Feeds

VMware boots up Horizon cloudy app manager

One app to bind them all

Choosing a cloud hosting partner with confidence

Rather than come up with its own alternative to Active Directory and other LDAP servers that do authentication of user names and passwords to gain access to files and applications on corporate networks,

Project Horizon leverages these installed LDAP servers to create a single sign-on for cloud-based applications. "The LDAP server stays inside the corporate firewall, where it belongs," explains Wasmer, adding that the LDAP server will very likely be the very last server that any company lets go of, since it controls access to applications and data.

Horizon App Manager doesn't just plug into LDAP, it leverages the directory servers to create predefined user- and group-based application entitlements. So if an end user is added to a group – such as the accounting department – then the Horizon App Manager's unified app catalog automatically shows what applications she can use, and access is automatically set up and ready to go. The app catalog also has real-time app usage tracking, which shows who is working out on the public cloud and what they're doing.

At the moment, Horizon App Manager can only do provisioning on Google Apps, but with subsequent releases of the Horizon service, VMware will add others.

Eventually, the Horizon App Manager will also be used to authenticate users on VMware's Cloud Foundry platform cloud.

And over the long haul, says Wasmer, VMware will weave its ThinApp application-streaming middleware into the Horizon App Manager, and the applications running on VMware View VDI-style PCs, as well as the PC images themselves, will eventually be accessible through the same catalog interface.

Because VMware knows that people use a mix of application provisioning and VDI solutions, Microsoft's App-V and Citrix Systems' XenDesktop tools will eventually be linked into the Horizon App Manager so applications could be published to user accounts on various devices, although Wasmer was not at liberty to discuss timetables for when this support would be delivered.

One of the secret sauces in Project Horizon, says Wasmer, is the code that VMware got through its acquisition of TriCipher last August – on the same day that Project Horizon made its debut, in fact.

TriCipher created a triple-key cipher, single sign-on tool that was popular with the financial services industry because it does not pass user names and passwords outside of the firewall. TriCipher was delivering this access control as a service to banks, and VMware saw that it was a key missing piece in its Project Horizon plans. So it scarfed it up.

The initial incarnation of the Horizon App Manager only delivers catalog and authentication services for cloud applications. Wasmer says that around 50 applications out there on the intertubes adhere to the Security Assertion Markup Language (SAML) variant of XML for authentication that Project Horizon prefers, and these plug right into the app manager.

SAML keeps passwords inside the corporate firewall as authentication is done for applications outside the firewall, and so phishing is not very fruitful. Google, Salesforce.com, Cisco Systems, and others are behind the SAML standard.

If an application does not yet support SAML, the Horizon App Manager's enterprise connector, which runs inside an ESXi virtual machine inside the corporate firewall and is hooked into the LDAP/AD server, can provide access through a secure form post method.

VMware has identified thousands of such applications, and until they support SAML, Horizon needs to do something to give them access. User names and passwords for each user are stored in the Horizon ID vault, which does the authentication.

The app manager doesn't just keep track of access to applications, but also licensing, and it knows how to harvest back a license if you are not using it. For example, system admins could set a rule that if you subscribe to an app and you don't use it in 90 days, your app is revoked and that license is then available to another user. The provisioning portions of the App Manager can do annual, monthly, or perpetual licenses as well as concurrent or numbered user licensing.

The Horizon App Manager itself is written in Java using VMware's Spring framework; the tool's user interface is based on a mix of HTML, CSS, and Ajax. The Horizon browser platform, from which applications are launched, is accessible in Internet Explorer 7 or higher, Firefox 3.5 or higher, or Safari 5.

The plan is to do a new release every month to add new functionality, but with the goal of letting customers pick what level of functionality – bleeding edge or a few releases back – that they want to use, much as Google Apps does.

Horizon App Manager has been in beta testing for the past four months at around 40 customers, says Wasmer. The tool is available now to select early access customers in North America and in the Asia/Pacific region. VMware plans to start trials in other regions, with volume shipments later this year. The app manager service costs $30 per user per year. ®

Internet Security Threat Report 2014

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?