TS1048 Horizon Suite Competitive Advantages
Fred Schimscheimer
Jia Dai,
EUC Competitive Marketing
August, 2013
Confidential
© 2011 VMware Inc. All rights reserved
Need Help?
Assets: Vault Competition Homepage
vmware.com/go/competition
Competition Questions?
Socialcast Group: Competition Queries
Email: competition@vmware.com
Competitive Contacts
Brian Gammage
Cyndie Zikmund
Jia Dai
Fred Schimscheimer
2
bgammage@vmware.com
czikmund@vmware.com
daij@vmware.com
fschimscheimer@vmware.com
Confidential
Agenda









3
Horizon Suite
Competitive Landscape
Horizon Suite Advantages
Horizon Mirage
Horizon View
Horizon Workspace Platform
Horizon Data
Horizon Mobile
Q&A
Confidential
Horizon Suite
THE PLATFORM FOR WORKFORCE MOBILITY
VMware Horizon Suite
Simplify, Secure, Empower
Horizon Mirage
Physical Desktops
4
Post-PC
Era Journey
Horizon
View
Virtual Desktops
Confidential
Horizon Workspace
(Apps, Data, Mobile)
Multi-Device Workspace
The Competitive Landscape
Virtual
Desktops
(VDI)
Windows
App
Delivery
Windows
Image
Mngt
Enterprise
Mobility
Mngt
File
Sharing &
Sync
Cloud
Identity
Mngt
BYOD
Mac
Vmware
Horizon
Vmware
Horizon
Vmware
Horizon
Vmware
Horizon
Vmware
Horizon
Vmware
Horizon
Vmware
Horizon
Citrix
XenDesktop
Citrix
XenDesktop
Citrix
XenDesktop
Citrix
XenMobile
Citrix
XenMobile
Citrix
XenMobile
Citrix
XenDesktop
Microsoft
RDS
Microsoft
RDS
Microsoft
SCCM
Microsoft
Intune
Microsoft
SkyDrive
Okta
Moka5
Redhat
VDI
Framehawk
Moka5
MobileIron
Box
Ping
Identity
Parallels
Desktop
Dell
KACE
Good
Technology
DropBox
Simplified
LANDesk
SAP
Afaria
EMC
Syncplicity
Lenovo
Stoneware
Symantec
Altiris
Blackberry
BES 10
Appsense
DataNow
Workspot
Appsense
MobileNow
Novell
Filr
CampusEAI
Quest
vWorkspace
Fiberlink
MaaS360
5
Confidential
Horizon Suite Advantages Over Point Tools
 The power of ONE
• Point tools only solve one problem a time
• Horizon suite transforms entire end user computing
• Single product to buy and support
• Cost less than acquiring point tools individually
• Better integration reduces complexity and risks.
 The platform
• Built from ground up for extensibility
• Catalog abstracts all applications and services
• Catalog provides life cycle management, publishing, monitoring, analytics
 vApp
• Easy to deploy, no need to install each VA separately
• Configure all VAs from a single place
• VAs communicate with each other
• Leverage the power of vSphere (HA, DR, Network, Security, etc)
6
Confidential
Horizon Mirage
7
Confidential
Mirage vs. Moka5
 Horizon Mirage Does More:
• Centralized Image Management
• Automated Win7 Migration
• Endpoint Protection
• Snapshots can be customized and include User Data
• Desktops restored to point in time of snapshot
• Hardware Refreshes
 Moka5 – Enterprise AnyWare is based on 3 capabilities:
• Client virtualization called LivePC runs on Mac, PC or bare metal
• Both the virtual machine and a client hypervisor are part of a single solution
• Central Management – All LivePCs are centrally controlled from the
Management Server
• Layering – 3: User Data & Settings, User Applications, Corporate
OS/Apps(base layer)
8
Confidential
Mirage vs. Citrix Personal vDisk
 Horizon Mirage Does More:
• Centralized Image Management
• Automated Win7 Migration
• Endpoint Protection
• Snapshots can be customized and include User Data
• Desktops restored to point in time of snapshot
• Hardware Refreshes
 Citrix Personal vDisk (PvD)
• PvD is a feature only available in XenDesktop 5.6 and 7.0.
• PvD is only available for XenDesktop. It is not compatible with XenApp.
• http://support.citrix.com/article/CTX131553 FAQ
9
Confidential
What is PCLM?
 PC Lifecycle Management – TechRepublic
• PCLM is the practice of managing end-user systems from purchase to
retirement.
• PCLM covers everything from initial deployment to upgrading, patching, and
decommissioning the systems.
10
Confidential
Lets talk PCLM – Mirage Complements these areas
Procurement
OS Deployment / Migration
Application Delivery
Patch Management
Data Protection/System Backup
Mirage enables IT to deploy/manage layers
of applications outside of the base layer on any
Mirage managed device
Mirage seamlessly backs up changes on
endpoints which helps avoid data loss due to
device failure or theft.
Disk Encryption
Power Management
Mirage data backup honors device encryption
Remote Control
Helpdesk
Asset Management
Mirage can restore a user to previous snapshots
without overwriting user data.
Reporting
11
Confidential
Mirage also extends PCLM
Procurement
OS Deployment / Migration
Application Delivery
Patch Management
Data Protection/System Backup
These are differentiated capabilities
Deploy a Windows 7 image to thousands of devices
with a few clicks and perform in-place upgrades
without moving user data or losing profiles.
Quickly migrate users to a replacement PC or even
hardware from a different vendor, while
retaining personalization
Disk Encryption
Power Management
Deploy layers of preinstall applications
outside of the base layer
Remote Control
Helpdesk
Asset Management
Reporting
Disaster Recovery
12
Tasks that used to require diagnosis and escalation
can now be handled with a few clicks by
Tier 1 helpdesk staff.
Restore some or all of an end user’s
PC over the LAN or WAN with zero-touch!
Confidential
OS Deployment / Migration
 Layered PC Image Management:
• Manage PC image as a set of logical layers owned by either IT or the endusers. Update IT managed layers while maintaining end-user files and
personalization.
 Accelerate Windows 7 Migrations
• Migration time cut in half to 2-3 hours per PC and allows for multiple machines
to be migrated concurrently.
• Migration can be done with just a few clicks over the WAN or LAN
13
Confidential
Windows 7 Migrations
Streamline Windows Migrations
Overview
 In-place: overwrite the previous Windows
XP base layer with a Windows 7 base layer
 Hardware-refresh: migrate user profile and
files from previous PC to new Windows 7
PC.
 User profile and user file layers persist
using both strategies*
Benefits
 Reduce user downtime during Windows 7
Migrations
 Easy rollback to previous Windows XP
system if needed.
 Save time and resources for migration
*user-installed apps not maintained when upgrading from XP to 7.
14
Confidential
Core Technology: Layers
Mirage sees Windows as a stack of layers
Layers 101
User Personalization Layer
(user data & profile, installed apps)
Machine Identity Layer
(identity, customizations)
Mirage Application layers
(new in 4.0)
Base Layer
(OS, infra SW, core apps)
 Layers logically exist in the data
center so we can manage centrally
 Mirage can perform granular
operations within layers
 Orange layers are continuously
backed up from endpoints
 Green layers managed by IT
OS, components, drivers
Driver Library/OEM
End User PC
15
Confidential
Core Technology: Layers
Mirage sees Windows as a stack of layers
Mirage Servers &
SIS
Network Optimized
Synchronization & Streaming
Base layer
User profile
User data
Application layer(s)
Machine
identity
Drivers
16
Apps installed
outside of Mirage
Confidential
Application Delivery and Patch Management
 Application Layering:
• Easily deploy applications or VMware ThinApp packages to any collection of
end users by leveraging Horizon Mirage’s app layering technology.
 Patch Management:
• Mirage improves the delivery aspect of Patching by ensuring all base-layer
updates (Patches) are synchronized.
17
Confidential
Helpdesk and Reporting
 Helpdesk – Layered PC Image Management:
• IT can restore the system layers on an end point to fix an issue without
overwriting user layers.
 Reporting:
• When a base layer update is enforced to a machine with the same OS, Mirage
reporting details which applications will be upgraded, downgraded or added on
each device.
18
Confidential
Security Management and Power Management
 Security Management:
• If security posture settings are baked into a Reference machine, Mirage can be
used to regularly enforce them.
 Power Management:
• If Power Management settings are built into a Reference machine, Mirage can
be used to regularly enforce them.
19
Confidential
Desktop Backup and Recovery
 Simplified PC Backup and Desktop Recovery:
• Horizon Mirage takes snapshots of an entire PC including OS, applications,
files and personalization then regularly synchronizes any changes. Mirage
restores an exact image of the user’s old PC to any replacement PC.
 Self-Service File Access and Recovery
• Mirage File Portal allows end users to access any file on their endpoint from
any web browser. An end user can also restore any file or any directory on
their own with just a few clicks on their PC.
20
Confidential
Horizon View
21
Confidential
View vs. XenDesktop: What is new in XenDesktop 7
 Mobile
Unity Touch provides better mobile
experience in a simpler way
• HDX Mobile Technologies
• No need to modify the Windows applications
PCoIP
server
side rendering
• Familiar
native
Windows
interface and
compression
• No learning curve to end users
• Intelligent compression algorithms
• More touch friendly for Windows
• Native menus and controls
• Windows App Mobilization SDK, optimization and mobilization
• H.264 based server side deep compression
• Windows Media Redirection
• More extensible platform
HTML 5 applications
Client
• Support any View
SAML-based
• Unified App Store: Storefront 2.0
• Better performance
Citrix’s attempt to fix long time complexity
issue
• HTML 5 Receiver
 Simple
• Single FMA architecture and MCS support for XenApp

• XenApp is now on FMA. Difficult to migrate
from IMA
• Simpler only if using MCS. Using PVS is still
•
Publishing application in batch mode is
complex
• Automated application publishing and migration, AppV integration
incremental improvement
Only support Windows 2008 R2 SP1 and
• Better monitoring with EdgeSight integration and HDX Insight ••later.
AppDNA
is only
in Platinum
edition
Customers
stillavailable
have applications
running
Windows 2003
•onApplication
virtualization goes to AppV.
Secure
Reduces XenApp value and increases
complexity.
• HDX 3D pro: OpenGL support, H.264 Deep Compression
• Shared GPU acceleration
• HDX seamless local apps
• Integrated remote PC access
22
• Consistent user experience on any end user
devices
Horizon Workspace provides similar
function
• Adaptable aggregation
to various network
conditions
vCOPS for View provides true end-to-end
monitoring and analytics from datacenter to the
end user
View has provided access to physical
PCs for a
long time
Confidential
3D Graphics Acceleration
 Status
Product
API
GPU passthrough
View
DirectX 9, OpenGL2.1
Tech Preview
XenDesktop + XenServer
DirectX 9, 10,11 OpenGL 1.1
Yes
XenDesktop + vSphere
DirectX 9 OpenGL2.1
Yes
Microsoft RDS 2012
DirectX 9, 10,11 OpenGL 1.1
No
 Reason
XenServer leverages NVIDIA’s VGX software to support the latest DirecX and OpenGL.
XenServer also supports GPU passthrough for years now.
XenDesktop gets all vSphere capabilities too.
 Strategy
Support multiple GPU vendors (NVIDIA, AMD, and more)
 Response
XenServer has limited capabilities, supports NVIDIA only, delayed support for vSphere
23
Confidential
XenDesktop 7 Limited Value
The Bottom line
 XenDesktop 7’s only major feature is integration with XenApp –
HOWEVER it comes at a HIGH price:
• Upgrading XenApp deployments to XD 7- App Edition requires database
changes and in many cases breaks the environment
• Upgrading XD environments is multi-hop depending on what version you are
on
• XD 7 requires NetScaler for secure remote access
• Simplification is limited to using MCS. With PVS, it is still complex
• XD 7 scalability is not proven in real large scale deployments
• XD 7 reliability is questionable with over 150 documented known issues.
• XD 7 requires Windows Server 2008 R2 SP1 but many customers still running
XenApp on Windows Server 2003.
24
Confidential
VMware View’s Advantages Over XenDesktop 7
Directly leverages the power of vSphere
Integrated with Horizon Suite
Ease of deployment and management
Lower cost of deployment
Validated Solutions
Smooth upgrade
25
Confidential
Horizon View: Directly Leverages the Power of vSphere
Unique Integration
•
•
•
•
•
•
26
Confidential
Full Virtualized 3D Graphics
Storage Accelerator
Composer Array Integration
vCloud Network & Security
SE Sparse Disk Utilization
vSphere Web Client Integration
Integration Storage Comparison
Horizon View & vSphere Integration
− Lacks storage and CAPEX savings
 View Composer Array Integration
integration with vSphere
allows generic storage devices to
leverage View's linked clone technology
and save on CAPEX
− Does not provide a generic solution for
optimizing VDI storage like VCAI
 View Storage Accelerator integrates
with vSphere’s CBRC to reduce VDI boot
times
 View Space Efficient (SE) Sparse Disk
Citrix
− Lacks storage efficiencies for persistent
desktops like SE Disk Utilization
− Does not have CBRC equivalent for
enterprise deployments; XenServer
Intellicache is limited:
Utilization reduces storage capacity
requirements for persistent desktops
− Does not support Provisioning
Services (only supports MCS)
− Only supports NFS
− Does not support persistent pools
27
Confidential
Integration: Security Comparison
Citrix
VMware vShield Endpoint
− Third party validated solution required
 Secure your VMs with offloaded antivirus and anti-malware (AV) solutions
without the need of agents
 Protect sensitive data on VDI desktops
 Higher consolidation ratios by preventing
the possibility of AV storms
 Improved performance
 Included with vSphere
28
Confidential
View Beats Citrix XenDesktop in Cost
 Principled Technologies Report: VMware Horizon View 5.2 delivered
comparable density at 41.1% lower cost per user
• View supported 174 Windows 7 virtual desktop sessions: $483 per user
• Citrix XenDesktop supported 175 sessions: $820 per user
29
Confidential
View Beats XenApp in Offering Greater Density
 Principled Technologies: VMware View 5.2 delivered 19.2% greater density and
a 49.2% lower cost per user
• View supported 174 Windows 7 virtual desktop sessions: $483 per user.
• Citrix XenApp 6.5 FP1, using the lossless settings supported 146 sessions:
$950 per user
30
Confidential
View vs. XenDesktop: Solutions
 Validated Desktop Solutions
• Built around VMware View, by our partners
• Meet the stringent requirements of the VMware Ready Desktop Solutions program.
• Validated by VMware Desktop team for performance, functionality and scale for its
intended use case.
• Cater to a particular use model or ISV for any vertical.
 Benefits
• Accelerate time to deployment and overcome challenges
• Highly secure, validated solutions that solves specific business challenges
• Reduced risk and improved employee satisfaction
Mobile-Secure
Desktop
Business Process
Desktop
Branch Office
Desktop
Always On Desktop
Enhance user
access from any
device, anywhere
Drive higher
SLAs at lower
costs
Centralize IT
management
with limited or no
local IT support.
High availability
to critical
applications and
data
31
Confidential
Horizon Workspace
32
Confidential
Workspace vs. XenMobile App
 Horizon Workspace
• A true extensible platform
• Built-in data service
• Integrates with View, ThinApp
• Integrates with Horizon Mobile workspace
• Leverage the power of vSphere, vCNS
 XenMobile App
• A product, not a platform
• Loosely integrated with ShareFile
• Not integrated with XenMobile MDM
• Overlaps with XenMobile MDM in many areas
33
Confidential
Horizon: Platform as a vApp
Workspace vApp
Configurator
VA
Connector
VA
Proxy
VA
Management VA
Data VA
API
API
App
App
Modules
App
App
tcserver
tcserver
Nginx
OS (SLES)
OS (SLES)
OS (SLES)
•
Central Wizard UI
•
Distributes settings
across VAs
•
Network, Gateway,
vCenter, SMTP
attributes
•
Add / remove modules
•
Manage certs, security
34
tcserver
Jetty
DB
OS (SLES)
•
Enables single userfacing domain
•
Routes requests to
correct node
•
Reverse proxy insulates
VAs
LDAP
OS (SLES)
•
Stores files
•
Controls file sharing policy for
internal and external users
•
Manage file preview server
•
Serves end user web UI
•
Workspace Admin UI
•
User authentication
•
Application Catalog
•
AD secure bind and synchronization
•
Manage user entitlements
•
Set replication schedule
•
Workspace Groups
•
Sync View pools and ThinApp
•
Reporting
Confidential
DB
Citrix Architecture
XenMobile MDM
Not a vApp,
Server silos
Multiple OSes
Multiple products
35
Confidential
Citrix: Limited Extensibility
36
Confidential
Citrix: Complex Management Interfaces
37
Confidential
Horizon Data vs. ShareFile
 Horizon Data is fully integrated with Horizon Workspce
• ShareFile is loosely integrated with XenMobile App
• Implication: Deployment and management complexity
 Horiozn Data is 100% on premise
• ShareFile only support local storage with Storage Zones
• Application still has to go through ShareFile website
• Implication: Data Security, Auditing, Monitoring, Troubleshooting, Disk Quote
38
Confidential
Horizon: Built-in On-premise Data Service
39
3
Confidential
CloudGateway: Loose Integration of Data Service
40
Confidential
Horizon Mobile
41
Confidential
Android Landscape
 Widely popular in developing countries
• Lots of choice – screen size, price, capabilities, etc.
 Not much traction in enterprise segment
•Perception is that Android is not secure
Security
•Google Play is ‘wild wild west’
•Enterprise features (eg: MDM) weak
Fragmentation
•No two devices are the same in terms of capabilities or
UI
•Hard for IT to support diverse environment
Control
42
•OS upgrades are controlled by carrier/OEM
•Security patches not pushed out in a timely manner
Confidential
MDM and MAM for Android
 Mobile Application Management
 Mobile Device Management
(MDM)
(MAM)
• Google Android offers a limited set of
• Containerization of application and data
device & policy settings
• Polices are applied at application level
• Typically, device control is relinquished
• Looked as a better approach than MDM
from user to the enterprise
 Issues
• Top Vendors: Mobile Iron, Airwatch,
Citrix/Zenprise/Xenmobile
• Long list of vendors including Blackberry,
Microsoft, IBM and more
device, keyboard logging
• Applications must be modified and tested
 Issues
• Fragmentation issue still exists
• Not appropriate in the Bring Your Own
• Mixing personal and work spaces
Device world to lockdown the device
degrades user experience
• Does not prevent data leak
• IT has no control over the OS updates
• Intrusive user experience
43
• Malware can compromise the whole
Confidential
VMware Strategy for Android
Personal Space
VMware Switch
VMware
Android OS
Corporate
Workspace
Native Android OS
Unmodified Android
System
44
Horizon Mobile
Manager
OEM Enabler
Kit (OEK)
Integrated to device
firmware by phone OEM
Confidential
Components of VMware
Switch, downloaded from
Google Play
Components of the
workspace defined and
managed by IT
Competitive Advantages of Horizon Mobile for Android
•Better system integrity check with OEK
Security
•Workspace apps are sanctioned by IT, no Google Play
•Entire Workspace is encrypted with AES 256 algorithms
•Complete isolation of personal from corporate
•Support a single Android OS from VMware
Fragmentation
• No need to test applications for all Android flavors
•Single vendor to call for support
•OS upgrades are controlled by IT
Control
•Enterprise app store for unmodified Android app
•Integrated with Horizon Workspace
•Total control of personal space
User
Experience
•No intrusion to privacy
•Native Android experience for work and personal
•Dual-number / dual-billing
45
Confidential
iOS: Apple Redefines The Game with iOS 7
 Announced at WWDC 2013
 Largest iOS release to date
 Fundamental changes to UI
 New Management API’s
• Control of “Open In” – prevents data
•
•
•
•
•
•
•
leakage
Per-App VPN
Single Sign-On (Kerberos)
Managed Apps
Volume Licensing improvements
App Settings & Feedback
Supervised Mode
MDM becomes mandatory for all use
cases
 Expected availability - Fall 2013
46
Confidential
Change in Strategy due to iOS 7’s impending release
 Strategy Validation
• Enterprises definitely have unique needs for policy and data controls
 Role of Application Wrapping
• Obsoleted by policies built-in to operating system
• Frowned upon by Apple
 Our New Approach
• Embrace Apple’s APIs; Don’t fight Apple on App Wrapping
• Remove App Wrapping from Horizon Workspace
• Re-implement the secure workspace using iOS7 in an upcoming release
• Rely on Mail.App (Mail client) & Safari (Web Browser)
• Manage apps but will leverage MDM APIs to implement
47
Confidential
Impact on MAM Vendor’s Application Ecosystem
Citrix-Ready Worx
Verified Program
Good Dynamics
Marketplace
Symantec Sealed
Program
 65 apps at launch
 35 apps today
 25+ apps today
15 apps today
 500 ISV end 2013
48
MobileIron
AppConnect
Enabled
Confidential
Thanks!
Q&A
49
Confidential