Feeds

VMware boots up Horizon cloudy app manager

One app to bind them all

Boost IT visibility and business value

Rather than come up with its own alternative to Active Directory and other LDAP servers that do authentication of user names and passwords to gain access to files and applications on corporate networks,

Project Horizon leverages these installed LDAP servers to create a single sign-on for cloud-based applications. "The LDAP server stays inside the corporate firewall, where it belongs," explains Wasmer, adding that the LDAP server will very likely be the very last server that any company lets go of, since it controls access to applications and data.

Horizon App Manager doesn't just plug into LDAP, it leverages the directory servers to create predefined user- and group-based application entitlements. So if an end user is added to a group – such as the accounting department – then the Horizon App Manager's unified app catalog automatically shows what applications she can use, and access is automatically set up and ready to go. The app catalog also has real-time app usage tracking, which shows who is working out on the public cloud and what they're doing.

At the moment, Horizon App Manager can only do provisioning on Google Apps, but with subsequent releases of the Horizon service, VMware will add others.

Eventually, the Horizon App Manager will also be used to authenticate users on VMware's Cloud Foundry platform cloud.

And over the long haul, says Wasmer, VMware will weave its ThinApp application-streaming middleware into the Horizon App Manager, and the applications running on VMware View VDI-style PCs, as well as the PC images themselves, will eventually be accessible through the same catalog interface.

Because VMware knows that people use a mix of application provisioning and VDI solutions, Microsoft's App-V and Citrix Systems' XenDesktop tools will eventually be linked into the Horizon App Manager so applications could be published to user accounts on various devices, although Wasmer was not at liberty to discuss timetables for when this support would be delivered.

One of the secret sauces in Project Horizon, says Wasmer, is the code that VMware got through its acquisition of TriCipher last August – on the same day that Project Horizon made its debut, in fact.

TriCipher created a triple-key cipher, single sign-on tool that was popular with the financial services industry because it does not pass user names and passwords outside of the firewall. TriCipher was delivering this access control as a service to banks, and VMware saw that it was a key missing piece in its Project Horizon plans. So it scarfed it up.

The initial incarnation of the Horizon App Manager only delivers catalog and authentication services for cloud applications. Wasmer says that around 50 applications out there on the intertubes adhere to the Security Assertion Markup Language (SAML) variant of XML for authentication that Project Horizon prefers, and these plug right into the app manager.

SAML keeps passwords inside the corporate firewall as authentication is done for applications outside the firewall, and so phishing is not very fruitful. Google, Salesforce.com, Cisco Systems, and others are behind the SAML standard.

If an application does not yet support SAML, the Horizon App Manager's enterprise connector, which runs inside an ESXi virtual machine inside the corporate firewall and is hooked into the LDAP/AD server, can provide access through a secure form post method.

VMware has identified thousands of such applications, and until they support SAML, Horizon needs to do something to give them access. User names and passwords for each user are stored in the Horizon ID vault, which does the authentication.

The app manager doesn't just keep track of access to applications, but also licensing, and it knows how to harvest back a license if you are not using it. For example, system admins could set a rule that if you subscribe to an app and you don't use it in 90 days, your app is revoked and that license is then available to another user. The provisioning portions of the App Manager can do annual, monthly, or perpetual licenses as well as concurrent or numbered user licensing.

The Horizon App Manager itself is written in Java using VMware's Spring framework; the tool's user interface is based on a mix of HTML, CSS, and Ajax. The Horizon browser platform, from which applications are launched, is accessible in Internet Explorer 7 or higher, Firefox 3.5 or higher, or Safari 5.

The plan is to do a new release every month to add new functionality, but with the goal of letting customers pick what level of functionality – bleeding edge or a few releases back – that they want to use, much as Google Apps does.

Horizon App Manager has been in beta testing for the past four months at around 40 customers, says Wasmer. The tool is available now to select early access customers in North America and in the Asia/Pacific region. VMware plans to start trials in other regions, with volume shipments later this year. The app manager service costs $30 per user per year. ®

Boost IT visibility and business value

More from The Register

next story
Pay to play: The hidden cost of software defined everything
Enter credit card details if you want that system you bought to actually be useful
HP busts out new ProLiant Gen9 servers
Think those are cool? Wait till you get a load of our racks
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Community chest: Storage firms need to pay open-source debts
Samba implementation? Time to get some devs on the job
Like condoms, data now comes in big and HUGE sizes
Linux Foundation lights a fire under storage devs with new conference
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.