Tag Archive | UEM

So, who should you compare VMware Workspace ONE with?

I am fresh back from the biggest ever VMworld Europe, buoyed by the numerous announcements and developments in their end-user capabilities. On the back of our strengthening strategic partnership I thought it was time to address that age-old question; which is best Citrix or VMware?

It’s not easy being a consultant. It’s even harder when you don’t work for a vendor and so aren’t invested in a specific technology stack. Yes, I get it, there are worse things in life, but all things are relative. For me, nothing represents that better than organisations asking whether they should choose VMware or Citrix? The response ‘it depends’ is often met with exasperation, but it’s key to everything we do, by focusing on the value to a business and the requirements they are trying to meet.

Back in 2014, VMware bought AirWatch for $1.54 billion; a staggering fifteen times it’s reputed worth. We had already seen the explosion of mobile devices into organisations and the realisation of how much more productive they could make people, but it was also evident that managing mobile devices was a different proposition to managing static PCs.

Pretty soon that was looking like a smart move.  However, roll forward to 2018 and the benefits of Mobile Device Management are being exploited across the wider estate. Making the purchase look like a fabulous move. The development of Unified Endpoint Management (UEM) has allowed VMware to talk not just about virtual desktops, not just about mobile devices but the whole end-user estate. With this the focus has shifted just from competing with Citrix to move directly with Microsoft. With virtual desktops constant at around 10% for most customers the bigger opportunity remains the physical world hence the development of Workspace ONE. The prize now is looking beyond the Microsoft ecosystem at how the workplace is becoming more disparate, driven by consumer/colleague choice. This strategic, holistic, vision is now more often what drives solution choice.

In August 2017, VMware bought Apteligent, nine months later they bought E8 Security and delivered Workspace ONE Intelligence to improve user experience, optimise resources and strengthen security and compliance. In May of this year, they announced their strategic partnership with Okta which increased their capabilities to deliver a compelling identity story. I said above that the focus has shifted from Citrix to Microsoft, with these acquisitions and the capabilities they bring, in truth VMware is battling against their partnership.

The decision to remain on a certain virtual platform should be considered alongside how devices will be managed, how identity will be handled, what cloud investment strategy has been decided, which endpoint security requirements you have. Most organisations have existing investments in technology that come up for renewal at different times so changes need to be modular and fit an end vision. They must interact and exist alongside other products until the time is right to retire them. So where do you start? In Workspace ONE I see four opportunities.

Device diversity – organisations are increasingly looking beyond Microsoft Windows to support greater user choice. The drive from Apple and Google into Enterprise organisations is, so far, better supported and has more focus from VMware

Consumerisation of IT – as the consumer world now leads the Enterprise world there is an expectation of a certain user experience and ease of use. Workspace ONE delivers a consistent consumer-like experience across multiple OS platforms and form-factors.

Existing AirWatch investment – where mobile devices are already being managed via AirWatch the ability to extend that management to the primary device estate through a ‘single pane of glass’ can make a strong case for retaining and strategically developing investment in VMware.

Existing virtual desktop and app investment – where VMware Horizon has been deployed the built-in integration into Workspace ONE and potential licence benefits could make the case for deploying the wider portfolio of products. Publishing applications through the Workspace ONE app can be a key driver to greater end-point diversity.

VMware can co-exist with traditional management systems to manage a wide range of devices and form factors. Using analytics, they now have insight into the user experience, with their open security platform they can take advantage off best of breed vendors and with their partnership with Okta they have an identity solution to integrate any application strategy safely and securely. That gives them the capability to offer a direct comparison to Microsoft’s Enterprise Mobility and Security suite.

Competition provides benefits for the user and drives vendors to be innovative. If you believe that your future desktop strategy extends beyond the Microsoft world, then Workspace ONE is something you need to consider. Let’s have the conversation, just don’t expect a simple answer.

The promise of Autopilot and Modern Management

Zero touch deployment is something of a Holy Grail in the desktop configuration management world. Even with complex scripting and numerous third-party products it has continued to evade us. Does that now change with the advent of Microsoft Autopilot? Will you become the Indiana Jones of your organisation?

So what is Windows Autopilot? Autopilot is a process more than a technology, which enables you to take a Windows 10 device out of the box, connect it to a network, type in your credentials and voilà! Moments later (timings dependent on many factors, obviously) you’re up and running complete with applications and data. Truly zero touch (if you exclude the typing); but only for the right users, in the right locations, with the right applications.

autopilot.png

At a high-level you upload – or more likely your hardware manufacturer will – your device IDs to your company’s Azure tenancy and you get your policies and applications applied as you login without the need to re-image. The technology behind this is based upon modern management (unified endpoint management) so this will work with any Enterprise Mobility Management (EMM) vendor. Modern management makes use of the APIs enabled in Windows 10 and allows you to manage them in the same way you do the mobile devices in your estate. So SCCM equals traditional, AirWatch, Intune etc. equals modernity. The problem is SCCM has a long history and manages the majority of enterprise organisations’ estates today. That’s a good deal of customisation and knowledge that’s been baked-in over the years as well as the features and functionality that the EMM boys are yet to develop.

There’s also the consideration of whether you join your machines to Active Directory. Autopilot is dependent on Azure AD. This brings your identity strategy into question. Are you ready to switch off AD? APIs give you access to a few thousand settings but group policies run to tens of thousands and if you consider that they’re really just registry settings then they’re virtually infinite. So how quickly could you translate all that configuration onto a new platform?

Microsoft is well aware of this though and since Windows 10 1709 allowed Autopilot to work in conjunction with SCCM in a hybrid model. This allows you to join machines to Azure AD and your local AD, which goes some of the way to solving the current restrictions. However, deployment is still triggered by your EMM tool and so the granularity that SCCM offers is somewhat negated. So what does that mean in practice? Statistically, seven out of ten people reading this are not going to be on Windows 10 yet and so have a transformation programme ahead of you. Thousands of users will be sitting in your offices ready for their new devices. They’ll get them, unbox them and individually start downloading 20GB data across your network. How do you see that going?

Modern management, as a technology, is developing fast so it definitely needs to be part of your strategy but you need to know your use cases and requirements to get the greatest benefits from it. Users who spend the majority of their time away from the office and have a limited application set are a great place to start. Generally, for office users you’ll want to deploy to them using a traditional SCCM imaging solution. Once they’re on Windows 10, then modern management is the way to go as you transition away from local AD security policies and traditional application delivery, but that is a process that will take time to reach maturity.

This is the future of deployment, without a doubt, but for the time being it needs to be part of an overall deployment strategy. As colleagues have become more mobile traditional management methods have failed to keep up. EMM platforms were built with the assumption that all users are mobile. The transformation of your environment will most likely be suited more towards SCCM with some opportunity for Autopilot. Once you get to Windows 10 though, more users are likely to be suitable to be managed in a modern way. As the technology develops more new and refreshed devices will come into scope. The key here is to make Autopilot part of your infrastructure now, but understand which users are able to make use of it. Be aware though that in six months’ time those use cases will have changed and grown so they need to be reviewed regularly. In Autopilot Microsoft has finally caught up with Apple’s Device Enrollment Programme and the expectation that users have for how things should work. So maybe you will find the Holy Grail and won’t need the hat and whip!