Wednesday, June 26, 2019

Replacing CRTs with iPads for Patient Entertainment Systems in Healthcare

Back in my day our TVs were big square boxes. The one my family owned had a wood look vinyl covering and I think a "remote" control that had a cable. I didn't even know how to program the VCR.

I'm not that old yet my (grey) beard suggests otherwise - but I still see oldschool TVs in hospitals. You know why? Its because Patient Entertainment Systems cost a FORTUNE when they are first implemented. And if you still do it the same way, it will cost a fortune again. They are hard to repair or replace, and the content is old and static.

This post is an extension to my post from yesterday around using GroundControl with Workspace ONE. Using iPads for a Patient Entertainment System (hereby referred to as PES) was actually the first use case that introduced me to GroundControl. There is a great case study out of the US for Pheonix Children's Hospital where they are doing exactly this.

I won't get into as much detail as my last post around how GroundControl works, but read on and you'll find out exactly why Hospitals are moving toward iPads with Workspace ONE and GroundControl.

Monday, June 24, 2019

Secure, Automated and Passwordless Mobile Clinical Device Provisioning

If you've ever been in a hospital, I'm sure you would have seen clinical staff (literally at times) running between rooms, back to nursing stations or if they're lucky into the hall to enter notes or lookup information on a WOW (Workstation on Wheels). Apart from the time it takes to get back to any of these places, they have to leave the patient bedside and remember what they need to capture in the medical records. Typically, to try and gain some time back computers are logged in as generic accounts (shudder) and there is no user personalisation or account auditing on these devices. To me, this just sounds like a recipe for disaster.

In recent years, we've seen the uptake of VDI (year of the desktop anyone?) and that brought some improvements around session portability between devices but there is no true mobility use case like a mobile tablet or phone that the clinician or doctor can take with them and complete their tasks at the bedside.

True, a device for every employee would be expensive. And they could just use their own devices to take notes or photos, but from a regulatory and compliance perspective this is really not a good idea.

This is where GroundControl and VMware Workspace ONE come in to save the day.

Imagine being a nurse, doctor or any healthcare employee for that matter. You now walk up to a pool of iOS devices, tap your RFID Employee badge onto the proximity card reader and in seconds a device is allocated to you which is completely personalised with your authentication credentials, your relevant applications and is ready to use without having to enter and passwords or further configuration. When you're done, just dock it back where you got it and it is securely erased to factory defaults ready for the next user.

Sound too good to be true?

Nope. Read to find out how and see this is action.


Friday, June 21, 2019

Velocloud Dynamic Multi-Pathing and Identity Manager

I was lucky enough a few weeks ago to get a Velocloud SD-WAN by VMware router for my homelab. This post won't be about all the features and capabilities of Velocloud, but there is one particular capability that, although useful, causes a few challenges with Horizon and Identity Manager.

I'm talking about Dynamic Multi Path Optimisation. Being an End User Computing specialist, I'm not going to pretend I am a networking expert but I will try to explain it as best as I can. On my Veloloud Edge Router in my lab, traffic is dynamically routed through the Velocloud Edge Gateway hosted by VMware on the megaclouds like AWS. Read the document linked above, but what it allows is Velocloud to optimise and improve internet and network traffic when routed through one of these Gateways.

However, after setting one of these bad boys in my homelab I noticed that things weren't quite working quite as expected for Horizon and Identity Manager.

Monday, May 13, 2019

Managing Augmented Reality with VMware

Image result for deal with it glassesSeriously, it took me more time to think of a title for this post than it actually took to enrol and manage the Hololens. And this is what I came up with. Anyway, I digress.

A couple of weeks ago I was lucky to get my hands on a Microsoft Hololens Developer Kit device from our campus in Palo Alto. In case you weren't aware, VMware has an amazing and incredibly talented team in our Research and Development area working on many emerging technologies with Augmented Reality being one of them. Using my contacts within the CTO Ambassador Program I had the opportunity to meet many of them in person and see what they're working on, and as a result I was able to present our capabilities locally here in Australia at a Technology in Healthcare roadshow.

At this event I presented on how Blockchain, Machine Learning and Artificial Intelligence, Internet of Things, Virtual and Augmented Reality and Digital Twins will shape the future of Healthcare. After the presentation the VMware stand was inundated with clinicians and nurses right through to training coordinators trying out the Hololens and discussing how we can enable these kinds of devices now into organisations.

It doesn't seem to be that well known or understood how VMware can do this, so I thought I'd do a write up and give a bit of an example of what we're able to do.


Friday, April 12, 2019

Federating Multiple Identity Managers for VMware Services

For those who may have wondered, yes I am still alive.

Image result for twoIt's been a massive few months with overseas travel, new certifications and being admitted as a VMware CTO Ambassador. I'll make sure I write about all of this another time.

For background there has been a decision made by VMware recently where a lot of our Non-EUC solutions include a VMware Identity Manager licensing entitlement. What this is meant to allow is something like VMware Log Insight to be able to authenticate with Identity Manager allowing simplified SSO for administrators. This entitlement to Identity Manager is for the On-Premises version only.

So now, let's go into this scenario posed to me recently. What if that customer already has an entitlement to a SaaS Identity Manager tenant? Do they need both? Without opening a can of worms and entering the realms of licensing, the answer is "probably" and it's actually not a bad thing. Their situation was that they had some users who needed access to Log Insight that had an entitlement to a Workspace ONE SaaS license but not all of them. This meant we had to leave Log Insight federated with the On-Premises Identity Manager. If there is where we stopped everything would have worked, but the user experience would be pretty ordinary as they'd need to authenticate to both Identity Managers.

That's not how we roll at VMware! Lets make it simple!

Monday, January 7, 2019

Delivering complex Windows 10 app install routines in Workspace ONE UEM

With Windows being around for 30 years, it is no surprise that the software and configuration baggage its brings along with it to enterprise is extensive.

Unlike the truly modern mobile world, Apps for Windows 10 are typically not just a single file that lands on the device and runs with configuration being sent over APIs along with the install. Microsoft in some way have tried to transition to this with its Universal Windows Platform (UWP) Apps from the Microsoft Store and Microsoft Store for Business, but in my experience I have yet to see any organisation deliver (or develop) and truly enterprise level application using this platform.

This is why we are still nearly completely reliant on traditional Win32 Apps and needing to find a way to manage those "legacy" formats and processes in a modern management framework. VMware Workspace ONE UEM has made massive investment in development and enhancement in these capabilities and our customers are continuing to see our leadership in this space. We've talked a lot about how we can simply and robustly deliver .MSI and .EXE files and at scale, however its most often used when deploying a single installer with maybe a transform file and some checks to see if there's enough disk space.

But what if your install routine is more complex?

Tuesday, December 11, 2018

Enhancing your Zero Trust Architecture with Okta Identity Cloud and Workspace ONE

I feel like it shows the quality and strength of a vendor's solution when we can confidently stand behind what we do and are also aware enough to partner with others to provide better experiences for our joint customers. One of the best examples of this is Okta and VMware coming together to jointly work on and promote a unique partnership where we can leverage the best of both vendor's portfolio to provide the best user experience while ensuring security for your Organisation.

Outside of being how it all works and integrates (which I'll deep dive into shortly), I am often asked what the value is for customers. Okta Identity Cloud (as the name suggests) is a cloud-based Identity and Access Management solution that enables Single Sign-On the User Lifecycle to Modern Applications and Services. According to their website, they have over 5500 out-of-the-box integrations and have been consistently called out as a leader in their field.

I have been developing with and using Okta for nearly a year now as part of the VMware and Okta partnership. I've found it very powerful and easy to manage, and it seems more and more customers in my region are finding this too. With this, they are now looking to leverage the integrations between Workspace ONE and Okta Identity Cloud to take their Digital Workspace to the next level.

At the risk of taking the wind out of this post's sails, VMware has a page dedicated to this partnership but I still seem to get asked Why is there a Partnership, What is the Value, and How does it Work? So with this post I am going to answer this.

So channelling my inner Simon Sinek, lets Start With Why?