VMWare workspace One web is an application under workspace One which secures browser experience for end-users at application, tunnel, and website levels. It is a manageable and secure alternative to traditional web browsers.

Introduction

Traditionally employees were required to connect to VPN to access the company’s internal network. Native browsers pose security threats to endpoint devices which can compromise the entire company’s intranet. VMware Workspace One web provides a single platform with intuitive browsing to securely surf across applications, company intranet, and external web.

VMware Workspace One Web

VMware workspace one web provides a single and secure application per company security policy managed by admin to access the corporate network, use applications, and surf external web without connecting to VPN. The levels of security work on application, tunnel, and external web levels.

• Application-level: End-users require authentication with Pin code, biometric, active directory credentials to access enterprise applications.
• Tunnel level: Only enrolled and registered devices can access the company intranet with certificates for complete traffic encryption.
• Website level: End-Users can access the external web with Single Sign-On and bypass multiple authentications.

Workspace One Web can customize the internet portal of sales devices to restrict access to external websites and enhance security. Multi-tabbed browsing and the JavaScript dialog box are supported under the browsing experience. Maximum security can be implemented on android and iOS devices by deploying Workspace One web with a blocking restriction profile that blocks local browsers of the device. Browsing is secured with complete encryption of data at rest and in transit. Admin can allow or restrict access to certain sites, allow or block cookies, and prevent data copying. Downloaded files and web settings are protected with disk-level encryption.

Advantages of VMware Workspace One Web

The following advantages are realized with Workspace One Web:

• Save the hassle of connecting to a VPN
• One platform for all browsing requirements across the internet, intranet, and enterprise web apps
• Instant access to enterprise networks (intranet), resources, and applications.
• Bookmark your favorite enterprise applications and sites or easily locate pushed bookmarks for applications from the admin. Click the action grid at the bottom of the screen and select bookmarks to create, edit or delete bookmarks.
• Scan QR codes to navigate to an URL. Click the code on the right and select access to the camera.
• Single sign on to company intranet without remembering multiple passwords
• Secure access to business links in emails and attachments

Configuring Workspace One Web

Workspace One offers Mobile Device Management (MDM) capabilities by configuring mobile payloads. You can select a payload setting under general settings to apply settings or restrictions on a certain device. To deploy a payload:

• Go to profiles under the devices menu
• Click list view then add and then add a profile
• Click on a platform of choice for the selected profile
• Under general settings, select who to deploy to and how to deploy
• Select and configure a payload
• Click save and then finish

Types of payloads under Workspace One Web

• Restrictions: Restrict the native browser and only allow the use of Workspace One web
• Exchange Active Sync: End-Users can access enterprise push-based email infrastructure and set synchronization frequency for calendars and emails.
• Credentials: This payload integrates with digital certificates to secure corporate assets like mail, VPN, and WiFi, among others.
• SCEP: Available only on iOS devices, integrates with credentials to send digital certificates on a larger scale.

Configuring VMWare Tunnel for Workspace One web

The tunnel gateway allows tunneling of websites without a proxy component. Encryption and authentication features are increased with speed and detailed traffic controls. Third-party applications require a tunneling app but are not required for an SDK-built app. Deployment of tunnel gateway and using Workspace One UEM console 1905 or higher provides the best features for tunneling capabilities.

Migrate proxy app tunnel URLs to Tunnel SDK

Per-app tunnel under VMWare tunnel provides a unique feature called Device Traffic Rules which allows admin to set individual traffic policies for blocking, tunneling, and bypassing traffic for every app. Change App Tunnel URLs from proxy to device traffic rules under Tunnel SDK to change VMWare Tunnel proxy to Tunnel SDK(Per-app tunnel), keeping the domains that use the tunnel.

Configure App Tunnel for default SDK Profile

Allow an application to access company resources like SharePoint or intranet through VPN or reverse proxy with App tunnel. Menu items for VMWare proxy must be set up before using the same.

VMWare Workspace One Web deployment

Workspace One UEM console is used to deploy Workspace One web and other security configurations to end-users. End users can simply download and use the app. Workspace One Web should be set as a public application. Follow these easy steps to deploy Workspace One Web:

• Go to applications under app and books
• Click native, then select public
• Click on add application
• Configure the following fields:
  Managed by: Select enterprise group application uploads in
  Platform: Choose a suitable platform
  Name: Enter a name by which employees can search for it in-app store
  Search App Store: Click the search bar to search for an application in the play store.For in premise deployment model, Google account must be integrated with Workspace One UEM MDM model.

• Select the info tab to review information
• Use assignment tabs to add smart groups
• The deployment tab determines how end-users receive the app. End users can search and download it in the app store. Admin can also push notifications or directly deploy to enrolled devices through Workspace One UEM console.
• Define Terms of use
• Save and publish