Latest from the Blog

VMworld 2019 is Quickly Approaching: This is what I recommend
with No Comments

There is so much going on at VMworld this year around EUC and I am having a hard time keeping up with all the sessions I want to go to. Below I have a list 14 interesting topics I found … Read More

VMworld: Opportunity Knocks! Support Enterprise Endpoints Extending Workspace ONE [UEM1438BU]
with No Comments

Check out the presentation I will be giving at VMworld 2019 in San Francisco August 25-29 or in Barcelona November 4-7. VMware embarked on a journey of transitioning from siloed endpoint management tools to a unified management approach across a … Read More

Come Work with Me!
with No Comments

There are a couple of job openings available on my team here in Atlanta. Automation Developer: https://bit.ly/automatedevatl Sr. Identity Manager Engineer: https://bit.ly/IAMmgmtvm If you know someone looking or if you are interested in these positions check out the links above … Read More

VMware Identity Manager and Certificates
with No Comments

[EXTERNAL POST BY PETER BJORK] Are you struggling with uploading a new certificate to your VMware Identity Manager? Well, you are not alone. But it isn’t that hard. You just need to know what the requirements are and then it … Read More

How SaaS Made Seamless (and Secure) Identity Access Management a Reality for VMware
with No Comments

[EXTERNAL POST BY ROBERT COGGINS] How does VMware provide simple access to 1,000+ apps serving 28,000+ employees around the globe? The answer is VMware Identity Manager™, an integral component of VMware Workspace ONE®. Identity Manager delivers improved security and employee … Read More

Privacy and Transparency on Mobile with the New Workspace ONE SDK Privacy Module
with No Comments

[EXTERNAL POST BY KELLY MASTERS] Advancements in technology have altered how data in both our personal and professional lives is used, collected, processed and stored. As we approach the 1 year anniversary of the GDPR (General Data Protection Regulation) law … Read More

VMworld 2019 is Quickly Approaching: This is what I recommend

with No Comments

There is so much going on at VMworld this year around EUC and I am having a hard time keeping up with all the sessions I want to go to. Below I have a list 14 interesting topics I found while browsing the catalog. I recommend going to these in addition to mine!

How to Offer Mac as a Choice with Workspace ONE UEM [UEM2099BU]

As organizations look to migrate from Windows 7 and, at the same time, onboard the new modern workforce, they are tasked to offer the best experience and toolkit to help them be productive. Offering the ability for users to pick any device of their choice can significantly improve their experience, satisfaction, and a path to migrate away from older Windows 7 machines. In this session, you will hear from VMware, Apple, and some of our customers on how they have embraced Mac as a choice.

Windows 10 Troubleshooting Tips and Tricks [UEM1460BU]

Nothing is worse than leveraging a powerful solution and not knowing how it works or why it’s not working as expected. This workshop will provide general troubleshooting guidance as well as solutions to specific problems for various Windows 10 features in VMware Workspace ONE UEM. Find out how Workspace ONE UEM manages Windows 10 devices and troubleshoots various Windows 10 components, such as software distribution, updates, onboarding, and common logging locations. This workshop will also explore how to leverage Workspace ONE Advanced Remote Management to provide end users with remote support, as well as discuss all of the different device wipe options. The exercises in this workshop are targeted to those with previous Windows 10 management experience in Workspace ONE UEM.

The New Frontier: A Unified Workspace That Gives Time Back to IT [UEM2679BU]

Imagine a world where your IT team can stop spending the majority of their time on device setups, app updates, and support calls. Imagine what they can do with their time to solve critical business challenges and innovate. Stop imagining and learn how you can revolutionize your business with Dell Technologies Unified Workspace.

Make Zero-Touch Provisioning on Windows 10 a Reality for Your Organization [UEM2263BU]

Want a zero-touch device provisioning experience for your users but don’t know where to start? Modernizing deployment can be challenging and overwhelming with many dependencies on other technologies. Come learn what it takes to make this a reality.

What’s New with Workspace ONE? [UEM3009BU]

In this session, learn what’s new with VMware Workspace ONE—from Workspace ONE Intelligent Hub to productivity apps. Find out how to empower your employees with Hub Services, such as Notifications, Mobile Flows, People, and Home. This session will dive deep into mobile, desktop, Mac, and Windows deployments, as well as through your journey from just device management to Workspace ONE Intelligent Hub.

Mastering the Move to Modern Management Using ConfigMgr [UEM1570BU]

Want to lessen the risks when migrating to modern PC management? In this session, we will demonstrate how to do so with VMware Workspace ONE through co-management with ConfigMgr for your Windows 10 devices. This session will focus on moving workloads (devices, users, apps, collections) and use cases to modern management so you can reduce time spent on mundane IT tasks and focus on driving value for your business. You will learn all of the options available today as well as best practices for beginning your journey.

Security Takes a Village: Leveraging Workspace ONE Trust Network [UEM2155BU]

Security continues to be a top priority for mobility and digital workplace investment, yet complexity from using dozens of security tools in silos continues to be a challenge for organizations. Join this session to discover how VMware Workspace ONE Trust Network can give your organization a comprehensive, modern enterprise security approach to secure your employees, apps, endpoints, and networks. See demos of how Workspace ONE is architected with an API framework that integrates with trusted security partner solutions to provide a security approach you can count on.

Migrating Your Workspace ONE Deployment to the Cloud [UEM1929BU]

Within your organization, you are probably well underway on your cloud journey, whether it’s consuming software as a service (SaaS) or gradually moving workloads that make sense to the public or private cloud. SaaS has many benefits over traditional on-premises delivered offerings, including lower support costs, less maintenance overhead, less patching, and quicker time to value. This session explores some of those and our cloud architecture, as well as how we can help you take your VMware Workspace ONE deployment to the cloud.

How to Design a Zero-Trust Architecture Using Workspace ONE [UEM1558BU]

In this session, we will discuss how to build a zero-trust security architecture using features and functionality within VMware Workspace ONE.

Using VMware EUC APIs for Automation from a Fling Engineer [CODE1458BU]

Hear from a VMware engineer who has developed 8 end-user computing (EUC) flings on how to find and use REST APIs in VMware App Volumes, VMware Horizon 7, VMware Identity Manager, and VMware Workspace ONE UEM. Learn how to use tools such as Postman and browser developer tools. See how to use PowerShell to interact with the APIs for automation. The session will also contain several code examples.

Getting Started with VMware {code} Unified Endpoint Management Samples [CODE1567U]

Learn about all of the coding samples on the VMware {code} sample exchange. We will review how to use them, how to contribute, and explore future coding projects. We have samples for scripting onboarding of macOS and Windows 10 devices, for applying policies automatically leveraging REST APIs, and for Dell provisioning for VMware Workspace ONE. Sample Workspace ONE Sensors with a script to auto-populate your environment with data quickly. Join this session to learn how to get started today.

Privacy and Choice with Workspace ONE [DEE2294BU]

Millions of people are unaware of and uninformed about how their personal information is being used, collected, or shared in our digital society. This session will inspire a dialogue and empower individuals and companies to take action, while also showcasing that privacy is core to VMware Workspace ONE and how it enables choice for end users leveraging the Workspace ONE Intelligent Hub privacy options.

No Password? No Problem. Eliminate Passwords in Your Organization. [DEE2495BU]

Every year, there’s a new story about a big company breach that affects the targeted company and the thousands of customers whose information is compromised. In many cases, the breach happens due to employee credentials being compromised. This has organizations looking at ways to eliminate the dependency on using passwords to access protected corporate resources. In this session, we will explore the different tools available in the VMware Workspace ONE platform that can empower an organization to eliminate passwords. See how this can result in both improved security and a better customer experience when accessing corporate applications.

Enabling the Full Workspace ONE Intelligent Hub Experience [DEE2391BU]

Are you taking advantage of all VMware Workspace ONE Intelligent Hub has to offer? VMware product managers will take you through several real-world customer journeys, moving from traditional device management into digital transformation through Workspace ONE Intelligent Hub. We will show how you can move to the next step in your journey to optimize your end users’ experience. This session will include an example starting with a deployment that uses Workspace ONE Intelligent Hub for device management and the legacy app catalog. We will walk through the recommended communications and necessary product changes to enable the modern, unified catalog within Workspace ONE Intelligent Hub. We will highlight how the end users’ experience will change to show you exactly what to expect as you expedite digital transformation.

VMworld: Opportunity Knocks! Support Enterprise Endpoints Extending Workspace ONE [UEM1438BU]

with No Comments

Check out the presentation I will be giving at VMworld 2019 in San Francisco August 25-29 or in Barcelona November 4-7.

VMware embarked on a journey of transitioning from siloed endpoint management tools to a unified management approach across a fleet of mobile (iOS/Android) and desktops (Windows 10/macOS) devices. Along this journey to modern management (MM), we found and addressed gaps—particularly when it comes to supporting a global enterprise footprint of 70K+ devices and 24K+ users. The solution was found in extending VMware Workspace ONE® to meet the demands of Unified Endpoint Management (UEM). Come join us to learn how VMware is leveraging the capabilities already provided in Workspace ONE to fulfill our unique UEM requirements, with little overhead and rapid deployment. We will also demo the simple deployment approach, and the tools used in our journey.

https://my.vmworld.com/widget/vmware/vmworld19us/us19catalog?search=UEM1438BU

VMware Identity Manager and Certificates

with No Comments
[EXTERNAL POST BY PETER BJORK]

Are you struggling with uploading a new certificate to your VMware Identity Manager? Well, you are not alone.

But it isn’t that hard. You just need to know what the requirements are and then it is a matter of converting your existing certificate or building the chain correctly. In this blog post I’ll try to explain the process.

Identity Manager support certificate using PEM encoding with the private key using the PKCS #1 standard (from version 3.2 Identity Manager also supports PKCS #8). In order to change the certificate on Identity Manager you need to upload the full certificate chain. Yes, I know.. This will not make most people’s life any easier. But it is just the backdrop and if you are a certificate ninja, with above information you should be good to go..

Let’s start with some basics. [Continue here!]

How SaaS Made Seamless (and Secure) Identity Access Management a Reality for VMware

with No Comments
[EXTERNAL POST BY ROBERT COGGINS]
This infographic demonstrates why VMware Identity Manager is vital

How does VMware provide simple access to 1,000+ apps serving 28,000+ employees around the globe?

The answer is VMware Identity Manager™, an integral component of VMware Workspace ONE®. Identity Manager delivers improved security and employee satisfaction regardless of device or geography. Now our VMware colleagues (users) can access business web, cloud, and especially native mobile apps via a single sign-on (SSO) without having to repeatedly re-login or remember an endless multitude of passwords. Today, there are 70K+ devices enrolled in Workspace ONE, spread over both VMware owned and user owned devices. [Continue here!]

Privacy and Transparency on Mobile with the New Workspace ONE SDK Privacy Module

with No Comments
[EXTERNAL POST BY KELLY MASTERS]

Advancements in technology have altered how data in both our personal and professional lives is used, collected, processed and stored. As we approach the 1 year anniversary of the GDPR (General Data Protection Regulation) law in the European Union, privacy has never been more top of mind. We all know a dynamic privacy and security strategy is vital across industries, and as you’ve likely read in other blogs, the Workspace ONE platform can make this much less daunting. [Continue here!]

How Workspace ONE Empowered Colleagues by Making SSO a Reality

with No Comments
[EXTERNAL POST BY ROBERT COGGINS]
SSO blog

As a large enterprise with major enterprises as customers, VMware has tens of thousands of colleagues accessing apps daily. Unfortunately, the traditional sign-on process to access those apps is vulnerable to hacking, a fact compounded as each app requires a separate password. At issue is that passwords are not managed properly—colleagues often write them down or are otherwise lax with security. This leaves passwords open to theft and puts a significant drain on IT support. And alternative solutions (such as exponential passwords) don’t really work in reality as colleagues either bypass them or ignore safeguards altogether.

Realizing this mission-critical issue, VMware IT teams employed VMware Workspace ONE® with VMware Identity Manager™ and Workspace ONE UEM to cre… [Continue here!]

Extending Workspace ONE to Complete Your Enterprise Device Management Requirements

with No Comments

The Problem

Workspace ONE is a wonderful product! However, just like any other product, there are some features we would like to have, but aren’t part of the product yet or may never be. For a while this was frustrating to the VMware IT team. There was pressure to implement particular components but our requirements could not be met. A prime example of this was mac management. While the management of macs is great, we wanted Workspace ONE UEM to help more with our automated deployment capabilities. We needed the hostnames of these machines to be automatically determined and applied.

Our team decided to take a different view.  Instead of constantly hounding the product team to deliver on all of our demands we took a step back and reevaluated our options.  We found that through the Workspace ONE APIs, Workspace ONE already offered so much more than we initially realized.  The Workspace ONE APIs combined with FaaS enabled us to implement the additional requirements we have.

Use Cases

  • Identity Management Network Sync: VMware IT maintains multiple VMware Identity management tenants that have some overlapping requirements.  One of these requirements is our network definitions.  We are using this project to synchronize the network definitions from a primary VMware Identity Management tenant to multiple secondary tenants.
  • Device Hostnames: VMware IT needs to have automated and deterministic hostnames applied to Workspace ONE managed devices.
  • Criteria Based Automated Tagging: When managed devices meet certain requirements we are able to automatically apply a tag to the device in turn pushing down special profiles.

How We Solve It

Tools Used
  • AWS Lambda
  • AWS RDS
  • Python 3
  • Serverless
  • Workspace ONE UEM APIs
    • Custom attributes setting the device hostname (out of scope for this post)

Below is a sample diagram of how we solved the hostname requirements.  There are 2 flows.  The first (green) flow populates the AWS RDS database for use by the Lambda function and the second (blue) flow is the flow of a device obtaining a hostname.

  • Data Population (Green) Flow
    1. Scheduled task uses Workspace ONE API to capture device hostname and user data
    2. API replies with full list of devices with hostname and users
    3. The same task populates the database with the data
  • Device Hostname Request (Blue) Flow
    1. Device is enrolled into Workspace ONE UEM
    2. Script pushed to device to request hostname
    3. Device sends user, serial, and current hostname to Lambda function
    4. Lambda request device information from database
    5. Data returned from database
    6. Lambda Function compares data sent from device against known device data in database, determines hostname, and applies hostname

Impact

Our team has had positive results from utilizing this approach. We were able to roll out projects successfully and faster from utilizing this method and mindset. Utilizing this approach is a solution for our team on a regular basis. I believe IT operation teams whom are capable of thinking out of the box and harness the idea of FaaS for problem solving will be able to stand out as rock stars in their organization.

Now and The Future

Currently, we are using the AWS Lambda functions with the serverless framework to deploy our functions.  However, VMware has a new tool called Dispatch (Check it out here) that we are evaluating for our use cases.  This looks especially promising for on-premises use cases we do not want exposed on the public internet.

What are your use cases?

Please comment below and talk about your use cases and how you are solving them!  I would love to hear from you!