January 26, 2021 – Ingram Micro BeLux (be.ingrammicro.com) and Awingu (https://www.awingu.com) are strengthening their existing relationship and activities in the BeLux market. For 2021, Ingram Micro makes a clear choice for Awingu in the ‘End-User Computing’ and ‘Unified Workspace’ domain.
Oct 28th, Gent (Belgium) – Awingu today announces the launch of its version 5.0. In this new major release, the Awingu workspace keeps loyal to its ‘simplicity’ strengths while making steps as a Zero-Trust-Grade security solution. Legacy – but still widely adopted – solutions such as VPN and Open RDP access don’t offer the right mix of flexibility and security. COVID19 triggered a massive increase in remote working, unfortunately a lot of this was setup without the proper security measures.
Let’s dive deeper into the details of the release. We can group the components into 3 buckets. The short summary overview can be found here. We’ve zoomed into some specifics below.
Zero Trust-grade security
- Context-awareness: Geolocation and IP Address can block access to apps/files or mandate (new) MFA login.
- SIEM integration (near-real-time audit-log forward)
- Support for PFX certificates
- IME keyboard support (e.g. Japanese)
- Improved keyboard input on Windows devices
- Multi-display setting storage
- Resolution setting (set max or min if needed)
- Set color depth (16 (default), 24 or 32 bit)
- Create admin dashboards based on audit data (e.g. in PowerBI)
- WebSocket support in Awingu Reverse proxy (e.g. VoIP webclient or CCTV app)
- More efficient resource usage (simplified internal DB)
- AWS Cloudwatch support (monitoring)
Let’s zoom into these features in detail.
Zero Trust-grade security
One of the main components is the evolution of “context awareness”. Awingu already had the ability to enforce MFA when authenticating on a not known network (i.e. another network than the office). In 5.0, Awingu will enable a lot more granularity. Admins can define context restrictions (i.e. countries and/or IP addresses) per resource (i.e. streamed apps/desktop and file share). Outside of the context restrictions (e.g. in a foreign country), users will either be pushed to authenticate with MFA or just not be able to get access. This applies to all applications and file shares where the context restrictions are setup. You can imagine the setup of context awareness for share drives with sensitive data and applications like email clients and ERPs. Awingu’s recommendation, in all cases, is to always use MFA.
Next to an extension of the context awareness capabilities, Awingu can now integrate with (Security Information and Event Management) SIEM platforms such as Splunk or Elastic Search. It therefore leverages near-time “https forwarding” of the Awingu usage audit data. As such, organizations can bundle easily and create one single dashboard that monitors all their platforms (beyond Awingu).
An ever recurring topic in Awingu releases is UX. In Awingu 5.0 we follow this tradition with a set of enhancements – therefor not radical changes. With the enhancements, Awingu users can work more productively, and we also enable some new use-cases (e.g. radiology picture analysis). The following features/enhancements are part of Awingu 5.0:
IME Keyboard support
This includes support for keyboards with a Japanese keyboard, for example.
Improved keyboard input on Windows PCs
This enables support for legacy applications that don’t support Unicode (and thus pre-Awingu 5.0 Unicode needed to be disabled). It also provides more accurate support for special characters. Note: the basis of this features is the selected keyboard layout of the user (at initial login, or in his account settings).
Multi-display setting configuration
Since Awingu 4.2, there is support to use multiple displays (see FAQ post). Now, the user can store his configuration and create multiple configurations. For example: 3 displays for the Home Office, 2 displays in the office. The configurations can be loaded on start-up, as such saving time
Awingu 5.0 screenshot: display configuration
Resolution settings (min or max)
If, for whatever reason, your legacy application or use-case requires setting a specific minimum or maximum screen resolution, this can now be done on an application by application basis.
Minimum screen resolution for example can be handy when making a remote connection on a small screen device (e.g. a tablet) to a high-resolution desktop. Maximum screen resolution can be required to run certain legacy applications that require a specific resolution
Most use-cases will not require this min/max setting and will be served best via the default setting. The default will use the client window’s resolution as resolution for the streamed app/desktop
Set color depth (16-24-32 bit)
By default, Awingu renders the screen with a color dept of 16bit (that’s 65K color variations). In some cases, a higher color depth might be advisable (e.g. remote analysis of radiology images). In this case, the color depth can be increased to 24 or 32bit on an application by application basis. For reference, Netflix 4K streaming uses a color depth 10bit. A color depth of 32bit leverages 4.3Bn color variations. Needless to say that increasing the color depth to 32bit requires the end-user to be equipped with specific hardware to fully benefit to increase detail.
Improvements to the core
Finally, Awingu 5.0 has a lot of enhancements below the surface. These improvements further increase the security of the virtual appliance, as do they increase the efficiency in resource usage.
WebSocket support in the Awingu Reverse Proxy
Awingu has a built-in reverse proxy that enables remote access to internal websites (e.g. intranet). This is now extended to web applications that require websockets; typically these include real-time video/voice such as VoIP webclients or CCTV webclients.
AWS Cloudwatch support
When deploying Awingu on AWS infrastructure, you can now easily leverage AWS CloudWatch for monitoring.
Launching a new Awingu License
Awingu 5.0 will be combined with an update in Awingu pricing for existing concurrent users’ licenses. At the same time, a new license model is introduced: a “named users” annual subscription was created which starts as of 50 named users.
Our pricing details can be found here.
Ghent (Belgium), September 15th 2020 – Awingu is excited to achieve the ‘AHV Ready’ partner status. Awingu is a cloud and hypervisor agnostic solution and has customers on all possible platforms today, incl. Nutanix AHV. With the AHV Ready badge, Awingu and Nutanix bring this to a next level: the Nutanix Ready AHV badge is awarded to products and solutions that have been tested and verified to work on or with AHV, the Nutanix built-in hypervisor.
All products featured in Nutanix Ready have completed verification testing, thereby providing confidence in joint solution compatibility. Leveraging its industry leading alliances and partner ecosystem, Nutanix Ready showcases select trusted solutions designed to meet a variety of business needs. Nutanix Ready demonstrates current mutual product compatibility, continued industry relationships, and interoperability
Awingu is an easy add-on to existing back-end deployments (Remote Desktop, RemoteApp, VDI, file servers, …) and make it easy to work remotely from any device. Typical use-cases are Work From Home, secure contractor access and BYOD (Bring Your Own Device). “Awingu is excited to be recognized as AHV Ready” says Arnaud Marlière, Awingu CMO “At Awingu, we have always strived to be platform agnostic. The AHV Ready partnership brings this to a next level for existing and future Nutanix customers.”
Read more via awingu.com/nutanix.
Ghent (Belgium), Cheshire (UK), August 13th 2020 – Awingu today announces entering into a partnership agreement with ASM Technologies Limited, a multi-national and industry-leading IT channel provider. ASM Technologies are the ‘Partner of Choice’ to Europe’s largest Systems Integrators and Value-Added Resellers for supply chain rationalisation for non-strategic IT products & services. ASM Technologies adds Awingu as one of their Strategic Partners, a select group of innovative and disruptive vendors.
“Awingu really enables hassle-free Work From Home (#WFH) and Bring Your Own Device (BYOD)” says Walter Van Uytven, CEO of Awingu. “the #1 reason why business and channel partners choose Awingu is because it’s so simple to setup and use. Awingu can be an easy ‘add-on’ to your existing IT platforms, it’s non-intrusive and really quick to deploy”.
Awingu’s workspace solution provides businesses of all sizes with a cost effective and easy solution for remote working. Unlike most solutions in the market, Awingu does not require any agents or software to be installed on the end-user devices. Awingu runs fully in the browser, where it aggregates all company files and applications, including SaaS and ‘legacy’ Windows or Linux applications into single online workspace with just one login. Users simply login via their browser, and this from any device, anywhere. Not just easy to use, Awingu also adds ‘Zero Trust’ level security out-of-the-box.
ASM Technologies have built a unique position and expertise serving both Europe’s largest system integrators and value added resellers. ASM has a passion for leveraging proven and emerging technologies launching the next generation of business software and services to the EMEA marketplace. “The increased demand for flexible, secure and cost-effective homeworking solutions makes Awingu a great addition to our strategic partner portfolio” says Iain Tomkinson, Sales Director of ASM Technologies.
“Awingu is thrilled to join a select list of ASM Technologies ‘Strategic Partners’. Their position is very complimentary to the channel ecosystem we have built in the UK and rest of Europe thus far” adds Walter Van Uytven.
About Awingu NV.
Awingu is a unified, browser-based workspace. It empowers users to work and collaborate from virtually anywhere using any HTML5 browser-capable device. As a turnkey, browser-based solution, Awingu brings the ease and convenience of platform agnostic mobility to the enterprise and delivers everything you need — legacy and cloud apps, documents, and data — to stay productive anywhere: in the office, at home or on the road. It requires zero configuration and zero client software installation, enables ‘zero-trust’ security and makes IT administration a breeze.
Awingu is a Gartner Cool Vendor in Unified Workspaces. It has organisations such as AviaPartner, NHS, Proximus, Kingdom Housing Association and Peloton amongst its customers. Awingu is headquartered in Ghent, Belgium with offices in New York, US. Learn more at www.awingu.com.
About ASM Technologies Limited.
ASM Technologies are a multi-national, industry-leading IT channel provider with offices in Cheshire, London, Paris and Dusseldorf.
Since inception in 1992, ASM Technologies have become leading experts in their sector and partner with the world’s largest and most successful Resellers and Systems Integrators. They improve profitability through agile technology distribution with customers gaining access to an infinite portfolio of innovative technologies and disruptive vendors. Their vendors are recognised Gartner leaders, challengers, and innovators in a wide range of technologies from Automation, AI, IoT, Cyber Security, Data Analytics, Remote Working and Network Infrastructure.
ASM Technologies have been ranked No. 75 on The Sunday Times International Track 200 and have been named by Business Insider as one of the Top 50 Private Companies for Growth in Greater Manchester.
To learn more about ASM Technologies, visit www.asmtech.com
Awingu appliances come with an Anonymous Usage Reporting (AUR) function. This reports anonymous data of the usage of the Awingu platform. A (small) subset of our customers have this active. Yet, we have enough data to talk about relevant insights. As you can imagine, we closely monitor this data, as it gives us insights in how the product is used, and helps navigate the Awingu roadmap. In this blog post, I’m going to compare some data from January 2020 with April 2020. A (roughly) 100-day interval, but one which hosted one of the most disruptive events of modern times: the COVID-19 outbreak and subsequent lockdowns. We’ll have a look at how this event impact usage of Awingu.
Yes, Awingu makes software that helps business work remotely. So there is a natural fit with homeworking… which was done quite a lot during the lockdown. Awingu saw an triple increase in usage. From new customers, but also from existing customers that increased usage. This is most certainly driven by BYOD (Bring Your Own Device) and WFH (Work From Home, of just Homeworking). Let’s have a look into some of the insights and changes.
1. Adoption of BYOD
Awingu was not only used remotely or at home pre-Corona. It was – and still is – also a way to get access to ‘Server-based Computing’ resources inside a company network. Often, that access was on managed devices or at least on devices provided by the company (which not necessarily means it is managed).
Let’s look at change in the devices that are used. Microsoft Windows-based devices don’t see too much change. Chromebooks did lose Awingu share from 7% to 3% – this in contradiction to the trend we saw in 2019: a steep increase in the usage of Chromebooks. This 3% is still 7 times higher than the 0.42% overall Operating System market share reported by netmarketshare.com.
Contrary to Chomebooks, in the same period, Apple Macs were used almost twice as much: from 5% to 9% of devices used were running MacOS. This is pretty much in line with the overall Operating system market share of Mac devices (9.41% in Jun 2019 – May 2020 period, according to netmarketshare.com). The use of Macs is still predominantly a consumer thing, which confirms the growth in ‘BYOD’ and ‘WFH’ adoption.
Awingu AUR: what operating systems are Awingu end-users using?
We spot similar trends in the browsers that are being used. Here, too, a different picture was painted in April vs. January. Chrome for sure remains the dominant browser with 61.2% (vs. 57.9% in Feb). But where legacy browser ‘Internet Explorer’ still had close to 10% of usage in Jan, this now shrunk to 6.2%. Microsoft’s new flagship browser Edge (which is also Chromium based these days) grew from 9.4% to 17.9%.
My hypothesis is that home computers are typically running newer operating systems (and browsers) than some companies are.
Awingu AUR: what browsers are Awingu end-users using?
2. Azure and VMware leads in public and private cloud respectively
As could have been expected in private cloud hypervisors, we see a dominant market share for VMware ESX a hypervisor; ESX is used as hypervisor on 72% of Awingu virtual appliances (April 2020) coming from 68% (Jan 2020). In 2nd position is Microsoft HyperV. Nutanix gains 3rd place as leaps over Citrix XenServer, even if the market share of 2% is still small.
During the lockdown, our new customers mainly deployed Awingu in private data centers, extending their existing way of working. Knowing a lot of new usage was focused on giving remote and BYOD access to office desktops, this made a lot of sense (read more about this use case here). Over time, as these organizations will start to adopt more Server Based Computing, VDI or DaaS, that will obviously shift to public cloud(s) or clouds managed by MSP’s.
Awingu AUR: Awingu virtual appliances deployed in private cloud
When customers deploy Awingu on a public cloud (IaaS), almost 4 in 5 will use Azure as the platform of choice. Google GCP and Amazon AWS share the remaining 21%. These numbers didn’t see too much COVID-19 impact.
Awingu AUR: Awingu virtual appliances deployed in public cloud
As logically could have been expected a lot of private and public organizations either setup their organization to work “#WFH” (remotely from home). This typically implies a dedicated setup in the data center of the customer. The COVID-19 pandemic also drove consumption from our MSP (Managed Service Provider) and ISV (Independent Software Vendors) partners. These use Awingu in a multi-tenant setup (i.e. multiple of their end-customers access the same and shared Awingu platform). Roughly 1 in 5 Awingu deployments is used in a multi-tenant way and this remains relatively unchanged. Not only did the share of MSP/ISV partners stay stable, they have also seen considerable growth in their usage.
Read all about how MSPs can leverage Awingu with Awingu-as-a-Service and Workspace-as-a-Service here.
Awingu AUR: Awingu virtual platforms split according to usage
3. Application usage grew with 33%
In April, an Awingu virtual appliance was connected to an average of 30.8 applications. An “app” can be a Remote desktop, a published application (Remote App) or a web application that runs through the Awingu Reverse Proxy. To avoid confusion, applications that are deployed in a full desktop/remote desktop are not counted; in this case only the remote desktop/full desktop is accounted for as an ‘app’.
We already observed a 13% growth in number of connected applications when we compared Jan 2019 with Jan 2020. In April 2020, an Awingu platform (or rather, tenant) was connected to 30.8 applications. That’s a 33% growth in just 3 months time. During this period existing (and new) customers have extended their usage. New user groups, and thus other applications, have been equipped with Awingu. Users have also been equipped to working from home for a longer period of time, where this might have been less structural in the past.
Awingu AUR: Average number of apps per virtual appliance
What’s interesting is if we look at the distribution in type of applications. Here we see a big shift in favor of Remote Desktop access. RemoteApp-based access shrunk from a 70% share to 40%. In Remote Desktop access, you’ll find full desktop access to a Windows Server environment (Server Based Computing) as well as remote access to local desktops. We’ve seen demand for the latter use-case increase significantly from new and existing accounts.
The usage of Awingu’s reverse proxy (for web applications) is relatively small but growing nicely. It was only introduced in Awingu version 4.0. In April 2020, already 1 in 5 customers was using the Awingu reverse proxy. That’s an 8% increase vs. Jan 2020. The number of applications connected into Awingu is still small with 2% of the total mix. Obviously, the increase in Remote Desktop access indirectly covers access to intranet and internal web applications through a different route.
Awingu AUR: distribution of type of apps
4. Security awareness is growing: 28% more MFA usage
‘Now is not the time to be tempted to use insecure homeworking solutions’ is the headline of a blog post I wrote in the heart of the COVID-19 crisis (March 17th, 2020). In just 3 months time, the use of MFA (Multi Factor Authentication) grew from 38,3% (Jan 2020) of deployments to 49% (April 2020), showing an increase of 28% in 3 months time. This number excludes customers that are using MFA via their external IdP (Okta, Azure AD, ..), so the total number of Awingu customers that use MFA is higher than 49%.
A point of comparison: in Oct 2019, 8% of Microsoft Office 356 deployments were protected with MFA (data: Microsoft Partner Spring Connected, March 2020). Compared to 8%, 49% is a great number and we’re pleased with the recent increase in adoption. We will keep striving to get this number all the way up to 100%.
If we look at the details, it’s clear Awingu’s built-in MFA flavors are most used: TOTP (Time-based One-Tine Password) with 38% and HOTP (Hashed One-Time Password) with 50% are the most popular and are both growing. TOTP based MFA was introduced in June 2019 (as part of Awingu 4.2) and has grown a very quick adoption rate. Next to the built-in Awingu MFA solutions, 12% of MFA deployments use a different solution which is not built-in. Cisco’s Duo Security leads with 7%. The remaining 5% includes customers that use Azure MFA, RADIUS, SMS Passcode, a.o. As said, customers that use an external IDP can be using MFA via this route. These are excluded from below overview also (as we can’t know for sure if they are using MFA).
Awingu AUR: MFA technology used
VanRoey.be is a Belgian Cloud Service Provider and Tier 1 Microsoft CSP Partner with around 200 employees and a strong footprint in the Flemish Kempen. As the company grows, so do their clients: while the customer portfolio initially consisted of local SMB’s, they see a shift towards clientele in mid- and large companies (e.g. Torfs, Hubo, Suez, etc.). VanRoey.be is a Microsoft-centric and forward-looking company that focuses on migrating their customers – both larger and smaller parties – to the Azure cloud and a Microsoft 365 model. Their ‘Digital Workplace’ division is becoming a vital part of the organisation, and Awingu plays a major role in their offering.
VanRoey.be offers the unified workspace in an Awingu-as-a-Service offering. This means that they offer Awingu to their customers in a shared environment, and fill it with the customer’s assets. VanRoey.be charges a fixed price per user that covers the Awingu licensing cost and the cost of maintaining the Azure server. Typically, those are Windows Server 2019 and Windows Server 2016.
As Awingu is multi-tenant by design, each customer has access to their own workspace that contains all of their applications and files and is fully brandable. The backend is set up for each client individually in a project-based way: VanRoey.be will host their applications in Azure and tweak the dedicated environment to the customer’s needs.
The customers themselves more often than not use Awingu to conduct all of their daily work – independent of their location. Typically, they used to access their Azure environment via a VPN; but with Awingu, all they need to do is open their browser and log in to their workspace. “For some clients, we publish full desktops in Awingu – for others it’s their set of applications. It really depends on the needs and behaviour of the client.”
“We wanted to offer a secure online workspace environment for our customers, and noticed that there actually aren’t that many options,” says Jente Vandijck (Solutions Architect, VanRoey.be). “You can enable RDP via VPN, but that’s hardly secure enough. Furthermore, there are Citrix products – but those come with a lot of overhead, are harder to use and turn out to be a lot more costly for our clients. Keeping those things – security, cost and ease-of-use – in mind, Awingu turned out to be the best option.”
All in all, there are multiple reasons why VanRoey.be offers Awingu to their customers:
- Security: this is a top priority for VanRoey.be. As Jente puts it: “if we set up an environment, it has to be secure. People who wanted to work in their RDS environment before having Awingu, needed to log in via VPN – which we want to avoid. Nowadays, we never work without MFA – and Awingu has that built-in. If we try to recreate the same offering without Awingu, we need to enable an external MFA on that VPN, which means more work for us, more costs for the customer and a more complicated setup. Awingu is simultaneously a digital workplace and a security solution in our portfolio.”
- Multi-tenancy: the fact that VanRoey.be can host multiple tenants from a single Awingu appliance, and have all of those tenants have their individual branding, applications and setup, is a big plus for any CSP.
- Cost: Awingu is a lot more cost-efficient than other digital workplace solutions. Not only in terms of licenses, but also because the setup is easier (saves time) and is an all-in-one package (saves having to buy external solutions to complement the workspace).
- Any device: a large portion of VanRoey.be’s Awingu users consists of accounting offices. As those often work from a variety of locations (at home, at the office, at a customer), they want to work anywhere, and on any device, in the exact same way. “Many of our clients have a BYOD culture, and Awingu fits that bill perfectly”, says Jente.
- Simplicity: this is a plus for both VanRoey.be and its customers. “Awingu is very easy to manage, very quick to set up and very user-friendly for the end-user.” Furthermore, VanRoey.be is using the Awingu API in making Awingu installations even faster and more efficient.
- Support: “Another asset of Awingu is its support team”, Jente says. “If we have a question, we contact them and almost immediately have an answer to the issue we’re facing.”
"How Managed and Cloud Service Providers (M/CSPs) unlock growth with Awingu"
DOWNLOAD OUR WHITE PAPER
How Managed and Cloud Service Providers (M/CSPs) unlock growth with Awingu
As announced by Microsoft in a recent Security Guidance advice (ADV190023), two security updates will be released that will enable LDAP channel binding and LDAP signing hardening changes. The first patch (March 2020) adds new audit events and remap GPV that enables this hardening. More importantly, however is the second patch (H2 2020): when that update is applied, Microsoft AD will reject LDAP simple binds – which will unable you to log in to any service that uses unencrypted LDAP traffic. If you didn’t enable LDAP over SSL in Awingu, you might also face this issue. Although the patch is still a few months away, it’s already a good idea to enable LDAP over SSL today for numerous reasons, as explained in this blog post – here’s how you can do that, or how you can fix any issues you may have with this patch in just a few clicks.
LDAP versus LDAPS
LDAP (Lightweight Directory Access Protocol) is a protocol via which directory services communicate with each other to send, amongst other things, usernames, passwords, login attempts, etc. It is not to be confused with Active Directory, which is that directory server that makes use of the LDAP protocol. Although Microsoft Active Directory is the industry standard directory service, you may hear people say that they ‘use LDAP’ instead – what they’re actually saying is that they use a different directory that is also using the LDAP protocol.
LDAP in itself sends its data to the directory service ‘in plain text’. Therefore, it’s safe to say that Microsoft’s reasoning behind introducing these changes is solid: unsecure LDAP traffic contains highly sensitive data that is unencrypted, and thus a sitting duck for attackers and hackers. Or, as Extrahop puts it, “LDAP authentication is not secure on its own. A passive eavesdropper could learn your LDAP password by listening in on traffic in flight.”
There is a version of LDAP called Secure LDAP, which encrypts the data transfer. It is more often known as ‘LDAPS’ or ‘LDAP over SSL’, just like HTTP over SSL is also called HTTPS. “LDAPS uses its own distinct network port to connect clients and servers,” says ExtraHop, and “the default port for LDAP is port 389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.”
Microsoft Guidance and Changes
In ADV190023, “Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing”, Microsoft recently announced the changes will run in 2 steps:
- Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.
- A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.
Microsoft is moving its deadlines. Nevertheless, it is worth taking this action as soon as possible.
Impact on Awingu
If your Awingu domain is configured to go over LDAP, your users will no longer be able to log in directly after the March 2020 patch hits ground. The following error will be shown when users try to log in to their workspace:
It is highly recommended that you prepare your Active Directory to allow LDAPS connection from Awingu, not only to ensure the login possibility for your users but also to add a (low-effort, highly rewarded) security layer on top of your environment. Luckily, fixing this in your AD takes only a few clicks:
- Make sure that port 636 is open between Awingu and the Active Directory.
- Install the following role on you Active Directory: Server Manager -> Manage -> Add roles and features -> role-based or feature based installation -> Active Directory Certificate Services. Only the Certification Authority needs to be installed (no reboot required).
- After installation, You will receive a popup to configure the Certificate services:
- Select the Certificate Authority role:
- Select Enterprise CA
- Select Root CA
- Select “Create new private key” and leave everything default
- Finally, click on “configure”
- Reboot the Active Directory server
After rebooting your Active Directory server, you’ll be happy to find out that enabling LDAP over SSL is an out-of-the-box option in Awingu that has a straightforward ‘on/off switch’:
Enabling SSL over HTTP in Awingu
The above method is used to enable LDAP over SSL with Awingu. However, our Unified Workspace also provides the possibility to enable HTTP over SSL, to encrypt all data transfers from the device to your Awingu appliance and app/file servers. It’s best illustrated with the diagram below:
To make sure the traffic between the user and Awingu is encrypted, you can enable HTTPS following these steps, as outlined by our COO Steven Dewinter:
Awingu supports voice and video calling through Microsoft Teams with the new ‘Teams Web Client’. Users securely authenticate into their Awingu workspace on the browser and have Single Sign On access to Teams Online.
“The world’s biggest work-from-home experiment has been triggered by coronavirus” is a CNN headline released in mid-February 2020. The virus outbreak is driving homeworking in all impacted countries today. Many businesses – and governments – are demanding employees and citizens to work from home in an attempt to slow down and contain the virus outbreak, as well as assure business continuity. Over the past week, I have encountered cases where contractors are not allowed on-site, where employees were working in alternating weeks at home and the office, or where entire departments are asked to work from home.
With this reality in mind, how can Awingu help your business?
Awingu makes applications, desktops and files shares available remotely in HTML5 via any browser. It enables users to securely login via a browser from anywhere, and from whatever device (managed or not). The #1 reason for companies to adopt Awingu is to enable remote and homeworking easily and securely.
From an architecture perspective: Awingu is a virtual appliance that is added on top of your existing back-end: AD, application servers, desktops, file servers, … As Awingu talks in standard protocols to your back-end (RDP, LDAP, WebDAV, CIFS, …), there is no need to change anything on that side. Awingu can just be added as an aggregator and a front-end. This works for Server-based Computing platforms (i.e. Windows Server-based RDS platforms), as well as for remote access to individual user Windows desktops (no RDS licenses are needed in this case). Furthermore, given that Awingu works on the RDP level, it will work on any version of Windows and and version of Windows Server (e.g. XP, 7, 10, WS2008, WS2016, etc – so you won’t have to worry about your 16bit and 32bit applications as explained here). That’s why most customers are technically up-and-running in one to two days.
Awingu doesn’t ‘just’ enable mobile working. It adds security in a Zero Trust philosophy, collaboration capabilities, and keeps a focus on UX. We’ll highlight some capabilities here:
Awingu is a lot more secure than VPN or ‘open RDP’ access (read all about our “open RDP study” here):
- No local data: everything runs inside the browser
- Built-in Multi-Factor Authentication
- Built-in SSL Encryption
- Granular usage controls enable for example to prevent printing, Copy/Paste, downloading, …
- Full usage audit built-in
Rich user experience and collaboration:
- Work from multiple screens
- Single Sign-On, also with external identity providers
- Awingu virtual printer for BYOD users (if rights given to user)
- Share large files from the Awingu workspace
- Blend SaaS tools such as Microsoft Office 365 and Google GSuite with legacy platforms
Typical scenario’s for homeworking
We’ve listed some typical customers questions, and explain how Awingu can offer a solution.
Question 1. Can we enable homeworking for employees that don’t have a company laptop?
Not all your employees are equipped with a laptop? No problem, they can use their personal computer or tablet and access your IT assets via their browser. They don’t need to install any agents or software on their personal devices, which significantly limits support calls and privacy concerns.
Question 2. Can we enable homeworking without Server-Based Computing platform?
No problem. Remote workers can connect via the browser on their personal computer (or company laptop) into their desktop which is running in the office. You will not require any additional VDA licensing if you remotely connect from a Windows device to your primary desktop/laptop that is connected to the company network (learn more about how RDS & VDI licensing works here). However, unlike a plain and open RDP access, Awingu will add layers of security on top of the RDP access to protect your IT assets to the maximum.
On March 21st, 2019, Microsoft announced the public beta release of ‘WVD’ – “Windows Virtual Desktop” in full. It’s kind of a big thing for Microsoft, and perhaps for the entire industry. In this blog post, we’ll give insight into what WVD is, and what it isn’t. Furthermore, let’s take a look at how it compares to Awingu.
Note: this blog post was updated on April 18th, 2019
Let’s start with the beginning. What is WVD?
Let’s have a little history lesson first. Since 2017, Microsoft has been working on RDmi (Remote Desktop Modern Infrastructure). Initially, this was supposed the be the evolution of RDS with on-premise & Azure flavors, where the Azure flavor was to become an RDS PaaS platform. This project got some turns and twists and became what we now know as WVD. The most plausible drivers for this decision are competition and the fact that RDS workloads generated roughly 10% of all Azure consumption. Those workloads were purely driven from partner & ISV initiatives. (source)
Making it very simple (cutting a few corners in the process): WVD offers multi-session Windows 10 VDI on Azure, where the RDP components of the infrastructure are run as PaaS service and are managed by Microsoft. WVD can also be used to access RDS-based applications and desktops, but for the sake of simplicity, this post will focus on the VDI part (as WVD doesn’t bring a lot of benefits for RDS-based environments).
For the sake of semantics. When we refer to ‘RDS’ we mean a connection to a Windows Server OS. When we write VDI, we mean a connection to Windows Client OS. For the sake of this post, Windows 10 multi-session is seen as an evolution of the ‘VDI’ scenario. We understand this perspective can be confusing, but we feel this is the best way of positioning WVD in the bigger picture.
The ‘multi-session Windows 10’ bit is actually interesting as it can decrease the infrastructure and licensing cost for VDI (i.e. the connection to the Windows 10 client OS). This multi-session version will, however, only be available on Azure. It is still to be confirmed if this will only be accessible as a part of WVD, or if you would be able to consume multi-session Windows 10 without the WVD layer on top. To be clear: it will not be available on other public clouds, nor in private clouds. In those instances, you will require using single session Windows 10 for VDI, or Windows Server-based deployments (i.e. RemoteDesktop and RemoteApp using RDS). Users can access their Windows 10 instances by installing the latest version of the RDP client on their device, or by using RDWeb. This client will use WVD’s ‘reverse connect technology’. Older versions of RDP clients will not work.
In terms of licensing, Microsoft has announced WVD access and multi-session Windows 10 will be part of Windows 10 Enterprise licenses (e.g. Windows 10 Enterprise E3/E5 and Microsoft 365 E3/E5). The hosting of WVD services on Azure is ‘part of the price’. However, the consumption of your VDI VM’s is not: you will still pay for those. Note: if you want traditional RDS access (i.e. remote access to Windows Server), then the RDS CAL will still apply, also in the WVD scenario.
WVD is expected to go live in the US market first. If we need to guess, the Microsoft Inspire event in Las Vegas in July ’19 will be the chosen momentum for Microsoft. In a second phase later in Microsoft’s fiscal year we expect Europe and some other regions to be added.
Where some things might still change between what we know today, and what will be launched, it seems clear that WVD is a “v1”. There is no back-end automation to optimize your Azure consumption, there is no automated FSLogix deployment, etc. Yet. We’re sure these will follow later in time, but they are not here yet.
How does Awingu compare to WVD?
This is one of the frequent questions we have been getting in the last couple of months. The reality is that Awingu & WVD are different things. At a high level, the following gives an overview:
Windows Virtual Desktop
Any cloud – our customers are always in control of their cloud journey
VDI (multi-session Windows 10) centric
(note: you can also connect to Windows 7 and Windows Server, but the real benefit is in multi-session Windows 10)
Aggregation of RDS based apps and desktops, VDI’s, multi-session Windows 10, Linux apps & desktops, intranets, web apps, files, OneDrive, …
Requires a Windows 10 license (under different formats)
Does not require a Windows 10 license; e.g. users can use an inexpensive Chromebook and connect to an RDS-based application.
Not fully multi-tenant
Fully multi-tenant, incl. multi-domain scenario’s (think of CSP’s, MSP’s & ISV’s)
Branded and invoiced by Microsoft (typically part of an ‘Enterprise Agreement’)
Branded and invoiced by partner (or customer)