kentoh - Fotolia
VMware is putting a lot of effort into positioning Workspace One as the future of unified endpoint management.
VMware added support for Windows 10 mobile device management (MDM) in AirWatch, a part of Workspace One, in 2015, and in the intervening 12 months it assembled nearly all the pieces to make unified endpoint management (UEM) really happen. UEM allows IT to centrally manage all the workspaces and devices its employees use to get their jobs done.
Announced at VMworld 2016, Workspace One -- which includes AirWatch, Identity Manager and the company's Horizon Air cloud desktop delivery tool -- will also now allow for complete Windows 10 desktop lifecycle management. That includes patch management, software distribution, hardware configuration and more. Desktop virtualization shops should get to know more about Workspace One and AirWatch's UEM features because they can now manage Windows 10 physical desktops along with their existing virtual desktops using these tools.
The groundwork for managing Windows desktops with MDM goes back to the introduction of Microsoft Intune in 2010. Intune's cloud-based Windows desktop management toed the line between the future of IT and insanity. Now, Microsoft has added MDM APIs into Windows 10, so IT can manage Windows 10 with the same tools it uses to manage mobile devices.
MDM and Windows desktop management under one roof
At this point, you're no doubt comparing the list of MDM capabilities to the list of things System Center Configuration Manager, Spiceworks, Dell KACE or Symantec already do for your Windows desktop management capabilities. And if you're not using those tools, you're still comparing it to all the things you can do with Group Policy.
You'd be right to do that, because in your network everything likely revolves around the Active Directory domain. User access to files, applications, email and printers is all tied to the domain, so why wouldn't your configurations and management be as well? But if you had to design a new network today from the ground up, would you even have a domain, with on-premises application servers and databases? It's a complex management system that requires special skill sets to operate, so probably not.
Instead you'd use the cloud as much as you could, but that opens up a slew of new problems, not the least of which is confirming users' identities. To connect users to the services and applications they need without a central user authority, IT can use identity management products such as VMware Identity Manager. Plus, your endpoints likely include some or all of the main OSes today: Android, iOS, Mac and Windows. To enforce configurations on these devices, IT could set up a domain for Windows, get JAMF for Macs and MDM for mobile devices, for instance. Or, you could use an MDM platform to manage them all in one place, which is much simpler. In fact, OS X has the same MDM APIs as iOS.
A mobile data security quiz
Data security approaches have changed since workers have become more mobile. Take this quiz to see how much you know about keeping mobile data safe.
Windows desktop management at a crossroads
So that's the situation we're in today. Vendors noticed the Windows desktop management market is at a pivot point. The way IT manages Windows desktops can and should change. But getting companies that do things the traditional way to switch isn't easy. With so many services and applications dependent on the domain, shifting management approaches is a long-term project with many phases. Physical desktops might be the last thing to go.
So right now, there's not much to do other than be aware that MDM is maturing to the point where it makes a compelling case for Windows desktop management. Keep your eye out, because as you begin to move on-premises services to the cloud you might realize you're unnecessarily running a domain just for the sake of managing Windows desktops.
UEM brings mobile and desktop management together
XenMobile 10.3 includes UEM
Workspace One vs. Citrix Workspace Cloud