VMware Workspace ONE Apps & Catalogs explained

Working on customer engagements we noticed some misunderstanding on the available catalogs in Workspace ONE and how Apps can be delivered. In the below summary I will try to explain this into more detail.

The goal is to create an overview of current features for Application compatibility and delivery methods through available Application Catalogs.

We can distinguish the following topics:

  • Back-end Services
  • Clients
  • Administration Consoles

Back-end Services

Workspace ONE is a suite of data-center products for mobile and desktop management consisting of the following back-end services:

  • Unified Endpoint Management (UEM): Mobile management stack (previously called Airwatch) with catalog feature
    • Stack consisting of Device/Console/API-services
    • Supports Web-Apps, Mobile-Apps and Desktop-Apps [ZIP/EXE/MSI]
    • Can be operated on-prem or SaaS/DSaaS
  • Access: Access management with catalog/SSO function (previously called Identitiy Manager[vIDM])
    • Supports Web-Apps [with SSO/SAML/SaaS features] and Virtual-Apps [VDI&RDS/ThinApp/Citrix]
    • Current Access 2001 connector does NOT support Virtual Apps. Please use the 1903 Connector!
    • Can be operated on-prem or SaaS
  • Horizon Suite: Virtual Desktop management containing:
    • View: VDI and App brokering (AppVolumes, ThinApp, RDSH)
    • DEM: Dynamic Environment Manager, User profiles&policies
  • UAG: Unified Access Gateway, for secure external connections to Horizon [VDI] and UEM [gateway/proxies/tunnels]
    • Can be operated on-prem or SaaS
  • Intelligence: Workspace ONE Intelligence provides insights, analytics, and automation across devices, applications, and users.
    • Runs SaaS only
    • Can be leveraged by on-prem back-end

Clients

We can distinguish the following clients that connect to the above back-end services:

  • Horizon-View-Client: install-able client on end-user devices
    • Connection with Horizon-back-end [via PCOIP/Blast], optionally via UAG
    • Supports Desktops [VDI/RDS] and Apps [ThinApp] configured with Horizon-View-Admin-Console
  • Horizon-View-Webclient: HTML5 web-client feature via web-browser
    • Connection with Horizon-back-end [via PCOIP/Blast], optionally via UAG
    • Supports Desktops [VDI/RDS] and Apps [ThinApp] configured with Horizon-View-Admin-Console
  • Workspace ONE APP: Mobile and Desktop APP
    • Legacy APP that will be discontinued in 2020 and replaced by Workspace ONE Intelligent HUB APP (because Access 2001 supports this)
    • Connects to a Workspace ONE Access on-prem back-end
    • Supports Unified Catalog for Apps delivered by Access and UEM
    • Supports Desktops [VDI/RDS] and Apps [ThinApp] configured with Horizon-View-Admin-Console and synced with Workspace ONE Access
    • Requires the Identity Manager Desktop installed and configured on Windows client
  • Workspace ONE Access Web-Catalog: Web-client with Catalog feature
    • Connects to a Workspace ONE Access on-prem back-end
    • Supports Desktops [VDI/RDS] and Apps [ThinApp] configured with Horizon-View-Admin-Console and synced with Workspace ONE Access
    • Supports ThinApps [via 3.3.x vIDM back-end]
    • Requires the Identity Manager Desktop installed and configured on Windows client
  • IdentityIdentity Manager Desktop (ThinApp)  and Integration Broker (Citrix)
    • Locally installed on Windows Desktop/server
    • These tools collect manage what ThinApp and Citrix integrations are on the device and if the entitlement is valid
  • Workspace ONE Intelligence Web-client
    • Connects to an Intelligence SaaS back-end
    • For admins to view, analyze and automate
  • Workspace ONE UEM App-Catalog (Airwatch Catalog): Web-client with Catalog feature
    • Connects to Workspace ONE UEM back-end
    • Supports Apps configured in Workspace ONE UEM
    • Different look-and-feel compared to Workspace ONE APP/Web
    • Only supports Install/Remove/Update features. No Launch
  • Workspace ONE Intelligent HUB APP: New style Mobile and Desktop APP
    • Connects to a Workspace ONE UEM SaaS back-end [HUB-services]
    • Connects to a Workspace ONE UEM Access 2001 on-prem back-end [Access with HUB-Catalog]
    • Features HUB-Catalog, People-discovery, Notifications, User Self-Service Support, Virtual Assistant
    • Workspace ONE Intelligent HUB incorporates the Agent (previously Airwatch Agent).

Administration Consoles

Below we will discuss the main administration consoles for configuring apps and catalogs:

  • Workspace ONE Access Admin-Console
    • Connector/IDP configuration with external user/group directory (AD/LDAP)
    • Web/Virtual-Apps[VDI&RDSH/ThinApp/Citrix] configuration
    • User/group Entitlement
    • Conditional Access [IP-range, UEM-Compliance]
  • Workspace ONE UEM Console
    • AD/LDAP directory configuration
    • Web/Mobile-APP/Desktop-APP configuration
    • User/group/device Entitlement
    • Conditional Access [Compliance]
    • Integration with Workspace ONE Access for Administration, SSO and Unified-Catalog
  • Horizon-View Admin-Console
    • Desktop[VDI], Application[RDSH] and ThinApp configuration
    • Entitlements based on integrated AD users/groups
    • Pool Management
    • Broker/Secure-server/vCenter management

OK, now we know which back-end services exist, what clients can connect and how we can configure apps for different catalogs. How does this look like in simplified table format?

App-Catalog versus end-user device comparison.

GOAL: define which APP to use to cover all use-cases

Which Workspace ONE tool supports what kind of application, specifying available features?

GOAL: define what kind of APP can be configured in what tool with which features

Finally let’s finish off with an overview of the key components in which I will also show the transition from Access 1903 to Access 2001

That’s it! I hope this article was useful.

Additional note: Huge thanks to Michel ter Horst for working with me to create the slides!

Marco Baaijen

1 Response

Leave a Reply to Peter Cancel reply

Your email address will not be published. Required fields are marked *

Post comment