for securing and managing all endpoints including servers, desktops, tablets, mobile devices, embedded devices, virtual machines, IoT, and wearables. UEM is an evolution of, and replacement for, mobile device management (MDM) and enterprise mobility management (EMM), and client management tools. VMware Workspace One is the cutting-edge UEM tool that gives organizations complete control over the “everywhere workplace”.
VMware Workspace ONE is one of the leading UEM platforms that allows IT to deliver a secure digital workspace. It integrates access control, application management, and multi-platform endpoint management into a single platform and is available as a cloud service, on-premise, or hybrid deployment. VMware was named a leader in the 2021 Gartner Magic Quadrant for UEM, as well as a 2021 Gartner Peer Insights Customers’ Choice for UEM.
Key features and capabilities include:
- Supports both corporate-owned and BYOD use cases which allows you to deliver the level of privacy employees demand with total separation between proprietary and personal data.
- Provides built-in features for system and security settings, data protection, application and device controls, and more to prevent data loss.
- VMware Workspace ONE tunnel encrypts traffic between frontend and backend systems and protects applications through the VMware Unified Access Gateway.
- VMware Workspace ONE allows you to customize your dashboards in infinite ways to provide relevant metrics and analytics that help resolve issues before impacting the user experience.
- Provides you with the ability to grant self-service capabilities to end-users, including self-service access to the apps they need to get their jobs done, which reduces support requests.
- Workspace ONE UEM supports full life-cycle management of a variety of devices—phones, tablets, Windows 10, and rugged and special-purpose devices.
- Supports a wide variety of enrollment options such as auto-enrollment, QR code enrollment, sideload, in bulk, and barcode enrollment.
- Provides you with the ability to track a device in the Workspace ONE UEM Console after enrollment, and to gather critical data such as system diagnostics, network information, certificates, apps, custom attributes, and more.
- Workspace ONE integrates with Active Directory, LDAP directories, and other third-party identity providers to simplify access applications.
VMware Workspace ONE Key Components
Workspace ONE is built on UEM technology and integrates with VMware Horizon (a platform for delivering virtual desktops) on a common identity framework delivered by Workspace ONE Access. The primary end-user component is the Workspace ONE app. The technologies and services that make up VMware Workspace ONE include the following:
1. Workspace ONE UEM
Workspace ONE UEM is one of the major components of the Workspace ONE family. The UEM component of Workspace ONE is used for device enrollment and management, mobile application catalog, device compliance and policy enforcement, and integration with key enterprise services.
Workspace ONE UEM forms the core of the enterprise mobility platform that supports mobile productivity and provides secure access to enterprise applications and corporate data, as well as compliance-checking tools to ensure that remote access devices meet corporate security standards.
The following are the key components of Workspace ONE UEM:
- Workspace ONE UEM Console The console is a cloud-hosted service that allows you to configure policies to monitor and manage devices in your environment. It provides multi-tenancy, role-based access, app management options, smart groups, and more.
- Workspace ONE UEM Device Services This component enables you to communicate with all of your managed devices. It also supports the core operations of Workspace ONE UEM such as device enrollment, application provisioning, and hosting the self-service catalog.
- AirWatch Cloud Connector Just as the name implies, this component connects the Workspace ONE UEM with the backend enterprise systems and internal components such as email relay, directory services, email management exchange, Syslog, and more.
- Workspace ONE UEM REST API This component enables developers to utilize the information in Workspace ONE UEM to create new applications.
- VPN Tunnel Provides a secure channel for individual applications to access corporate resources hosted in the internal network without the risk of exposing them to unauthorized entities.
2. Workspace ONE Access
Workspace ONE Access is another major component of the Workspace ONE family. This component integrates with Workspace ONE UEM to provide single sign-on (SSO) access and authentication policies to control and manage access to key applications and services. Workspace ONE Access can be configured to use third-party directory and identity services such as Active Directory (AD), LDAP, Azure AD, Okta, and others for user authentication and application access.
With Workspace ONE Access, IT admins can deploy new applications of any type with a consistent user experience.
Key features and capabilities features include:
- Access broker Integrates with existing on-premises and cloud identity providers to enable secure access to applications while improving user experience.
- Adaptive MFA and SSO Provides native support for internal and third-party MFA providers and delivers SSO access to applications through integration with Workspace ONE Intelligent Hub.
- Risk-based conditional access Enforces access decisions based on several access policy combinations such as device compliance, identity context, network, SSO, automated device remediation, and third-party information to make dynamic decisions on the level of access end-users get.
- Smarter digital workspace Unlocks new Workspace ONE features and capabilities, including Workspace ONE Hub Services and Workspace ONE Intelligence.
3. VMware Workspace ONE Intelligence
VMware Workspace ONE Intelligence is a cloud service that aggregates and correlates data from multiple sources to give complete visibility and insight for informed decision-making for your VMware Workspace ONE deployment. It has a built-in automation engine that can create rules to take automatic action on security issues.
The Intelligent Hub application which is the primary end-user component allows end-users to access enterprise and web apps, stay connected with colleagues, and be productive on any device (Android, iOS, macOS, Windows 10) from anywhere. Once installed, end users can view favorite apps, new apps, recommended apps, and other categories within the Intelligent Hub catalog.
4. VMware Unified Access Gateway (USG)
USG is an edge service that resides in the demilitarized zone (DMZ) and shields all other key Workspace ONE components from the public network. It provides secure edge services and access to defined resources that reside in the internal network. This allows authorized, external users to access internally located resources without compromising security and privacy.
Licensing and Subscription Plans
Workspace ONE licensing is based on per device or user. It comes in various subscription plans depending on your preferred deployment model. The difference between the editions comes down to what sort of devices can be managed, mobile and desktop management, UEM and analytics capabilities, intelligence hub, and security features, and others. A free trial is available on request. The table below is a comparison of the various subscription plans.
Subscription Plan | Features | Deployment Model |
---|---|---|
Employee Essentials | Workspace ONE Intelligent Hub Secure access to apps and resources Reporting and automation | Cloud |
Mobile Essentials | Mobile device management Secure access to apps and resources Mobile reporting and automation | Cloud |
Desktop Essentials | Advanced desktop management Secure access to apps and resources Desktop reporting and automation | Cloud |
UEM Essentials | Mobile and desktop management Secure access to apps and resources Unified endpoint reporting and automation | Cloud |
Standard | Mobile device management Workspace ONE Intelligent Hub Special purpose device management | On-premises |
Advanced | Mobile and desktop management. Telecom management tools Workspace ONE productivity tools Special purpose device management | On-premises |
Table 1.0 | Comparison of Workspace One subscription plans
VMware Workspace One Alternatives
If you figured out that VMware Workspace One is not the right UEM solution for your business, check out the following possible alternatives:
- ManageEngine Endpoint Central (FREE TRIAL) It is an on-premises and cloud-based UEM solution from ManageEngine that enables IT administrators to effectively manage endpoints such as servers, laptops, desktops, smartphones, tablets, and wearables from a central point. Endpoint Central features and capabilities include inventory management, configurations management, patch management, service pack installation, software installation, desktop sharing, system tools, active directory, and user logon report, among others. A free 30-day trial is available
- Microsoft Endpoint Manager (MEM) It is a UEM that enables businesses to securely provision flexible workspaces for their employees, whether on desktops or mobile devices, on-premises or in the cloud, in the office, or out in the field. VMware was named a leader in the 2021 Gartner Magic Quadrant for UEM. A free trial is available on request. MEM is highly scalable and integrates seamlessly with other Microsoft products, including Microsoft 365, making it a particularly strong UEM solution for enterprises using the latest 365 cloud features.
- Ivanti Neurons It is positioned as a hyper-automation platform that leverages AI and machine learning to address the growing security concerns of the modern workplace. With Ivanti Neurons, organizations can discover their assets everywhere, secure work experience, and automatically identify and fix endpoint issues with real-time intelligence. A free live demo and a free 45-day trial are available on request.
- IBM Security MaaS360 It is a cloud-based UEM platform that helps organizations manage and secure a heterogeneous pool of endpoints, end-users, and everything in between. IBM Security MaaS360 comes with Watson AI capabilities to deliver actionable security insights across your enterprise. A 30-day free trial is available on request.
- BlackBerry Spark UEM It is a one-stop platform that enables your employees to securely work from any device, anywhere. It streamlines the management process across devices such as desktops, and mobile and IoT devices. The BlackBerry Spark UEM Suites can be delivered on-premises, as a cloud service, or in a mixed model. The product is available on a free trial.
- Citrix Endpoint Management It is a SaaS-based UEM tool that enables organizations to bring every endpoint, application, and network from any location into one unified view to deliver the digital workspace employees need to be productive. Devices running Windows, macOS, Chrome OS, Android, and iOS can be enrolled into the system.
- Matrix42 Secure UEM It combines the advantages of classic client lifecycle management (CLM) and enterprise mobility management (EMM) in a single platform. Matrix42 Secure operates a user-based licensing model that allows your employees to use as many devices as desired without incurring additional costs. The service can be accessed in the cloud, operated on-premises in your infrastructure, or in a hybrid model. A 30-day free trial is available on request.
- Google Endpoint Management It allows organizations to enable employees access to Google Workspace and other Google services they use for work from any device and anywhere. With Google Endpoint Management, you can make your organization’s data more secure across your users’ endpoints such as Android, IOS, Linux, Windows, and Mac devices.
- Hexnode UEM It is a cloud-based solution that allows businesses to manage endpoints from a centralized console. Hexnode UEM incorporates Enterprise Mobility Management (EMM) solutions to secure, track, and manage corporate and personal devices. Hexnode supports almost all major platforms including Android, Windows, iOS, macOS, Fire OS, and Apple TVs. You can check it out by signing up for a 14-day free trial.
- 42Gears UEM It offers a single platform that empowers IT teams to control and manage all endpoints, regardless of type, user, or use case without compromising security. Supported devices and OSs include desktops, laptops, smartphones, tablets, wearables, IoT, printers, macOS, Windows, Linux, Android, and iOS devices. A free online demo and a free 30-day trial are available on request.