VMware Workspace ONE Cloud-Based Reference Architecture
combines identity and mobility management to provide frictionless and secure access to all the apps and data that employees need to work, wherever, whenever, and from whatever device they choose.
delivers cloud-hosted virtual desktops and applications from your own Microsoft Azure infrastructure.
This reference architecture describes how you can use Workspace ONE and Horizon Cloud Service on Microsoft Azure to create services that address everything from basic mobile management and secure identity-based access to full virtual desktop access on mobile devices with seamless single sign-on (SSO) across all applications.
Mobile device and identity services are delivered through and . These services, in combination with the Workspace ONE app, extend the on-premises directory infrastructure and deliver unified and seamless SSO access to software-as-a-service (SaaS) applications, public mobile applications, on-premises RDSH-published applications and virtual desktops, as well as legacy applications.
Figure: User Workspace with VMware Workspace ONE
Additionally, Workspace ONE integrates with VMware Horizon®, either to cloud-hosted virtual desktops and applications with Horizon Cloud Service, or to on-premises virtual desktops and published applications. This integration provides fast SSO access to a Windows desktop or set of Windows applications for those users that require it.
The example architecture and deployment described in this guide address key business requirements. The approach taken is, as with any technology solution, to start by defining those business requirements and drivers. The requirements can, in turn, be mapped to use cases that can be adapted to most scenarios.
Figure: Sample VMware Workspace ONE Cloud-Based Logical Architecture Overview
One key step in addressing the use cases is defining blueprints for the services to be delivered. This step allows us to understand the components and parts that need to be designed, built, and integrated. The resultant environment and services can be easily adapted to address changes in the business and use cases
To deliver a Workspace ONE solution, you build services efficiently from several reusable components. Our modular, repeatable design approach combines components and services to customize the end-user experience without requiring specific configurations for individual users.
Figure: Sample Workspace ONE Service Blueprint
The Horizon Cloud architecture content in this guide uses key features, such as to deliver a persistent end-user experience in nonpersistent environments while accelerating the delivery of OS, applications, and user configuration.
Figure: Sample Horizon Cloud Service Blueprint
After deployment, users can access applications at the touch of an icon, regardless of where those applications or services are deployed. Users can also use the self-service feature of the Workspace ONE mobile app or secure browser to add applications as needed from a single catalog.
Figure: Workspace ONE App on an iOS Device
Workspace ONE is an intelligence-driven digital workspace platform that simply and securely delivers and manages any app on any device by integrating access control, application management, and multi-platform endpoint management.
Included in the features that Workspace ONE delivers are:
- Unified Endpoint Management – Manage all devices, including mobile, desktop, rugged, and IoT, from a single console with Workspace ONE UEM powered by AirWatch. Drive consistent processes and policies across iOS, Android, Windows, macOS, Chrome OS, and more.
- Secure digital workspace – Provide security across your evolving digital workspace with capabilities that protect, detect, and remediate against modern-day threats.
- Simplified access management – Boost productivity and simplify the experience for employees with secure, password-free SSO to Windows, native, cloud, and web apps on any phone, tablet, or laptop—all through a single app catalog.
- Modern Windows management – Reduce IT time and cost with modern, over-the-air, complete PC lifecycle management (PCLM) of Windows 10 from the cloud.
- Intelligence across the digital workspace – Get integrated insights, app analytics, and powerful automation that improve user experience, help optimize resources, and strengthen security and compliance across your entire environment.
Horizon Cloud Service on Microsoft Azure simplifies the delivery of virtual desktops and apps by combining the management simplicity of the Horizon Cloud control plane with the economics of Microsoft Azure.
You connect your Microsoft Azure subscription to Horizon Cloud to manage and deliver VDI desktops and virtual RDS-enabled Windows servers for RDSH-published desktops and applications.
- Simplified deployment – IT can save time getting up and running with an easy deployment process, simplified management, and an architecture built for the cloud.
- Complexity redefined – Easily deploy and manage virtual applications and desktops on Microsoft Azure while leveraging cloud resources.
- Cloud architecture – Use Microsoft’s many Azure data center regions across the globe, including Microsoft Azure Government.
- Cost control and flexibility – For organizations with fluctuating app usage, the Horizon Cloud Service on Microsoft Azure solution provides flexible, consumption-based pricing.
This reference architecture underwent validation of design, environment adaptation, component and service build, integration, user workflow, and testing to ensure that all the objectives were met, that the use cases were delivered properly, and that real-world application is achievable.
The VMware Workspace ONE Cloud-Based Reference Architecture illustrates how Workspace ONE can deliver a modern digital workspace that meets key business requirements and common use cases for the increasingly mobile workplace.