Real-Time Device Troubleshooting with Omnissa Workspace ONE Assist

In today’s fast-paced digital environment, effective remote device management is crucial for businesses. Workspace ONE Assist, integrated with Omnissa Workspace ONE UEM, empowers organizations with real-time remote access and troubleshooting capabilities, allowing IT admins to address issues swiftly and efficiently. Designed to prioritize user privacy, Workspace ONE Assist gives end-users the control to accept, pause, or end remote sessions at any time, ensuring peace of mind during the support process.

With its suite of built-in support tools and access to critical device information, Workspace ONE Assist helps IT teams resolve technical issues quickly, minimizing downtime. For SaaS customers, this service is pre-configured if you’ve upgraded, and details on licensing can be found in the knowledge base under “Locating Workspace ONE license information in Customer Connect.”

What You Need to Get Started

To use Workspace ONE Assist, devices must have Omnissa Workspace ONE Intelligent Hub installed, along with a Remote Management client, which varies depending on the platform.

Key Components of Workspace ONE Assist

The solution is powered by a robust backend infrastructure consisting of several core components that facilitate seamless communication between administrators and end-user devices. Here’s a breakdown of the key elements:

Database Layer

Workspace ONE Assist uses eight databases to manage system configurations, tenant information, and log historical data. These include:

  • ApAdmin: Handles system and tenant configurations and management information, with one database serving all tenants.
  • APOps: Manages device enrollment, ACLs, groups, and users. One template and one tenant-specific database are used.
  • APReports: Stores historical data on device enrollments and sessions, structured in a template and tenant-specific manner.
  • APJournal: Aggregates tenant data for reporting purposes.
  • APPublic: Maintains pre-enrollment device data.

Core Services

Key services facilitate backend operations:

  • Management Entity (ME): Manages admin and web service operations through an in-memory datastore.
  • Service Coordinator (SVC): Orchestrates communication between the system components and database access.
  • Data Tier Proxy (DTP) & Data Access Proxy (DAP): These services act as gateways, ensuring smooth data flow between services and databases.
  • Token Service: Responsible for issuing and validating session security tokens, ensuring secure access.

Portal Services

The portal services power the administration console:

  • AetherPal Tool Controller Service (ACS): Maintains a constant connection between the web console and devices.
  • Portal Website (ADM/ANC): Provides the web-based admin console for device management and configuration.
  • T10 Interface: Integrates with Workspace ONE UEM to enable mobile device checks and remote sessions via REST-based communication.

Application Services & Connection Proctor

  • Messaging Entity (MSG): Allows Workspace ONE Assist to send SMS notifications via APIs or direct connections.
  • Connection Proctor: Manages device connections and multiple session requests simultaneously.

Deployment Models: Tailored to Your Needs

Whether you’re running an on-premises or SaaS environment, Workspace ONE Assist supports multiple deployment models to fit your business structure:

  • Single Customer Deployment: Ideal for businesses using on-premises, shared SaaS, or dedicated SaaS setups. It offers flexibility in how you deploy alongside Workspace ONE UEM.
  • Multi-Tenant Partner Deployment: Multiple organization groups within Workspace ONE UEM can communicate with a single Shared SaaS instance of Workspace ONE Assist.

Typical Deployment Scenarios

Workspace ONE Assist can be deployed in various configurations based on the size and complexity of your infrastructure:

Standard Deployment (Single Server)

In this setup, all services run on a single server without a load balancer. The process involves queuing commands, creating sessions, and establishing connections between admins and devices.

Medium-Sized Deployment (Two Servers)

This setup uses two servers: one for Core, Application, and Portal services, and the other for Connection Proctor services. This separation improves performance and scalability.

Load Balancer Setup

For high-capacity environments, a load balancer is recommended. It distributes workloads across servers to ensure high availability and optimal performance, especially in configurations with separate CAP and Connection Proctor servers.

Flexible Features for Custom Deployments

Workspace ONE Assist offers a range of deployment features designed to meet diverse business requirements. These include:

  • Distributed service deployment models
  • SQL Always On for high availability
  • Secured IPC mechanisms (from version 22.10 onwards)
  • Self-signed certificate support
  • IIS client certificate authentication
  • TLS 1.2 and higher encryption support
  • Domain user integration

By adhering to stringent corporate security policies and offering customizable setups, Workspace ONE Assist ensures that your deployment is secure, scalable, and tailored to your unique infrastructure needs.

https://docs.vmware.com/en/VMware-Workspace-ONE-Assist/index.html

Leave a comment

Blog at WordPress.com.

Up ↑