For every on-premise application, there seems to be a cloud equivalent that end users can access from anywhere,...
including on the corporate network. IT pros need a way to control access to these cloud-based apps in the same manner they control on-premise corporate apps.
There are a handful of cloud application management platforms that corral SaaS and on-premise apps, and give IT a way to control access and delivery. These platforms are also convenient for end users because they see all their apps in one window and use a single sign-on for access.
The initial release of VMware's Horizon App Manager gives IT pros a way to manage access to cloud-based applications, and future versions will support on-premises apps. Two small companies -- Okta and Centrix -- have similar application management portals that are also hosted in the cloud.
VMware Horizon App Manager
The Northwest Evaluation Association (NWEA), a non-profit educational services organization in Portland, Ore., used TriCipher's MyOnelogin before VMware bought it for Project Horizon last year. Now, it's testing Horizon App Manager to give employees and customers access to NWEA applications and services.
Scott Gwartney, NWEA's infrastructure architect, leads the proof of concept of Horizon App Manager at NWEA and plans to roll it out into production soon. The ability to consolidate user logins for SaaS apps with a single sign-on will benefit the organization most, he said.
"We also have some internal apps built into it, so our delivery team doesn't have to log in over and over again," Gwartney said.
IT pros considering Horizon App Manager and similar platforms have to weigh the risk of exporting user names to a cloud service provider. For NWEA, the reward is greater than the risk.
"We run everything through our internal teams to make sure we aren't taking too much of a risk. There is still a leap of faith with cloud, though," Gwartney said. "We would never have adopted it if it required exporting passwords. With the user names, they are just looking at hash."
During the test phase, NWEA uses Horizon for five applications. Eventually, Horizon App Manager will deliver all of NWEA's apps, which are accessed by about 400 users. Gwartney said they will eventually make it a requirement that application providers support it.
Horizon App Manager costs $30 per user, per year for unlimited applications.
Okta cloud app management
Okta Inc.'s platform for SaaS and on-premise apps launched before Horizon App Manager and, so far, supports over 750 commonly used applications. It includes a self-service identity management tool that lets IT add users and applications as needed. Anything with a Web-enabled login can be managed through Otka, including intranet, Wikis, engineering tools, test databases and SaaS apps.
Like Horizon App Manager, Okta's platform is hosted in the cloud and it uses Active Directory to authenticate user identities against cloud-based applications. Okta and VMware both say their architectures hook into customer directory services without compromising data security or punching holes in the firewall.
Some companies that trust Okta's platform include AppDynamics, WhitePages and Drobo, a division of Data Robotics Inc. that sells storage devices. Tom Ta, Drobo’s IT director, uses Okta to deliver about 24 corporate apps and provide single sign-on for users.
"As SaaS becomes prevalent in the corporate environment, you end up with multiple logins and it becomes difficult to manage all of your applications," Ta said. "We needed to consolidate log-ins and add a layer of security, and it gives us a simple way to view accounts and remove accounts our company uses."
With the cloud app management portal, Ta can also deactivate accounts when employees or contractors cut ties with the company and set policies around who accesses which apps from where.
Another benefit is that Okta supports multiple Active Directory authentication points, so if one of Drobo's Active Directory servers fails, the cloud-based Okta platform can use a secondary directory server as backup. Ta said he hasn't experienced any downtime with Okta and not having to manage the platform himself is a bonus.
The Single Sign-On Edition costs $5 per user, per month, and the Standard Edition is priced at $10 per user, per month. Okta offers an Online Free Trial with access to the full Standard Edition identity management service for 30 days.
U.K.-based Centrix Software launched its application management portal called Centrix WorkSpace Universal in May 2010. It delivers desktop and application services provisioned from physical and virtualized servers, cloud, and Web platforms to end users who access everything using a single sign on.
WorkSpace Universal is part of Centrix's WorkSpace suite, which includes WorkSpace iQ, an end-user computing analytics tool that shows how IT services are really being used. It also includes WorkSpace Discovery, an analytics tool for companies that want to see what applications are installed on PCs and laptops and what's being used.
The company said its application management tool is for businesses with more than 500 users and can scale to 50,000 seats. It costs about $35 per seat, and volume pricing is available. Centrix was unable to provide a reference customer.
Another option is Citrix Systems Inc.'s self-service app delivery platform, Receiver. Unlike the cloud-based app platforms, Receiver is a network appliance that IT pros manage and it supports both cloud and on-premises apps. Like the others, it also supports single sign on and lets users access applications from various Internet connected devices.