Workspace Control Module Comparison

Locations and Devices — Access Control can be based on the location where and the device on which a user session is started. This allows you to create Zones that can only be accessed if the rules that specify these Zones are met. You can base Zone rules on various criteria, such as Active Directory sites, IP-addresses, computer names, hardware requirements, environment variables, operating system versions, USB storage device serial numbers, etc. You can apply Zones to applications, printers, configuration settings, Workspace Containers, administrative roles etc.

✔

✔

✔

Building Blocks — Makes changes predictable by guaranteeing repeatable results in test, accept and production environments. Allows encapsulation of best practices, which results in quicker turnaround times during implementation. Allows easy transportation of configuration settings from one Workspace Control environment to another. A building block stores all properties of a setting or feature in an XML file.

✔

✔

✔

Data Sources — Data Sources technology makes it possible to define the data source using a simple Wizard in the Management Portal, and then link the applications that need to connect to it. When the user starts the application, the database connections will automatically be set up and made available for the application. This makes it flexible, fast, and reliable to create data sources.

✔

✔

✔

User Settings — Usually, users can change certain settings in a session, such as their default printer, or the view in which an application should open. In many environments, however, such changes are lost when the user logs off. This is particularly the case if mandatory profiles are used, or if roaming profiles are used in combination with pass-through applications in a Citrix XenApp environment. User Settings make it possible to preserve changes that users make to certain settings, files and folders during a session. These User Settings are stored in the user’s home folder, and are restored automatically when required. These settings are applied globally in Core. For all other modules more granular user settings can be applied.

✔

✔

✔

Workspace Containers — Organizes applications, configuration, security and other settings in logical containers. There are many ways to organize a complex Windows® environment (e.g. terminal servers, laptops, desktops). Simplifies administration of heterogeneous desktop infrastructures.

✔

✔

✔

Integration with Ivanti Products — Allows integration with Ivanti Identity Director services in Ivanti Workspace Control and use them as access principle when configuring Access Control for objects. Ivanti Automation Integration allows you to run specific Automation Tasks in the user workspace, such as context aware on- demand installation of software or the creation of user profiles.

✔

✔

✔

Workspace Extensions — Virtual Desktops (VDI) and Terminal Services (Microsoft and Citrix XenApp) offer remote desktops. Workspace Extension enhances a remote desktop with locally running applications by merging both desktops into a single workspace. Workspace Extensions eliminates the need to switch between a local and remote desktop. It also enables management and control of access to local applications as well as Terminal Server and VDI applications from one central point.

✔

✔

✔

Application Virtualization Integration — Configuring and securing virtualized applications is more complex than configuring and securing traditional applications. Ivanti Workspace Control eliminates this complexity by launching a helper process from within the virtual application environment. This helper process makes configuration changes in the virtual environment (such as registry settings) as easy as in traditional environments. Integration is provided for Citrix XenApp, Microsoft App-V 5 and Thinstall.

✔

✔

✔

Citrix XenApp Application Publishing — Citrix XenApp Publishing makes it possible to create and manage Citrix XenApp published applications directly from the Ivanti Workspace Control Console. Users can run Citrix XenApp published applications side-by-side with their local applications, as if they were running on the user’s local computer. Ivanti Workspace Control supports Citrix XenApp Integration for version 7.x and later together with Citrix Cloud.

✔

✔

✔

TS RemoteApps Integration — Microsoft RDS/TS RemoteApp makes it possible to create and manage RDS/TS RemoteApps applications directly from the Ivanti Workspace Control Console. Users can run Microsoft RDS/ TS RemoteApp applications side-by-side with their local applications, as if they were running on the user’s local computer.

✔

✔

✔

Microsoft System Center — Microsoft System Center ConfigMgr allows you to distribute, configure and manage software across virtual, distributed and mobile environments. With Microsoft System Center ConfigMgr Integration enabled in Ivanti Workspace Control, it is possible for example to install an application when the user clicks the application shortcut.

✔

✔

✔

Virtual Desktop Extender (VDX) Integration — Allows IT to determine which local applications are accessible through Ivanti VDX. Also allows IT to centrally manage the configuration of Ivanti VDX reverse seamless technology. Simplifies the management of local applications and Ivanti VDX.

✔

✔

✔

Workspace Analysis — Previews a user’s workspace. It shows all applied configuration, desktop settings, accessible applications, security events and configuration errors for a specific user. Decreases resolution times for helpdesks, in turn decreasing workload.

✔

✔

✔

Instant Reports — Creates documentation of any part in Management Console with a single click. Documentation can be exported to PDF. Saves valuable time for the administrator. Provides essential documentation for internal and external use.

✔

✔

✔

Workspace Designer — Provides clear insight in how existing (unmanaged) desktops are used. Assists in designing user workspaces by analyzing data taken from the Desktop Sampler. Decreases implementation time of user workspaces and increases quality of the implementation.

✔

✔

✔

Session Actions — Session actions make it possible to apply configuration changes in the end-user session for a predefined allocation of users without the need for complex scripting. The following settings can be controlled: Drive and Port Mappings, Drive Substitutes, Home Directory actions, Profile Directory actions, Printers, User Registry settings, User Registry policies, Commands, Ivanti Automation Tasks and Environment Variables.

✔

✔

✔

Folder Synchronization — Session-Based: As a result of growing mobile workforces, there is an increasing need for offline access to data. If copying of data is not performed automatically, there is a risk of data loss. Folder Synchronization makes it possible for IT administrators to set up and execute synchronization of local and network folders, to download files and folders from the network to local computers and to upload local files and folders to the network.

✔

✔

✔

Connection State — Ivanti Workspace Control uses the IP address of the local network connection to determine the connection state of the computer. If no IP address is available, an ‘offline’ connection state will be assumed. Connection State Advanced pings a list of hosts for a specific zone to determine the Connection State of the computer. This method is smarter than using the IP address of the local network connection.

✔

✔

Date and Time — The Date and Time feature makes it possible to set a start and/or end date on access to a managed application. For example, a project-specific application can become available on the start date of the project. Weekly restrictions make it possible to limit application availability to a recurring pattern per week. For example, only during lunch breaks, working hours, or outside of maintenance windows.

✔

✔

Advanced Locations and Devices — The Zone rules “Connected network (SSID)” and “Nearest Access Point (BSSID)” provide excellent ways to determine the location of roaming users and dynamically give access to the right services. Use these Zone rules to apply policies and give or prohibit access to resources (such as printers and applications) based on wireless network names or on wireless access point signal strength.

✔

✔

Override Feature Properties — The properties of a workspace feature can be overridden for specific Workspace Containers. This capability is essential for supporting hybrid desktop environments and different types of users.

✔

✔

Advanced Workspace Containers — Apply an additional layer of security to desktops by securing your workspace containers with access control. Access control criteria for workspace containers can be based on groups, users, administrative roles, languages and zones. Many applications, configuration settings and other objects can be secured with access control and workspace control. You can attach a configuration setting that is restricted to a specific workspace container to an application that is accessible to all workspace containers. This allows you to configure applications that behave differently, depending on the workspace container that applies to the user.

✔

✔

Workspace Preferences, Printing Preferences and PowerHelp — Workspace Preferences allows users to customize their desktop and workspace. Printing Preferences provides users with simple printer-related information and a Printer Management console. Only user-related printers are shown. Users can manage their documents and prints by clicking the Open button in Printing Preferences.

✔

✔

Directory Services Integration — A directory service is used to store information about resources (such as printers), services (such as e-mail) and users in a network. The directory service provides information on these objects, organizes them, and provides authentication and validation. A well planned and well-maintained directory service reflects the hierarchical and functional structure of an organization and is a powerful tool in the delivery of applications and resources to users. Ivanti Workspace Control supports Microsoft Active Directory, Azure Active Directory, Microsoft Windows Domains (Legacy Windows NT), and Workgroup scenarios.

✔

✔

✔

Relay Servers — The Relay Server is an infrastructure component that caches information from the Datastore and passes it on to Agents upon request. Therefore, Agents do not need to contact the Datastore directly. Alternatively, Relay Servers can pass the cached information from the Datastore on to other Relay Servers. Without Relay Servers, Agents need to connect directly to the Datastore. Workspace Control environments can have a mix of connection methods, with some Agents connecting directly to the Datastore and others connecting to Relay Servers.

✔

✔

Cloud Relay — Ivanti Cloud Relay enables your company to connect Agents located outside of your company network to your environment without the need to set up any additional network infrastructure. Ivanti Cloud Relay is on controlled release, please contact Ivanti Support if you would like to try the feature in your environment.

Note: Cloud Relay is available under a separate SKU.

✔

✔

Neurons for Edge Intelligence — Ivanti Neurons for Edge Intelligence gives IT the ability to query all edge devices using natural language processing (NLP) and get real-time intelligence across the enterprise in seconds. It provides quick operational awareness, real-time inventory, and security configurations across the edge leveraging sensor-based architecture.

✔

✔

Administrative Roles — Administrative Roles allow granular delegation of control in the Management Console. Users, groups, OUs, and zones can be assigned to read or modify specific parts of the Management Console. Administrative Roles can also be used to allow access to specific applications.

✔

✔

Workspace Branding — Use the Workspace Branding feature to place your organization’s own logo and matching progress bar color in Ivanti Workspace Control splash screens and Management Console.

✔

✔

Audit Trail — Audit Trail provides detailed information on changes made on objects in Ivanti Workspace Control. This detailed information includes date/time, type of object, action, name of object, user, computer and client.

✔

✔

E-mail Settings — E-mail Settings makes it possible to preconfigure and manage various mail profiles for all users from a single point of administration, without any programming or scripting. E-mail Settings also handles e-mail signatures for Microsoft Outlook. This enables control over legal disclaimers and corporate identity in e-mails.

✔

App Level User Settings — In Core, User Settings are available at session level, and can be configured to store specific parts of the registry or profile directory and apply the stored settings at logon. In the Composition module, User Settings are also available at application level, and there are additional Zero Profile modes to preserve changes real time using a set and forget approach.

✔

Actions — Application actions make it possible to apply configuration changes in the end-user session for a predefined allocation of users without the need for complex scripting. The following settings can be controlled: Drive and Port Mappings, Drive Substitutes, Folder Synchronization, Home Directory actions, Profile Directory actions, Printers, User Registry settings, User Registry policies, Commands, Ivanti Automation Tasks and Environment Variables.

✔

Instant Pass-through — Instant Pass-through automatically redirects a user to a Citrix XenApp Published Application or Microsoft TS RemoteApp if the application is not installed on the user’s computer. This technology is essential in mixed environments where both Citrix XenApp and traditional desktops are used.

✔

Ivanti Workspace Control Shell — Ivanti Workspace Control shell presents a simple Windows-like shell with additional Ivanti Workspace Control-only presented by Microsoft, whereas the Microsoft Windows functionality shell is the exact shell as it is including the various available themes.

✔

Web Portal — The Web Portal makes it possible to offer the Workspace Composer through a web browser. This can be useful in secured environments, in which it is desirable that users can only access applications and folders through a web browser. The Web Portal can also be used to integrate the Workspace Composer in a corporate intranet.

✔

Remote Assistance Integration — Allows any helpdesk to quickly remote control a user’s desktop after approval of the user by integrating with Microsoft Remote Assistance technology. This decreases resolution times for helpdesks in turn decreasing workload.

✔

Microsoft Profile Containers — Microsoft Profile Container is a full remote profile solution for non-persistent environments. Profile Container redirects the entire user profile to a remote location. Profile Container configuration defines how and where the profile is redirected.

✔

Dynamic Privileges — Dynamic Privileges allow you to elevate rights for applications and commands while maintaining default privileges for users.

✔

User Installed Applications — User Installed Applications allow a specific end user to install software on a computer. This can be particularly useful to give expert users a degree of control over their own computer, so that they can install software themselves as and when needed. User Installed Applications are always restricted to specific computers, based on Workspace Containers and/or Zones, and can optionally be further restricted to specific users. All installations are audited.

✔

User Session Security — Session Security makes it possible to prevent users from starting more than one concurrent session. This improves the performance of the application server and helps to control license usage. Session security also prevents problems with locked data in a user’s home directory, which can occur when a user tries to read the same data from two sessions simultaneously.

✔

Managed Application Security — Application Security makes it possible to prevent access to and use of unauthorized applications. When enabled, only applications that are exposed to the user in the workspace are automatically authorized.

✔

Website Security — Website Security allows you to configure user specific web filtering based on rules. This prevents access to unauthorized websites. Web filtering can be done by means of Deny Rules and/or Allow Deny.

✔

Files and Folders Security — Files and Folders security makes it possible to block access to specific file types and folders.

✔

Network Connection Security — Network security makes it possible to secure the user workspace by preventing applications from using unauthorized network connections to other applications and/or services running on remote computers (for example, database applications, ICA/RDP clients, telnet, MSN Messenger, etc.).

✔

Read-Only Blanketing — makes it possible to render all local fixed drives on a computer read-only for the end user. This not only secures the user’s workstation against corruption and loss of information, but it safeguards the entire Terminal Server environment.

✔

Advanced Removable Disk Security — Detection of USB storage devices based on serial numbers or vendor IDs/product IDs makes it possible to allow specific USB storage devices to be used on a computer. It also allows for advanced scenarios in which USB storage devices can function as a key to unlock an application or a laptop.

✔

Removable Disks — Removable Disks Security configures permissions for usage of removable disks for specific people on specific locations. Read and write permissions can be assigned to Floppy Disks, DVD/CD Disks and Removable Disks like USB/Firewire Sticks. This increases an organization`s security by preventing any user from copying sensitive corporate data to and from removable disks.

✔

Authorized Files — Global Authorized Files make it possible to create exceptions to the security restrictions in the user workspace, by authorizing specific applications, files, folders and drives.

✔

Authorized Owners — Authorized Owners increases the security of your Workspace Control environment by not allowing untrusted software to run. The feature is based on NTFS ownership and enables administrators to allow applications to be started only if the configured NTFS owner matches the file owner of the executable.

✔

Adaptive Security — With Adaptive Security you can secure the user workspace by preventing access to unauthorized applications, files, folders, removable media and network connections, and by logging all security events. All Security components are based on Windows filter drivers, which offer a high level of security while minimizing the overhead on your system.

✔

Data Security - With Data Security you can secure access to files and folders on local and removable disks. With Removable Disks Security, you can secure the use of removable disks in the user workspace. Removable Disks Security allows you to configure permissions for usage of removable disks for specific people on specific locations. With Files and Folders Security, you can prevent specific file types and folders from being used in the user workspace.

✔

USB Access Token - Detection of USB storage devices based on serial numbers or vendor IDs/product IDs makes it possible to allow specific USB storage devices to be used on a computer. It also allows for advanced scenarios in which USB storage devices can function as a key to unlock an application or a laptop.

✔

Filtering - The Workspace Simulation Wizard enables you to assess the workspace that would result from a particular simulation, combining a fictional or existing user’s identity with different context criteria such as location, time and connection state.

Workspace Simulations - The Workspace Simulation Wizard enables you to assess the workspace that would result from a particular simulation, combining a fictional or existing user’s identity with different context criteria such as location, time and connection state.

Role-based Access Controls - Access to settings and applications can be based on administrative roles or by delegating control to application managers. This enables re-using assigned administrative roles to help make applications and settings available to the users. These roles tend to be expert users or those responsible for a certain application and can be made application managers. Application managers have access to the Access Wizard, which assists with granting and revoking access to applications.

License Management - Licensing Metering makes it possible to manage and report the number of people that are allowed to use an application, based on the application licenses that are available. This makes it possible to enforce license compliance to e.g. Microsoft licensing models, while managing license usage in your user workspaces. It also prevents overspending on software licenses.

Alerting — Alerting makes it possible to automatically send alerts on specific events in the user workspace to e-mail systems, SNMP management frameworks or by launching external tasks.

Usage Tracking — Usage Tracking makes it possible to monitor application and computer usage in detail, using various selection criteria. Usage Tracking can be used to monitor the actual use of applications per user, per application, or per server. Usage Tracking also monitors active sessions and the actual CPU load of an application. This information can be useful to find users or applications that use a more than average amount of system resources, to re-distribute licenses, or simply for troubleshooting.

Website Usage Tracking — Website Usage Tracking makes it possible to track actual web site usage, including the time a web site is opened (time open) and the time a web site is used (time active). Web site usage will only be tracked for Microsoft Internet Explorer.

Access Balancing — If many users log on to a remote desktop simultaneously, this can cause serious problems to the network and the desktop server. This situation can be prevented with Access Balancing, which makes it possible to limit the number of simultaneous logons per desktop server.

Feature is deprecated since Workspace Control version 10.7.20.0.

CPU Optimization — CPU Optimization makes it possible to prevent applications from taking up too much processor time. This prevents other applications from malfunctioning.

Memory Optimization — Memory Optimization makes it possible to optimize the physical memory usage of running applications in the user workspace.

Scope Control — Scope Control makes it possible to restrict the scope of administrative roles to individual settings in the Management Console, based on the Access Control criteria and Workspace Control criteria of these settings.

Instant LogOff — Instant LogOff makes it possible to manage user profiles that fail to unload during logoff. If certain applications do not close their registry handles when they are terminated, this can result in slow logoffs, roaming profiles that do not reconcile and reaching of the registry size limit. Instant LogOff disconnects the user session on logoff and proceeds with the logoff in the disconnected session.