First Look at New Technology (#3): VMWare Project Horizon

DevelopersLiam Yu: VMware

Disclaimer

This session may contain product features that are

currently under development.

This session/overview of the new technology represents

no commitment from VMware to deliver these features in

any generally available product.

Features are subject to change, and must not be included in contracts, purchase

orders, or sales agreements of any kind.

Technical feasibility and market demand will affect final delivery.

Pricing and packaging for any new technologies or features discussed or presented

have not been determined.

“THESE FEATURES ARE REPRESENTATIVE OF FEATURE AREAS UNDER DEVELOPMENT. FEATURE COMMITMENTS ARE SUBJECT TO CHANGE, AND MUST NOT BE INCLUDED IN CONTRACTS, PURCHASE ORDERS,OR SALES AGREEMENTS OF ANY KIND. TECHNICAL FEASIBILITY AND MARKET DEMAND WILL AFFECT FINAL.”

VMware Cloud Application Platform

VMware Cloud Infrastructure and Management

VMware End User Computing

• Secure• Manageable• Open

ManagementSecurityCompliance

ManagementSecurityCompliance

ManagementSecurityCompliance

VMware Solutions for IT as a Service

End User Computing: What Do Users Demand Today?

Diverse Apps

Diverse Devices

DiverseAccess

SaaS Applications

Virtual Desktops

App Management

App Publishing

User Data MgmtCollaborative Workspace

ThinApp

View(VDI)

Cross-Platform Portal

Mobility and Offline

Enterprise App Store

End User Workspace

Directory FederationAD

License Tracking

Access Management

Admin Console

Project Horizon Vision: Admin Control for End User Services

horizon

VMware End User Computing Journey to the Cloud

Phase 1: Secure Identity and Manage SaaS Apps • Federate AD to Cloud based SaaS Applications• Simplify End User Passwords with Secure SSO • Provision Users to Mainstream SaaS Applications

Phase 2: Modernize your Windows Environment• Virtualize your Windows Apps for Isolation and Portability• Secure and Manage your Windows Desktop• Orchestrate Window Application Delivery Options

Phase 3: Control your Data and Collaboration• Authorize Data Sync on Trusted Devices• Encrypt Data Across Diverse Platforms • Enable Simplified End User Collaboration

Project Horizon: SaaS App Management

AD

Enterprise SaaS Application Management Challenges

Email

HR App

Salesforce.com Hosted SharePoint

Workday

SharePoint

Challenges– SaaS identity silos

– No compliance & access controls

– Damage and loss from passwords

– 95% of apps use User ID and

Password - not federated

Options– Extend LAN IDM System –

Expensive!

– Develop, Test, and Certify

Individual Connectors to each

SaaS app

Project Horizon: Enterprise AD federation to SaaS

AD

Email

HR App

SharePoint

FutureSaaS Apps

horizon

Salesforce Hosted SharePoint

Workday

Secure STS

Project Horizon: Enterprise SaaS Federation

Federation & Enterprise connectorSaaS identity silos

Audited Role Based AccessNo compliance &access controls

Never-compromised credential withSplit-key Technology

Password exposure:damage, loss

Horizon Federation NetworkCostly managingpartner access

Challenges Horizon Features:

Project Horizon: On-Prem Components

Features– Lightweight software-based enterprise connector

that integrates with AD/LDAP

– Unified Enterprise identity – extend enterprise

identity to SaaS

– One place to manage users – your enterprise

directory

– Real-time integration, option with no directory

sync required

– Administrative Selections to Poll AD for Users /

Groups

– Easy integration with internal desktop login

(Kerberos/NTLM) for SSO

– Customizable Branding

horizon sts

VirtualAppliance

Microsoft IIS Service

Project Horizon: Usage of SAML

User Identity Provider, e.g. AD

Service Provider App User DB

1 2 3

SAML provides high security• No passwords so eliminates phishing opportunities• SAML tokens are digitally signed so cannot be

tampered • Provide a Time To Live duration to prevent replay

attacks

SAML is an open standard supported by major SaaS vendors like Google, Salesforce.com, Webex, etc

Project Horizon: Usage of HTTP Unity

What about apps that do not support SAML?

95%

5%

User/PasswordFederation

HTTP Unity

• Mechanism for exchanging user identity data, SSO and authentication between multiple federated security domains.

• No changes to application

• Horizon service stores app credentials in secured “ID Vault” & provides them to app based on user’s authentication to IDP

• Single Sign On for User

Project Horizon: Multi-Factor Authentication Support

14

Flexible Authentication Options

• 2nd factor browser cookie

• Mutual Authentication: Confidence image/text

• SMS

• VIP Token

SaaS Applications

Horizon: Securely Bridging to the Cloud

Active Directory(Users and Groups)

End UserComputers

DMZFileServers

Horizon STS(Secure DS Extender)

Horizon SaaS Adapters

SalesforceGoogle AppsWorkday

Access & Mobility

Dynamic Provisioning

Reporting and Compliance

User Convenience – One Password

Secure SaaS App Authentication

Automatic User Deactivation

Consistent UE across Devices

Secure Extension of AD to Cloud

SaaS License Tracking

1

3

Manage the User Locally, but Extend Identity to the Cloud

horizon

2

Horizon Agents

Horizon On-PremConnector

Screen Shots

Project Horizon

Cloud-Ready Application Management for your traditional, virtualized and SaaS applications

Complete application visibility: Deploy, manage and report Seamless access to applications across different device platforms A single solution for your traditional and virtualized desktops . . . delivered as a service from the cloud.

First Look at New Technology (#3): VMWare Project Horizon

Stop by our booth for more details

D I S C O V E R

Visit the Developer Training and Support Booth in Force.com Zone

Discover

Developer

Learning Paths

Developer training, certification and support resources

S U C C E S SFind us in the Partner Demo Area of

Force.com Zone 2nd Floor Moscone West

that help you achieve

Learn about Developer

Certifications

Remember. . .

Check Chatter for additional session information

Get your developer Workbooks and Cheat Sheets in

the Force.com Zone

Visit for more information related

to this topicDon’t forget the survey!

How Could Dreamforce Be Better? Tell Us!

Log in to the Dreamforce app to submit

surveys for the sessions you attendedUse the

Dreamforce Mobile app to submit

surveysEvery session survey you submit is

a chance to win an iPod nano!

OR