Workspace One is an Enterprise Mobility Management system (EMM) with Unified Endpoint Management (UEM) used to secure endpoint devices and virtual systems onto a single cloud-based system. Applications can be deployed and controlled by a single admin console. Identity management and multi-step authentication further enhance the security of endpoint devices. Powerful collaboration tools increase the connectivity and productivity of employees. Workspace One can either be an on-premise facility or implemented as SaaS based software. End-user experience is enhanced with Single Sign-On to access the company application catalog. In this article we will explore all the component of VmWare Workspace One.
Components of Workspace One
Workspace One UEM console
Workspace One UEM console is an admin console that runs on a web browser to onboard, monitor, secure, and control corporate endpoint devices. It helps the IT team manage all devices from a single console.
Device services are concerned with onboarding new devices, application deployment and control, and communication with all devices in real-time by sending commands and receiving data and feedback. A self-service portal is hosted on devices that end users can access through a web browser to monitor and control their devices on the Workspace One UEM console.
Airwatch Cloud Messaging (AWCM)
Airwatch Cloud Messaging works with Airwatch Cloud Connector (ACC) to provide secure communication between Workspace One UEM console and endpoint devices without the need to access any external internet or consumer accounts. All communications to backend systems are secured as well. AWCM is an alternative to Firebase Cloud Messaging (FCM) and the only way to have mobile device management abilities on windows rugged devices.
The mains benefits of AWCM are:
- Communications to back-end systems secured with Airwatch Cloud Connector.
- Workspace One UEM windows intelligent hub uses this service to communicate in real-time.
- No need to access a public network, consumer accounts, and third-party applications.
- AWCM service used by Workspace One UEM console to communicate, send commands and receive data from android and windows rugged devices.
- Mac OS and iOS devices have the feature to run remote commands such as device lock and data wipeout.
- Internal Wi-Fi only devices function enhanced with occasional push notifications.
API (Application Program Interface)
The APIs are used to develop applications by developers to start Workspace One UEM functionality and use the information stored. Airwatch API is installed on CN and DS application servers and is configured to CN by default. The components of Airwatch API are:
- Representational State Transfer(REST)
- Simple Object Access Protocol(SOAP)
Version 2 of REST API is recommended for developing new applications as it is easier to use and has long-term support options.
All device and environmental data in Workspace One UEM console are stored on Microsoft SQL server database. For proper deployment, the amount of data flowing in and out should be calculated, and database size is decided accordingly.
VMware Workspace One Access
VMware workspace one access is a Single Sign-On infrastructure for users to access all enterprise applications, SAas applications, and app store applications under a single app catalog. The design is made user-friendly with a single sign-on facility and a self-service catalog. The admin can do application provisioning and grant conditional access to certain applications.
VMware Airwatch Cloud Connector
VMware AirWatch cloud connector runs on an internal corporate network in outbound connections mode to integrate Workspace One UEM console and Workspace One Access to backend enterprise systems. This helps secure all internal systems with Mobile Device Management (MDM) capabilities without the need to open an inbound port. The internal resources Airwatch Cloud Connector integrates with are:
- Microsoft Certificate Services
- Email Relay
- Directory services
- Lotus Domino Web Services
- Simple Certificate Enrollment Protocol
- Email management exchange 2010
- Third-party certificate services
Workspace One Access Connector
Workspace One Access Connector is an on-premise component of Workspace Access deployed in outbound connection mode with no need to open inbound port and is used for directory integration, user authentication, and use of services such as Horizon, Citrix farms and RSA secure ID and Adaptive Auth. A WebSocket-based communication channel is used for communication with Workspace One Access.
VMware AirWatch Secure Email Gateway (V2.0)
Secure Email Gateway (SEG) offers advanced email management capabilities on platforms such as Exchange 2010 or Lotus Traveller by acting as a proxy, handling all exchange active sync traffic between devices and an existing active sync endpoint. SEG advanced capabilities can only run on platforms that require proxy type servers. For other platforms such as Exchange 2010+, Google apps, or Office 365, a different deployment method is used with non-proxy servers such as Microsoft PowerShell Integration or Google password management techniques. Workspace One UEM advanced email management features are:
- Monitoring and securing email servers against rogue devices
- Administrators are provided with advanced access controls
- Mobile mail access-advanced controls
- Interactive email dashboards for enhanced traffic visibility
- Integration with Workspace One UEM compliance engine
- Advanced protection with certificate integration
- Email attachment control
VMWare tunnel and Unified Access Gateway (Content Gateway)
The VMWare tunnel is a secure relay for communication and accessing enterprise resources and the internal corporate network between endpoint devices and corporate servers. Authentication and traffic encryption is established between back-end systems and applications trying to access them. A dedicated browser called VMware browser is used to access the company network and web applications. VMware app tunnel is used for iOS 9 or higher devices.
Airwatch Content Gateway and Unified Access Gateway (Content gateway)
Airwatch content gateway works with Workspace One Contents services to provide a secure platform with all company repositories such as documentation, finance documents, board books, and more from internal files shares. Any changes made to content like creation, edit or deletion are reflected in real-time. Access and authentication can be defined from the admin console. These added levels of security help employees create share content without worrying about traditional policies such as connecting to VPN to access company repositories.
Airwatch Email notification service (Classic and v2)
Emails Notification Services (ENS) allows pushing email notifications promptly on android and iOS devices. On Apple devices, ENS works with VMware boxer email app to fetch notifications from apple’s background app refresh or Apple Push Notification (APN) services. iOS tries to optimize device performance and applications allotting different levels of activity to each one creating irregularities from apple’s background app refresh. ENSs work with APN’s to receive notifications from remote servers and update them promptly and consistently.
ENS V2 works on android devices in on boarded devices to continuously check for updates on the end-user mailbox.
Workspace One Intelligence
Workspace One intelligence provides advanced features of Enterprise Mobility Management (EMM) to continuously monitor activity across all networks and devices to provide insights and reports based on the same. Optimizations can be made based on insights to enhance security compliance and end-user experience. Workspace One Intelligence works faster and provides more automation than Workspace One UEM reports.
Workspace One airlift is a server-side connector that acts as a bridge allowing customers to focus on co-managed workloads and applications to appropriate platforms without redefining device and group memberships. It enhances customer experience towards modern management. Administrative frameworks are bridged between Microsoft System Center Configuration Manager and Workspace One UEM using airlift.