chanpipat - Fotolia


VMware Workspace Portal puts desktop, app access in one interface

VMware Workspace Portal offers users one interface where they can access SaaS and published apps as well as data-center and cloud-hosted desktops. If your shop supports any of those, the portal could be right for you.

VMware has positioned its newly minted Workspace Portal as a one-stop shop for anywhere, anytime application access. But do you need it?

The earliest iteration of VMware's Horizon Workspace, first called Horizon Application Manager, was billed as a way to unify access to all the software as a service (SaaS) applications that organizations need, featuring single sign-on (SSO) for top security.

Now renamed VMware Workspace Portal, the product provides access to applications and desktops inside your organization, and even desktop as a service (DaaS). The new portal is integrated with both VMware's Horizon View product for desktop virtualization and, rather surprisingly, Citrix XenApp.

It seems that VMware's intent is to have the portal be the center of users' access to all their applications, from SaaS and published apps to VDI and DaaS.

But do you want or need this kind of portal? Didn't we try portals 10 or 15 years ago and decide they weren't as useful as we thought they'd be? It's important to take a look at the capabilities of VMware Workspace Portal and determine what kind of environment benefits most from this offering.

SaaS access features in VMware Workspace Portal

One of the biggest hits of Workspace Portal is its security. IT shops that need tight password protection and verification should look at this portal for SaaS access. Many users like SSO because they must only remember one password to access all their applications. Once users enter the first password, the portal handles the rest of the logins without asking for more.
Unlike older SSO products, Workspace doesn't have a huge database of all the passwords for every user in every application. It uses Security Access Markup Language (SAML) to prove to the other applications that users are who they claim to be. The SaaS application does not even maintain a password for users; it asks Workspace to verify them.

Workspace authenticates the password through Active Directory (AD) and checks to make sure the user is still in the AD group that is allowed access to the SaaS application. To grant or revoke access, you can add or remove users in AD groups.

This process is much simpler than requesting account changes from the SaaS provider, but the challenge with SAML is that it is open-standard. Each SaaS vendor's SAML implementation can be a little different, so if a particular SaaS application has never been integrated with VMware Workspace, setting it up may not be straightforward.

Workspace ties in VDI and DaaS desktops

VMware has recently expanded the Workspace Portal to broker access to virtual desktops and server-based applications. That means users can get their desktops and published applications alongside their SaaS applications.

Like SaaS applications, these desktops and published apps use AD credentials to get a list of what users can access. That list appears in the portal alongside the Web applications. Particularly for VMware Horizon View, this feature brings a Web interface that has been missing for a while.

The Remote Desktop Session Host support is most useful for shops that publish applications rather than full desktops. Users seldom have access to more than one desktop, but they might need a dozen published applications. Application publishing is quite new for VMware Horizon, but it has been a feature of Citrix XenApp for many years.

VMware has also added support for its own Horizon DaaS platform to the Workspace Portal. Horizon Air Desktops and Apps are hosted on VMware's vCloud Air infrastructure. They appear alongside users' other applications in the portal page. Other DaaS providers can host desktops on Horizon DaaS too, but they only integrate with SAML, and the experience is not quite as smooth.

The other new capability in Workspace Portal is its access to ThinApp, VMware's application virtualization product. Workspace Portal makes it easy to distribute ThinApp packages to users by displaying the applications in the same Web page that lists their SaaS and published apps.

ThinApp packages can only run on Windows devices, but users can access SaaS and VDI applications from Mac computers and mobile devices. Each device gets its own customized view of the user's applications and desktops.

If you have a lot of corporate-approved SaaS applications and struggle with user Move/Add/Change requests, then a SAML-based SSO portal such as Workspace can be a great help. Make sure your SaaS applications support SAML, and ideally, that they have a support statement around Workspace Portal. If you support virtual desktops, application publishing, VMware's ThinApp or Horizon DaaS, then it makes a lot of sense to adopt this portal, where everything can launch from the same Web page.

Next Steps

What's missing from VMware's Workspace Suite

VMware Horizon Suite components

Dig Deeper on VMware virtual desktop software