Business Mobility - otevřete svou mysl k tomu, co je možné
•Download as PPSX, PDF•
1 like•694 views
Virtualization Forum 2015, Praha, 7.10.2015 sál VMware Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Business Mobility - otevřete svou mysl k tomu, co je možné
Similar to Business Mobility - otevřete svou mysl k tomu, co je možné (20)
More from MarketingArrowECS_CZ
More from MarketingArrowECS_CZ (20)
Recently uploaded
Recently uploaded (20)
Business Mobility - otevřete svou mysl k tomu, co je možné
- 1. Business Mobility Otevřete svou mysl k tomu co je možné Vojtěch Morávek Sr. Systems Engineer #vmwmobility
- 2. New Approach Manage and secure apps and content Device Trust established through enrollment Access Controlled by Identity Management …and Drives a New Approach to Mobile Security and Identity 3 Old Mindset Only trust devices where you manage the OS Device Trust established by the Domain Access Controlled by Network Management
- 3. Mobile-Cloud Era Client-Server Era Spojujeme dva světy #vmwmobility 3
- 4. 6 “Uživatelé si už na mobilitu zvykli, nyní jsou na řadě podniky” #vmwmobility
- 5. SaaS Overtakes On-Premises SW Spend 7 Security shifts from “Network” to “Identity” 77
- 6. Identity and Mobility go hand in hand Manage the user Manage the device
- 7. Common App Delivery Model • The most flexible and intuitive experience for enterprise self-service 9 Entitlement: 1000 Apps in App Center Subscribed: 100 Apps in Launcher Favorites: 10 Apps on Home Screen
- 8. 10 One Login | Same Experience | Any Device Virtual Desktops Citrix XenApp Office 365 View Hosted Apps ThinApp PackagesGoogle Apps App Approvals App Catalog Custom Branding Context Aware
- 9. Citrix XenApp Native MobileNative Mobile Horizon Air Web ApplicationsWeb Applications On-premises ThinApp and Web Apps VMware Identity Manager On-Premises Offering CONFIDENTIAL
- 10. Web Applications Native MobileOn-premises Web Apps Web Applications Native Mobile VMware Identity Manager SaaS Offering CONFIDENTIAL
- 11. 3D akcelerace aplikací CONFIDENTIAL VMware vSphere NVIDIA vGPU Horizon GPU GPU
- 12. 4K Resolution Support 17 4K (3840x2160) Windows VDI desktop resolution support Single monitor support with Aero on Win7 / Win 8 with HW10 3 x Monitor support with Win7 (Aero Disabled) with HW11 Client 3.5 & View Agent v6.2 4K Guest resolution – Not 4K monitor support with high DPI scaling
- 13. Simple Application Provisioning No packaging, no sequencing, no streaming. Simply install applications natively. Provision applications as easily as installing them. 2 Mount the AppStack and install applications 1 Create a new, empty AppStack 3 Provision the AppStack
- 14. UEM: Consistent and Personalized Access Across Devices Personalized Published App Settings Persist to Virtual Desktop at login 19
- 15. Client Info at Logon– VMware UEM Integration 20 Client Information available to UEM before the user logs on Enables UEM to access View Client IP / Client Name Information from Horizon Volatile Environment Variables Client information updated on reconnect VMware UEM Enables more control for UEM Dynamic Configuration for Horizon sessions RDS Applications Works with VDI desktop and RDS desktops and applications User Logon Dynamic Configuration based on client info VDI Desktops RDSH Desktops
- 16. NSX: Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated 21 Security Group = Quarantine Zone Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network} Security Group = VDI TierPolicy Definition Standard Desktop VM Policy Anti-Virus – Scan Quarantined VM Policy Firewall – Block all except security tools Anti-Virus – Scan and remediate
- 17. Datastore 1 Linked Clones in Action 1 Master RDSH VM 2 Replica 1 1 C Drive Datastore 2 3 4 Replica 1 Read- only
- 18. RDSH Load Balancing - Perfmon-based Load Reporting 25 View Connection Server 0 VB Script View Agent RDS Host 1 VB Script View Agent RDS Host 1 VB Script View Agent RDS Host 1 1 3 Magnetic Sessions: A user with an existing session will re-use that session and ignore the load balancing rules.
- 19. Access Point – Overview Hardened appliance for external user access – Security Server alternative SLES 11 Linux Appliance Added Security & Multifactor Authentication Pass-Through Authentication Smart Card Support – Tech Preview Feature Parity with Security Server Overview Benefits Remove Windows VM’s from DMZ Scale Out independent of Connection Server Product Independence Simplified Installation Access Point Appliances Internal Network External Connection Servers Load Balancer CS1 CS2 DMZ Load Balancer
- 20. Overview Benefits Windows 10 VDI desktops and RDSH desktops with Lync client installed Windows 10 VDI desktop now supported Client support includes Windows 7, Windows 8, Windows 8.1 & Windows 10 with Microsoft VDI Plug-in for Lync Customers can migrate to Windows 10 or leverage RDSH desktops for VOIP and video. Highly scalable VOIP and video calling within the VDI infrastructure Enterprise grade UC VOIP and video using standard codecs QoS support for real-time VOIP and video Lync 2013 (Skype for Business) Support RDS & Windows 10 RDSH Desktops Desktops
- 21. Access Point and Security Server Comparison Feature AP SS Hardened Linux Appliance Optional Multifactor Authentication Smartcard (Tech Preview) Dynamic Pairing to Connection Server Via Load Balancer Windows Server Static Pairing to Connection Server Horizon View Horizon Air Mirage Gateway Future Release Workspace Portal Future Release Project Enzo Future Release
- 22. Positioning within EUC Portfolio CONFIDENTIAL 29 Horizon View Horizon Advanced Horizon Enterprise Horizon 6 Centrally Managed-On Prem Horizon Air Cloud- HostedLocally Executed Horizon FLEX
Editor's Notes
- [Clip 2] 90 seconds (entirety spoken by ted OFF Camera) To begin our talk.. I’d like to introduce two analogies which illustrate and draw parallels to the Modernization of today’s datacenter The first analogy is tied to one of my passions, architecture.. Moving left to right the images progress to show improvements in construction materials and techniques The Roman aqueduct on the far left was the height of technology in it’s day.. and starting in the year 1,110 the innovation of a structural ‘buttress’ allowed taller buildings w/ larger windows. But it was the development of construction quality steel that ignited our ability to go higher and allowed the Empire State building to rise to fourteen hundred feet. Today the use of steel has become the norm. Finished in 2010, the Burj Kalifa is the world’s largest building and amazingly it was created with a smaller construction crew and approx one-half the steel used in the Empire State building. The second analogy is the development of the modern automobile. Initially assembled by hand in small custom workshops, production was revolutionized with new techniques such as the assembly line. This allowed the process to move much faster and also reduced errors. Today’s modern manufacturing plants are highly automated with robots performing an extensive amount of the work. The improved ‘automation’ has made the line faster and also reduced human errors. Staff workload has shifted to mostly design and engineering.
- This growth and movement towards application access on the go drives a whole new approach to Mobile Security and Identity We can now see the old mindset was myopic and even limited. For example, in the old world of devices, the mantra was always “lock it down…device by device”. However, the Ugly truth is only a small percentage of mobile devices were actually secured. The focus was usually on encrypting devices like routers to prevent denial of service attacks. This is the legacy security model - Optimized for securing data but not the apps which tap into the data. And now in the world of cloud data centers, with this mindset we see those who have invested billions to shore up the perimeter are not always keeping the bad guys out. CLICK Taking the new approach with identity management, the entire chain is secured We have to think beyond locking down an individual smart phone, tablet, or even a router – and focus instead on securing the applications and users in a dynamic way Equally important, we need to think beyond managing compliance – and instead manage risk in a substantive way T: What we need is a smart game plan. As I thought about this, an analogy came to mind that’s appropriate here in the home of the great “Barca” (pronounced “Barsa”) football club…
- Consumerization has created employees with high expectations. And as a result…employees have moved on and the enterprise is stuck in the client-server world. And my assertion is that those that don’t move on, every single one of them will be obsolete within the next 5 years.
- In the not-too-distant past, we saw Software-As-A-Service spending begin to out-pace On-Premises Software Spending. In doing so, security shifted from the traditional “Network” model to the very mobile “Identity” model.
- COMPANY SIZE 10,000+ customers in 150 countries 1,600+ employees across nine offices 500+ research and development resources Recognized as the industry leader Expertise in building enterprise solutions PRODUCT SCALABILITY Advanced integration and partner ecosystem Common development platform Broadest mobility solution set Multitenant, highly scalable architecture Flexible delivery: cloud and on premise As we can see, Identity Management and Mobility Solutions go hand in hand by allowing flexible management and security of the data accessed by users on the end point devices in question.
- VMware Identity Manager does this by providing a Common Application Delivery Model for customers to deliver ANY number of applications across all devices. Whether a customer has one or one-thousand applications, the physical and management costs are the same. 1 or 1000… The cost is the same…
- No matter the application, the service, or the device, the user gets the same experience with one login.
- Currently the SaaS offering does not support On-Premises features such as Horizon 6, Citrix XenApp, and ThinApp deployment. These features/functionalities are only supported by the On-Premises offering of VMware Identity Manager standard. The On-Premises offering of VMware Identity Manager comes bundled with Horizon 6 Advanced and Enterprise bundles as well as the Horizon App Management Bundle.
- VMware Identity Manager comes in two flavors – the SaaS offering and the On-Premises offering. VMware Identity Manager Standalone SKUs come in two flavors as well: -Standard – This is just the On-Premises Offering (only VMware offering) -Advanced – This gives the customer the choice is either the On-Premises or SaaS offerings. NOTE: STAND ALONE SKUS WILL NOT EXIST AFTER 2015! VMware Identity Manager Advanced comes bundled with AirWatch Blue and Yellow. The customer has the option of going with the SaaS offering or the On-Premises offering. Which option chosen will depend upon what features they need. Currently the SaaS offering does not support On-Premises features such as Horizon 6, Citrix XenApp, and ThinApp deployment.
- When connecting VMware Identity Manager with AirWatch, this allows for a number of enhanced benefits such as: A single application catalog of all applications and services provided across all systems and devices to present the exact application in the fashion needed – whether that be SaaS applications, Mobile applications, or even Windows applications This also provides a variety of policies for dynamic conditions and give admins the ability to use Device Restrictions for greater control of corporate content whether the device is corporate owned or a personal device. Finally, this can provide not only application but device usage analytics for better understand how your end users work.
- So in that context, let’s look at three core pillars. What we're doing in the world of desktops and laptops, what are we doing in the world of mobile and machine, and how we think we can help you share content and data in the next generation.
- This feature will enable 4K (3840x2160) monitor support for View. Up to 3 monitors are supported with HW11 Windows 7 with aero off. Only a single monitor is supported with Windows 8 or aero on in Windows 7 or with HW10. Expect some bandwidth increase but not necessarily 4x - If you take for example, 1080p video inside a 4k resolution desktop, the video is still only 1080p and not 3840 x 2160. Now if video happens to be in 3840 x 2160 resolution then the bandwidth will go up. No test data at this point to refer to. It will require more but will depend on the usage patters and of course number of monitors. WAN use cases will need to be tested for implementation. zero clients will be supported, but they won’t necessarily support High DPI scaling. We don’t have DPI scaling Windows clients, even though we have it for the mac client already. When you enable 3d support for a desktop or RDS applicaion, the maximum resolution inside the guest that you will be able to support is 2560 x 1600 - http://blogs.vmware.com/euc/2015/03/nvidia-grid-vgpu-vmware-horizon.html Video memory guidance around 4K monitors will be provied a t GA
- Susie launches a media player app Changes settings on the application She then logs on to a virtual desktop with Win 8 and open up the media player app with the resized window and icon bar persistent across session
- Will enable UEM to act on information from the client prior to the user logging into the session. This will enable UEM to customise the user experience at an earlier stage.
- Tested on WAN up to 250ms latency but performance may be a factor as latency and packet loss increase. Now includes Compression to reduce network bandwidth and reduce the time to load Now included AES Encryption (SHA 256) to protect data in transit Support for MAC is now GA
- Existing Legacy farms are renamed to Manual Farms At present, RDSH Servers have to be manually created and added to farms which form the building blocks of Remote Desktop(RDS)/Application pools. As the RDS servers in a farm are not linked clones, it is not possible to recompose farms resulting in the following drawbacks... Requires an ESD tool set to mange the patching and application deployment Using view composer's linked clone technology to build out RDS Server farms will solve all the above issues Increased storage requirements as there is no sharing of base OS/App disk across multiple RDS servers
- With RDSH, there is only a OS, internal disk. There is no UserData Disk or System Disposable disk
- This feature provides a configurable means for a RDSH to report it's current load to the broker. This takes the form of a script which the agent can execute whose output is a single number. The load value is then reported back to the broker with session state responses ( asynchronous and queried ).The script may report CPU utilisation, Memory utilisation or any other metric the administrator wishes to use for performing load-balancing. For new sessions, the broker will use the load values to order the servers. The load value returned by a script is a single number. The agent will map the single number to a preference as shown in the table for the 4 possible values that can be returned: The default load value for an agent is MED. This will be returned for all cases where a load script hasn't been configured. For cases where a script is executed but doesn't complete within 10 seconds or returns an unsupported value, the load preference value will be set to BLOCK and the agent will set it's state to 'configuration error' which will effectively remove the RDSH from the pool of available RDSH for brokering. For the case where a valid load preference value is already cached it will be possible with a registry flag to override the default behaviour of placing the RDSH into a 'configuration error' state.
- An authenticating reverse proxy implemented as a hardened SLES 11 virtual appliance Transparent to client and Connection Server Ensures that all traffic entering the data center or cloud tenant environment is traffic on behalf of an authenticated user Optional Authentication will mean that you can authenticate users @ the DMZ and only pass-through authenticated users sessions, this is planned for future releases. Remove Windows servers from the DMZ Hardend SLES 11 Appliance Many to Many, means that there is no longer a tie between Security Server to Connection Server Dynamic Pairing Improved remote access deployment flexibility Any combination of remote or local access Independent horizontal scale up/scale down An authenticating reverse proxy implemented as a hardened SLES 11 virtual appliance Transparent to client and Connection Server Ensures that all traffic entering the data center or cloud tenant environment is traffic on behalf of an authenticated user Authentication support through a common identity (auth broker) service, enabling Multi-Stage authentication (e.g. SmartCard in the DMZ) Smart Card/CAC Card (X.509 user certificates) – Tech Preview Pass-Through RSA SecurID and RADIUS, SAML & AD Username/Password are performed on the Connection Server using Pass-Through Feature Parity with Security Server Product version independence Access Point or Horizon View can be upgraded independently of each other
- So to round it out-Vmware is continuing to innovate. Some of the most recent innovations that I just went through including Horizon Flex-now allow us to address more use cases and more end users than ever before. These services can all be delivered centrally from the datacenter—and in the case of Horizon 6—really allow you to deliver virtualized desktops and apps to end users across devices and locations. Horizon Air extends these capabilities to 3rd parties and allows customers to offload the management and costs associated with the day to day maintenance of these services. And now Horizon FLEX allows us to address BYO users who are largely disconnected from the network with containerized desktops or what I like to call MDM for the laptop.