Global, Single-Pane-of-Glass Management

Workspot Control was architected to ensure a highly efficient and secure environment. IT teams use Workspot Control to provision and manage their global cloud desktop deployment across multiple public clouds and cloud regions. Built for massive scalability, Workspot Control makes it easy to add new cloud desktops anywhere in minutes, and monitor and analyze activity data globally – all from one admin console.

Separating the Control Plane and Data Plane allows Workspot to support virtually unlimited numbers of users, with performance they love, while improving your security posture.

Control & Data Plane Separation

Workspot’s innovative control/data plane separation is a fundamental architecture decision. This separation is critical from a data security perspective, along with many other benefits. The control plane has two major functions:

  1. Set up, provision and manage all virtual resources
    
  2. Establish secure communication with end user devices for pushing corporate policies

Once the session is established (and the user has been authenticated), the user accesses the virtual resources directly from the cloud. Throughout the connection process, no user credentials are stored in Workspot Control. Workspot Control only authorizes the user, but authentication is delegated to Active Directory or Azure Active Directory using a Workspot Connector installed on-premises in the customer’s data center.

When the user is using Workspot to access business apps and data on their device, all the data flows back and forth directly between the client and business applications via the data plane. No application data flows through Workspot Control. Additionally, no business applications or data traverse Workspot Control. This unique security advantage is possible because of Workspot’s innovative architecture, and it’s how we extend your Zero Trust Security posture.

Security Policies Configuration

With Workspot, IT teams are fully in control of their deployment. We make it easy to extend your existing security and authentication policy to your Workspot deployment. IT simply configures Workspot Client behavior using the Workspot Control console. Manageable behaviors ensure that each user has the precise access to apps, data and capabilities needed to perform their jobs. Examples include:

  • Restricting access to applications based on username or group membership
  • Restricting copy and paste based on user trust level in the organization
  • Restricting printing functionality for remote users
Specify the security policies you require by group or individual, quickly make security adjustments, then enforce them across all the appropriate users and groups.

Remote Wipe Data

Workspot makes it simple and secure to support BYOD. IT must ensure that corporate assets are isolated from a user’s personal apps and content. Workspot Control provides IT the capability to easily remote-wipe any corporate data, including cached configuration and cookies, that resides inside the Workspot Client on the user’s device. Data outside the Workspot Client is unaffected by the remote wipe operation, so a user’s personal apps and data stays intact.

Run the Workspot Client on the user’s BYOD device, and when the work is done, run a Remote Wipe operation to surgically remove Workspot from the user’s personal device.

Workspot has a rich set of APIs that automates the cloud PC lifecycle, user capability
management and activity reporting, using PowerSHel, JSON and more.

API Access for ITSM

Workspot provides a set of REST APIs for IT Service Management (ITSM), automation and/or scripting tools, that enable your enterprise to automate the workflow of cloud PC provisioning. IT can leverage existing ITSM workflows on platforms such as ServiceNow or BMC Remedy, or they can build their own scripted solutions to orchestrate the provisioning and lifecycle of users’ cloud PCs and resources. 

Workspot APIs can be used to automate Workspot functionality for adding/deleting users, creating/deleting cloud PC pools, and assigning/re assigning users to cloud PC pools. APIs can also be used to get usage reports on user and resource activities. IT developers can use Workspot APIs with PowerShell, JSON and/or Postman to write automation scripts to integrate with their existing ITSM tools.

The APIs also provide valuable insights for IT to monitor users’ cloud PCs and activities and loop the feedback into their existing ITSM platform to get full end to end visibility of the workflow for all cloud regions globally. 

Workspot leverages industry standard OAuth2.0 protocol for authenticating and authorizing remote automation clients.

Integration with Splunk

IT can download our Splunk plugin from Workspot Control. The Splunk plugin needs two keys for configuration which are available inside Workspot Control. Once integrated the Events data from Workspot is delivered into Splunk and can be viewed, searched, and manipulated with standard Splunk tools.

Workspot monitoring gathers event data and can provide it directly to Splunk and other SIEM applications.

Executive Brief: Architecture Matters

Know the differences between virtual desktop solution architectures to ensure your
security, scalability and performance requirements are met.