What Is VMware Workspace ONE Unified Endpoint Management (UEM)?
Today's modern workforce expect organizations to offer technologies that help them work from anywhere, any time, and on any device. That means that IT needs to manage multiple device platforms, whether that be Windows, macOS, iOS, Android, ChromeOS, and to enable access to work and data across all of those devices. This makes it difficult for IT to provide a consistent and seamless user experience.
Workspace ONE Unified Endpoint Management (UEM) is a single solution that manages all device types on all platforms in all use cases. It incorporates modern device management, application management, and security to give IT teams control over the highly diversified device deployments found in so many organizations today. Take a look at this introductory demo to learn how Workspace ONE UEM can help you.
Now that you have a high-level overview of what Workspace ONE UEM can do for you and your organization, read on to learn about the key features and architecture.
What are the Key Features of Workspace ONE UEM?
With Workspace ONE Unified Endpoint Management (UEM), you can manage devices used in the field and even in low-bandwidth environments. You can manage the full lifecycle of any endpoint – mobile (Android, iOS), desktop (Windows 10, macOS, Chrome OS), rugged and even IoT – in a single management console.
- Bring your own. Supports every type of device that your end users might use: Choose-your-own, Corporate Owned, Locked Down, and more.
- Supports full life-cycle management. Workspace ONE UEM supports full life-cycle management of a wide variety of devices: phones, tablets, Windows 10, and rugged and special-purpose devices.
- Provides numerous enrollment options. Provides you with a wide variety of enrollment options, including auto-enrollment, QR code enrollment, sideload, in bulk, barcode enrollment like Zebra StageNow and Honeywell Enterprise Provisioner.
You can deliver a great employee experience that is consistent on any device, no matter where your end users are located, by combining an easy login experience via Intelligent Hub with SSO, a self-service unified app catalog, and more.
- Single Sign-On. Utilizes certificates to establish trust, providing a password-less, single sign-on (SSO) experience. Your end users log in once. They don’t have to remember a bunch of credentials or type in the same password every time they access another app.
- Easy Login via Intelligent Hub. End users can login to the Intelligent Hub to seamlessly launch the apps they need. And if they try to access an app with confidential data, the Hub prompts them to elevate management on their device.
- Self-Service Access to Apps. Provides your end users with self-service access to the apps they need to get their jobs done. The App Catalog displays an individualized menu of applications and virtual desktops that each end user is entitled to. They can organize their options and select favorites to customize the catalog for easy use.
You can leverage intelligent insights and rule-based automation to optimize the end-user experience, ease the strain on IT, and enable proactive management and security. Workspace ONE UEM provides visibility and key analytics.
- Automatic deployment. Provides automatic deployment or self-service application access for end users.
- Device tracking. Provides you with the ability to track a device in the Workspace ONE UEM Console after it is enrolled, and to gather critical data such as system diagnostics, network information, certificates, apps, custom attributes, and more.
- Customizable dashboards. Provides you with the ability to customize dashboards in infinite ways to provide the data that matters most, as well as analytics that help resolve issues that can impact user experience.
- Dynamic policy engines. Provides you with the ability to set dynamic policies to automate routine processes that minimize manual tasks. For example, configuring a policy to proactively update drivers based on data retrieved during a vulnerability scan, or to optimize firmware settings that improve performance and stability.
- Self-service capabilities. Provides you with the ability to grant self-service capabilities to end users, which reduces support requests. For example, recommending action based on data suggesting a battery is about to fail.
You can defend against modern-day security threats with the rich set of customizable controls that Workspace ONE UEM provides. You can address security on multiple fronts by customizing security and compliance policies, conditional access, device posture checks, and more. Workspace ONE UEM offers a comprehensive security approach that encompasses user, endpoint, app, data, and network.
- Security settings. Provides you with the ability to configure security settings for both end users and devices that comply with all security requirements, and yet simplify access at the same time.
- Troubleshooting. When things go wrong, you can utilize troubleshoot capabilities, such as remote assistant or remote logging, to fix issues in real-time.
- Monitoring and supervision. Provides built-in features for system settings, data protection, apps, device controls, and more, that can restrict actions like sharing sensitive data between apps and syncing with unknown devices to prevent data leakage. Corporate-owned devices can be supervised for higher levels of control.
- Certificate lifecycle management. Provides a service that can renew certificates automatically or manually.
- VMware Workspace ONE® Tunnel. Encrypts traffic from individual applications to the back-end systems they talk to with “least privilege access” through the VMware Unified Access Gateway™, which proxies and protects the application.
How about the Architecture of Workspace ONE UEM?
As an IT admin, you can use Workspace ONE UEM to handle device enrollment, a customized app catalog, policy enforcement, compliance, and integration with email, social media, and more.
In the following diagram, you can see your end users with their devices accessing a Workspace ONE UEM tenant in the cloud, which is powered by the AirWatch Cloud Connectors and Active Directory domain controller.
Workspace ONE UEM Components
Here are some of the key components that make up Workspace ONE UEM:
- Workspace ONE UEM Console.
Provides you with a friendly and intuitive console where you can configure policies to monitor and manage devices in your environment. The console is a service that is hosted in the cloud and managed for you as a part of the SaaS offering. It provides multi-tenancy, role-based access, profiles, app management options, smart groups, and more.
- Workspace ONE UEM Device Services.
Provides the ability to communicate with all of your managed devices for device enrollment, application provisioning, delivering commands and receiving data from devices, and hosting the self-service catalog.
- AirWatch Cloud Connector.
Provides you with the ability to integrate Workspace ONE UEM powered by AirWatch with your back-end enterprise systems. The AirWatch Cloud Connector runs in the internal network, and securely transmits requests from Workspace ONE UEM to your critical infrastructure components. The Cloud Connector integrates with internal components such as email relay, directory services, Email Management Exchange, Syslog, and more. Find out more by watching Foundations - The AirWatch Cloud Connector.
- Workspace ONE UEM REST API.
Provides support for developers creating their own applications to utilize the information in Workspace ONE UEM. You can use these APIs in Workspace ONE to query for information, take actions, or create new items such as applications.
- VMware Tunnel.
Provides a secure and effective method for individual applications to access corporate resources hosted in the internal network. The Tunnel sets up a VPN connection between corporate apps and corporate resources. This provides greater security, especially for apps that contain sensitive data, including encryption, data protection, compliance, and removal of apps when a device is unenrolled.
Here are some of the additional members of the Workspace ONE family that interact with Workspace ONE UEM:
- Workspace ONE Access (formerly VMware Identity Manager).
It provides a seamless single sign-on (SSO) experience to web, mobile, software-as-a-service (SaaS), and legacy applications. VMware Workspace ONE Access provides application provisioning, an intuitive hub catalog, conditional access controls, directory integration, user authentication, and integration with resources such as Horizon.
- Workspace ONE Intelligence.
A cloud service built for the VMware Workspace ONE platform that provides deep insights into the entire digital workspace, enables smart unified endpoint management (UEM) planning, and delivers powerful automation for the entire digital workspace.
- Workspace ONE Intelligent Hub.
The Workspace ONE Intelligent Hub application allows end users to access enterprise and Web apps, stay connected with colleagues, and be productive on any device (Android, iOS, macOS, Windows 10) from anywhere.
- Workspace ONE Airlift.
A server-side connector that bridges administrative frameworks between Workspace ONE UEM and ConfigMgr (Microsoft System Center Configuration Manager). This allows you to move applications and management workloads to the appropriate platform without having to redefine device and group memberships.
Top 5 things you should know
Now that you’ve got an idea of what Workspace ONE UEM can do, check out this video for the top 5 things you should know about Workspace ONE UEM.
Here are some great places to go to learn more about Workspace ONE UEM:
- Workspace ONE UEM Architecture
- Workspace ONE UEM Configuration
- Forklift for Workspace ONE UEM: Feature Walk-through
- Enrolling Head-Mounted Wearables with VMware Workspace ONE UEM