Integrated Insights, Automation, and App Analytics
The latest updates for Workspace ONE Intelligence are now available! This deep dive covers four key topics: data storage and security, data visualization, automation, and app analytics.
- For admins who are nervous about the security of their data in our cloud-based service, you can now rest easy knowing what types of data Workspace ONE Intelligence streams, what it stores, and how that data stays secure.
- Take advantage of the new data visualization capabilities to customize the at-a-glance view of your Workspace ONE environment to your needs.
- Use the new automation capabilities to enable hands-free management of critical enterprise workflows.
- Explore another world of possibilities for intelligence with Apteligent app analytics.
Data Storage & Security
VMware Workspace ONE Intelligence provides real-time insights by streaming deployment data from Workspace ONE.
First–time synchronization pushes all of the AirWatch Database’s available data. The data available for streaming is determined by how the AirWatch Console and its privacy settings are configured. For 10.000 devices, the initial export should take less than 7 minutes.
After the initial sync, all further synchronizations are based on device samples cached on the AirWatch Database. This cache is checked every 10 seconds and samples are sent to Intelligence
To support historical analysis, VMware also stores the raw and trend data in its cloud services infrastructure. The following table provides more information about what data VMware stores, and how it stores that data.
To protect this data, Workspace ONE Intelligence uses organization-wide security measures, as well as its own design to mitigate security risks.
Before using Workspace ONE Intelligence, you must meet the minimum requirements.
- Cloud-based or on-premises instance of Workspace ONE.
- Buy the Workspace ONE Enterprise SKU or the Workspace ONE Intelligence Add-On SKU to get access to all features
Existing Workspace ONE customers get access to reporting functionality. However, the full Intelligence feature set, which includes reports, dashboards, app analytics, and automation, only comes with the purchase of the appropriate SKU. See the Workspace ONE product page for more information on features and pricing.
- AirWatch Console v9.2 or later
- Admin role with appropriate access
The following roles has access to Workspace ONE Intelligence enabled by default
- System Admin
- AirWatch Admin
- Console Admin
Administrator can create or change existing roles to add or remove access to Intelligence
- Enable reports powered by Workspace ONE Intelligence
- On-Premises Customers Only Install Workspace ONE Intelligence Connector (aka ETL service)
For on-premises customers, Workspace ONE Intelligence relies on the extract, transform, load (ETL) service to capture and push data for reporting. Using the preferences configured in the AirWatch Console, the service captures each category’s most important data.
Hardware Requirements Single, Dedicated Server
- 1 CPU
- 8 GB RAM
- 50 GB Storage
One Server Per Site For site redundancy and disaster recovery Software Requirements Operating System Windows Server 2012 R2 or 2016 Java Java 8 Network Requirements Outbound traffic from the ETL service Port 443 Internal network access to the AirWatch database The port used is based on your AirWatch deployment
- Opt-in via AirWatch Console
Opt into the Workspace ONE Intelligence interface from the Workspace ONE UEM console to begin using dashboards, automation, and reports.
- In the AirWatch Console, navigate to Hub > Intelligence, and click Next.
- Select Opt-in, and click Next.
- Review the Terms of Service and complete the required fields. Click Accept.
- In the AirWatch Console, navigate to Hub > Intelligence, and click Next.
Customized Data Visualization & Automated Workflows
Add widgets to define the layout of My Dashboard. Then, use the following actions to further adjust the display:
- Move Widgets – Select or grab widgets by the title and drag them anywhere on the dashboard.
- Resize Widgets – Hover the cursor over any of the four edges of the widget to manually resize it.
- Delete Widgets – Select the ellipsis on the top right-hand corner of any widget and select Delete.
To simplify data visualization, My Dashboard provides predefined widget templates that display your deployment’s metrics. Common metrics and their associated widgets include:
|Asset tracking||Platform and OS Breakdown|
|Security||Compromised Status by OS Version|
|Application deployment||Top 10 Popular Apps|
|Windows patches||Security Patch Status|
Now, you can configure automated workflows to act on your Workspace ONE environment’s unique scenarios.
A workflow consists of triggers that cause the engine to use a set action through Workspace ONE or an integrated third-party service. Triggers are based on the evaluation of Device Samples sent by ETL Service to Intelligence Cloud Service.
- ETL sends samples to Intelligence Cloud Service
- Intelligence Cloud Service checks sample content
- If matched against any of the Automation Trigger Criteria that has been already configured, then the Action is triggered
You can configure workflows from scratch, or use preset templates. Once the workflow is configured, the decision engine only monitors data from that point forward, it does not analyze historical data. This differs from the AirWatch Compliance Engine, which evaluates the current state of devices when the rule is created.
While the decision engine is a robust feature, it is not the only automation engine in the Workspace ONE platform.
- Decision Engine – The decision engine automates workflows across the entire environment, leveraging over 196 parameters from devices, apps and users to trigger automated actions across the environment including third party services like Service Now, Slack and more. The Decision engine goes beyond compliance – acting on triggers from devices to automate patch deployments, push app updates, change device configurations, etc.
- AirWatch Compliance Engine – The AirWatch compliance engine leverages up to 18 parameters to ensure device compliance across the environment. It’s a very powerful tool for closed-loop remediation. Its engine acts on closed-loop workflows where a user can have resources returned after becoming compliant again.
- Identity Manager Access Control Engine – This engine creates conditional access policies using inputs like network range, device type/OS, user security group, authentication strength and AirWatch Compliance engine status. It uses these inputs to conditionally allow, block or force additional authentication before providing users on managed or unmanaged devices access to applications.
API Communications & Third-Party Connections
The automation feature of Workspace ONE Intelligence uses APIs for communication between your Workspace ONE environment, the decision engine, and third-party services.
You can connect to the VMware Workspace ONE UEM API server, by generating an API key. For On-Premises Workspace ONE installations, the API Endpoint must be accessible from the Internet with trusted SSL Certificate.
Generate an API Key in the AirWatch Console
To enable Workspace ONE Intelligence to use APIs to communicate with third-party services for automation, enter the API authentication credentials to Workspace ONE Intelligence.
Enter API Authentication credentials into Workspace ONE Intelligence
Introducing App Analytics with Apteligent
Apteligent monitors, prioritizes, troubleshoots, and trends your mobile app performance issues in real-time.
Support & Additional Resources
- iOS, Android, hybrid, and HTML 5 SDKs available
- SaaS Only
- Data collected by Apteligent SDK is currently stored only in US Datacenters
- Apteligent Documentation
|Shardul Navare, Senior Technical Marketing Manager for VMware EUC|
|Andreano Lanusse, Staff Solution Architect for VMware EUC|