architecting workspace one: the official reference architecture · 2019-09-06 · ©2019 vmware,...
TRANSCRIPT
#vmworld
ADV1110BU
Architecting Workspace ONE: The Official Reference Architecture
Graeme Gordon, VMware, Inc. Andreano Lanusse, VMware, Inc.
#ADV1110BU
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Disclaimer
This presentation may contain product features or functionality that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new features/functionality/technology discussed or presented, have not been determined.
The information in this presentation is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation to deliver any items presented herein. VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Demonstrate the value of Workspace ONE and Horizon solutions
Expand adoption
Solve use cases - blueprints
Take all the products and design for use cases
Lots of pretty pictures
Understand design guidance and what is involved
• Architectural principles and how to design components
• Scaling, availability, multi-site, etc.
Lots of tips and tricks - use as a reference
Links to relevant documentation sections
Knowledge Reference Architecture
What’s in This Session for You?
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Agenda Overview and Approach
Workspace ONE UEM
Workspace ONE Access
(formerly VMware Identity Manager)
Workspace ONE Intelligence
Unifed Access Gateway
Platform Integration
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Reference ArchitectureObjective and methodology
Framework providing guidance on how to architect and deploy Workspace ONE and Horizon solutions
Focus
• Document design, highlighting integration points
• Deploy all components as a customer would
• Test and validate key features
Example architecture
• Best practice and only supported configurations
• Not all possible configurations covered
Scale and sizing
• Provide design guidance for scaling and sizing
• Does not validate load or performance of components or hardwareVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Business Drivers Use Cases Requirements Identify
SolutionDesign and
BuildIntegrate and
Deliver
Solving Business Drivers and Identifying a Solution
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Enterprise Mobility Management Service Blueprint
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Enterprise Productivity Service Blueprint
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Enterprise Application Workspace Service Blueprint
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Component DesignArchitecting VMware products
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Architecture Principles and ConceptsFollow best practice
Scalable
• Able to scale up and down as required
• Use repeatable blocks for predictability
Available
• Eliminate any single point of failure that can cause an outage in the service
• Availability is from the perspective of the user
Site redundant
• Option for site redundant service for disaster recovery
Replication
• Every layer of the stack is configured with built-in redundancy or high availability
• Failure of one component does not affect the overall availability of the serviceVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
VMware Workspace ONE UEM
On-PremisesCloud-based (SaaS)
VMware Workspace ONE Access
On-PremisesCloud-based (SaaS)
Considerations
• On-premises or Cloud
• Version
• Scalability
• Availability
• Disaster recovery
– (multi-site)
• Replication
• Load balancing
• Database
• Authentication
• Networking
• Storage
• VM build and OS choice
List design decisions
Not an exhaustive list
Design of Solution Components
Workspace ONE Intelligence
Unified Access GatewayVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Workspace ONE UEMArchitecture and design
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Cloud-BasedWorkspace ONE UEM
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
On-PremisesDMZ
AD DomainController(s)
Workspace ONE UEMSaaS Tenant
AirWatch CloudConnectors
Cloud-based Workspace ONE UEMSample logical architecture
Components
• SaaS tenant of Workspace ONE UEM
– Admin Console, Device Services, API, AWCM
• AirWatch Cloud Connector deployed On-Premises
Scalability of ACC
• Multiple instances on dedicated servers using the same installer
• Traffic is load-balanced by AWCM without requiring external load balancer
Devices and Users
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
See On-Premises Architecture Hardware Assumptions in documentation
For sizing above 100,000 users work with Workspace ONE UEM PSO
Connector traffic is automatically load-balanced by the AWCM component
An external load balancer is not required
Sizing AirWatch Cloud Connectors
Numbers include high availability N+1
If co-locating both the ACC and VMware Workspace ONE Access Connector components, on the same server add the requirements of both connectors
Number of Users1,000 to 10,000
10,000 to 25,000
25,000 to 50,000
50,000 to 100,000
Number of ACC 23
load balanced3
load balanced4
load balanced
vCPU 2 2 2 2
RAM (GB) 4 4 4 8
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
On-PremisesWorkspace ONE UEM
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
DMZ
SQL ServerDatabase
Workspace ONE UEM
Admin Console
Workspace ONE UEMDevice Services
AirWatchCloud
Connector
Internet
On-Premises Workspace ONE UEMSimple architecture
Three main components:
• Workspace ONE UEM Admin Console
• Workspace ONE UEM Device Services
• AirWatch Cloud Connector
Database
• Stores Workspace ONE UEM device and environment data
• Microsoft SQL Server 2012, 2014, 2016, 2017
Additional or separate out components depending on scale
• Memcached server
• Dedicated API Server
• Dedicated AWCM ServerVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Site 1
SQL ServerAlways On Listener
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Local Load Balancer
DMZ
MemcachedServer 1
MemcachedServer 2 Windows Server 1 Windows Server 2
SecondaryPrimary
API 1 API 2
Load Balancer
Load Balancer
AdminConsole 1
AdminConsole 2
AdminConsole 3
AWCM 1 AWCM 2
Load Balancer
Workspace ONE UEM Device Services 1
Workspace ONE UEM Device Services 2
Workspace ONE UEM Device Services 3
Workspace ONE UEM Device Services 4
De
vic
e S
erv
ice
sG
rou
p 1
ACC 1 ACC 2 ACC 3
Internet
On-Premises ScalingUEM components
Refer to Workspace ONE UEM Documentation
On-Premises Recommended Architecture Hardware Sizing Overview
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Site 1 Site 2
SQL ServerAlways On Listener
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Windows Server 1 Windows Server 3Windows Server 2 Windows Server 4
SecondarySecondary SecondaryPrimary
Database
Multi-site Architecture
SQL Always On
One instance is the writeable copy
All other instances are passive copies
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Site 2Site 1
Global Load Balancer
SQL ServerAlways On Listener
Active Connection Standby Connection
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Local Load Balancer
DMZ
MemcachedServer 1
MemcachedServer 2 Windows Server 1 Windows Server 3Windows Server 2 Windows Server 4
SecondarySecondary SecondaryPrimary
API 1 API 2
Load Balancer
Load Balancer
AdminConsole 1
AdminConsole 2
AdminConsole 3
AWCM 1 AWCM 2
Load Balancer
Workspace ONE UEM Device Services 1
Workspace ONE UEM Device Services 2
Workspace ONE UEM Device Services 3
Workspace ONE UEM Device Services 4
De
vic
e S
erv
ice
sG
rou
p 1
ACC 1 ACC 2 ACC 3
Local Load Balancer
API 3 API 4
Load Balancer
AWCM 3 AWCM 4
Load Balancer
Load Balancer
AdminConsole 4
AdminConsole 5
AdminConsole 6
MemcachedServer 3
MemcachedServer 4
ACC 4 ACC 5 ACC 6
De
vic
e S
erv
ice
sG
rou
p 2
Workspace ONE UEM Device Services 5
Workspace ONE UEM Device Services 6
Workspace ONE UEM Device Services 7
Workspace ONE UEM Device Services 8
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Workspace ONE Access(formerly VMware Identity Manager)
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Cloud-BasedVMware Workspace ONE Access
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
On-PremisesDMZ
AD DomainController(s)
VMware WorkspaceONE AccessConnectors
Cloud-based VMware Workspace ONE AccessSample logical architecture
Components
• SaaS Tenant of Workspace ONE Access
• Workspace ONE Access Connector deployed On-Premises
Scalability of Workspace ONE Access Connector
• Multiple instances in a cluster
• Install and configure additional, identical instances and register with the built-in IdP
WorkspaceONE AccessSaaS Tenant
Devices and Users
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
See System and Network Configuration Requirements in documentation
The VMware Workspace ONE Access service automatically distributes traffic among all the connectors associated with the built-in identity provider
An external load balancer is not required
*Sizing for up to 1,000 users does not include HA – consider 2 connectors (N+1)
Sizing VMware Workspace ONE Access Connectors
Numbers include high availability N+1*
If co-locating both the VMware Workspace ONE Access Connector and AirWatch Cloud Connector components, on the same server add the requirements of both connectors
Number of Users
Up to 1,0001,000 to 10,000
10,000 to 25,000
25,000 to 50,000
50,000 to 100,000
Number of Connectors
12
load balanced
2load
balanced
2load
balanced
2load
balanced
vCPU 2 4 4 4 4
RAM (GB) 6 6 8 16 16
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
On-PremisesVMware Workspace ONE Access
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Internal
DatabaseAD/DirectoryServices
DNSServices
RSASecurID
ThinAppRepository
CitrixServer
VMware Workspace
ONE AccessAppliances
Devicesand Users
VMwareHorizon
Load Balancer
VMware Workspace
ONE AccessConnectors
DMZ
On-Premises Workspace ONE AccessLogical architecture
Several layers to the service
1. Workspace ONE Access Appliance
2. Workspace ONE Access Connector
• Sync resources e.g. Active Directory, Horizon
• Outbound connection
3. Database
• Microsoft SQL Server 2012, 2014, 2016
4. Load Balancing
• Reverse ProxyVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Internal
VMware Workspace
ONE AccessAppliances
Load Balancer
VMware Workspace
ONE AccessConnectors
DMZ
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Windows Server 1 Windows Server 2
SecondaryPrimary
SQL ServerAlways On Listener
On-Premises ScalingVMware workspace one access
Minimum of three Workspace ONE Access nodes required
• Ehcache and elastic search
• Can have more than three
• Odd number recommended
At least two Workspace ONE Access Connectors
• To ensure local availability
Database
• Windows Failover Cluster for local availability
Local load balancer
Devicesand Users
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
See On-Premises Architecture Hardware Assumptions in UEM documentation
Sizing VMware Workspace ONE Access Appliances
Numbers include high availability N+1
Can have more than three
Odd number recommended
Work with PSO for above 100,000
Number of Users1,000 to 10,000
10,000 to 25,000
25,000 to 50,000
50,000 to 100,000
Number of cluster nodes
3 3 3 3
vCPU 2 4 8 8
RAM (GB) 6 8 16 32
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Site 1 Site 2
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Windows Server 1 Windows Server 3Windows Server 2 Windows Server 4
SecondarySecondary SecondaryPrimary
SQL ServerAlways On Listener
Multi-site ArchitectureDatabase
SQL Always On
One instance is the writeable copy
All other instances are passive copies
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Site 1 Site 2
Global Load Balancer
Active Connection Standby Connection
W1
Acce
ss G
rou
p 1
Local Load Balancer
DMZ
W1
Acce
ss G
rou
p 2
Local Load Balancer
DMZ
Workspace ONE Access Node 1
Workspace ONE Access Node 3
Workspace ONE Access Node 2
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Windows Server 1 Windows Server 3Windows Server 2 Windows Server 4
SecondarySecondary SecondaryPrimary
SQL ServerAlways On Listener
Workspace ONE Access Node 4
Workspace ONE Access Node 6
Workspace ONE Access Node 5
Devicesand UsersMulti-site Architecture
VMware Workspace ONE Access Global Load Balancer
• Directs traffic to active site
Failover Site
• Should not receive user traffic
• Causes cross WAN traffic to database
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Site 1 Site 2
Global Load Balancer
Active Connection Standby Connection
W1
Acce
ss G
rou
p 1
Local Load Balancer
DMZ
W1
Acce
ss G
rou
p 2
Local Load Balancer
DMZ
WorkspaceONE AccessConnector 1
WorkspaceONE AccessConnector 2
Workspace ONE Access Node 1
Workspace ONE Access Node 3
Workspace ONE Access Node 2
WorkspaceONE AccessConnector 3
WorkspaceONE AccessConnector 4
Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
Windows Server 1 Windows Server 3Windows Server 2 Windows Server 4
SecondarySecondary SecondaryPrimary
SQL ServerAlways On Listener
Workspace ONE Access Node 4
Workspace ONE Access Node 6
Workspace ONE Access Node 5
Devicesand UsersMulti-site Architecture
Workspace ONE Access Connectors
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Workspace ONE IntelligenceArchitecture and design
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Workspace ONE Intelligence OverviewInsights and automation for the modern digital workspace
Workspace ONEIntelligence
Aggregate Correlate Insights Automate
INGESTION DECISIONS
Reports
Dashboards
Notifications
Actions
Identity Analyticsusing VMware Workspace ONE Access
App Analyticsusing Workspace ONE Intelligence SDK
Endpoint Analyticsusing Workspace ONE UEM
Common Vulnerabilities and Exposures (CVE) using cve.mitre.org
Threat Analysisusing Trust Network
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Workspace ONE Intelligence Architecture
Components
• Workspace ONE Intelligence Connector
• Workspace ONE Intelligence Service (Hosted in AWS)
• Consoles – UEM, Intelligence, Apteligent
Scalability and availability is handled by AWS
App analytics is achieved through Intelligence SDK
Devices, Apps, Sensors,OS Updates
User Logins and App Launches
CVEs and Scores
Workspace ONEIntelligence SDK
National VulnerabilityDatabase
Workspace ONEIntelligence Console
Search DatabaseStorage
StreamingData
API
ApteligentVMware
Workspace ONE Access(SaaS only)
(SaaS or On-Premises)
UEM Console
UEM database
Workspace ONEIntelligence Connector
Trust Network Partner Solution
Threats
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Workspace ONE Intelligence ConnectorLogical architecture for site redundancy and disaster recovery
All Connectors enabled across sites
Only one connector will be active (pushing data) at a time, this is managed by the service
Connector syncing will be available at Intelligence Console or API
WindowsServer 1
(Primary)
WindowsServer 2
(Secondary)
WindowsServer 3
(Secondary)
WindowsServer 4
(Secondary)Win
do
ws
Se
rve
r F
ailo
ve
r C
lust
er
SQL ServerAlways On Listener
Site 1
UEM Console
IntelligenceConnector
(Host 1)
IntelligenceConnector
(Host 2)
Site 2
UEM Console
IntelligenceConnector
(Host 3)
IntelligenceConnector
(Host 4)
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Unified Access GatewayArchitecture and design
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Pa
ss t
hro
ug
hR
AD
IUS
Se
cu
rID
Sm
art
Ca
rd/C
ert
ific
ate
SA
ML
DMZAuthN
Web ApplicationsREST API ServersWikisIntranet
File RepositorySharePointContent
VMware Unified Access Gateway Logical ArchitectureThird-party load balancer or built-in HA
Email Server
Unified Access
Gateways
Ed
ge
Se
rvic
es
Horizon
Web Reverse Proxy& Identity Bridging
ContentGateway
Secure EmailGateway
DMZ or Cloud Tenants
VMwareTunnel
Internal Network
Horizon
Connection Servers
Virtual Desktops and RDSH Apps
Lo
ad
Ba
lan
ce
r
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
VMware Tunnel and Content Gateway Deployment Modes
Tunnel Components
• Per-App Tunnel
• Proxy (obsolete)
Unified Access Gateway (UAG) is the preferred method for deploying Tunnel and supports Basic and Cascade Mode
3 (n + 1) appliances for robust and highly available deployment with an external load balancer On-Premises
DMZ
On-Premises
DMZ
SaaS Basic Mode SaaS Cascade Mode
UAG Edge Services (Front-end)- VMware Tunnel (443)- Content Gateway (443)
Internal Resources:- SharePoint- Wikis- Intranet
80, 443, 9443
End User Device
443
UAG Edge Services (Back-end)- VMware Tunnel (443)- Content Gateway (443)
443
443
Workspace ONEUEM SaaS
443, 2010, 9443
UAG Edge Services (Front-end)- VMware Tunnel (443)- Content Gateway (443)
Internal Resources:- SharePoint- Wikis- Intranet
80, 443, 9443
End User Device
443
443
Workspace ONEUEM SaaS
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
DMZ
Secure Email Gateway DeploymentRestricting access to on-premises email servers and sensitive information
Clustering, SEG and UAG Admin UI traffic restrict to Management NIC (eth1) in multi NIC deployment
Support for Exchange Active Sync infrastructure (i.e.: Microsoft Exchange, Lotus Traveler, etc..)
Unified Access Gateway (UAG) is the preferred method for deploying Secure Email Gateway
3 (n + 1) appliances for robust and highly available deployment with an external load balancer
On-Premises
Email Server
UAG 1(SEG Edge Service)
Email Client (Boxer,
Native, etc..)
UAG 2(SEG Edge Service)
Clustering(5701, 41232)
Active Sync (User Auth)EWS / (443)
Device Services / API(443)
443
9443, 44444
9443, 44444Workspace ONE
UEM SaaS
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Standard and Large UAG Sizes
4GB RAM
2 x vCPU
1 - 3 Network Cards
1 Appliance per 2,000 Horizon Connections
1 Appliance per 10,000 UEM Connections
Use for UEM Deployments under 10,000 Connections
Standard
16GB RAM
4 x vCPU
1 - 3 Network Cards
1 Appliance per 50,000 UEM ConnectionsUse for UEM Deployments over 10,000 Connections
Large
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
*It is possible to deploy only a single UAG Appliance as part of a smaller deployment
However, VMware recommends deploying at least 2 load-balanced appliance with 2 vCPU Cores each regardless of number of concurrent device connections for uptime and performance purposes
**Number of UAG Appliances includes high availability N+1
Content gateway, per-app tunnel & proxy, reverse proxy
Sizing Recommendation for Workspace ONE UEM Services
Concurrent connections
Up to 5,0005,000 to 10,000
10,000 to 50,000
50,000 to 100,000
100,000 to 150,000
150,000 to 200,000
UAG sizing Standard Standard Large Large Large Large
Number of UAG Appliances**
2load
balanced*
2load
balanced
2load
balanced
3load
balanced
4load
balanced
5load
balanced
vCPU 2 2 4 4 4 4
RAM (GB) 4 4 16 16 16 16
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Concurrent connections
Up to 6,000 6,000 to 10,000
10,000 to 50,000
50,000 to 100,000
100,000 to 150,000
150,000 to 200,000
Max with Transformation enabled
4000 6000 35000 70000 100000 140000
UAG sizing Standard Standard Large Large Large Large
No. of UAG Appliances**
2 load balanced*
3 load balanced
5 load balanced8 load
balanced12 load
balanced18 load
balanced
vCPU 2 2 4 4 4 4
RAM (GB) 4 4 16 16 16 16
Sizing Recommendation for Secure Email GatewayOnly Secure Email Gateway edge service enabled
Standard = 4GB RAM / 2 vCPU
Large = 16GB RAM / 4vCPU
*It is possible to deploy only a single UAG Appliance as part of a smaller deployment. However, VMware recommends deploying at least 2 load-balanced appliances.
**Number of UAG Appliances include HA n+1VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Platform IntegrationIntegrating the products
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Azure Data Center #2
VMware Cloud on AWS SDDC #2
VMware Cloud Services
SaaS-BasedApps
CloudContent
On-PremisesDMZ
AD DomainController(s)
Content(File Repository)
Tunnel(Web Apps)
Deviceand User
AirWatch CloudConnectors
Workspace ONE Access Connectors
Azure Data Center #1
HorizonCloudNode
Unified AccessGateways
Email Server
Horizon Cloud Control Plane
Workspace ONE UEM
SaaS Tenant
Workspace ONEAccess
SaaS Tenant
Workspace ONE Intelligence Tenant
VMware Cloud on AWS SDDC #1
Horizon 7Connection
Servers
Unified AccessGateways
Horizon 7Connection Servers
Unified AccessGateways
VPN/ExpressRoute
VPN
Cloud-based Workspace ONE Logical Architecture
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Azure Data Center #2
VMware Cloud on AWS SDDC #2
VMware Cloud Services
SaaS-BasedApps
On-PremisesDMZ
AD DomainController(s)
Content(File Repository)
Tunnel(Web Apps)
Deviceand User
AirWatch CloudConnectors
Workspace ONE AccessConnectors
Azure Data Center #1
HorizonCloudNode
Unified AccessGateways
Email Server
Horizon Cloud Control Plane
Workspace ONE Intelligence Tenant
VMware Cloud on AWS SDDC #1
Horizon 7Connection
Servers
Unified AccessGateways
Horizon 7Connection Servers
Unified AccessGateways
VPN/ExpressRoute
VPN
Workspace ONEUEM Admin Console
VMwareWorkspace ONE
Workspace ONE Access
Appliances
Workspace ONEUEM Device
Services
Database
CloudContent
On-Premises Workspace ONE Logical Architecture
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Service IntegrationConstructing the services
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Creating the required parts from each of the components
Assemble and integrating them into the end service that will be delivered to the users
Reference the blueprint for the use case
Workspace one services
Integrate and Deliver ServicesEnterprise Mobility
Management Service
EnterpriseProductivity
Service
Enterprise Application Workspace
Service
VMware Workspace ONE®UEM P P P
VMware Workspace ONE®
AccessP P P
AirWatch Cloud Connector P P P
Workspace ONE Access Connector P P
VMware Workspace ONE®Verify P P
Adaptive management P
Device enrollment P P
Native mobile apps P P P
SaaS apps P P P
Unified app catalog P P P
Mobile email management P
Mobile content management P
DLP restrictions P P
Secure browsing P
Mobile SSO P P P
Conditional access P P
VMware Horizon® 7 or VMware Horizon® Cloud Service™
P
VMware Unified Access Gateway™ PVMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
• Cloud-based
• On-premises
• Multi-site
• Platform Integration
Workspace ONE UEM
VMware Workspace ONE Access
(formerly VMware Identity Manager)
Workspace ONE Intelligence
Horizon 7
Horizon Cloud Service on Microsoft Azure
App Volumes
User Environment Manager
Unified Access Gateway
Introduction to Architecting VMware Workspace ONE and VMware Horizon
Architecting VMware Workspace ONE UEM
Architecting VMware Workspace ONE Access(formerly VMware Identity Manager)
Architecting VMware Workspace ONE Intelligence
Architecting VMware Horizon 7
Architecting VMware Horizon Cloud Service on Microsoft Azure
Architecting VMware App Volumes
Architecting VMware User Environment Manager
Architecting VMware Unified Access Gateway
Architecting: Platform and Service Integration
Reference Architecturehttps://techzone.vmware.com/vmware-workspace-one-and-vmware-horizon-reference-architecture
DesignProduct architecture sections
Intro design videos
VMworld 2019 Content: Not for publication or distribution
VMworld 2019 Content: Not for publication or distribution
©2019 VMware, Inc.
Unleash Your IT SuperpowersGo from zero to hero with the latest technical resources
on the VMware Digital Workspace Tech Zone
TECHZONE.VMWARE.COM
VMworld 2019 Content: Not for publication or distribution
VMworld 2019 Content: Not for publication or distribution