BACKGROUND IMAGE: stock.adobe.com
LAS VEGAS -- IT professionals can simplify Windows 10 management and gather more information about devices with new features in VMware's Workspace One.
VMware added Windows 10 patching, updating and security Windows 10 management capabilities in Workspace One here at VMworld 2018. IT pros can take advantage of Common Vulnerabilities and Exposure (CVE) data, as well as the general availability of AirLift, the company's System Center Configuration Manager co-management and migration platform. Many of the updates aim to help IT glean more detailed data about Windows 10 devices through Workspace One Intelligence.
"It's about optimizing the workspace experience based on the requirements on the endpoint," said Steve Brasen, research director at Enterprise Management Associates Inc. in Boulder, Colo. "What's happening on that device? On the network? On the applications?"
Windows 10 management through Workspace One
Workspace One provides IT with centralized Windows 10 management of users' devices, operating systems and applications. IT pros can now use VMware Workspace One Intelligence, the platform's cloud-based data collection and automation tool, to collect CVE data and identify high-risk Windows 10 devices in their organizations. They can use that information to automate patching for those devices and their applications.
Mark Bowkersenior analyst, Enterprise Strategy Group
The real value today comes from the data collection itself, rather than the automation, said Mark Bowker, senior analyst at Enterprise Strategy Group in Milford, Mass.
"The idea of being able to automate response is several steps down the road before a customer would get comfortable with that," Bowker said.
Workspace One Intelligence can also help IT pros with Microsoft System Center Configuration Manager (SCCM) who often have thousands of Group Policy Objects (GPOs) to keep track of in the move to Workspace One. VMware is introducing baselines and templates based on industry security standards, such as those from the Center for Internet Security, to help IT ensure GPO compliance after the transition.
Also new in Windows 10 management, the Windows Update Intelligence feature provides risk scores for Windows 10 devices and always-on patching that automatically keeps the OS up to date. The tool can report on what version of Windows 10 a device has, when it last received a cumulative update and how many Windows 10 devices are on the network.
"It's very interesting to view your entire environment really quickly," said Ryan Falvey, team lead for end-user computing at World Wide Technology, a services provider in Missouri that uses Workspace One. "[VMware] is giving us more intelligence into the different patches that need to be applied across the board, so I am very interested in seeing where it's going."
VMware also announced the use of sensors, which Workspace One installs as agents on endpoint devices to gather system attributes, including warranty information, firmware versions, custom hardware inventory, application data and more. The agent runs PowerShell scripts that report back to the console. IT can then use that information to alter any attributes on endpoints.
The first phase of sensor data is limited to Windows, but VMware plans to extend the capability to Apple macOS and mobile platforms as well, the company said.
"[VMware is] leading the charge," Falvey said. "[Workspace One] is going to be great when it's fully rolled out and we're managing all our devices across the entire end-user stack."
AirLift general availability
VMware announced general availability for AirLift, a server-side SCCM and Workspace One co-management and migration tool unveiled in March. AirLift allows IT to use SCCM to manage the server side of their networks and AirWatch to manage Windows 10 devices. It aims to simplify the transition from SCCM to Workspace One modern Windows 10 management, including processes around BitLocker, device onboarding, software distribution and the PC lifecycle.
"[VMware] is now positioning [AirLift] as a migration tool to grab the market share from SCCM and convince users they don't have to do a lot of work to get VMware Workspace One running," Brasen said. "You can leverage the resources you already have with SCCM and then slowly migrate in a way that works best for your organization."
With AirLift, IT pros can either move all of their Windows 10 desktop management processes to Workspace One or use AirLift's console to pick which tasks SCCM will handle and which ones Workspace One will handle.
"Teams have invested heavily in SCCM training and expertise on staff," Bowker said. "They aren't in any rush to push that off."
Falvey's company may be too far along in the move to Workspace One to get the full value from AirLift, but he hopes this capability can fill some gaps, he said.
"We're hoping that it will still bring in some stuff we didn't think about -- policies, registry changes -- that we're not packaging up yet," Falvey said. "People that are just picking it up now and trying to move from SCCM into AirWatch in a quick process -- it will be very helpful for them."
The Workspace One Intelligent Hub is a newly designed interface where users can access applications and IT services in a consistent manner across all devices.
IT can implement new capabilities around notifications, contacts, search and mobile single sign-on in the Hub. The search function now includes people search, which allows users to search for other users. The Power Moments feature allows users to determine the importance of notifications by designating them as VIP or Alerts.
VMware partners can integrate services such as ServiceNow or Slack into the Hub so users can work with them directly in that interface rather than launching a separate app. It also supports Okta Catalog and Conditional Access to provides users with self-service capabilities such as password resets.