Orchestrator Commands a Harmonious Synergy for VMware Workspace ONE

Orchestrator Commands a Harmonious Synergy for VMware Workspace ONE

powershell, scripting, Uncategorized
Orchestrator Commands VMware Workspace ONE

Whether you call it AirWatch, Workspace ONE, or many various expletives, the journey of deploying things in VMware’s UEM platform has been a tumultuous journey. We are going to briefly discuss the past, present, and future of deploying “things” in Workspace ONE to set the stage for a special new product. I mentioned Orchestrator in my recent article on VMworld 2020 announcements, but it wasn’t my first time. As a member of the EUC champions, we received a brief tutorial on it a few months ago. I’m happy to finally get my hands on it and provide you with a proper introduction in the real world.

A Brief History of Deployments in Workspace ONE

When we talk about pushing stuff out to users, it’s important that we show the past and present to see where we are going in the near future. As you can see below, we started with a very convoluted solution of creating these things called user groups and then moved to smart groups. Let’s discuss them a tiny bit.

The PastThe Present

User Groups in Workspace ONE

User Groups in Workspace ONE were used in the early days where you would create this AD group and deploy it at a container level to deploy stuff. They were honestly an unabashed nightmare that we still see on occasion. The main issues were:

  • Couldn’t deploy things contextually. It was basically all or nothing
  • If a device was accidentally moved from one container to another, you would lose everything
  • Overall just were not very useful, but it was better than giving everyone everything

We eventually grew up and moved onto the new frontier: Smart Groups!

Smart Groups in Workspace ONE

Smart Groups are “smarter” despite the name. I remember how much I used to make fun of Good Mobile, but smart groups were relatively smart. The main issue with smart groups was growth. We spent a ton of time with issues because smart groups couldn’t grow with our organizational needs.

We would have situations where something new like Android Knox would come out that Smart Groups couldn’t handle yet, but over time they have grown nicely. Now they can support the following:

  • Device Ownership
  • Tags (Yuck!)
  • Platforms and OS
  • OEMs and Models
  • Management Type (Full MDM or App-Level)
  • Enrollment Category (e.g. AAD, Shared iPad, DEP)

They have done a great job and are VERY useful provided you know how to use them. The great thing is they took the thing that “sorta worked” in user groups and allowed you to combine them both powered with LDAP to build a great solution. Now we move onto the true future in Freestyle Orchestrator! (We will talk about that shortly)

Setting Things Up for Freestyle Orchestrator

I know you are dying to learn all about Freestyle Orchestrator, but we need to set things up so we can see how awesome it is. Let’s start by checking out the new console that is a pleasant surprise.

Workspace ONE Becomes Logical

I know it’s crazy that a piece of technology might actually become “logical.” I was happy to see that they are re-organizing and re-labeling stuff inside of the console. Specifically, the resource section in Workspace ONE gives you a cleaner and easier way to work with the things that you want to deliver to users. The video below will give you a nice idea around that.

Bringing in your Windows Apps via the VMware Enterprise App Repository

I won’t go too deep into the Enterprise App Repository, but you can read more about it from the great Josue Negron here. The idea is that you don’t need to work too hard to deploy commonly-used Windows apps. Now, you can search for apps and it will add them automatically, which is some sort of hocus pocus that works. Let’s hope they get more apps soon otherwise it will lose some steam. This is a major help because people waste a ton of time making this work. Please do your part by sending your app addition requests to EARrequests@vmware.com

Introducing VMware Scripts Made Simple

Product Provisioning is a major headache that exists in our world. Some stuff has recipes that help you make the magic happen and other people like me have my Github with a collection of scripts to deploy. Can you imagine a world where deploying scripts to PCs and Macs was just “Set it and Forget it?!

Well, it’s now a real thing! VMware Workspace ONE’s new Scripts functionality let’s you create and deploy scripts to both PCs and Macs with ease. But, wait there’s more!!! You can now also push out variables that use lookup values in Workspace ONE. I have been writing MacOS Launch Agents and Daemons for a few years and I am so happy this is finally coming. The video gives a nice idea of how great this will be.

VMware Freestyle Orchestrator Unveiled

With great pleasure, I give you Freestyle Orchestrator! This new logical way of delivering and deploying resources, grouping them together, and using conditional statements in a very Workspace ONE Intelligence-like fashion.

There are a few reasons that I love Orchestrator, which I should point out is in PUBLIC PREVIEW. Initially, it will only be available on PCs and Macs, but it does solve many of the issues that we experience with building compelling Windows 10 experiences. A few of the things that I love about Orchestrator is:

  • Deploy based on App Version, Name, Registry Key, or File
  • Leverage WS1 Intelligence and its Sensors e.g. deploy a printer configuration if printers are not found
  • Group and Bundle stuff together into a single logical container and escalate the evil App Assignment section that has foiled us all to this day
  • Much more!

We should also be aware that this tool like anything can be dangerous. Make sure you don’t just ninja-publish stuff. PLEASE USE SAVE FIRST!! One of the reasons that UEM gets such a bad rap is that changes are so visible. Take your time and be cautious so you can look like the rockstars that you guys are. I hope you enjoy the video demo.

Some Final Thoughts on Orchestrator

I have been around the block when it comes to MDM, UEM, or whatever 3 letter acronym you want to use. Intune has had a bit of an advantage on deployment mainly because its fully-backed by Azure AD, but I think Freestyle Orchestrator has the potential to give Workspace ONE a slight edge again with this pliable offering. AirWatch/Workspace ONE’s major appeal is how quickly they iterate and support technologies vs. their competitors.

Freestyle Orchestrator empowers that journey toward supporting features and being able to deliver value to administrators rapidly. In the coming months, you will be able to decide how you can use Orchestrator to make music through your resource deployments. Enjoy and feel free to comment below!



Social Media

Get The Latest Updates

Subscribe To Our Weekly Newsletter

No spam, notifications only about the latest posts and updates.