Aruba Networks, a provider of next-generation network access solutions for mobile enterprise, today (10 April 2013) announced Aruba WorkSpace, a new component of the company’s ClearPass Access Management System.
With the addition of Aruba WorkSpace, for the first time, network access control (NAC), mobile device management (MDM) and mobile application management (MAM) systems are a part of one solution and work together to secure company data and reduce BYOD (bring your own device) helpdesk costs.
Chris Kozup, senior director, Aruba Networks, who heads up marketing for the EMEA region, told Wireless: ‘Our heritage is wireless and mobility and trying to serve customer challenges and requirements in that space. Aruba WorkSpace takes us into a whole new marketplace. We are moving from wireless infrastructure and NAC into MDM and MAM. This signals our entry into the mobile device and app management space.’
The growth in BYOD and the fact that many employees are downloading their own apps is changing the way enterprises procure their ITC requirements as a whole, along with how the ITC service and support is delivered within an organisation, according to Kozup.
Managing the BYOD challenge
‘The challenge for the enterprise then is how to ensure network security?’ says Kozup. ‘First they have to manage the devices, but increasingly it is now about how to manage the apps being run on those devices.’
Aruba WorkSpace is designed to meet that challenge. ‘You can think about it in two ways,’ explains Kozup. ‘First there is the backend component comprising the policy engine at the core of the network. This is housed in Aruba’s ClearPass solution (available for about a year now), which provides a backend capability allowing us to handle policy and bring together that management policy for the network, the device and the application.’
As an alternative to its native device management functions, Aruba ClearPass features integration with top Mobile Device Management vendors, including AirWatch, FiberLink, JAMF Software, MobileIron and SOTI. This integration allows customers with existing MDM solution deployments or preferences to realise a combined value of integrated, context-based network policy, device onboarding and security, and a full range of mobile device management capabilities.
‘The value of our solution is that if provides a central policy point on the network that manages all three [NAC, MDM and MAM] from end-to-end,’ says Kozup. ‘That is the key difference between Aruba WorkSpace and other mobile device and app management and security solutions: they lack any integration with the network. They are blind to it, so they do not know what is happening on the network. But if the customer is using Aruba wireless infrastructure he knows what is happening on the network as WorkSpace communicates back to it.’
An example of this might be if a mobile device is running Microsoft Lync for unified communications. Aruba WorkSpace can detect that Microsoft Lync is in use and that the network needs to increase bandwidth to that particular app as it is latency sensitive. Another example is that if the network is congested, it can signal to devices to stop routine iCloud backups, which will help reduce the traffic.
Kozup says: ‘It is like a combination of a Citrix-type VDI (virtual desktop infrastructure) but with network awareness. A straight VDI stream could not understand that the network is congested and make changes to accommodate that.
Taking on the MDM providers
‘Our solution puts us into the same realm as MDM providers, such as MobileIron and AirWatch,’ he continues. ‘We can now compete with people who have focused just on the device management side, but we have added network management, so that’s a big differentiator for us.’
WorkSpace also enables features such as detecting lost devices that are jail broken and remotely locking them down and closing off any confidential applications on the device. Or if a device enters a classified location, WorkSpace can signal to the device to turn off the internal camera and lock sensitive apps – a form of geolocation in effect.
In the event an employee’s device connects to an untrusted network, Aruba WorkSpace can automatically establish application-specific VPNs (virtual private networks) to encrypt traffic and provide uninterrupted access to internal resources.
‘This is the concept behind the user cases in WorkSpace,’ says Kozup. ‘It comprises a backend policy component and a front end application component downloaded through mobile app stores. The app resides on the user’s device and provides the management control of the device for the enterprise’s IT department. This way all apps can be containerised on the device and enterprise’s policies enforced on it.’
Enhanced end-user experience
In addition to providing comprehensive BYOD controls for IT, Aruba WorkSpace offers end-user controls to personalise the BYOD experience and reduce the demands on helpdesk resources when they download the application.
The Aruba WorkSpace mobile app allows employees to access and manage work applications, share AirPrint and AirPlay devices with other users or groups, manage other on-boarded devices, and configure guest accounts. All aspects of BYOD are accessible to end users in one location.
To manage the use of personal, mobile devices, the Aruba WorkSpace mobile application provisions a separate, encrypted area on the devices for work applications and content. This gives IT full control over the corporate information in this encrypted space, but no visibility into personal areas of the device, thereby protecting employee privacy.
With Aruba WorkSpace, the combination of MDM, MAM and NAC capabilities integrated into one platform allows IT to secure sensitive corporate data on these personal mobile devices without the high cost, significant resource investment, and potential loss of user privacy and productivity that can result from existing BYOD solutions.
Aruba WorkSpace Partner Programme
Aruba has also introduced a new mobile application partner programme to allow third party developers and Aruba customers to develop their own apps and integrate them into Aruba WorkSpace.
To participate in the Aruba WorkSpace Partner Programme, application vendors can register on the Aruba WorkSpace site to receive a toolkit that they can apply to their application in just a few minutes. Enterprises can then use the ISV’s (independent software vendor) application in their Aruba Enterprise WorkSpace knowing that these applications can be safely distributed, managed and used throughout their organisation.
Kozup says: ‘As we went to beta trial we covered off several of the app providers we thought would be important like Microsoft Lync, Dropbox and the Dolphin for Business web browser, but clients kept saying can you support this app and that one.
‘So, we realised we needed a way to support more applications and we therefore set up an ISV programme. Now anyone can write to our SDK (software development kit) using our code and bring their app to be managed by Aruba WorkSpace. We are also making that intelligence available to our enterprise customers, so they can write their own home grown apps and be fully integrated into Aruba WorkSpace.
‘We are making it very simple to integrate with WorkSpace so we can have a single point of control to manage the device and the apps and relate them to the network,’ says Kozup.
He cites some of the kinds of apps that have been developed, including time sensing ones. If an employee’s device has a mobile point of sale app on it and the company doesn’t want them to use that app after store opening hours, it can lock it down after closing time. Or if a user is in a hospital and has medical records on his device and the device passes a certain point the app and the patient records can be disabled or blocked.
ISV partners so far
More than 40 ISV partners have already integrated with Aruba WorkSpace on its launch date. Applications currently certified with Aruba WorkSpace include:
- File Access: Filamente, Halosys, Averail, Avatron Air Sharing
- Business Analysis: Roambi
- Collaboration: Jive Mobile, Jive Producteev, TeamBox, Zoom, LiveBoard, Egnyte, Xavy-MSFT Lync, Xriz-Asterisk, Xvio- Cisco Tandberg, Xime- IBM Sametime
- Office Document Editor: PDF Expert Enterprise, SmartOffice 2, CloudOn, Polaris Office Enterprise
- Education: Lanschool
- Enterprise Productivity: YouMail, Dolphin, Mail+, Moxier, Breezy, CamCard, CamScanner, CamDictionary, BizExpense, Avatron Air Display, Avatron Air Login, SlideShark, BigTinCan
- Healthcare: MobileCare, Eye Chart Pro, TigerText
- File Sharing: Box, YouSendIt, SugarSync, NetDocuments
The ClearPass Access Management System is shipping now. The Aruba WorkSpace software for ClearPass is now in beta testing and will be available in July 2013. A client-side software application called Aruba WorkSpace for both iOS and Samsung Android-based devices will be available from the Apple App Store and The Google Play marketplace, also in July 2013