As I stated in the previous post, Introduction to VMware Workspace Suite, gone are the days when an employee is tied to a specific device.  Employees who have different roles, requiring different applications, are connecting with multiple devices and all they really want is a quick and easy way to access the resources they need to do their job.  IT administrators on the other hand need a way to centrally manage AND secure applications whether they are public applications available on various existing App Stores or developed internally.  These drivers have given rise to Enterprise Mobility Management (EMM) solutions from a number of vendors including AirWatch (VMware), Citrix, IBM, Blackberry, and Symantec to name a few.  A comparison between these vendors and their products are beyond the scope of this post (or series of posts) as I want to focus my attention on the VMware Workspace Suite and how AirWatch can be used to manage and secure application access.

In researching EMM solutions, I have found that most EMM vendors agree that a true EMM solution should support every mobile device, every mobile operating system, and every mobile deployment type.  I believe the device and OS support is pretty self-explanatory but what do they mean regarding mobile deployment type?  I’ll say there are 3 approaches to mobile device deployments:

1. Company-owned devices: As you may have guessed, the company owns the device connecting to corporate resources and thus uses the Mobile Device Management (MDM) portion of their EMM solution to manage and secure the mobile device in its entirety.

2. Employee-owned devices: Yes, the employee owns the device and uses it to connect to corporate resources.  In AirWatch terminology, the device would be managed at the “Workspace” level, meaning corporate data will be managed, contained, and secured within the company managed AirWatch workspace….this management method could also be referred to as Mobile Application Management (MAM).

3. Hybrid: Many times companies must support both company and employee-owned devices.  AirWatch allows the flexibility to simultaneously manage both deployment scenarios (MDM or MAM) from a single console.

The AirWatch MAM solution set addresses the challenge of distributing, securing, and tracking mobile applications across the user population and providing the following:

  • ability to separate personal apps from corporate apps on employee-owned devices
  • providing a company app store (App Catalog) which is the single-stop shop for getting corporate apps on mobile devices
  • with the automatic installation feature, administrators can automatically distribute apps or app updates on mobile devices
  • allow employees to install and updates apps on demand
  • provide access to apps based on rules to corporate directories
  • applications can be white/blacklisted
  • ability to disable access to public app stores like iTunes or Google Play Store
  • ability to enable a lock-down kiosk mode where users can only access applications and/or device settings as specified by an IT administrator
  • a non-compliance engine that can detect against “harmful” applications which will display a notification to the end-user that can also be configured to perform custom actions on the back-end like restricting the users access to corporate data/resources or performing a device wipe to remove corporate data

Simply stated, the AirWatch App Catalog is the place where users can view, browse, search for, and install internal (corporate apps), public (from public app stores) and web applications (think RDS and Citrix published applications) on their mobile devices.  Below is an example App Catalog as seen on an Android device:


In upcoming posts, I’ll go into more detail on interacting with the App Catalog on multiple devices to test the “any device/any OS” access claim using an iPhone4 and an Acer A100 Android tablet.