By Kyle Johnson and Jack Madden
In November, we spent a day at the VMware campus in Palo Alto to dig into Workspace ONE. So far, we wrote about how Dell provisioning for Workspace ONE works; today we’ll go over the new Workspace ONE Intelligent Hub and the latest in Mobile Flows. For this segment, we sat down with Kelly Masters (from product marketing) and Hemant Sahani (product management).
Basic productivity apps are interesting because even though Android and iOS provide a lot of control via MDM, in many scenarios, end users will be spending a lot of time with third-party email apps, browsers, app catalogs, and the like.
The Workspace ONE productivity apps have been around since the AirWatch/pre-VMware days, but we wanted to spend time learning about the current generation.
Workspace ONE Intelligent Hub vs App catalog and AirWatch Agent
First, let’s look at exactly what the Intelligent Hub is, compared to the previously existing Workspace ONE app catalog and AirWatch Agent.
Prior to the Hub, these two apps—the AirWatch Agent and Workspace ONE—were separate. They were also distributed via separate developer certificates, reflecting their respective origins. The AirWatch Agent served largely as the management side, providing EMM, UEM, and a security layer, while the app catalog provided a single place to access Workspace ONE apps and approved third-party apps.
Then, at VMworld 2018 in late August, VMware announced that the app catalog and Workspace ONE UEM would be combined into one app. It’s something we’ve been expecting for years, so it wasn’t the biggest announcement, but it was an important step.
When it comes to signing and distribution, the new Workspace ONE Intelligent Hub comes as an update to the existing AirWatch Agent—so for those users, the migration should be simple. The AirWatch brand was rebranded as Workspace ONE Unified Endpoint Management in May, so with this update, some of the last vestiges of the old brand are going away.
For now, the existing Workspace ONE app still be available alongside the Intelligent Hub. Hemant explained that new development will focus on the Intelligent Hub, and VMware predicts that customers will migrate in 12 to 18 months.
What does Workspace ONE Intelligent Hub do?
Depending on the implementation, users will see up to five tabs:
- Home: This is an optional tab that customers can use to link to a corporate webpage. The tab can be renamed; and they’re planning on Workspace ONE Tunnel (VPN) integration so customers can link it to intranet sites.
- Apps: This is where users find apps to download, or launch and SSO into their apps. Customers can customize the options and branding on this page.
- People: This tab pulls in org charts from Active Directory; and will replace VMware’s previous freestanding People app.
- Notifications: Here, users will get a subset of Mobile Flows functionality. It remains a work in progress; for now it just offers alerts when new apps are available in catalog; or administrators can program notifications through the Workspace ONE API.
- Support: This default tab is included, as well.
The Intelligent Hub will also continue to function as the MDM agent. You can see documentation for all this at the VMware Docs website.
Besides Intelligent Hub, there are a wide range of active apps, including: Verify (for MFA); Content (EFSS); Web; Boxer (email); Notebook (currently in beta, standard note syncing functionality); and Send for transfering between Workspace ONE and Microsoft Intune-managed apps. In many cases, customers might be mixing and matching with native built-in apps or other third-party apps.
Next, Mobile Flows was already on our mind, but then Citrix announced the acquisition of Sapho right before our VMware campus visit.
Mobile Flows was announced over a year ago at VMworld 2017. What’s actually in the product today?
On the client side, today, users get the previously mentioned subset of functionality in Intelligent Hub, and full functionality in Boxer. Users can complete workflow tasks such as: add contacts to Salesforce accounts; approve or deny expense reports and ServiceNow requests; or comment, deny, or approve pull requests. Mobile Flows can spot keywords in emails and pull up relevant workflows. Currently, there are nine pre-built connectors (according to VMware Docs); plus customers can build their own custom connectors.
We discussed a few smaller items on the Mobile Flows roadmap, but on our end, we would speculate that the obvious thing for VMware to do would be to bring the full Mobile Flows experience to Intelligent Hub, since users that choose native email clients wouldn’t have access to it in Boxer. When it comes to data entry and lookup workflows, one thing to watch out for are new content features in the Workspace ONE SDK, announced at VMworld Europe.
The more important question is the overall future of “workflow” apps. Will they be a core part of EMM, or just a nice-to-have component? We like the idea of having some basic features bundled with EMM suites, so that admins can start tinkering for free. But there are a lot of other routes that customers have, too. It’s kind of like the early days of enterprise file sync and share, when we wondered whether offerings that were part of EMM suites would be common, or if freestanding products would dominate.
Then there are plenty of other questions about where it makes sense to use workflow apps, who will build them, and how broad adoption will be—it’s still early days for all of these questions. This is also something Jack and Brian discussed during our most recent podcast.
BYOD and high-security containerization
Another topic we discussed with Kelly and Hemant was the state of Workspace ONE apps in regulated and high-security industries.
One question we’ve been looking into this year is if there are still any major holes that modern EMM can’t cover. Overall, the answer seems to be no, which is good.
Another question that Jack has written about is that it’s hard to independently evaluate all the different mobile app management and security SDKs out there, so we wanted to hear more about what VMware sees as the key features in their solution. There are lots of MAM policies for Workspace ONE apps, but Hemant highlighted their strengths in group-based policies, certificate management, and support for derived credentials as important points for their customers. In December, VMware announced NIAP compliance.