VMware Horizon Application Manager is a hosted service that enables organizations to centrally manage the provisioning, access and usage of cloud, software-as-a-service (SaaS) and ThinApp-virtualized Windows applications. This solution enables IT departments to extend on-premises Active Directory identities to the public cloud, simplifying the security of application access. Unlike other federation solutions, Horizon Application Manager does not require an enterprise or public organization to make additional capital investments in complex and expensive hardware.
At its core, Horizon Application Manager includes an identity-as-a-service hub that securely extends a user's existing identity in systems such as Microsoft Active Directory into the cloud. This process simplifies the management of identities across multiple application types that are found in a typical enterprise. This simplification benefits both IT and users by collapsing separate identity silos into a single enterprise identity that can secure user access across private and public cloud resources.
In addition, managers have control over user access policies and are able to track user activity, via usage reports. Following installation, administrative tasks, such as user entitlement, matching Active Directory groups with applications, and so on, can be accessed through a Web portal.
End users open a single sign-on portal from which they have self-service access to the organization's application catalogue. Users can only open the applications to which they are entitled. They can easily move from application to application without having to re-enter their login credentials. Applications can be accessed across a broad
range of devices.
The Administrator enables user access to the Cloud service from the internal Active Directory and downstream to SaaS applications such as Google Apps.
This allows same-day user provisioning to the service, where application entitlements can be set up for the users. The administrator logs into the Horizon Application Manager service to create Horizon groups to manage application entitlement through the administration portal.
In the administration portal, Administrators add new application links to the organization’s application catalog. They can also match the applications to specific Active Directory groups. Administrators can leverage Active Directory groups or create separate Horizon Groups to define who is entitled to a specific application.
Administrators also manage tracking and reporting of user and admin activities, including failed authentications, application entitlements, and launching applications.
Using VMware Horizon Application Manager to Manage Deployment and Entitlement of ThinApp Packages
The end user logs in to the Horizon Application Manager User Portal using their desktop login or Active Directory credentials. The login request is sent, via Horizon Connector to the Active Directory for authentication.
Following authentication, the user accesses the Application Catalog from the User Portal. The user selects the required application. The Horizon Agent verifies the user's entitlement then retrieves the application from the network file share and streams or downloads it to the user machine. ThinApp packages are downloaded to the end-user machine. Until such time as the application is completely downloaded, it is streamed to the user. ThinApp packages can be used offline. The first time a user accesses an application, it is "activated". The application icon appears on the main page of the User Portal to simplify subsequent access.
When a ThinApp package is updated, it is transparently downloaded to the user's machine the next time they access they are logged in to the User Portal. Once again, the application is streamed from the file share until it is fully downloaded to the end user machine. If the user is using the application at the time of the update, they continue to use that version without interruption, and the new version is simultaneously transparently downloaded. The new version appears the next time the user opens the application, without any end-user interaction being required. If a user attempts to open an application to which they no longer entitled, a message appears explaining the situation and prompting them to contact the administrator.
