We are excited to announce that on September 12th, 2014, we will be migrating the CTO blog to a new version of the blogging platform.
kitcolbert

Bringing VMware and AirWatch together

April 29, 2014

AirWatch is our biggest acquisition ever and as you can imagine, customers and partners alike are eager to hear how we plan to integrate it into VMware.  Specifically, how are we going to bring the two traditionally separate silos of desktop and mobile together?

To help explain our vision for uniting VMware and AirWatch, we released a video describing our architecture and technology integration plans.  Definitely watch the video to learn more, and the rest of this blog will give you a summary of our plans and a bit more color on certain areas.

Vision

First, I want to make it clear that this is not about just integrating two sets of technologies. It’s about setting a vision for end-user computing and helping to drive the industry forward.  That vision is quite simple: users should be able to access all of their data and apps on any device without compromise, and IT should be able to seamlessly and consistently manage and secure all these apps, data, and devices.  Unfortunately, in today’s environment, users have to compromise a lot as they switch between devices, in terms of capabilities and application support.  Similarly, desktop and mobility management have little in common, usually driven by separate IT teams with different areas of expertise.  Yes, there are many companies out there, point players that help bridge the gap in this way or that, but the reality is that this has been a fragmented marketplace.  The opportunity for us (VMware + AirWatch) and the industry is to provide a unified solution built on best-of-breed components.

As with any vision, this one will be a journey.  The integration of VMware and AirWatch will occur in phases, with some easy wins first and the disruptive innovations following.  What I want to present here is the complete vision and how we plan to achieve it.  This plan will include not only identifying integration points, but also extending existing technologies to meet the needs of the integration.  I won’t go into timelines here, but rest assured we’re already hard at work and you should expect to see updates at VMworld and through the rest of 2014.  Ok, on to the integration!

Architecture

In identifying the different integration points between VMware and AirWatch, it’s useful to have a big picture view of what it is we’ll be integrating.  This is the diagram we’ve been using to help visualize the integration:

pic1

As you can see, we’ve organized the diagram into rows.  The lowest row is the physical devices end-users own (BYOD) or use (corporate-owned or COPE – corporate-owned, personally enabled).  These span various types of PCs to all sorts of mobile devices.  Above that is all the various services and applications end-users access or consume, such as full virtual desktops, published applications (both through XenApp and now with Horizon 6, ThinApp, SaaS/web apps, and of course, mobile apps).  The next row is Workspace Services, which consists of common services that span applications and devices, such as a portal or app catalog, identity and authentication, files/data (EFSS – enterprise file sync and share and MCM – mobile content management), and social. Finally there is the management layer, where the desktop and mobile worlds are managed and configured.

While there is a separation between desktop and mobile today, there are many common sets of functionalities between the two.  Indeed, many of the integration points should be obvious visually from just looking at the above diagram.  So how will we bridge the divide?  The key here is to focus on use cases.

End-Users

Let’s start with end-users.  End-users want a no-compromise and consistent experience on the device of their choice.  Thus they should have one place to go regardless of device to get access to their apps and data – i.e. one user portal.  VMware Workspace provides a strong basis for this today, as it supports all desktop and SaaS apps.  We could easily integrate in mobile apps:

pic2

Of course, it’s not just tying the app catalogs together, it’s about enabling a single identity and single sign-on across desktop and mobile.  Users also expect their files to be synced seamlessly across all their devices and want one place to go to access all their files.  AirWatch Secure Content Locker (SCL) is already that central access point, as it enables device connectivity to corporate datastores on Sharepoint and CIFS in addition to cloud services like OneDrive and Google Drive.  So we have the opportunity to create a common data solution by integrating Horizon Data capabilities deeply into SCL for a seamless user experience.

Finally, social is changing from just being a place you go into a property of things.  Today Socialcast is a website (with a corresponding mobile app) where users go to collaborate.  But social should also be embedded in everything users access: their app portal, their files/data, their devices.  For instance, an example integration is Socialcast and SCL.  Today in Socialcast, users can attach files to conversations.  With SCL, users can include comments on files.  But the two aren’t connected.  By connecting Socialcast and SCL, we could cross-reference the social network and the file/data network.  This would allow users and the enterprise to have a much better understanding about relationships between people and data, leading to useful insights.  Very powerful stuff!

How does this benefit end-users?  First, users can have the same set of applications available to them irrespective of device.  The portal and app catalog can be available both on desktop and on mobile, and users could be able to easily launch the apps of their choice.  And the app launch could be context sensitive.  For instance, if the user wants to run Workday and is on a desktop, then the Workday SaaS app would pop up in a browser, already logged in and ready to go.  If the user is on an iOS device, the app launcher will know that and run the Workday iOS app.  Again, a seamless experience for the user.

Second, users can switch easily between devices.  Think of it like Netflix: you start watching a movie on your TV at home, pause it halfway through, and then at some point later you pick up your tablet and you can start right where you left off.  Our unified solution could offer the same experience, but for a user’s apps, data, and content.  A user can start working on a tablet, realize a physical keyboard might be easier for the task, and switch to a laptop and start right where she left off.  This is extremely powerful and would be a boon for end-users.

Third, we have the opportunity to thread social through all of this.  Users can know who’s been accessing files they’ve shared or who’s been collaborating on a given file.  This would make it much easier to know who to work with on a given issue, as the information is all there and readily available.

In the end, we’re trying to create a seamless experience for end-users: they can use the device of their choice without compromise, switch between devices without missing a beat, and enhance the way they collaborate.  We think this is a huge win for end-users!

Admins

What about admins?  In the end they want a simple way to secure and manage devices.  Every customer we’ve talked to that’s used AirWatch loves the simplicity of the admin UI and of the mobility management paradigm in general.

pic3With mobility, admins deal with three things: users, policies (which are sometimes device-specific), and apps/content.  There’s no complex scripting needed; instead it’s just a simple admin UI where they can check the boxes for options they want and map users to policies to apps/content.  It’s that simple.

Contrast that with desktop, where the tools today are still somewhat archaic.  This is primarily due to the Windows OS, where applications are not locked down at all by default (say, compared to iOS) and where applications can interfere with each other (e.g. through clashing DLLs, registry settings, etc).  This forces a full image management model, where instead of talking about apps and content, we talk about images instead (which mash together apps, content, and even policy) – really a bit of a hairball.  The result is something that’s much harder to manage than mobile.  So the goal should be to simplify desktop management and align it with the mobility management paradigm.  In order to do that, there are two primary enabling technologies: layering and user-environment management.

Layering is a technique for digging into Windows and splitting up a Windows image into “layers” that comprise logical sets of functionality, such as an application, the base Windows OS, and user data, that are isolated and can easily be inserted and removed – a giant step toward untangling the hairball!  User environment management (UEM) refers to management of the Windows user persona and security and capabilities of the Windows OS.  This both enhances security and improves Windows manageability by enabling finer-grained policy controls, similar to what mobile OSes have.

How does all this fit together?  Let’s take an example we’re hearing about frequently from customers today: employees wanting to bring in their own laptops (PC or Mac) and get the full suite of IT services on those laptops.  IT wants a secure, controlled environment, but the user doesn’t want IT to take complete control of their personal device.  Sounds a lot like the problems with mobile devices, right?  The solution for desktop is to leverage a local type 2 hypervisor provided by VMware Player Plus or VMware Fusion Professional to run a locked down, secure desktop VM provided and maintained by IT.  The opportunity is to seamlessly manage that VM using layering provided by VMware Mirage and administer it in AirWatch, just like any mobile device.  This solution strongly resonates with customers, as they see the possibility of dramatically simplifying BYO desktop management.

This is just one example, but the potential for applying the mobility management paradigm to desktop is huge.  This would greatly simplify administration of all devices, since now a device is just a device and IT can focus on users, policies, and apps/content.  A win-win for everybody!

Bringing It Together

Based on the above, we can take another look at our architecture diagram with the proposed integrations in place:

pic4As you can see, we can integrate all the different pieces from Workspace Services to create a truly seamless and immersive experience for end-users regardless of the device they choose to use.  For admins, layering and UEM can enhance the manageability of desktops, allowing them to manage desktops in the same simple way they manage mobile devices today, enabling a unified management paradigm.  We think these integrations would be a huge win for admins and end-users alike.

Of course this is not an exhaustive list of every integration we’re thinking about, but hopefully this gives you a big picture view of how these two best-of-breed pieces could come together to create a unified solution.  As I said at the beginning, integrations are a journey, both for us and our customers.  But results will start emerging quickly – expect to hear a lot more at VMworld.  We’re really excited about the opportunity here and hope you are too.  What are your thoughts on these technology integration plans? Will your organization be able to benefit from our mobile unified solution? Please share your feedback below.

kitcolbert

Kit Colbert

CTO, End-User Computing

Kit Colbert is the CTO, End-User Computing at VMware, driving technical strategy and advanced development of innovative solutions for VMware's desktop, social, and mobility products. A 10-year veteran at VMware, Kit previously held roles as the Chief Architect and Principal Engineer for Horizon Workspace and as the lead Management Architect for the vCenter Operations Suite ... More

Leave a Reply