AirWatch is an Enterprise Mobility Management solution that allows administrators to secure, deploy and manage endpoint devices, applications and databases by having a server agent at the administrator console and client agent installed on endpoint devices.

Introduction

A couple of decades ago, employees could access enterprise databases and applications only from office premises. The in-premise devices were secured, and a secure network was used for connecting purposes. The company database could only be accessed from office locations.

Recently with the development of cloud technology, employees can access company servers anywhere, anytime. Personal devices offer a wider range of capabilities than ever before to perform corporate tasks. This has led to the development of Bring Your Own Device (BYOD) policies, where employees access corporate mail and servers on their own devices. Especially in recent events of pandemics, remote work is more prevalent than ever before.

The personal devices are unsecured and connected through local network connections. The compromise of even one device could compromise the entire enterprise framework as hackers use it as a gateway to access sensitive information.

AirWatch offers enterprise-grade protection against these modern, sophisticated threats by integrating all endpoint devices on a unified platform. It continuously monitors endpoint devices and networks, deploys security measures and applications remotely, and safeguards the entire enterprise framework, helping employees be more creative and productive without worrying about security breaches.

What is AirWatch

AirWatch is an Atlanta-based Enterprise Mobility Management solutions software founded by John Marshall in 2003. Originally called Wandering Wifi, AirWatch received its first funding in 2013 from Insight Venture Capitals and Accel. AirWatch acquired Motorola Solution’s Mobility Services Platform (MSP) in 2013 to extend capabilities to ruggedized devices. VMWare acquired AirWatch in 2014 and rebranded the product as AirWatch by VMWare and then VMWare AirWatch. In 2018 with the release of version 9.4, the product was called VMWare Workspace One UEM.

AirWatch is an Enterprise Mobility Management solution that integrates all endpoint devices on a single platform (Unified Endpoint Management UEM), creating a secure workplace environment on personal and corporate devices. The admin can use centrally and remotely secure and manage all endpoint devices from an admin console. Applications can be deployed and controlled on user devices. The device’s applications and activity are remotely monitored in real-time for any suspicious behavior. Remote security measures like locking a device, partial or complete wipe can be implemented in case of a security breach, lost or stolen devices. AirWatch works across all devices and Operating Systems (OS). Not only mobile devices but windows rugged devices and virtual screens can be remotely controlled. AirWatch is a user-friendly experience with automated, easy, and flexible onboarding and Single Sign-On (SSO) access to enterprise networks and apps while securing access with Identity Management (IM) and end-to-end encryption. AirWatch can be deployed on-premise or cloud-based, offered as Software as a Service (SaaS).

What are the features of AirWatch?

AirWatch works across all devices, including virtual systems and desktops, laptops, mobile phones, desktops, POS devices, and company devices like printers and LAN. Many operating systems are supported like Apple iOS, Google Android and Chrome OS, BlackBerry QNX, Samsung Tizen, Mac OS, and Windows 10. AirWatch can be deployed on-premise or on the cloud. Mobile Device Management (MDM), Unified Endpoint Management (UEM), and Mobile Application Management (MAM) capabilities are provided. MDM is concerned with securing, managing, and controlling end-user devices. The device can be locked or partially, or completely wiped in case of lost, stolen, or a security breach. Mobile Application Management deploys, secures, and manages enterprise applications on the user devices. Unified Endpoint management unifies all enrolled devices on a single platform centrally managed by an admin console.

The features of Workspace One (AirWatch) are:

• AirWatch allows self-access user-friendly automatic onboarding process with one-touch sign-in to access company database and applications. Once the user devices are enrolled by admin, login credentials are communicated by text or mail.
• Identity Management (IM) with multi-step authentication to provide access to only authorized users.
• Single Sign-On (SSO) for users to access the application catalog and company intranet without the need to connect to VPN or remembering different passwords for different applications.
• App deployment ranging from SaaS applications, apps from the play store, and enterprise apps. Deployed corporate applications can be completely controlled by the admin.
• Mass upgradation and deploying patchwork for all user devices with a single command from the admin console.
• Securing devices by locking, partial wipe or complete wipe in case the device is lost or stolen. User sessions can be forcibly closed, and login passwords changed at any time.
• Works across all OS and devices.
• Increases employee productivity and creativity with powerful collaboration tools like mail, calendar, content sharing, and enterprise social network. All channels of communication are secured with end-to-end encryption security certificates.
• Unified Endpoint Management of all endpoint devices on a single platform managed centrally and remotely on a central console.
• It has advanced security features like GPS tracking, protection against jailbreak and rooted devices, and preventing third-party applications from running malicious scripts.
• Secure access to virtual desktops and systems.
• Real-time monitoring of threats with analytics and artificial intelligence to counter modern-day threats.

How AirWatch works

AirWatch works on concepts of virtualization where every hardware component called Virtual Machine (VM) has its own Operating System (OS) and works independently of other hardware components. A layer of abstraction called hypervisor is drawn over hardware components splitting them into individual machines with their interfaces. The Virtual Machines are decoupled from the host and allocated resources as per requirement. The OS running on these VM’s are called Guest OS. The productivity of every hardware component is enhanced, including speed and user limit on servers. If one of the hardware components breaks down, other components keep functioning. The main features of virtualization are:

• Partitioning: Splitting components into individual components with hypervisor creating VM’s with their OS and inbuilt applications to enhance VM performance.
• Isolation: Breakdown of any one component is isolated, and other components keep functioning normally.
• Encapsulation: The Virtual Machines are treated as files that can be downloaded or copied.
• Hardware Independence: VM’s can be deployed or copied to other hardware as files.

AirWatch usually has a client-server and user server. The client-server is installed at the admin console and sends Over the Air (OTA) commands. The user server is installed as an application at the end user’s device and receives commands from the server. Once the user installs the AirWatch application, it acts as an agent for communication. The devices have to be first enrolled and authenticated. MDM capabilities can only be provided if the user has an AirWatch app. The server-client sends admin commands from the central console to deploy security measures, applications and manage devices received and executed by the user server.

MAM capabilities can be implemented without the AirWatch app on user devices. The console directly communicates with code inbuilt in each managed app on the device. Admin can micro-manage enterprise apps on devices providing more security and control. Admin can also deploy and provide in-app catalog public apps and enterprise apps on user devices. Employees stay up to date with all enterprise applications enhancing productivity. The personal data is segregated from enterprise data, and the admin has control only over enterprise data and apps, protecting personal data as per user guidelines. With monitoring in real-time, reports are generated about user activity and usage patterns, which can be analyzed and rectified.

What AirWatch can do and can’t do

What AirWatch can do

AirWatch has the following features:

• Unified Endpoint Management (UEM), Mobile Device Management (MDM), and Mobile Application Management (MAM) capabilities are offered under the Enterprise Mobility Management (EMM) suite of AirWatch.
• AirWatch runs across all devices like laptops, desktops, virtual systems, tablets, mobiles, POS devices, IoT devices, office tools like printers, etc. All kinds of Operating Systems are supported, like Apple iOS, Google Android and Chrome OS, BlackBerry QNX, LINUX, Samsung Tizen, Mac OS, and Windows 10.
• Apps can be deployed and managed, including enterprise apps, public apps, and SaaS based apps.
• Mass upgradation and deploying patchwork.
• Self-access user-friendly automatic onboarding process.
• Single Sign-On(SSO) for users to access company app catalog and database
• Identity Management(IM), GPS-based tracking, multi-step authentication, remote locking and wiping capabilities, protection against jailbreak and rooted devices, biometric verification are one of the security features of AirWatch.
• Powerful collaboration tools like calendar, mail, and company social to keep employees connected and productive at all times.
• Real-time monitoring, analytics, and Artificial intelligence to detect and rectify security breaches.

What AirWatch can’t do

AirWatch has the following disadvantages:

• Integration with the existing enterprise framework is difficult and requires professional developers.
• Requires massive server in premise and should be deployed on cloud
• Updating consoles and applications is not well defined and updating anyone leads to updating both systems.
• Network connection points are needed in high numbers.
• UX and UI design on a console is complicated and requires customization of each device separately.