VMworld Europe 2013 Andrew Hawthorn, VMware Stig Andersson, UBS Herve Hulin, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

1. Android in the enterprise: Understand the challenges and
how to solve them
Andrew Hawthorn, VMware
Stig Andersson, UBS
Herve Hulin, VMware
EUC3498
#EUC3498

2. 2 Confidential
Disclaimers
 All information conveyed during this presentation is to be treated as confidential.
 While every effort has been made to portray actual end functionality and display
information accurately, all items demonstrated within this presentation are subject to
change without notice.
 While all efforts have been made to ensure working functionality, this presentation is being
conducted on a test environment which is subject to change and modification without prior
notice, which in turn may impact on the availability, performance and functionality of the
demonstration.
 As per the NDA agreement, all information displayed is proprietary to VMware and should
not be copied or recorded in any way during or after this session.
 This presentation contains product features that are currently under development.
 This presentation of new technology represents no commitment from VMware to deliver
these features in any generally available product.
 Features are subject to change, and must not be included in contracts, purchase orders,
or sales agreements of any kind.
 Technical feasibility and market demand will affect final delivery.
 Pricing and packaging for any new technologies or features discussed or presented have
not been determined.

3. 3 Confidential
Forward-Looking Statements
Statements made in this presentation which are not statements of
historical fact are forward-looking statements based upon current
expectations. Actual results could differ materially from those projected in
the forward-looking statements. Information regarding risk factors that
could cause actual results to materially differ are contained in documents
filed by VMware with the Securities and Exchange Commission, including
report that VMware may file with the SEC from time to time on periodic
reports on Form 10-Q and Form 10-K and current reports on Form 8-K.
VMware disclaims any obligation to update any such forward-looking
statements after the date of this presentation.

4. 4 Confidential
The Changing Device Mix
Source: IDC's Worldwide Smart Connected Device Tracker Forecast Data, February 28, 2013
Connected Device Market by Product Category,
Shipments, 2012-2017 in Millions

5. 5 Confidential
2013 Smartphones Global Trends
OS
In million
of units
Android 178
iOS 32
Microsoft 7
BlackBerry 6
All Others 2
TOTAL 225
Smartphones worldwide
shipment Q2 2013
Source: Gartner 2013
Market share Q2 2013

6. 6 Confidential
Smartphones Trends in Key Markets
North America
Population:354M
Nb of Smartphones:210M
Shipment 2012
Android 71M
iOS 49M
Blackberry 5M
Windows 3M
Western Europe
Population:406M
Nb of Smartphones:260M
Shipment 2012
Android 69M
iOS 26M
Blackberry 9M
Symbian 4M
Windows 5M
Mature Asia/Pacific
Population:82M
Nb of Smartphones:60M
Shipment 2012
Android 28M
iOS 14M
Blackberry 1M
Symbian 3M
Others 3M
Greater China
Population:1540M
Nb of Smartphones:283M
Shipment 2012
Android 79M
iOS 31M
Windows 2M
Bada 1M
Symbian 0.5M

7. 7 Confidential
Android Landscape
Security
• Perception is that
Android is not secure
• Google Play is ‘wild
wild west’
• Enterprise features
(e.g. MDM) weak
Fragmentation Lack of control
• No two devices are the
same in terms of
capabilities or UI
• Hard for IT to support
diverse environment
• OS upgrades are
controlled by
carrier/OEM
• Security patches not
pushed out in a timely
manner
Not much traction in enterprise segment
Widely popular in developing countries
• Lots of choice: screen size, price, capabilities, etc.

8. 8 Confidential
Android in the Enterprise
 Android team at Google doesn’t care about enterprise opp
• MDM APIs 3 years behind Apple’s MDM APIs
• 3LM founded by Android team members frustrated with Google
• Motorola bought 3LM
• Google bought Motorola and got 3LM on a platter
• Google kills 3LM and lays off the team
 OEMs starting to add enterprise capabilities
• Samsung added SAFE MDM APIs
• LG has its own MDM APIs
 Can you say, “Fragmentation”?

9. 9 Confidential
Android Fragmentation – Devices (July 2013)

10. 10 Confidential
Android Fragmentation – OS/API Version (July 2013)

11. 11 Confidential
More Apps, More Devices, More Users…. No Help
What has been the impact of mobile devices on your IT helpdesk
over the last two years?
Did not add Helpdesk
staff in response to
increased workload
No increased
workload
Source: Gartner N=392
Added Helpdesk staff
Not sure

12. 12 Confidential
Common Responses Only Mask Problem
Buy a Point Solution Does not scale, increases cost
Creates a management mess
Lock It Down
Unhappy workforce
IT is viewed the “bad guy”
Ignore It Poor IT Control
Security and compliance risk

13. 13 Confidential
IT’s Objective for End User Computing Infrastructure
Deliver the right business apps and data to
user devices in a way that is efficient and
secure for IT and productive for the end user

14. 14 Confidential
VMware Horizon is the Platform for Workforce Mobility
Transform: Simplify
desktops, diverse apps
and data into
centralized services
Deliver: Empower your
workforce with flexible
access across devices,
locations and connectivity
Broker: Manage & Secure
centrally and broker services
to your workforce by policy

15. 15 Confidential
• XenApps
• Windows Apps
• Android Apps
• iOS Apps
• Thin Apps
• SaaS Apps
Applications
• Device Policies
• Data Policies
• App Policies
• Entitlements
Policies
• CIFS
• SharePoint
• VMware Repository
• Cloud Storage
• Documentum
• Other
Data
Horizon Workspace: A Multi-Faceted Solution
Devices:
Androids
PCs
Macs
iPhones
iPads
Windows 8

16. 17
Mobile Enterprise Business Case
Risks
• Regulatory
Compliance
Breaches
• Financial Loss
• Loss of Reputation
Rewards
• Gain New and
Protect Existing
Revenue Streams
• Reduce Cost
Structures

17. 18
Target Mobile Users
Customers Employees

18. 19
Mobile Enterprise Rewards
Gain New Revenue Streams
• Attract new customers that expect mobile services e.g. video access
to advisor.
• Improve sales stickiness by using digital signatures off iPad during
client visits.
Protect Existing Revenue Streams
• Some customers will switch service providers unless they support
mobile services.
Reduce Cost Structures
• Road warriors without adequate mobile capabilities are less
productive.
• People find it a burden to carry and work across separate corporate
and personal devices, so take longer to complete tasks.
• People are more eager to work for a company that is perceived to be
more innovative, so recruitment and retention costs are lower.

19. 20
Mobile Enterprise Risks
Regulatory Compliance Breaches
• Data Jurisdiction
• Client Data Confidentiality
• Data Loss
• Information Barriers
Financial Loss
• Regulatory Fines
• Revenue Loss from Leaked Product IP
Loss of Reputation
• Data Leakage
• Security Breaches

20. 21
Changing Security Posture
PC Era Post-PC Era
Building
User
Device
Network
Building
User
Device
Network

21. 22
Android Attack Vectors
Social Engineering
Drive-by Exploitation
Phishing
Network Services
WebView
Android Market
Physical Attacks

22. 23
718,000 Malicious High Risk Android Apps in Q2 2013
 According to Trend Micro's Q2 2013 Security Roundup Report, the number of malicious and
high-risk Android apps surged from 509,000 in the first quarter of 2013 to 718,000 in the second
quarter. This volume is expected to exceed one million by the end of 2013.
 Almost 99 pc of Android devices were deemed vulnerable to android master key vulnerability.
The vulnerability allows installed apps to be modified without users' consent. It further raised
concerns about mostly relying on scanning apps for protection, along with the fragmentation
that exists in the Android ecosystem. OBAD (ANDROIDOS_OBAD.A) also exploited an Android
vulnerability. Once installed, OBAD requests root and device administrator privileges, which
allow it to take full control of an infected device. This routine rings similar to PC backdoors and
rootkits.
 The FAKEBANK malware spotted this quarter, meanwhile, spoofs legitimate apps. It contains
specific Android application package files (APKs), which it copies to a device's Secure Digital
(SD) card.

23. 24
Securing Android Patterns
SEforAndroid
Trusted Execution Environment Trusted Platform Module

24. 25
Mobile Management and Ownership Models
Corporate Personal
MDM MAMMVMM
COPE BYOD
Dual Persona

25. 26
Mobile Management Evolution
Mobile Device
Management
Mobile
Application
Management
Mobile Virtual
Machine
Management
Document
Digital Rights
Management
Master Data and
Digital Rights
Management
Personal
Corporate
Corporate

26. 27 Confidential
Mobile Management Is Evolving
USER OWNED
UNMANAGED
IT OWNED
MANAGED
Unrestricted
Personal Device
Corporate-Owned
Devices
Bring Your Own
Devices (BYOD)
Corporate-Owned
Personally Enabled (COPE)
of workers believe
their smartphones
should be enabled for
work and personal
92%Manage
Corporate
Workspace
Only
Device
Apps & Data
Corporate
Apps &
Data

27. 28 Confidential
Secure Mobile Workspace Management
IT Admin
Android
(Available)
iOS
(We are working on it)
Challenge
 Users want to use a single mobile device
 Keep personal data private
 IT doesn’t want to be liable for personal content
 Protect sensitive corporate data and take control
of mobile apps and updates
Solution
 A mobile workspace that is completely enterprise-
owned and controlled
 Ability to provision, manage, and remove corporate
data and applications on employees’ devices
Benefit
 Complete separation of personal and corporate
data—IT is not liable for personal content
 Support for corporate security, compliance and
privacy policies
 Corporate data is encrypted and isolated
 Solves Android fragmentation problem

28. 29
Virtualization on Android (Mobile Virtualization Platform)
Personal Corporate
Corporate Workspace
Enterprise Catalog
Mail/Calendar App
Custom Apps
3rd Party Apps
 Own your full version of Android OS
 Consistent native mobile experience
 Deploy applications without modifying them
Solve Android fragmentation
 Strict corporate assets isolation
 Corporate data encryption
 VPN policy for corporate traffic
Prevent data leakage
 Exchange email, calendar, secure browser,
file browser and contacts
 Your Line Of Business application
Provide productivity features

29. 31 Confidential
Android Workspace Enhancements
New OS and broadening device support
Overview
 JellyBean 4.2 as workspace OS
 OpenGL graphic acceleration
 Enhanced Horizon Mail app
 Support for Android tablets
 More VMware-ready devices
Benefits
 Support for popular OS release
 Enhanced application performance
 Broader set of devices, form factors

30. 32 Confidential
VMware-Ready Devices
LG
Intuition
Motorola
Razr M
Samsung
Galaxy S3
Samsung
Galaxy S4
Motorola
Razr HD & MAXX HD
More to come
HTC
One
Motorola DROID
Ultra, Maxx & Mini
LG Optimus G2
*All* US carriers

31. 33 Confidential
Sony is supporting Vmware Ready devices as standard feature
Coming soon: Xperia Z1
and Xperia Ultra Z will be
VMware Ready for
World Wide coverage.

32. 34 Confidential
How do Employees Obtain VMware Horizon Workspace/Mobile?
Employees’ Device
VMware Switch
Confidential

33. 35 Confidential
Project Lithium
 Lightweight Android Workspace for ANY Android device
• Secure Email/PIM for Exchange, Secure Files and SaaS apps launcher
• Centrally managed in the Administrative Console
• Protect corporate data while preserving private
 Built-in data protection:
• Rootkit detection
• At-Rest encryption
 Configurable policies:
• Passcode strength enforcement
 Remote control:
• Remote lock
• Remote wipe

34. 36 Confidential
Horizon Workspace makes Android Enterprise-Ready
Feature
name
Availability
Supported
devices
Managed
applications
Container
type
Suggested
deployment
Project
Lithium
Soon All Android
devices
Email/PIM
File
SaaS
Application-
level
container
BYOD
Horizon
Mobile for
Android
Now VMware
Ready
Android
devices
Email/PIM
File
SaaS
3rd party apps
LOB apps
VM-based
container
COPE

35. THANK YOU