VMware completed its acquisition of AirWatch last month. Since then, both teams have been eager to learn more about the other’s products and technology. To that end, today, Blake Brannon, Director of Sales Engineering at AirWatch, and I will be explaining our rationale for acquiring AirWatch as well as giving a technical overview of the AirWatch product and technology to the VMware R&D community. While some of what we discuss will be for internal ears only, I thought it’d be useful to share some of the highlights publicly. In this post, I’d like to focus on the rationale, touching on some of the technology pieces along the way.
VMware spent the last seven years driving enterprise desktop technology and now has a robust and mature set of enterprise desktop products. Simultaneously, we’ve dabbled in some mobile technologies, such as Horizon MVP, which creates a virtual, secure phone on an Android device, allowing the enterprise to control the virtual phone while the user maintains control of their personal data in the physical part of the phone. In addition, our Horizon Workspace offering includes single-sign on and app catalog/launcher and enterprise file sync and share (i.e. enterprise Dropbox) capabilities, which work great on both desktop and mobile devices.
The number of mobile devices entering the workplace is simply staggering, according to numerous industry analyst firms. But an even bigger problem for IT than the influx of devices is the influx of personal devices that employees expect IT to fully support. IT simply has not been prepared for these changes, without the tools or knowhow to handle all these new devices and use cases.
These are big problems for IT and we felt that given our strong position in the datacenter, we should be able to offer IT a solution. So we looked at all the options, both in-house and external, and a clear winner kept appearing: AirWatch.
So why AirWatch? I think there are three main reasons:
- Vastly superior breadth and depth in their product offering
- Scalable, secure, and multi-tenant platform for cloud and on-premise deployments
- Customer- and execution-focused organization
Let’s dive into each one of these.
Vastly superior product offering
A lot of people think AirWatch only does MDM (mobile device management), but in reality they provide a comprehensive Enterprise Mobility Management (EMM) solution and do much, much more than just MDM!
Let’s drill into a few of the key areas:
- Manage the device: MDM is the original type of mobility management, as it was implemented by BlackBerry early on. MDM refers to controlling and potentially locking down the entire device. MDM gives unprecedented control to the admin. They can control a very large set of device functionality remotely as well as take actions like wiping all the data on the device (say if it’s lost or stolen). The policies they set apply to the entire device, which is very useful to corporate owned devices that IT needs to locked down, such as kiosk devices or field workers.
- Apps: While MDM is great for certain use cases, it doesn’t distinguish between personal data and corporate data. For cases like kiosk or repairman, there usually isn’t any personal data to consider so it’s not a problem. But for knowledge workers, it will be, because we tend to have both personal and corporate data on the same device. And we certainly don’t want to allow IT to potentially wipe out our personal data! That’s where mobile application management (MAM) comes in. MAM focuses on locking down applications rather than the entire device. In this model, a few select applications can access corporate data, but that corporate data cannot “leak” outside of those apps. It can remote wipe the corporate data and apps, but cannot see or touch any personal data. Additionally, AirWatch’s MAM solution provides comprehensive application lifecycle tools including a custom enterprise App Catalog for organizations to host and deploy internal apps to their employees and devices (which is part of “Manage the Workspace,” above).
- Content: AirWatch Secure Content Locker focuses on delivering enterprise content to mobile devices. The most basic use cases revolve around enabling easy mobile access to existing corporate content repositories such as SharePoint and CIFS shares. But AirWatch goes further and can link into any number of enterprise file sync and share (EFSS) products, such as Office 365 or Google Drive. In addition, AirWatch provides a sync engine for Windows PC and Mac OS X devices.
- E-mail: AirWatch provides an extra level of e-mail security and policy above and beyond what Exchange ActiveSync provides. Like everything else, AirWatch gives unparalleled control to the admin. For instance, AirWatch enables admins to control when various devices can access e-mail. This is particularly important for hourly employees, where checking e-mail after work can result in overtime pay (or become a lawsuit!).
- And much more!: The above features are the headline capabilities, but there’s a lot more there. AirWatch provides functionality like app reputation analysis for understanding whether Google Play apps are trustworthy, application wrapping to secure and protect mobile applications, telecom expense management to help control mobile data roaming or international calling bills and a secure browsing solution to enable secure access to corporate intranet sites and apply content filtering rules to mobile browsing.
But it’s not just about the breadth and depth of functionality – it’s also about the breadth and depth of device support. AirWatch is committed to supporting all devices needed by customers and it shows:
AirWatch started off with ruggedized devices, such as those from Motorola or Windows rugged devices. And of course it supports the two big players: iOS and Android. But not only does it support iPhone and iPad, but also Apple TV. And not only does it support base Android, but it also supports 1000+ additional OEM extension APIs, such as those from Samsung, LG, Motorola, and Lenovo. AirWatch even supports both the Nook and the Kindle. It of course supports BlackBerry and BlackBerry 10 devices. And it covers Windows RT and all variants of Windows Phone and its ancestors. AirWatch has even started to do some management of Mac OS X and Windows PC devices. It can even manage Symbian devices.
So again, when people say AirWatch only does MDM, they’re really missing the point. Yes, AirWatch does MDM – across a ton of devices – but as we’ve seen it also supports an amazing amount of other functionality across all these devices.
Platform and Organization
While the breadth and depth of both features and device support is unmatched, what really excited us about AirWatch was their platform and organization. Their features and device support are what exist today, but their platform and organization enable them to continue to rapidly innovate and take an even more dominate lead in the enterprise mobility management space.
All of the features and device support mentioned above are built on top of the AirWatch platform. It’s all one set of servers controlled through a single admin UI:
The platform provides a true enterprise architecture, with many important characteristics:
- Security: Security is built in to the platform, with all platform components hardened through rigorous security audits; all sensitive data in-flight and at rest on devices and servers are encrypted.
- Compliance: The AirWatch platform enables organizations to enforce mobile compliance with various regulations including policies like HIPPA and PCI. AirWatch also provides an automation engine to IT so any devices falling outside of compliance are quarantined and have their data securely wiped.
- Multi-tenancy: The platform has a strong multi-tenancy model. This is leveraged first and foremost in their cloud offering, but the platform supports hierarchical multi-tenancy, meaning even a tenant on their cloud can institute their own multi-tenancy for different lines of business, say.
- Scalability: The platform easily scales to hundreds of thousands of devices, with many reference customers to prove it.
- Highly-available: All server components are stateless and redundant, ensuring high availability of the system.
- Disaster recovery ready: Using database and SAN replication, it’s simple to create a DR site with the AirWatch platform.
- Access Control: The platform also gives very fine-grained access control that weaves directly into the multi-tenancy model. For instance, a user could be an admin for a certain line of business, with full read/write/change access to everything within that LOB. But the same user could also have read-only access to a different LOB (or perhaps just be a normal user there). This is all seamless in the AirWatch platform.
- Self-Service: Admins set up policies on a group basis and individual users can come in and enroll their devices on their own, as they see fit. Users are also able to remotely lock or wipe enrolled devices through the AirWatch self-service portal. This alleviates IT from having to manually do many of these tasks themselves.
- Hybrid: The same set of code can be used to run in AirWatch’s cloud or in the customer’s datacenter. All the same features and functionality exist in both places. It’s the customer’s decision to choose how to consume AirWatch.
- Broad ecosystem: The platform is very extensible, with plug-ins for directory services, certificates, e-mail servers, content filtering, anti-virus, content repositories, and much more!
So when we looked at AirWatch, we not only saw the best set of features and functionality across the broadest set of devices, we also saw a solid platform that would set us up for future growth.
But the important part of any technology company is the people and the organization. And this was another area that shined for us with AirWatch. They have a very customer-centric and execution-focused culture. They listen intently to customers and are ready to react as quickly as possible to customer requests, and as a result typically release three major functional releases a year.
But it’s not just about responding to customer requests quickly – a new mobile OS version is released on average every 17 days. This means the team has to validate and ensure that the new mobile OS version works flawlessly with all aspects of the AirWatch product. Server OSes are moving just as fast: AirWatch needs to ensure all that Windows Server OS patches don’t break their system, so they thoroughly test every patch bi-weekly. AirWatch has built a phenomenal team that has proven over the past four years, time after time, to have same day support released for major OS updates: iOS 5, 6, 7, 7.1, Samsung KNOX, Windows Phone 8, Windows 8.1 and so many other product launches!
Even AirWatch’s office is focused around execution, as can be seen from their office set up:
The AirWatch engineering team in Atlanta is situated in the old trading floor of Mirant Corp. All developers, PMs, QA, tech pubs, localization, and everyone else are right there, ready to work side-by-side to overcome technical issues and solve customer problems. It’s an absolutely fantastic team!
Hopefully this all gives you some sense of our rationale for acquiring AirWatch. They have the best technology out there today and with their platform and people are poised to maintain and extend their lead. We’re so excited to have AirWatch part of the VMware family and can’t wait to let you know about all the exciting things to come! What did you think of the acquisition? Are you considering AirWatch for your company’s mobile needs? Please share your thoughts below.