Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
#vmworld
DEE2774BU
Demystifying Enterprise Apps: Secure Deployment, Access, and Management
John Turner, VMware, Inc.
#DEE2774BU
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Disclaimer
This presentation may contain product features or functionality that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined.
2
The information in this presentation is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation to deliver any items presented herein. VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 3
Speaker Bio – John Turner20+ Years Enterprise Consulting Experience
5 Years at VMware
• Current: EUC Client Solution Architect
• Previous: Senior Consultant in Federal Practice
Certifications
• Current: VCP6-DTM / VCP6-NV / MCTS (Windows, Desktop Deployment, SCCM), MCSE, Net+, Sec+
• Previous: MCT, CCNA, MCP+I, MCP-BDD, MCP-Desktop Optimization
Consulting Experience
• Career Experience: EMC Professional Services, BT Global Services, Avanade, CGI
• Over 20 projects deploying 20K+ desktop seats (VDI & traditional)
• Over 100 projects deploying 5k+ desktops seats (VDI & Traditional)
• Over 20 Enterprise-Wide (5k+) App-Rationalization engagements
• Over 10 Enterprise SCCM Design & DeploysWedding Sept 3, 2017
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Agenda
4
The End-User Perspective (Lessons Learned)
Secure Access
Versatile Management
Flexible & Easy Deployment
Wrap-Up / Q&A
VMworld 2019 Content: Not for publication or distribution
5©2019 VMware, Inc.
“You’ve got to start with the customer experience and work back toward the technology –not the other way around”
- Steve Jobs
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 6
Begin with User Experience in MindIT’s Chance to Innovate
Consistent Look, Feel, & Experience
• Applications maintain order across devices
• Authentication screens are consistent throughout, even if 2FA is utilized
Customized & Secured
• View is customized specifically to the user’s needs – by the end user!
• Able to be integrated with Horizon, Citrix, SaaS, SAML, etc.
• Facilitates SSO across environments (On-Prem/Cloud/Partner)
• Access controlled by “who, where, what device”
• App Icons can launch applications from various sources:
– Locally Installed desktop & mobile apps (Secure Containers)
– VDI / RDSH / Hosted Applications (Including Citrix)
– SaaS Applications
• Simple self-service onboardingVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 7
Applications Pose Multiple ChallengesApplications often have their own ecosystem
Application Types:• SaaS• Traditional (Installed locally on PC)• Platform Specific • Incompatible / Not-Supported
Identity Integration Requirements• On-Prem AD / LDAP• ADFS • iDP’s (OKTA/PING/ETC)• SaaS/SAML
Delivery Issues:• OS Differences• Application Updates• On-Prem devices / Off-Prem devices• Reporting of compliance• Version sprawl• Device Management• Roll-Back
Apps Identity Device
VMworld 2019 Content: Not for publication or distribution
8©2019 VMware, Inc.
Secure Access
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 9
Context• Location• Device Type• Security Status
Identity• Who• Organizational Role• Additional Roles
Governance• Consistent• Repeatable• Manageable
Security• Based on User
and Role• Across Devices• Changes With Role
Identity & Device Access Challenges
Apps Persona
Data
AppsDevice
Services
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 10
Workspace ONE Architecture
Secure Browser
Content
Contextual Policy Framework
LOCATION APPDEVICEUSER DATA
Windows Device Adapter
iOS Device Adapter
Android Device Adapter
Browser Add-On
Authentication
Mobile Push, X.509
SessionManagement
Protocol Engine
Proxy (F5)Per App
VPNAccessPoint
Device Provisioning and
Configuration
Compliance Enforcement/Remediation
Self-Service App Provisioning
(Push/Pull)
SAML / OIDCWS-Fed
HTTP
Access Management
App / Device Management
Any Application
Catalog and Launcher
Catalog and Launcher
App/Data Containerization
Includes integration with Mobile Security / CASB Partners
Web Apps
SaaS Apps
Windows Apps
Citrix Apps
Mobile Apps
Mobile Apps
Cloud
On Premises
Any Device
Or 3rd PartyAuth Providers:(RSA, Imprivata
Radius)
Unified Catalog / App Broker
(Google Play, Apple Store,
Windows Store for Business)
Active Directory
Or 3rd PartyIdentity
Providers(Ping, ADFS)
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 11
Integrate Identity and Device Compliance for Conditional Access
AUTHENTICATION MODULE
DEVICE POSTURE
USER AUTH
APP SERVICE
Workspace ONE
Managed Jail Broken
Workspace ONE UEM
OS
3rd PartyMSA | Malware |
Trust
LocationBlacklist
Apps
Workspace ONE Access
Authentication Provider
Network Scope
Authentication Strength
Session Time
Per Application
Remote Apps | Web Apps | Native Apps
Secure Browser
Content
Catalog and Launcher
Catalog and Launcher
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 12
Policy Driven Access & Security
Integrate Conditional Access Policies
12
APP
USER
Policy Framework
DEVICE
LOCATIONAPP
Employee
USER
Contractor
PrivilegedCustomer
R&D Sales Marketing
iOS
DEVICE
Android Win10
Unmanaged Managed
BYOD Corp-Issued
Web
APP
Mobile Virtual
Low Security
High Security
External Internal
In Network
LOCATION
Out Network
Beacon 3G / 4G
Geo
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 13
Further Enhance Security with Secure Tunnel & Content Locker
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 14
Versatile Management
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 15
Building Blocks for Versatile Management
WIN 10 / MAC / ChromebookiOS / Android Rugged/Connected Things
All AppsExperienceModern
ManagementInsights Automation
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 16
Device and Application Management Lifecycle
End to End Device Lifecycle Management
• Acquisition
• Configuration and Provisioning
• Zero Touch Deployment
• Support and Repair
• Retirement and Disposition
• Forward Stocking Locations
• Inventory Management
DeviceLifecycle
Management
Asset configuration
AssetAcquisition
Installs MovesAdds Changes
AssetRetirement
& Deposition
Deployment
Software &ApplicationManagement
DemandManagement
RemoteManagement
MaintenanceRepair
ProactiveRepair
OS Imagingand Migration
• Lease Return
• Redeploy
• Employee Sale
• Data Destruct/Grading
• Remarket
• Recycle
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 17
Begin your Transition to Modern Management
TRADITIONAL MODERN
DEPLOYMENT
PATCHING
SECURITY
CONFIGURATION
APP MANAGEMENT
BUILT FOR THE MODERN
WORKFORCE
Highly manual imaging for all use cases
On-network mgmt. of 1000s of GPOs
Takes months to patch all endpoints
Costly mgmt. and distribution points
Lack compliance visibility when needed
Out-of-box for day one productivity
API driven, across any network
From the cloud in minutes
Cloud-scale with zero CapEx
Real-time detection and remediation
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 18
Complete Windows 10 Co-Management Technology
Flexibly co-exist with anyWin10 and SCCM – no costly upgrades
18
Configuration Manager Workspace ONE
TRADITIONAL MODERN
Imaging
WSUS
Group Policies
Apps
Onboarding
Cloud Patching
MDM
Take cost out of traditional PCLM pain-points such as patching, etc.
Ease migration of traditional PCLM tasks to Workspace ONE
Apps
AirLift
AirLift Delivers Simplified Transition to Windows 10 Modern Management
VMworld 2019 Content: Not for publication or distribution
19©2019 VMware, Inc.
Flexible & Easy Deployment
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 20
Evolution from a test-first approach to a publish-first approach
Granular Control over Application & Updates Publishing
Deferral Approved by Group
Manually Approved
Patch
Workspace ONE AdminVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 21
Cloud Migration
Application Retirement / Consolidation
Re-Write applications for today’s world (Docker/Kubernetes)
Create a ThinApp Package
Create a purpose-specific Win 200x RDS Farm
Down-level OS with Horizon Agent (Kiosk)
Shim Applications
Strategic Tactical
Dealing with Problem AppsLong-Term Plans and Short-Term Solutions
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 22
Desktop 3
Desktop 1
Desktop 2
Policy driven personalization for VDI and RDSH Applications
Simplify the Deployment of VDI & RDSH Applications
Network Policyfrom NSX (Optional)
ApplicationDelivery *
Dynamic Policy and Personalization from User
Environment Manager
Desktop Creation & Customization
Bob’sdesktop
Max’sdesktop
Lucy’sdesktop
Lucy(Finance)
Max(Developer)
Bob(HR)
InstantClone
Horizon App or
Desktop in
Catalog
* Capabilities vary based on cloud platform
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 23
Security / Compliance / Device Management
Secure Browser
Content
Contextual Policy Framework
LOCATION APPDEVICEUSER DATA
Windows Device Adapter
iOS Device Adapter
Android Device Adapter
Browser Add-On
Authentication
Mobile Push, X.509
SessionManagement
Protocol Engine
Proxy (F5)Per App
VPNAccessPoint
Device Provisioning and
Configuration
Compliance Enforcement/Remediation
Self-Service App Provisioning
(Push/Pull)
SAML / OIDCWS-Fed
HTTP
Access Management
App / Device Management
Any Application
Catalog and Launcher
Catalog and Launcher
App/Data Containerization
Includes integration with Mobile Security / CASB Partners
Web Apps
SaaS Apps
Windows Apps
Citrix Apps
Mobile Apps
Mobile Apps
Cloud
On Premises
Any Device
Or 3rd PartyAuth Providers:(RSA, Imprivata
Radius)
Unified Catalog / App Broker
(Google Play, Apple Store,
Windows Store for Business)
Active Directory
Or 3rd PartyIdentity
Providers(Ping, ADFS)
VMworld 2019 Content: Not for publication or distribution
24©2019 VMware, Inc.
How Do We Get there?
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 25
A customized journey
How Do We Get there?
Mo
bili
tyD
esk
top
Ap
ps
Ide
nti
ty
END USER RELATIONSHIP
Control Devices
Standardize Platform for Efficiency
Reduce Deployment Time
Secure Access
Any Device Access
Location Independent
Self-Service Deployment
Streamline Access
Connected Workforce
Data Driven Decisions
Competitive Advantage
IT DEFINED USER CENTRIC DIGITAL ENTERPRISE
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 26
Mo
bili
tyD
esk
top
Ap
ps
Ide
nti
ty
Traditional Identity and Authentication
Identity Aggregation
App Deployment
Client Management
Enterprise Mobility Management
App Abstraction
UnifiedEndpoint
Management
Enhanced Mobility
App Catalog
Digital ConvergenceDynamic Desktops
Digital Workspace
CYBERSECURITY INSIGHT PROTECT CONTROL
INFRASTRUCTURE PLATFORM MANAGE AUTOMATE
DIGITAL ENTERPRISEIT DEFINED USER CENTRIC
Work with VMware to determine your path
Defining the Journey
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc. 27
Application Rationalization Starting Point
Define Technical Objectives
• Devices / Locations
• Security
• Mobility
Current State Discussion
• What works?
• What doesn’t work?
• Desired Improvements
Challenges
• Integration Challenges
• Accessibility Challenges
• Regulations
Apps Identity Device
VMworld 2019 Content: Not for publication or distribution
28©2019 VMware, Inc.
“A lot of times people don’t know what they want until you show it to them.”- Steve Jobs
“If I had asked people what they wanted, they would have said faster horses.”- Henry Ford (Supposedly)
VMworld 2019 Content: Not for publication or distribution
29©2019 VMware, Inc.
Q&A
VMworld 2019 Content: Not for publication or distribution
VMworld 2019 Content: Not for publication or distribution
John TurnerTwitter: @BeardedVDIGUYLinked In: www.linkedin.com/in/johnpturner
VMworld 2019 Content: Not for publication or distribution