Feeds

VMware boots up Horizon cloudy app manager

One app to bind them all

Secure remote control for conventional and virtual desktops

Rather than come up with its own alternative to Active Directory and other LDAP servers that do authentication of user names and passwords to gain access to files and applications on corporate networks,

Project Horizon leverages these installed LDAP servers to create a single sign-on for cloud-based applications. "The LDAP server stays inside the corporate firewall, where it belongs," explains Wasmer, adding that the LDAP server will very likely be the very last server that any company lets go of, since it controls access to applications and data.

Horizon App Manager doesn't just plug into LDAP, it leverages the directory servers to create predefined user- and group-based application entitlements. So if an end user is added to a group – such as the accounting department – then the Horizon App Manager's unified app catalog automatically shows what applications she can use, and access is automatically set up and ready to go. The app catalog also has real-time app usage tracking, which shows who is working out on the public cloud and what they're doing.

At the moment, Horizon App Manager can only do provisioning on Google Apps, but with subsequent releases of the Horizon service, VMware will add others.

Eventually, the Horizon App Manager will also be used to authenticate users on VMware's Cloud Foundry platform cloud.

And over the long haul, says Wasmer, VMware will weave its ThinApp application-streaming middleware into the Horizon App Manager, and the applications running on VMware View VDI-style PCs, as well as the PC images themselves, will eventually be accessible through the same catalog interface.

Because VMware knows that people use a mix of application provisioning and VDI solutions, Microsoft's App-V and Citrix Systems' XenDesktop tools will eventually be linked into the Horizon App Manager so applications could be published to user accounts on various devices, although Wasmer was not at liberty to discuss timetables for when this support would be delivered.

One of the secret sauces in Project Horizon, says Wasmer, is the code that VMware got through its acquisition of TriCipher last August – on the same day that Project Horizon made its debut, in fact.

TriCipher created a triple-key cipher, single sign-on tool that was popular with the financial services industry because it does not pass user names and passwords outside of the firewall. TriCipher was delivering this access control as a service to banks, and VMware saw that it was a key missing piece in its Project Horizon plans. So it scarfed it up.

The initial incarnation of the Horizon App Manager only delivers catalog and authentication services for cloud applications. Wasmer says that around 50 applications out there on the intertubes adhere to the Security Assertion Markup Language (SAML) variant of XML for authentication that Project Horizon prefers, and these plug right into the app manager.

SAML keeps passwords inside the corporate firewall as authentication is done for applications outside the firewall, and so phishing is not very fruitful. Google, Salesforce.com, Cisco Systems, and others are behind the SAML standard.

If an application does not yet support SAML, the Horizon App Manager's enterprise connector, which runs inside an ESXi virtual machine inside the corporate firewall and is hooked into the LDAP/AD server, can provide access through a secure form post method.

VMware has identified thousands of such applications, and until they support SAML, Horizon needs to do something to give them access. User names and passwords for each user are stored in the Horizon ID vault, which does the authentication.

The app manager doesn't just keep track of access to applications, but also licensing, and it knows how to harvest back a license if you are not using it. For example, system admins could set a rule that if you subscribe to an app and you don't use it in 90 days, your app is revoked and that license is then available to another user. The provisioning portions of the App Manager can do annual, monthly, or perpetual licenses as well as concurrent or numbered user licensing.

The Horizon App Manager itself is written in Java using VMware's Spring framework; the tool's user interface is based on a mix of HTML, CSS, and Ajax. The Horizon browser platform, from which applications are launched, is accessible in Internet Explorer 7 or higher, Firefox 3.5 or higher, or Safari 5.

The plan is to do a new release every month to add new functionality, but with the goal of letting customers pick what level of functionality – bleeding edge or a few releases back – that they want to use, much as Google Apps does.

Horizon App Manager has been in beta testing for the past four months at around 40 customers, says Wasmer. The tool is available now to select early access customers in North America and in the Asia/Pacific region. VMware plans to start trials in other regions, with volume shipments later this year. The app manager service costs $30 per user per year. ®

Remote control for virtualized desktops

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
SAVE ME, NASA system builder, from my DEAD WORKSTATION
Anal-retentive hardware nerd in paws-on workstation crisis
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.