Karim Chelouati
Read More from the Author

Sr. Technical Marketing Manager, VMware. Karim Chelouati is a senior technical marketing manager on the Technical Marketing team at VMware End-User Computing.

Article Interactions

[Deep Dive] Workspace ONE Intelligence

May 01, 2018

Integrated Insights, Automation, and App Analytics

The latest updates for Workspace ONE Intelligence are now available! This deep dive covers four key topics: data storage and security, data visualization, automation, and app analytics.

  1. For admins who are nervous about the security of their data in our cloud-based service, you can now rest easy knowing what types of data Workspace ONE Intelligence streams, what it stores, and how that data stays secure.
  2. Take advantage of the new data visualization capabilities to customize the at-a-glance view of your Workspace ONE environment to your needs.
  3. Use the new automation capabilities to enable hands-free management of critical enterprise workflows.
  4. Explore another world of possibilities for intelligence with Apteligent app analytics.

Data Storage & Security

VMware Workspace ONE Intelligence provides real-time insights by streaming deployment data from Workspace ONE.

First–time synchronization pushes all of the AirWatch Database’s available data. The data available for streaming is determined by how the AirWatch Console and its privacy settings are configured. For 10.000 devices, the initial export should take less than 7 minutes.

After the initial sync, all further synchronizations are based on device samples cached on the AirWatch Database. This cache is checked every 10 seconds and samples are sent to Intelligence

To support historical analysis, VMware also stores the raw and trend data in its cloud services infrastructure. The following table provides more information about what data VMware stores, and how it stores that data.

To protect this data, Workspace ONE Intelligence uses organization-wide security measures, as well as its own design to mitigate security risks.

Requirements

Before using Workspace ONE Intelligence, you must meet the minimum requirements.

  • Cloud-based or on-premises instance of Workspace ONE.
  • Buy the Workspace ONE Enterprise SKU or the Workspace ONE Intelligence Add-On SKU to get access to all features
    Existing Workspace ONE customers get access to reporting functionality. However, the full Intelligence feature set, which includes reports, dashboards, app analytics, and automation, only comes with the purchase of the appropriate SKU. See the Workspace ONE product page for more information on features and pricing.
  • AirWatch Console v9.2 or later
  • Admin role with appropriate access
    The following roles has access to Workspace ONE Intelligence enabled by default
    • System Admin
    • AirWatch Admin
    • Console Admin

    Administrator can create or change existing roles to add or remove access to Intelligence

  • Enable reports powered by Workspace ONE Intelligence
  • On-Premises Customers Only Install Workspace ONE Intelligence Connector (aka ETL service)
    For on-premises customers, Workspace ONE Intelligence relies on the extract, transform, load (ETL) service to capture and push data for reporting. Using the preferences configured in the AirWatch Console, the service captures each category’s most important data.
    Hardware Requirements
    Single, Dedicated Server
    • 1 CPU
    • 8 GB RAM
    • 50 GB Storage
    One Server Per Site For site redundancy and disaster recovery
     Software Requirements
    Operating System Windows Server 2012 R2 or 2016
    Java Java 8
    Network Requirements
    Outbound traffic from the ETL service Port 443
    Internal network access to the AirWatch database The port used is based on your AirWatch deployment
  • Opt-in via AirWatch Console
    Opt into the Workspace ONE Intelligence interface from the Workspace ONE UEM console to begin using dashboards, automation, and reports.
    • In the AirWatch Console, navigate to Hub > Intelligence, and click Next.
    • Select Opt-in, and click Next.
    • Review the Terms of Service and complete the required fields. Click Accept.

Customized Data Visualization & Automated Workflows

Add widgets to define the layout of My Dashboard. Then, use the following actions to further adjust the display:

  • Move Widgets – Select or grab widgets by the title and drag them anywhere on the dashboard.
  • Resize Widgets – Hover the cursor over any of the four edges of the widget to manually resize it.
  • Delete Widgets – Select the ellipsis on the top right-hand corner of any widget and select Delete.

    To simplify data visualization, My Dashboard provides predefined widget templates that display your deployment’s metrics. Common metrics and their associated widgets include:

    Metric Widget
    Asset tracking Platform and OS Breakdown
    Security Compromised Status by OS Version
    Application deployment Top 10 Popular Apps
    Windows patches Security Patch Status

    My Dashboard provides templates for app, device, and OS update metrics. To customize the data a template displays, configure filters, charts, diagrams, and parameters.

    Automated Workflows

    Now, you can configure automated workflows to act on your Workspace ONE environment’s unique scenarios.

    A workflow consists of triggers that cause the engine to use a set action through Workspace ONE or an integrated third-party service. Triggers are based on the evaluation of Device Samples sent by ETL Service to Intelligence Cloud Service.

    1. ETL sends samples to Intelligence Cloud Service
    2. Intelligence Cloud Service checks sample content
    3. If matched against any of the Automation Trigger Criteria that has been already configured, then the Action is triggered

    You can configure workflows from scratch, or use preset templates. Once the workflow is configured, the decision engine only monitors data from that point forward, it does not analyze historical data. This differs from the AirWatch Compliance Engine, which evaluates the current state of devices when the rule is created.

    While the decision engine is a robust feature, it is not the only automation engine in the Workspace ONE platform.

    • Decision Engine – The decision engine automates workflows across the entire environment, leveraging over 196 parameters from devices, apps and users to trigger automated actions across the environment including third party services like Service Now, Slack and more. The Decision engine goes beyond compliance – acting on triggers from devices to automate patch deployments, push app updates, change device configurations, etc.
    • AirWatch Compliance Engine – The AirWatch compliance engine leverages up to 18 parameters to ensure device compliance across the environment. It’s a very powerful tool for closed-loop remediation. Its engine acts on closed-loop workflows where a user can have resources returned after becoming compliant again.
    • Identity Manager Access Control Engine – This engine creates conditional access policies using inputs like network range, device type/OS, user security group, authentication strength and AirWatch Compliance engine status. It uses these inputs to conditionally allow, block or force additional authentication before providing users on managed or unmanaged devices access to applications.

    API Communications & Third-Party Connections

    The automation feature of Workspace ONE Intelligence uses APIs for communication between your Workspace ONE environment, the decision engine, and third-party services.

    You can connect to the VMware Workspace ONE UEM API server, by generating an API key. For On-Premises Workspace ONE installations, the API Endpoint must be accessible from the Internet with trusted SSL Certificate.

    Generate an API Key in the AirWatch Console

    To enable Workspace ONE Intelligence to use APIs to communicate with third-party services for automation, enter the API authentication credentials to Workspace ONE Intelligence.

    Enter API Authentication credentials into Workspace ONE Intelligence

    You can also configure connections in the third-party services such as Slack and ServiceNow.

    Introducing App Analytics with Apteligent

    Apteligent monitors, prioritizes, troubleshoots, and trends your mobile app performance issues in real-time.

    Support & Additional Resources

    • iOS, Android, hybrid, and HTML 5 SDKs available
    • SaaS Only
    • Data collected by Apteligent SDK is currently stored only in US Datacenters
    • Apteligent Documentation

    Contributors

    Shardul Navare, Senior Technical Marketing Manager for VMware EUC
    Andreano Lanusse, Staff Solution Architect for VMware EUC
    May 01, 2018
    Karim Chelouati
    Read More from the Author

    Sr. Technical Marketing Manager, VMware. Karim Chelouati is a senior technical marketing manager on the Technical Marketing team at VMware End-User Computing.

    Article Tags
    Article Interactions