saam2294bu simplify management and security of your mobile ... › vmware › vmworldus17 › sess...

Vikas Jain, Product Management

Vinay Jain, Product Management

SAAM2294BU

#VMworld #SAAM2294BU

Simplify Management and Security of Your Mobile Apps with Workspace ONE

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#SAAM2294BU CONFIDENTIAL 2

bution

Session Agenda

➢ Managing Mobile Apps

➢ Securing Mobile Apps

➢ Building In-house Mobile Apps

➢ Q & A

3#SAAM2294BU CONFIDENTIAL

bution

You can’t transform

business without a

great user experience

You don’t need to

compromise security

to get there

VMware Workspace ONE Empowers the Digital Workspace your business needs

#SAAM2294BU CONFIDENTIAL

bution

What do End Users Want?

Ability to make educated decisions on

feature vs. primary impact (choice)

Control over what access they give their

employer on their personal device

Access to apps that enable productivity

from anywhere

Transparency into the info being

collected on their personal device

bution

App Lifecycle Management – an IT perspective

Procure or Provision

Assign

Secure

DistributeAccess

Monitor

Analyze

Upgrade or EOL

bution

Why is managing & securing apps complex?

Security vs. Experience

Use Cases

Platforms App Types

Core Services

Deployment Topology

bution

Multiple approaches to manage & secure apps

Device

Management

Secure

Productivity

Secure App

Access &

Catalog

bution

Unified Digital Workspace

Mobile apps

Web apps

On-premapps

Virtual apps

In-house mobile apps

Public mobile apps

Unified Workspace

with entitled apps

Workspace ONE

bution

Workspace ONE Apps Suite

Workspace ONE

Boxer Browser

Single access to your enterprise

Elegant and intelligent mail

experience with enterprise grade

security

Seamless and secure access to corporate intranet

Content Locker

Secure and instant access to corporate content repositories

User Experience | Security | Privacy | Extensibility | Seamless Workflows

bution

Securing Mobile Apps

bution

AUTHENTICATION

MODULE

DEVICE

POSTURE

APP SERVICE

Workspace ONE

Managed Jail Broken

DEVICE COMPLIANCE

3rd PartyMSA | Malware | Trust

LocationBlacklist

IDENTITY CONTEXT

Authentication

Provider

Network

Authentication

Strength

Session

Application

Remote Apps | Web Apps | Native Apps

bution

Mobile SSO

Password-less login experience into a native mobile app (No SDK or app wrapping required)

Pre-requisite: Requires device enrollment into Workspace ONE

bution

Mobile Experience Without Workspace ONE

17#SAAM2294BU CONFIDENTIAL

bution

Mobile Experience With Workspace ONE

bution

Enabled Through One Touch SSO

Workspace™ ONE™One Touch SSO

TRUST Cloud

SaaS AppsTrust ID Key

bution

Conditional Access

IF THIS THEN THAT (IFTTT)Conditions Action

Enrolled Vs unenrolled device

Enrolled device becomes non-compliant

Device OS (iOS Vs Android Vs Win10)

Network location (corp network Vs public)

Group membership

Step-up with MFA

bution

DEMO: Mobile SSO and

Conditional Access

bution

Two Factor Authentication (2FA) For Your Apps

Condition

Workspace ONEApp name

Device OS

Network Location

Group membership

Any 3rd party MFA

Built-in MFA

bution

VMware Verify Mobile-Push Strong Authentication

Built-into Workspace ONE for consumer simple, enterprise secure strong authentication

Key Benefits

Simple consumer-like

registration and useNo more instructions, codes or

copying and pasting for high

compliance strong authentication

Reduce strong

authentication costs Reducing or eliminating

traditional tokens

Leverage the

smartphone Nearly every employee

already owns as a physical,

second factor of

authentication

Reduced security riskOf replay, keylogger, and man-

in-the-middle attacks by

authenticating users outside of

the application

bution

DEMO: 2FA For Apps

bution

Derived Credentials (PIV-D Manager) Support

Derived Credential:

A client certificate generated on the mobile device (or issued) after an end user has proven their identity by using their existing smart card

HSPD-12 and DoD Directive 8100.2

mandate that smart cards be used for all

physical, logical, and network access

bution

Protect Against Mobile Threats Through Partner Integrations

Conditional

Access

Policy

Mark DeviceNon-Compliant

MTD solutions

bution

Automated Compliance and Remediation

Set Rules

Define Actions

Perform Escalations

bution

Building Mobile Apps

bution

Workspace ONE Platform Services

Leverage Foundational Services To Develop Apps Quickly

bution

App Development Tools

Use Native Dev Platforms

Or Hybrid Dev Platforms (Xamarin, Cordova, SAP Fiori)

Software Development

Kit (SDK)

Provides a sub-set of SDK functionality to already

developed apps

Application Wrapping

EMM standard for enterprise apps to interpret configurations

and policies

bution

Security and DLP Policies

• Authentication Type

• Single Sign On

• Integrated Authentication

• Offline Access

• Compromised Protection

• App Tunneling

• Content Filtering

• Geofencing

• Network Access Control

• Copy / Paste

• Open-in App

• Screen Capture

• Watermark

• Data Backup

• Location Services

• Camera

• Printing

• Bluetooth

SDK Features

bution

App Tunneling And VMware NSX For SDK Apps

Device Level VPN

Full Network Access

App Level VPN

Select Network Access

App Level VPN

Full Network Access

bution

Workspace ONE

(Swift, Java,

Xamarin, Cordova)BUILD

Developer builds application

INTEGRATE

Developer integrates AirWatch

SDK into app

aCONFIGURE

Admin configures policies in

AirWatch Console

aDEPLOY

Admin configures policies in

AirWatch Console

SDK Lifecycle

bution

Code Samples

Initialize SDK

import AWSDK

class AppDelegate: UIResponder, UIApplicationDelegate, AWSDKDelegate {

func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions:

[NSObject: AnyObject]?) -> Bool

// Override point for customization after application launch.

let awc = AWController.clientInstance()

awc.delegate = self

// Your application's scheme name

awc.callbackScheme = "myCallBackSchemeName"

awc.start()

return true

bution

Code Samples

Check for compromised status

let deviceInfoController = DeviceInformationController.sharedController()

let compromisedStatus = deviceInfoController.isCurrentDeviceCompromised()

if compromisedStatus == true {

AWLogInfo(”Device is jailbroken!”)

Wipe data

func wipe() {

AWLogDebug(”Wipe application specific data")

Go offline

func stopNetworkActivity(networkActivityStatus: AWNetworkActivityStatus) {

bution

DEMO: Building App With SDK

bution

Key Takeaways

Workspace ONE provides a platform for your app lifecycle management and security

You can manage and secure ANY type of mobile app using Workspace ONE

You can develop in-house mobile apps using Workspace ONE SDK and APIs

bution

saam2294bu simplify management and security of your mobile ... › vmware › vmworldus17 › sess...

Documents

ch. washington laws, 1st ex. sess

1970 sess. ch. 64, 65 -...

master ii - ufr sess-staps

asp 3.3 sess. i cold war

sp 3 sess. 4 usn transition

montana comprehensive as sess ment

security excise system specifications (sess) · emcs system...

ihdp program (2005); sess? (oran 2006)

verbale n° 93/xviii sess. - cni

ufr sess staps

mm-1-12- sess 11

i prova - i sess. 2011...

day 3,4 sales & didtri sess 6

unit 1.2 sess 1,2

sess policy manual 2022-01-04

visual arts - sess

american sea power, sess. 1, beginnings

sess report 2018 - sios-svalbard.org

january sess ion

83690136 sess-3-modelling-and-simulation