VMware Workspace ONE Web admin guide highlights the features and capabilities of Web application. It describes the Workspace ONE UEM console settings that apply to Web and provides a brief explanation of how the settings impact the behavior of the application.

What is VMware Workspace ONE Web?

Workspace ONE Web is a mobile application that securely connects users to corporate networks and enhances their browsing experience across Intranet, Internet, and other web applications. It provides your organization with a manageable and secure alternative to device native web browsers. Workspace ONE Web runs on iOS and Android devices. You can deploy and customize Web through the Workspace ONE UEM console. The configurations set by you determine the behavior of the application when deployed on the users’ devices.

Why VMware Workspace ONE Web?

Workspace ONE Web separates business data from personal data and manages security policies while keeping individual information private. With this application, users can:

  • Instantly access your company’s intranet without manually configuring a VPN.
  • Find information quickly with pre-configured corporate bookmarks and home pages. Users can also edit and remove bookmarks or add them on their own.
  • Scan QR codes.
  • Securely access web links given in the business emails.
  • Eliminate challenges with manually entering passwords to internal websites with built-in single sign-on.

How Secure is VMware Workspace ONE Web?

Workspace ONE Web offers a secure browsing experience by providing complete encryption of data at rest and in-transit with AES 256-bit encryption. It uses disk level encryption to protect the downloaded files and Web settings. You can configure Web to allow or disallow users to access specific web pages, enforce restrictions on copying or pasting content, enable or disable cookies.

Workspace ONE Web works on the following configurable levels.

  • Application Level – Secure Web at the application level by requiring end users to authenticate with a passcode, biometrics, or Active Directory credentials. You can also enable single sign-on.
  • Tunnel Level – Use the VMware Tunnel certificates to encrypt traffic. Only enrolled and compliant devices are given access to VMware Tunnel.
  • Website Level – Disable integrated authentication to require end users to authenticate when they access internal sites.

Requirements to Deploy VMware Workspace ONE Web

Meet the requirements listed below to ensure an optimum application deployment.
  • Supported Platforms:
    • iOS 10 and later.
    • Android 5 and later.
  • Supported Broker Apps:
    • VMware Workspace ONE Intelligent Hub
    • AirWatch Container
  • Hardware requirements:
    • Samsung DeX (S8 and higher, Note8, and S9 and higher)
  • SDK settings requirements

    Prior to configuring the SDK, install VMware Tunnel, or integrate an existing third party equivalent with Workspace ONE UEM. Please see Choosing an App Tunnel more information on meeting this requirement.

Note: iOS 8 supports Workspace ONE Web only through version 5.10.2. To take advantage of new features and versions, devices must update to iOS 9 or later.

Supported Technologies

Workspace ONE UEM supports the following technologies for app tunneling using the Settings and Policies configuration.

App Tunnel Description
Standard Proxy Enables devices to rely on an existing HTTP or SSL Proxy to determine which content the Workspace ONE Web or other web can access.
VMware Tunnel - Proxy

Accesses corporate content from within your network such as an intranet site. With the VMware Workspace ONE Tunnel enabled, you can access internal corporate content on your device.

For information on configuring the Workspace ONE Tunnel, please see the VMware Workspace ONE Tunnel Admin and Install Guide.

VMware Tunnel

Enables app-tunneling to both SDK-built applications and applications managed on MDM enrolled devices across major platforms.

VMware Tunnel provides better speed and performance over VMware Tunnel - Proxy, more secure authentication and encryption utilizing certificates, TLS 1.2, and tighter network access control through domain filtering.

F5 Proxy Use to access your internal network as an alternative to the Workspace ONE Tunnel.

Choosing an App Tunnel

Workspace ONE UEM supports a number of application tunneling (app tunneling) solutions that allow individual applications to authenticate and securely communicate with internal back-end resources. By enabling an app tunnel for a specific set of business applications, you can be certain that unauthorized or malicious apps do not have access to your network.
Note: Workspace ONE console 1905 introduces a new "Allow all non-FQDN URLs through tunnel" option that gives you the option to disable the feature which is enabled by default.