One of my top 5 worst weekends in my IT career was courtesy of SaaS Ops at AirWatch. When I worked for Wellington Management, we bought a dedicated SaaS environment and refused to migrate the database/settings/or anything really over to the new environment. So what did Mobile Jon do?
I spent several several several hours over the course of a weekend with two windows open manually recreating my entire environment. Thanks AirWatch Team! Recently, I talked recently about the neat ESO fling. Could another Fling come to the rescue? A few members of the VMware team have created a new Fling that would have eliminated this PTSD-inducing situation called Forklift. Let’s dig into this!
What is VMware Forklift?
Forklift is an application that leverages the Workspace ONE API for better or worse, which is something I have some experience with as read about here. Forklift offers the following features:
- Pipelines for Profiles, Baselines, Scripts, and Sensors
- Migrations for Profiles, Baselines, Scripts, and Sensors
- Template Deployments of Profiles, Baselines, Scripts, and Sensors
Question is WTF does that mean?
That is an excellent question. Let’s talk about what they actually mean after we cover setting up your environments.
Adding Environments in VMware Forklift
Before we talk about the different capabilities in Pipelines and what they mean to you let’s cover setting up the environments. I don’t plan on covering the install process as its literally install Docker, reboot, install Forklift.
Let’s check the demo first on adding environments:
A few things to mention about environments:
- You need to create an environment for each org group if you want to move stuff between organizational groups
- If your group creations fail, check Docker and make sure all 3 services are running.
Pipelines in VMware Forklift
So a CI/CD pipeline can be a bit confusing. Let’s break it down into human being words. Let’s say you want to do things like a good boy/girl. Today, you probably do this:
- You build out a profile/application/whatever in your test environment.
- Now, your stuff is ready for production, so what do you do?
- You “try” to physically copy the profile and deploy it with the hopes you copied it right.
- You probably fail eventually because you’re a human being and not a robot.
Let’s check out a demo of Pipelines first before talking about the spirit of pipelines:
Now that you watched the demo, let’s talk about how much better life can be with Pipelines:
- You build out a profile in your development environment
- You create a pipeline for that profile
- Once it’s ready to move to UAT or Production, you add a step to the pipeline to promote it to that next stage and can even see the changes.
- If that changes goes awry, you can rollback that change with a single click of the button
- You can continue to add steps to the pipeline to move it to other org groups or copy it to other environments if you so choose.
Essentially, you have now elevated your lifecycle and change management for your payloads in Workspace ONE so good job.
VMware Forklift Templates
Forklift Templates are basically collections. I like to think of them like a platform baseline. As an example, you may want to build a template with your full set of iOS profiles, apps, etc. The templates are likely most useful when building out a test environment or a consulting company spinning up test environments for their clients.
Let’s check out a demo:
As you saw, it’s fairly straight-forward. One of the challenges are WS1 UEM API limitations that you may have seen in the WS1 Profile Migration Tool are certain types of profiles do not migrate, but not the end of the world. Some of the profiles that I have seen not migrate are:
- Credential Payloads
Overall, the profiles and payload types that you can’t migrate are easy to re-create. Hopefully, the API will get improved more so that it is even more useful.
Forklift migrations are like the adhoc version of templates. We use migrations to trigger moves for Profiles, Apps, Baselines, Scripts, and Sensors between any of the environments you have added. Let’s check the demo real quick before we discuss:
The one challenge that I see with migrations are application migrations. One of the big problems is you need to upload the binaries and icons, which is a bit icky:
I’ve also run into some stuff around metadata that causes failures and such, but it’s certainly still a work in progress. One of the things I’m also a huge fan of that after you have migrated a profile, you can migrate an updated profile as seen below:
At the end of the day, VMware Flings are best effort products. At the same time, so many VMware Flings are special. I think VMware Forklift can be a lifesaver for a ton of people. One of the things I am most passionate about are products that give Mobility people legitimacy. If you can claim that you built a pipeline in your mobility architecture, it makes you look better and much more competent. We know that so much of what we do is about elevating our games to a whole new level.