Integration & Innovation: Announcing Horizon FLEX
Today I’m at VMworld Europe where we made some exciting new announcements in End-User Computing. For this blog, I wanted to focus on a new product we announced called Horizon FLEX. FLEX is interesting because it’s both an integration and an innovation.
First, let’s start off with what we’ve been up to with integrations. As you know, I’ve written a couple of blogs on our integration plans for EUC. We laid out seven specific integration points that we felt could drive tremendous customer value. Our goal was to release those integrations early and often. The idea being that we get something out there and then iterate on it over time, progressively driving deeper integration and more value. The good news is that we released the first of those integrations last quarter, with the releases of Workspace Portal 2.1 and AirWatch 7.3.
The first three of our integrations are now out there for customers to leverage. Specifically, we now provide a common catalog that lists all of an enterprise’s applications. Users of AirWatch can now see apps of all types on their AirWatch-managed mobile devices, include desktops, desktop apps, SaaS apps, etc. And all of these apps can be accessed in a simple, one-click fashion. In order to facilitate that, we also needed identity integration and SSO, which are also included in those releases. Finally, we expanded AirWatch Secure Content Locker with additional features from Horizon Data.
So this is a good start, but there’s still more to do, specifically around integration #5, which focuses on the need to simplify management for BYO and contractor devices. This is exactly what Horizon FLEX aims to do. And it does this through innovative new techniques as well as combining our powerful technologies.
Introducing Horizon FLEX
So what is Horizon FLEX, exactly? Well, the basic concept is that it enables an admin to run containerized and secured virtual desktops locally on PC or Mac laptops and desktops. It enables all the great security and centralized management aspects of VDI/DaaS for offline use cases, where the user may be traveling or in places without internet connectivity. This is especially useful in BYO or contractor scenarios, where the user brings in a device of their own, expects IT services on that device, but doesn’t want IT taking full control of the device. So leveraging a virtual desktop makes the separation of apps, data, and management very clean. IT manages and controls everything inside the virtual desktop, and the user controls everything outside the virtual desktop.
So how does it work? Well, at its most basic, FLEX extends VMware’s robust type-2 hypervisors – VMware Workstation, VMware Fusion, and VMware Player – with additional security capabilities. The funny thing is that by default a virtual machine is actually very well isolated from the host it’s running on. However, to simplify the user experience, we’ve carefully connected parts of the guest to the host. This enables users to say, drag and drop a file between the guest and the host. But when you think about it, dragging and dropping a file between two separate physical computers (which is really what we’re talking about here) is actually quite difficult. So just like we’ve enabled this functionality, we can very easily disable this functionality based on admin policy. But the policies can go further. We want to enable the admin to enable, disable, or manage capabilities like USB redirection, disk encryption, and the camera. We also want to enable admins to push down WiFi, VPN, and other configuration through policies.
At its simplest, FLEX can managed completely on the end point. Admins can configure a “golden” virtual desktop, with all the apps their users will need and all policies pre-configured. The admin can then distribute that golden virtual desktop via a USB key or other manner. Users copy the virtual desktop to their laptop and they’re off and running.
However, we realize that a USB key is not a scalable approach to provisioning! That’s exactly why FLEX also supports remote OS and app management, leveraging the power of Horizon Mirage. With Mirage, you can remotely provision, manage, and update the Windows OS and apps running on a physical laptop. FLEX extends this functionality to the containerized virtual desktop. This means that as patches or new versions come out, it’s a matter of a few simple clicks for an admin to push those updates out to all FLEX users, who will get them the next time they’re online. In addition, IT can also push out new apps to FLEX users and automatically back up the FLEX virtual desktop transparently. This means if a user’s laptop is lost or stolen, it’s easy to re-provision the user’s containerized desktop on a new physical machine without data loss.
Managing a desktop device just like a mobile device
While remote management of the OS and apps is great, we thought we could do even better. As I’ve mentioned in a previous blog, the mobile-cloud era is all about managing apps, data, and policy in the cloud and the system takes care of implementing those changes in the user’s device. This is exactly what happens with AirWatch and mobility today, where an admin can add apps, configure policies, etc through AirWatch’s admin UI and those changes are automatically pushed down to the users’ devices. We saw the opportunity to take this same mobility management paradigm and apply it to desktop, in this case locally-running containerized desktops with Horizon FLEX.
In the initial version, AirWatch takes care of provisioning Fusion to the local device and keeping Fusion up-to-date. But the real opportunity we see is to enable full app, data, and policy management of FLEX desktops via AirWatch technologies. This way admins can manage FLEX desktops just like they manage their mobile devices. We feel this is extremely powerful and will further simplify desktop management.
Now the VMware history buffs reading might be thinking to themselves, “didn’t VMware have something very similar to this before?” And the answer is “Yes!” and it was called VMware ACE. ACE had the same goal of enabling admins to secure virtual desktops running on Windows or Mac laptops. We ended up EOL’ing ACE in 2011. While we think we had the right idea, in retrospect we were probably too early to market. The big trends today are BYO and mobility, two trends that were in their infancy when ACE first debuted in 2005. With these trends driving customer interest in FLEX, in addition to strong new technologies from Horizon Mirage and AirWatch, we’re excited to bring back the same important concept from ACE with Horizon FLEX.
Integration + Innovation
Horizon FLEX is a composition of three key technologies: container, OS and app management, and policy management. While FLEX will work just as a simple container, we believe you get the best and most seamless experience by leveraging all three. This is exactly why BYO management was a focus area and our fifth integration point – it’s only through the integration of the technologies from Fusion, Mirage, and AirWatch that we can produce a truly world-class experience. But it’s not just about integration, it’s also about innovation in each of these areas. We’re enhancing the container, developing new capabilities and policy controls; we continue to simplify OS and app management; and we’re advancing policy management to enable seamless manage across device types. We’re so excited about Horizon FLEX and can’t wait for you to try it. What’s your favorite aspect of Horizon FLEX? Will you try it out in your organization?