Digital Workspace

Organisation of Year One A.C (After Covid19) Part 2/2

The Organisation of Year One A.C (After Covid19) Part 2/2

Credit to : Koh Ching Lan
Head of EUC, Net One Asia Pte Ltd

In this post, we continue on to Part II of The Organisation of Year One – A.C (After COVID19), as to how Net One Asia’s Workstyle Innovation (WSI) practice looks at 3 key services capabilities to give you the “Edge” in providing the Next Normal access services.  

#1 – Rethink : Methods of Connection from Remote 

Think Lightweight – Micro Tunnel Services 

As more remote access becomes a cornerstone of working culture or the new normal, a traditional full-device VPNs access will have its limitation. VMware Micro Tunnel technology provides an alternative to compliment traditional full VPN access.  

Innovating into establishing connectivity at an application level, instead of on a per-device basis. When an authorized app launches, VMware Tunnel establishes a silent connection for seamless and secure access. 

Micro Tunnel Per-App VPN  

Per-App VPN allows you to configure traffic rules based on specific applications. When the VPN is configured, it connects automatically when a specified app starts and sends the application traffic through the VPN connection, but not traffic from other applications. With this flexibility, your data remains secure while not limiting device access to the Internet at large.  

By setting specific applications to start and use the VPN connection, only the traffic from those apps will use the VPN and not all other devices traffic. This logic allows you to keep corporate data secure while reducing the bandwidth sent through your VPN. 

#2 – Rethink : Delivery and Interaction of Applications and Data 

Think VPN-LESS – Digital Platform Services 

The fast evolution landscape of critical business applications has created a challenge to IT in terms of managing applications under a unison interface and securing the access to these apps. On top of itwith the proliferation of various types of devices, implementing a one size fits all based on traditional EUC technology will not be advisable.   

The word: “VPN-LESS” does not mean Full-VPN device access is inappropriate. It is to rethink the approach, to better deliver both apps and data due to the increasing adoption of SaaS, Web-based applications in a digital mobile work culture. Fundamentally, it is to rely less on VPN to grant access to corporate resources.    

VMware Workspace ONE is VMware’s digital workspace solution. It is a digital platform that delivers and manages any app on any device by integrating access control, application management, and multi-platform endpoint management. Workspace ONE is built on the unified endpoint management (Workspace ONE UEM, formerly known as AirWatch) technology that integrates with virtual application delivery (VMware Horizon) on a common identity framework. The platform enables IT to deliver a digital workspace that includes the devices and apps of the business’s choice, without sacrificing the security and control that IT professionals need. 

Consumer Simple Enterprise Secure 

Unified Apps Catalog A single interface where your users will “see” all the various applications type even legacy applications. VMware Workspace One UEM classifies applications as internal, public, purchased, and Web and you upload applications depending on the type end-users can get password-less single sign-on to a catalog that provides them access to virtually any app. This includes mobile apps, web apps, cloud apps, and Windows apps.  

Provide easy access to all the apps your end users need to do their job either through a catalog available through a browser or the Workspace ONE native mobile app 


Horizon ServicesVMware Workspace One Horizon services provides an alternative to remote terminal session. It not only provides an enterprise-class application publishing solution but also virtual desktop as well. And with its native Blast extreme display protocol, which is designed to be intuitive in terms of performance over corporate network. This helps IT to enhance its applications delivery services level which includes thick client applications.  

From IT administrator stand-point, VMware Horizon Service with its Image Management and App Volumes features helps to ease the management of fully patched operating system image, and the basic application load, and the respective patches, version control of your images. And having different user groups who need access to different applications. 


Content Secure Share VMware Workspace One Content Gateway provides a secure and effective medium for end users to access internal repositories like SharepointFileshare. 

It provides levels of access to your corporate content. Your end users can remotely access their documentation, financial documents, board books, and more directly from content repositories or internal fileshares. As files are added or updated within your existing content repository, the changes immediately display in VMware Workspace ONE Content. Users are granted access to their approved files and folders based on the existing access control lists defined in your internal repository. 

#3 – Rethink : Secure Trust of Remote Access 

Think Adaptive Based – Secure Access Control Services 

The shift from a common set of security policy to a more adaptive based approach stems out of necessity. The reality is the changes in workstyles with regards to how end users expect to interact with productivity tools, devices, and the apps that is increasing outside of corporate network wall requires a rethink to enable secure access to corporate resources. 

Universal Strong Authentication 

Who are you and can I trust you?  – The key step to secure the access of your corporate resources is to establish the identity of your user request and ensure they have the right authorization to access the requested resources. VMware Workspace One UAG can be configured to perform the initial user authentication itself. Its capability to support identity management provider user store, which does not necessarily have to be Active Directory.  

It has the capabilities of reverse proxy and support legacy web applications that still is using Kerberos authentication methods and bridge the identity protocol by converting SAML and or certificate based to Kerberos authentication. Hence utilising a more modern authentication method over an external connection to grant access to web application that is still using Kerberos authentication method. 

User Name & Password isn’t enough  – To gain a higher trust posture, VMware Workspace One UAG supports multi-factor authentication with the supported user authentication method that include: 

  • Active Directory domain password 
  • Kiosk mode
  • RSA SecurID two-factor
  • RADIUS via a number of third party, two-factor security-vendor solutions
  • Smart card, CAC, or PIV X.509 user certificates
  • SAML 

Its integration with 3rd party identity management provider to give a seamless SSO experience while enhancing the security access to all types of application. 

Contextual Access  

Dynamic & Granular Access Policy  It can be dynamic in determining the appropriate access policy for various connection request.  VMware Workspace ONE with its Workspace One Access combines identity and device management to enforce access decisions based on a range of conditions from strength of Authentication, Network Range, Location, and Device Compliance.  

It provides a powerful policy engine so that you can mix and match these inputs to make dynamic decisions on the level of access end-users get. This means that if you need to lock down access to sensitive data from remote users on unmanaged devices, you can do that in just a few clicks. But we go one step further. We provide the end-user workflow for endpoints to get into a state that results in compliance, and thereby access. 

Granular conditional access policies can be applied on a per-application basis to enforce authentication strength and restrict access by network scope or through any device restriction. 


For Windows 10 and other devices, VMware Workspace ONE can apply device profiles that allow you to configure security settings that will keep devices secure (encryption, Windows Updates, etc), but also some features that will really improve the experience for end users (configuring Wi-Fi and VPN for example) 

Data ProtectionAdvanced data leakage protects against rooted or jailbroken devices, allow list, and deny list apps, open-in app restrictions, cut/copy/paste restrictions, geofencing, network configuration, and a range of advanced restrictions and policies. 

For Office 365, the integration with the Office 365 Graph API can manage the DLP settings across the suite of Office applications to ensure security. 

Preparing to be the organisation of year one A.C. begins right at the digital workspace domain. Let’s rethink the way Remote Connection is done, how Applications and Data is delivered, and enable an adaptive secure control of this access. Start to unify with VMware Workspace One UAG Technology to be the Edge Multi-Services Hub to provide a platform for your End User Computing services in this new normal. 

Contact Us for a scheduled Virtual Meeting to discuss your requirement! 

Net One Asia Workspace as a Service is a intelligence driven digital workspace managed service platform that simply and securely delivers and manages any application and desktop on any device by integrating access control, application management, and multi-platform endpoint management.

Subscribe to Our Newsletter
* indicates required
Subscribe to Our Newsletter
* indicates required
Digital Workspace

Organisation of Year One A.C (After Covid19) Part 1/2

The Organisation of Year One A.C (After Covid19)

Credit to : Koh Ching Lan
Head of EUC, Net One Asia Pte Ltd

The Age Of The New Normal 

In this time of Post-COVID, many of us are thrusted into navigating the many changes that this pandemic has brought to the world. The challenges which the corporate organisations and businesses faced will no doubt evolved and their leadership roles will need to review the corporate responses that effectively address them. 

Eventually, we will be entering into the period of After COVID (A.C.) How will your organisation look like during then? What we want to drive out of this event is the impetus to accelerate digitalisation of businesses and the way people work, in addition to how businesses will be conducted remotely and digitally.     

Having IT to take the initial steps in respond to meet the demands of working from home during the lockdown period, is the norm during the beginning. Now, what will be your next steps to better support this new normal way of working (nWOW). 

Perhaps a rethinking process is in place to review the what’s next question so to better prepare and emerge from this trial into a more digitalised organisation. It is going to start right now in your workspace! 

Rethinking Remote Access  

Working remotely means that your organisation’s IT needs to provide a remote connection to allow users access into your corporate internal resources. Sound simple enough and the most common approach which fits such requirement is to utilise virtual private networks (VPN). However, if this be your mainstay for remote access. There will be a need to rethink how to enhance if not maintain performance, manageability, and security posture.  

Common challenges arises from just relying on full VPN for remote access: 

  • Network performance latency due to increase of VPN access connection consuming corporate network bandwidth.      
  • End User experiences degradation in situation of failed VPN connection due to latency, issue with VPN clients installed in End Point devices. 
  • Security control in relation to devices especially for external vendors who needs to access corporate resources that mainly are not managed by corporate IT. And difficulty in managing variant policies to control access.  

Let’s make one thing clear 

This is not to say that having full VPN for remote access is wrong, rather to imply that relying just on this method can limit your ability to respond adequately to service the new changes or demands as businesses evolved into a more digitalised environment.  

Digital Innovation a need or want? 

This new normal will not primarily occurs within the internal corporate network only. A significant portion will be from external as well as business applications and data that is increasingly resides out of organisation premises. 

A rethink process is in order on how to unify a diverse need in terms of devices, variant types of applications, residency of data for collaboration and secure control of access from external internet traffic.  

The time to innovate never bears such urgency to innovate the traditional work methods into a new workstyle.   

VMware Workspace One – UAG Edge Multi-Services Hub 

Unify at Proxy delivering multi-edge services 

Proxy services in the DMZ that provides connections inside organisation trusted network is the de facto set-up. The importance of this services accentuates even further as more connections is coming from remote. Utilizing VMware Workspace One – UAG technology. This becomes your unified platform for multiple edge services to provide secure access to your corporate resources. Such approach unlocked the limitation in terms of siloed services and enables you to have the flexibility to provide multiple services at the proxy edge.  

Net One Asia’s Work Style Innovation (WSI) practice looks at 3 key services capabilities to give you this “Edge” in providing the next normal access services.    

We will cover more about this in our next blog post Organisation of Year One AC Part II. 

Net One Asia Workspace as a Service is a intelligence driven digital workspace managed service platform that simply and securely delivers and manages any application and desktop on any device by integrating access control, application management, and multi-platform endpoint management.

Contact Us Today!

Subscribe to Our Newsletter

* indicates required

Subscribe to Our Newsletter

* indicates required

Follow Us