First Look at New Technology (#3): VMWare Project Horizon
DevelopersLiam Yu: VMware
Disclaimer
This session may contain product features that are
currently under development.
This session/overview of the new technology represents
no commitment from VMware to deliver these features in
any generally available product.
Features are subject to change, and must not be included in contracts, purchase
orders, or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new technologies or features discussed or presented
have not been determined.
“THESE FEATURES ARE REPRESENTATIVE OF FEATURE AREAS UNDER DEVELOPMENT. FEATURE COMMITMENTS ARE SUBJECT TO CHANGE, AND MUST NOT BE INCLUDED IN CONTRACTS, PURCHASE ORDERS,OR SALES AGREEMENTS OF ANY KIND. TECHNICAL FEASIBILITY AND MARKET DEMAND WILL AFFECT FINAL.”
VMware Cloud Application Platform
VMware Cloud Infrastructure and Management
VMware End User Computing
• Secure• Manageable• Open
ManagementSecurityCompliance
ManagementSecurityCompliance
ManagementSecurityCompliance
VMware Solutions for IT as a Service
End User Computing: What Do Users Demand Today?
Diverse Apps
Diverse Devices
DiverseAccess
SaaS Applications
Virtual Desktops
App Management
App Publishing
User Data MgmtCollaborative Workspace
ThinApp
View(VDI)
Cross-Platform Portal
Mobility and Offline
Enterprise App Store
End User Workspace
Directory FederationAD
License Tracking
Access Management
Admin Console
Project Horizon Vision: Admin Control for End User Services
horizon
VMware End User Computing Journey to the Cloud
Phase 1: Secure Identity and Manage SaaS Apps • Federate AD to Cloud based SaaS Applications• Simplify End User Passwords with Secure SSO • Provision Users to Mainstream SaaS Applications
Phase 2: Modernize your Windows Environment• Virtualize your Windows Apps for Isolation and Portability• Secure and Manage your Windows Desktop• Orchestrate Window Application Delivery Options
Phase 3: Control your Data and Collaboration• Authorize Data Sync on Trusted Devices• Encrypt Data Across Diverse Platforms • Enable Simplified End User Collaboration
Project Horizon: SaaS App Management
AD
Enterprise SaaS Application Management Challenges
HR App
Salesforce.com Hosted SharePoint
Workday
SharePoint
Challenges– SaaS identity silos
– No compliance & access controls
– Damage and loss from passwords
– 95% of apps use User ID and
Password - not federated
Options– Extend LAN IDM System –
Expensive!
– Develop, Test, and Certify
Individual Connectors to each
SaaS app
Project Horizon: Enterprise AD federation to SaaS
AD
HR App
SharePoint
FutureSaaS Apps
horizon
Salesforce Hosted SharePoint
Workday
Secure STS
Project Horizon: Enterprise SaaS Federation
Federation & Enterprise connectorSaaS identity silos
Audited Role Based AccessNo compliance &access controls
Never-compromised credential withSplit-key Technology
Password exposure:damage, loss
Horizon Federation NetworkCostly managingpartner access
Challenges Horizon Features:
Project Horizon: On-Prem Components
Features– Lightweight software-based enterprise connector
that integrates with AD/LDAP
– Unified Enterprise identity – extend enterprise
identity to SaaS
– One place to manage users – your enterprise
directory
– Real-time integration, option with no directory
sync required
– Administrative Selections to Poll AD for Users /
Groups
– Easy integration with internal desktop login
(Kerberos/NTLM) for SSO
– Customizable Branding
horizon sts
VirtualAppliance
Microsoft IIS Service
Project Horizon: Usage of SAML
User Identity Provider, e.g. AD
Service Provider App User DB
1 2 3
SAML provides high security• No passwords so eliminates phishing opportunities• SAML tokens are digitally signed so cannot be
tampered • Provide a Time To Live duration to prevent replay
attacks
SAML is an open standard supported by major SaaS vendors like Google, Salesforce.com, Webex, etc
Project Horizon: Usage of HTTP Unity
What about apps that do not support SAML?
95%
5%
User/PasswordFederation
HTTP Unity
• Mechanism for exchanging user identity data, SSO and authentication between multiple federated security domains.
• No changes to application
• Horizon service stores app credentials in secured “ID Vault” & provides them to app based on user’s authentication to IDP
• Single Sign On for User
Project Horizon: Multi-Factor Authentication Support
14
Flexible Authentication Options
• 2nd factor browser cookie
• Mutual Authentication: Confidence image/text
• SMS
• VIP Token
SaaS Applications
Horizon: Securely Bridging to the Cloud
Active Directory(Users and Groups)
End UserComputers
DMZFileServers
Horizon STS(Secure DS Extender)
Horizon SaaS Adapters
SalesforceGoogle AppsWorkday
Access & Mobility
Dynamic Provisioning
Reporting and Compliance
User Convenience – One Password
Secure SaaS App Authentication
Automatic User Deactivation
Consistent UE across Devices
Secure Extension of AD to Cloud
SaaS License Tracking
1
3
Manage the User Locally, but Extend Identity to the Cloud
horizon
2
Horizon Agents
Horizon On-PremConnector
Screen Shots
Project Horizon
Cloud-Ready Application Management for your traditional, virtualized and SaaS applications
Complete application visibility: Deploy, manage and report Seamless access to applications across different device platforms A single solution for your traditional and virtualized desktops . . . delivered as a service from the cloud.
First Look at New Technology (#3): VMWare Project Horizon
Stop by our booth for more details
D I S C O V E R
Visit the Developer Training and Support Booth in Force.com Zone
Discover
Developer
Learning Paths
Developer training, certification and support resources
S U C C E S SFind us in the Partner Demo Area of
Force.com Zone 2nd Floor Moscone West
that help you achieve
Learn about Developer
Certifications
Remember. . .
Check Chatter for additional session information
Get your developer Workbooks and Cheat Sheets in
the Force.com Zone
Visit for more information related
to this topicDon’t forget the survey!
How Could Dreamforce Be Better? Tell Us!
Log in to the Dreamforce app to submit
surveys for the sessions you attendedUse the
Dreamforce Mobile app to submit
surveysEvery session survey you submit is
a chance to win an iPod nano!
OR
Top Related