« Previous 1 2 3
Workspace ONE for endpoint management
Empowered
Secure Integration with the Enterprise Network
Workspace ONE UEM leverages the company's existing network infrastructure to provide its own high availability, redundancy, and scalability for the applications and desktops that are ultimately delivered to end users. To this end, local load balancing is integrated on the back end of the SaaS environment. The backbone security infrastructure includes redundant Ethernet switches, LAN separation, firewalls, intrusion detection, and monitoring. Redundant firewalls are located between the Internet and the AirWatch environment. An intrusion detection system (IDS) monitors all internal network traffic, logs it, and sounds the alert when suspicious network activity is detected.
Other security features include:
- isolation of all Workspace ONE UEM web servers with a demilitarized zone (DMZ),
- antivirus clients to protect all servers, and
- spam filtering and spam reporting for email.
From a web-based HTML5 management console, you can control Workspace ONE UEM. All data transferred between the web console and mobile devices is encrypted. To ensure the environment meets the latest security standards, the cloud-based Workspace ONE components automatically update and patch themselves.
The approach to data center security is multilayered. Primary data centers have onsite backups for rapid recovery and replicated offsite backups for disaster recovery. Production systems are hosted in two primary data centers, with cross-site replication of nightly backups to support performance, growth, and security requirements.
Self-Enrollment of Private Devices
Finally, I look at self-enrollment as one of the many options for registering a device in Workspace ONE. For an iPhone, for example, you need to install the Intelligent Hub application from the App Store for the target device. To establish a connection from the target device to the UEM, the server address and the respective group ID must be entered. After entering and establishing the connection, the user logs in with credentials provided by the enterprise. The successful login is followed by a manual installation routine, which is used to complete mobile device management registration.
The previous steps are virtually the same for Android devices, the difference being that they can be used after a successful connection. That is, you can make the resources available to the user, and the user can access the deployed applications within the Intelligent Hub catalog.
Unlike Android devices, however, Apple devices require an additional step before going live: an installation of one or more profiles. Once installed and connected to the Workspace ONE server, a window opens in the application asking you to create a profile. This step takes place outside of Workspace ONE, in the settings of the Apple device. After successfully creating a profile, the device is finally registered, and the user can access the application provided on the Intelligent Hub catalog. Likewise, you can view the registered device from the UEM platform and manage it as needed.
At all times you have the option to de-register the registered devices with what is known as an "enterprise wipe," which deletes the changes made to the device by Workspace ONE. Another action is known as a "device wipe," which resets the device back to the factory settings and deletes all data.
Conclusions
Thanks to Workspace ONE UEM, enterprises can easily integrate a fleet of mobile devices. Additionally, Workspace ONE Access enables the implementation of corporate policies and the unified deployment of applications. Other access components, such as the Airwatch Cloud Connector (ACC), support the integration of local and cloud-based LDAP directories. Workspace ONE can therefore be seen as a comprehensive tool for centralized and uniform management of end devices and mobile work.
Infos
- VMware Workspace ONE: https://www.vmware.com/products/workspace-one.html
- Workspace ONE Access: https://techzone.vmware.com/resource/business-continuity-vmware-solutions-remote-work#existing-workspace-one-uem-and-access
- Cloud-based logical architecture: https://techzone.vmware.com/resource/vmware-workspace-one-and-horizon-reference-architecture-overview#cloud-based-logical-architecture
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.