VMworld 2013
Manrat Chobchuen, VMware
Dean Flaming, VMware
Cindy Kou, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
VMworld 2013: Integrating Enterprise Application with SAML to VMware Horizon Workspace
1. Integrating Enterprise Application with SAML to
Horizon Workspace
Manrat Chobchuen, VMware
Dean Flaming, VMware
Cindy Kou, VMware
EUC5541
#EUC5541
2. 44
New Device Platforms New Apps New User Expectations
Three Trends Are Forcing Massive Change on IT
New Device
Platforms
A new way to work
Not just Windows anymore
New User
Expectations
Collaboration with partners,
contractors, and customers
Productivity through better technology
New
Apps
SaaS, mobile apps
Quantity is increasing
New Apps New User ExpectationsNew Device Platforms
3. 55
Mobility Is Changing Everything: PCs Are Not Your Only Worry
0
300
600
900
2009 2010 2011 2012
Smartphones and tablets PC shipments
of information workers
use three or more
devices for work to
increase productivity
EXPLOSIVE
GROWTH
in shipments of
smartphones and
tablets
Sources: IDC, BGR, Forrester
FLAT
pc shipments
New Device Platforms New Apps New User ExpectationsNew Device Platforms
4. 66
Resulting Challenges for Our Customers
New Device Platforms New Apps New User ExpectationsNew Device Platforms
User now expect to do work from home or on mobile devices
We need to support a wide variety of devices, including Macs, iPhones,
Android phones, and tablets
Until recently, we have not had a solution for securing corporate data on
mobile devices
BYOD is great, but we have needed to separate corporate assets from
employee personal assets on employee-owned mobile devices
We need to simplify the end user experience across devices
We need a solution that evolves with our needs and the market
“ Mobility enables officers to run queries on suspects and file incident reports while on patrol.
This allows them to spend more time in the community, rather than back at the desk. The
productivity increase essentially means more boots on the ground and safer streets.”
Mike Legdon, IT Manager, South Yorkshire Police
5. 77
New Apps Are Flooding the Enterprise
Ratio of mobile app
development projects
to native PC projects
i n 2 0 1 5
PACE OF
TECHNOLOGY
ADOPTION IS
ACCELERATING PC
100M USERS
20YEARS
INTERNET
100M USERS
10YEARS
MOBILE
100M USERS
5YEARS
% OS Neutral % Browser Specific % Windows
1996
CROSSOVER
POINT
Apps in the Enterprise
2011 2020
0%
100%
50%
New Device Platforms New Apps New User ExpectationsNew AppsNew Device Platforms
Sources: Gartner, Internal VMware Analysis
6. 88
Resulting Challenges for Our Customers
New Device Platforms New Apps New User ExpectationsNew Apps
Our application portfolio has evolved from Windows-only to include web,
SaaS and increasingly mobile apps
We need an efficient and centralized way of providing all types
of applications to our employees
The applications users can access must vary based on the device
and location they connect from
We need to readily adapt to support more apps and new app platforms
as our needs and the market evolve
“ We have 2100 applications today vs. just 100 when I started in 1997 – and that’s just
counting the sanctioned apps. We don’t see consumerization as a threat; it’s an opportunity
to get ahead of the business requirements and meet end user demand.”
Chad Erickson, IS Administrator, General Mills
7. 99
New User Expectations for Productivity Are Driving IT to Evolve
ENTERPRISE END USER COMPUTING
“88% of executives
report employees
are using their
personal computing
technologies for
business purposes”
DEMAND ACCESS
FROM ANYWHERE
“9 out of 10
companies report
the use of consumer
technologies in the
workplace”
BETTER CONSUMER
TECHNOLOGIES
“74% of employees
use consumer
technologies due to
lack of compelling
alternatives from IT”
LACK OF CHOICES
FROM IT
New Device Platforms New Apps New User ExpectationsNew Apps New User Expectations
Sources: IDC, Avanade
8. 1010
Resulting Challenges for Our Customers
New Device Platforms New Apps New User ExpectationsNew User Expectations
Corporate technologies should be as easy to use as
consumer technologies
Users are introducing consumer apps into our corporate environment.
We must provide compelling alternatives or lose control
We need to protect sensitive company data and stay compliant
We see an opportunity to use technology to improve employee
productivity and retain talent, but are unsure how to capitalize on it
“ So many of our employees need to access LA County documents and data from their iPads
at home. We need a secure way of providing Dropbox-like functionality.”
Tony Cronin, Datacenter Team Lead, County of Los Angeles
9. 1111
Mobility Brings New Challenges, but Also New Opportunities
THERE ARE TWO REASONS TO INVEST
SOLVE PROBLEMS GAIN COMPETITIVE EDGE
COMPLIANCE
Are consumer technologies
compliant?
Policy Violations = Increased Risk
SECURITY
Only 5% of devices use
mobile security
Low Adoption = Increased Risk
COST
Too many apps,
too many devices
Diversity = Complexity = Cost
SATISFACTION
Differentiate and
retain top talent
Satisfaction = Retention
COLLABORATION
Communicate with at-home workers,
contractors, customers and partners
Collaboration = Performance
PRODUCTIVITY
Mobile users are 20% more
productive than non-mobile workers
Access = Increased output
Sources: IDC, Forrester
10. 1212
VMware Horizon Is the Platform for Workforce Mobility
Transform: Simplify
desktops, diverse apps
and data into
centralized services
Deliver: Empower your
workforce with flexible
access across devices,
locations and connectivity
Broker: Manage & Secure
centrally and broker services
to your workforce by policy
11. 1313
VMware Horizon Workspace at a Glance
IT ADMINS
Single management console for
administration, managing security
and user entitlement policies
END USERS
Single workspace for accessing
data, apps, desktops
Delivered on any device
12. 1414
File Collaboration with Colleagues, Customers and Partners
Challenge
Users introducing consumer devices and apps
into corporate environment
Need a secure way to collaborate on files both
internally and with customers, partners and
work-at-home employees
Solution
Anytime, anywhere access
Offline & online data access
High-fidelity doc previews
Document versioning, commenting and auditing
Benefit
Personal & team productivity
Share documents in an IT friendly way
Stay up to date effortlessly
IT governs end user usage
v1
INTERNAL EXTERNAL
v2
v3
13. 1515
Easy Access to Enterprise Applications & Services
Challenge
Different way of getting apps from every platform
Multiple logins increases support costs
Provisioning applications is costly
Solution
Single context-based catalog
Data, Apps, Services, Virtual Desktops
Single Sign On
One-click access to activate / download app
Benefit
Essential apps always at users fingertips
No credentials to forget lowers support costs and
improves productivity
Provides users self-serve access
Consistent methodology to deploy apps
14. 1616
Enterprise Integration
Challenge
Enterprise application are desktop application, and web application.
User need to type in their credential every time they login to each application.
No single source of provisioning, IT Admin need to provision individual application everytime new user
join the company.
Solution: VMware Horizon Workspace
Single SSO workspace administration for SaaS (Cloud based) and internal application.
User just need to remember their AD password, single user for all application and single sign on.
IT Admin can provision user easily, and able to disable user from single place if user leave the company
or the account has been compromised.
15. 1717
Single Sign On (SSO) Basic
Security Assertion Markup Language (SAML)
XML-based open standard open exchanging authentication and attributes between identify provider and
service provider.
Identify Provider (IdP) is authentication service. This service is fully protected and live inside corporate
environment. In this case , Horizon Workspace is IDP.
Service Provider (SP) is actual web application, it can be external cloud based application, or corporate
web application.
16. 1818
Horizon Workspace SAML
Service Virtual Appliance (where it all happens)Implementation
Connects to Web application via SAML 1.1 / 2.0
Supports Web Browser SAML POST profile only
There are 3 components to SAML, the SP, User agent and idP
The Web Browser Post Profile indicates that the User Agent portion is required to initiate the flow.
Support SP-INIT (SP sends SAML authentication request to Horizon)
Support Psuedo-SP-INIT (SP redirects users to Horizon for authentication)
18. 2020
Enterprise Application Integration
Prerequisites
Deploy VMware Horizon Workspace
Pick Application Framework: What language/framework that application has been developed
Execution plan
Refactor current application to support SAML SSO.
Add new user provisioning module: If new user does not existed.
Map user credential: Application may already used userid. Horizon Workspace can map ID from
email, AD user ID, or external id (horizon based id)
Add SSO framework onto existing application.
Obtain idP certificate from Horizon Workspace
Configure certificate into Application
Setup SAML enabled application to Horizon Workspace
20. 2222
User Mapping
What to choose for identify user
UserId : Active Directory User Id. This one is exactly what has been used to sign in to AD environment
Email : For cloud based application, and always the wise choice for most of web based application
26. 2828
Other VMware Activities Related to This Session
HOL:
HOL-MBL-1304
Horizon Workspace - Explore and Deploy
Group Discussions:
EUC1005-GD
Workspace with Rasmus Jensen