Feeds

VMware boots up Horizon cloudy app manager

One app to bind them all

Combat fraud and increase customer satisfaction

Rather than come up with its own alternative to Active Directory and other LDAP servers that do authentication of user names and passwords to gain access to files and applications on corporate networks,

Project Horizon leverages these installed LDAP servers to create a single sign-on for cloud-based applications. "The LDAP server stays inside the corporate firewall, where it belongs," explains Wasmer, adding that the LDAP server will very likely be the very last server that any company lets go of, since it controls access to applications and data.

Horizon App Manager doesn't just plug into LDAP, it leverages the directory servers to create predefined user- and group-based application entitlements. So if an end user is added to a group – such as the accounting department – then the Horizon App Manager's unified app catalog automatically shows what applications she can use, and access is automatically set up and ready to go. The app catalog also has real-time app usage tracking, which shows who is working out on the public cloud and what they're doing.

At the moment, Horizon App Manager can only do provisioning on Google Apps, but with subsequent releases of the Horizon service, VMware will add others.

Eventually, the Horizon App Manager will also be used to authenticate users on VMware's Cloud Foundry platform cloud.

And over the long haul, says Wasmer, VMware will weave its ThinApp application-streaming middleware into the Horizon App Manager, and the applications running on VMware View VDI-style PCs, as well as the PC images themselves, will eventually be accessible through the same catalog interface.

Because VMware knows that people use a mix of application provisioning and VDI solutions, Microsoft's App-V and Citrix Systems' XenDesktop tools will eventually be linked into the Horizon App Manager so applications could be published to user accounts on various devices, although Wasmer was not at liberty to discuss timetables for when this support would be delivered.

One of the secret sauces in Project Horizon, says Wasmer, is the code that VMware got through its acquisition of TriCipher last August – on the same day that Project Horizon made its debut, in fact.

TriCipher created a triple-key cipher, single sign-on tool that was popular with the financial services industry because it does not pass user names and passwords outside of the firewall. TriCipher was delivering this access control as a service to banks, and VMware saw that it was a key missing piece in its Project Horizon plans. So it scarfed it up.

The initial incarnation of the Horizon App Manager only delivers catalog and authentication services for cloud applications. Wasmer says that around 50 applications out there on the intertubes adhere to the Security Assertion Markup Language (SAML) variant of XML for authentication that Project Horizon prefers, and these plug right into the app manager.

SAML keeps passwords inside the corporate firewall as authentication is done for applications outside the firewall, and so phishing is not very fruitful. Google, Salesforce.com, Cisco Systems, and others are behind the SAML standard.

If an application does not yet support SAML, the Horizon App Manager's enterprise connector, which runs inside an ESXi virtual machine inside the corporate firewall and is hooked into the LDAP/AD server, can provide access through a secure form post method.

VMware has identified thousands of such applications, and until they support SAML, Horizon needs to do something to give them access. User names and passwords for each user are stored in the Horizon ID vault, which does the authentication.

The app manager doesn't just keep track of access to applications, but also licensing, and it knows how to harvest back a license if you are not using it. For example, system admins could set a rule that if you subscribe to an app and you don't use it in 90 days, your app is revoked and that license is then available to another user. The provisioning portions of the App Manager can do annual, monthly, or perpetual licenses as well as concurrent or numbered user licensing.

The Horizon App Manager itself is written in Java using VMware's Spring framework; the tool's user interface is based on a mix of HTML, CSS, and Ajax. The Horizon browser platform, from which applications are launched, is accessible in Internet Explorer 7 or higher, Firefox 3.5 or higher, or Safari 5.

The plan is to do a new release every month to add new functionality, but with the goal of letting customers pick what level of functionality – bleeding edge or a few releases back – that they want to use, much as Google Apps does.

Horizon App Manager has been in beta testing for the past four months at around 40 customers, says Wasmer. The tool is available now to select early access customers in North America and in the Asia/Pacific region. VMware plans to start trials in other regions, with volume shipments later this year. The app manager service costs $30 per user per year. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.