First Look at New Technology (#3): VMWare Project Horizon Developers Liam Yu: VMware
Disclaimer This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. “THESE FEATURES ARE REPRESENTATIVE OF FEATURE AREAS UNDER DEVELOPMENT. FEATURE COMMITMENTS ARE SUBJECT TO CHANGE, AND MUST NOT BE INCLUDED IN CONTRACTS, PURCHASE ORDERS,OR SALES AGREEMENTS OF ANY KIND. TECHNICAL FEASIBILITY AND MARKET DEMAND WILL AFFECT FINAL.”
VMware End User Computing Management Security Compliance
VMware Cloud Application Platform Management Security Compliance VMware Cloud Infrastructure and Management Management Security Compliance VMware Solutions for IT as a Service
End User Computing: What Do Users Demand Today? Diverse Apps Diverse Devices Diverse Access
Project Horizon Vision: Admin Control for End User Services Cross-Platform Portal SaaS Applications Mobility and Offline Enterprise App Store Virtual Desktops View (VDI) End User Workspace ThinApp App Management horizon App Publishing Admin Console AD Directory Federation User Data Mgmt Collaborative Workspace License Tracking Access Management
VMware End User Computing Journey to the Cloud
Project Horizon: SaaS App Management
Challenges SaaS identity silos No compliance & access controls Damage and loss from passwords 95% of apps use User ID and Password - not federated Options Extend LAN IDM System – Expensive! Develop, Test, and Certify Individual Connectors to each SaaS app Email SharePoint AD Enterprise SaaS Application Management Challenges HR App Hosted SharePoint Workday Salesforce.com
Project Horizon: Enterprise AD federation to SaaS Email SharePoint AD HR App horizon Secure STS Hosted SharePoint Workday Future SaaS Apps Salesforce
Project Horizon: Enterprise SaaS Federation Challenges Horizon Features: Federation & Enterprise connector SaaS identity silos Audited Role Based Access No compliance &access controls Never-compromised credential withSplit-key Technology Password exposure:damage, loss Horizon Federation Network Costly managingpartner access
Project Horizon: On-Prem Components Features Lightweight software-based enterprise connector that integrates with AD/LDAP Unified Enterprise identity – extend enterprise identity to SaaS One place to manage users – your enterprise directory Real-time integration, option with no directory sync required Administrative Selections to Poll AD for Users / Groups Easy integration with internal desktop login (Kerberos/NTLM) for SSO Customizable Branding horizon sts Virtual Appliance Microsoft IIS Service
Project Horizon: Usage of SAML SAML provides high security
No passwords so eliminates phishing opportunities
SAML tokens are digitally signed so cannot be tampered
Provide a Time To Live duration to prevent replay attacks
SAML is an open standard supported by major SaaS vendors like Google, Salesforce.com, Webex, etc 1 2 3 App User DB User Service Provider Identity Provider, e.g. AD
Project Horizon: Usage of HTTP Unity What about apps that do not support SAML?
Mechanism for exchanging user identity data, SSO and authentication between multiple federated security domains.
No changes to application
Horizon service stores app credentials in secured “ID Vault” & provides them to app based on user’s authentication to IDP
Single Sign On for User
Project Horizon: Multi-Factor Authentication Support
Flexible Authentication Options
2nd factor browser cookie
Mutual Authentication: Confidence image/text
Horizon: Securely Bridging to the Cloud horizon Salesforce Google Apps Workday 1 Active Directory (Users and Groups) SaaS Applications Horizon STS (Secure DS Extender) Horizon SaaS Adapters 3 File Servers DMZ End User Computers Horizon Agents Horizon On-Prem Connector 2 Manage the User Locally, but Extend Identity to the Cloud
Project Horizon Cloud-Ready Application Management for your traditional, virtualized and SaaS applications
Complete application visibility: Deploy, manage and report
Seamless access to applications across different device platforms
A single solution for your traditional and virtualized desktops
. . . delivered as a service from the cloud.
First Look at New Technology (#3): VMWareProject Horizon Stop by our booth for more details
Visit the Developer Training and Support Booth in Force.com Zone D I S C O V E R Developer training, certification and support resources that help you achieve S U C C E S S Find us in the Partner Demo Area of Force.com Zone 2nd Floor Moscone West Learn about Developer Certifications Discover Developer Learning Paths
Remember. . .
Check Chatter for additional session information
Get your developer Workbooks and Cheat Sheets in the Force.com Zone
Visit for more information related to this topic
Don’t forget the survey!
How Could Dreamforce Be Better? Tell Us! Log in to the Dreamforce app to submit surveys for the sessions you attended Use the Dreamforce Mobile app to submit surveys OR Every session survey you submit is a chance to win an iPod nano!