VMware Expands Into Identity-as-a-Service

Expanding even further beyond its roots in server virtualization, VMware Inc. has launched a single sign-on (SSO) product called Identity Manager.

It's the latest entry into the burgeoning arena of identity-as-a-service (IDaaS) solutions that provide SSO and a federated identity management system for managing access to cloud-hosted or on-premises applications, along with a range of mobile devices.

By adding VMware Identity Manager, the virtualization giant is challenging Microsoft, Salesforce.com, and a number of key providers of SSO identity management solutions including Okta, Centrify Ping Identity and numerous others. VMware officials underscored that bringing SSO is a natural progression to the efforts it's made in extending the identity management capabilities offered in key products and the company's own internal approach to authentication.

The new VMware Identity Manager is based on TriCipher technology acquired by VMware in 2010, which is now integrated into VMware's AirWatch mobile device management system. The solution can be used across other VMware solutions, including vCloud Air and vRealize Suite, to provide SSO for administrators so they can easily switch between management interfaces, said Sanjay Poonen, VMware's EVP and GM of End User Computing.

"You might ask, what have we been doing with [the TriCipher tech] all this time?" Poonen told reporters at a press event in San Francisco. "We've actually been building the product over the past few years, working with a few hundred customers." He added that VMware has been using the technology internally, providing all of its 19,000-plus employees with SSO access. VMware acquired AirWatch, a leading provider of enterprise mobile management and security solutions, last year, and has been expanding its mobile strategy with Poonen at the helm.

Password Pain
VMware product manager Noah Wasmer said that the integration of Identity Manager addresses a key pain point of enterprises struggling to mobilize their organizations: password complexity. "This is something we've all been struggling with," he said. "The old model [of user names, passwords, and repeat logins] is unsustainable."

Wasmer demonstrated the simplified login process supported by the system, which can provide a "one-touch experience" for mobile users. The system also provides extensive access control features, allowing IT and users to set controls on which devices apps are allowed to run on. Devices must be registered with Identity Manager, which works as a federated system that allows access without repeat logins.

VMware's approach to enterprise mobile is based on the idea that mobility should be the center of new business processes, CEO Pat Gelsinger said at the event. The company is pursuing new services and partnerships aimed at what Gelsinger called "a new model of IT," with mobility at its center. The ID manager fills a big hole in the company's product portfolio, Gelsinger said.

"This is technology that we have been maturing for the past four or five years," Gelsinger said. "These kinds of technologies simply require bake time. The fact is, we've been using it for years now with hundreds of different apps and tens and thousands of users. We've been maturing it over time, and we feel good about bringing it forward now as a SaaS service. We're standardizing it on a lot of products. You will see us making incremental moves in this space over time."

No Active Directory Competition
Although VMware Identity Manager seems to compete head-to-head with Microsoft's Active Directory in the employee-password-management space (the service will be able to use an on-premises AD system to establish end-user identities), Gelsinger insisted that's not the case.

"You have to separate identity management from Active Directory," he said. "We didn't announce an Azure or Active Directory replacement. We announced identity as a service. Could we see identity federate and take advantage of Azure Active Directory? Yes we could. And we did announce a few weeks ago an open source technology, [Lightwave], which is a directory aimed at containers. So we are taking steps in that direction."

Among several customers at the press event, James Fuller, senior systems engineer at Starbucks, said the coffee chain uses VMware's AirWatch system to manage the mobile devices used by its employees -- and, increasingly, its customers. "We've already started implementing an integrated approach between identity and multi-factor authentication," Fuller said. "The new ID manager will give us more control, and I like the idea that we'll be able to deploy it to devices we already manage."

For its part, Microsoft downplayed VMware adding its new cloud identity management service as a threat to Azure Active Directory. The company said Azure AD has almost 5 million unique tenants, nearly 500 million users and processes 1-2 billion authentications on a given day. Given that 90 percent of enterprises use Active Directory on premises, Microsoft is aiming to convince its customers to federate it to Azure AD.

The new VMware Identity Manager will be available this month, and cost $150 per user annually.

iOS Support
Also at VMware's mobility event, the company said it has begun working more closely with Apple to support apps developed for iOS, starting with new application configuration templates and vertical solutions for such industries as healthcare and education for the platform. VMware says it has added 15 new members to the growing community around its Application Configuration for Enterprise (ACE) standard, which was launched earlier this year. Also announced: the company's AirWatch systems now supports the AT&T Work Platform, which, among other things, will support so-called split billing in their BYOD programs.

About the Author

John has been covering the high-tech beat from Silicon Valley and the San Francisco Bay Area for nearly two decades. He serves as Editor-at-Large for Application Development Trends (www.ADTMag.com) and contributes regularly to Redmond Magazine, The Technology Horizons in Education Journal, and Campus Technology. He is the author of more than a dozen books, including The Everything Guide to Social Media; The Everything Computer Book; Blobitecture: Waveform Architecture and Digital Design; John Chambers and the Cisco Way; and Diablo: The Official Strategy Guide.