Comparison: Workspace ONE UEM Cloud vs. On-Prem

Enterprise Mobility & EUC, Unified Endpoint Management (UEM) / Leave a Comment

Introduction: The UEM Deployment Dilemma

As organizations increasingly adopt Unified Endpoint Management (UEM) solutions, the choice between cloud-based and on-premises deployment models has become a critical strategic decision. VMware Workspace ONE UEM offers both deployment options, each with distinct advantages and considerations that can significantly impact your organization’s endpoint management strategy.

This comprehensive analysis examines the key differences between Workspace ONE UEM Cloud and On-Premises deployments, providing IT decision-makers with the insights needed to choose the optimal architecture for their organization’s unique requirements in late 2019.

Workspace ONE UEM Dashboard

Deployment Architecture Overview

Workspace ONE UEM Cloud (SaaS)

The cloud deployment leverages VMware’s multi-tenant SaaS infrastructure, providing comprehensive endpoint management capabilities without requiring on-premises infrastructure investment or maintenance overhead.

Core Architecture Components:

  • VMware-Managed Infrastructure: Fully hosted and managed by VMware
  • Global Content Delivery Network: Distributed content delivery for applications and updates
  • Automatic Scaling: Dynamic resource allocation based on demand
  • Multi-Region Availability: Redundancy across multiple geographic regions
  • Integrated Services: Native integration with other Workspace ONE cloud services

Workspace ONE UEM On-Premises

The on-premises deployment provides complete control over the UEM infrastructure, allowing organizations to maintain data sovereignty and customize the environment according to their specific security and compliance requirements.

Core Architecture Components:

  • AirWatch Cloud Connector (ACC): Bridges on-premises and cloud services
  • Device Services: Core device management and policy enforcement
  • Application Catalog: Internal application distribution and management
  • Database Cluster: SQL Server cluster for configuration and device data
  • Content Gateway: Secure content delivery and caching

Feature Comparison Matrix

Device Management Capabilities

Feature Cloud On-Premises Notes
iOS Device Management Full feature parity
Android Device Management Full feature parity
Windows 10 Modern Management Full feature parity
macOS Device Management Full feature parity
Windows Desktop (Legacy) Limited On-prem offers better legacy Windows support
Rugged Device Support Full support in both deployments

Application Management

Cloud Deployment:

  • Public App Store Integration: Direct integration with Apple App Store, Google Play, Microsoft Store
  • Internal App Hosting: VMware hosts internal applications with global CDN
  • App Wrapping: Cloud-based application wrapping services
  • Content Delivery: Global content delivery network for fast app distribution
  • Storage Limitations: Per-tenant storage limits for internal applications

On-Premises Deployment:

  • Internal App Repository: Complete control over internal application storage
  • Custom App Stores: Ability to create custom branded app catalogs
  • Local Content Delivery: Reduced bandwidth usage for internal app distribution
  • Unlimited Storage: Storage limited only by available infrastructure
  • Air-Gapped Support: Support for completely disconnected environments

Security and Compliance Analysis

Data Security and Privacy

Cloud Deployment Security:

  • Data Encryption: AES-256 encryption at rest and TLS 1.2+ in transit
  • Data Location: Data stored in VMware’s certified data centers
  • Compliance Certifications: SOC 2 Type II, ISO 27001, FedRAMP (in progress)
  • Shared Responsibility Model: VMware handles infrastructure security
  • Data Residency: Limited control over specific data location

On-Premises Security:

  • Complete Data Control: All data remains within organization’s infrastructure
  • Custom Encryption: Ability to implement custom encryption standards
  • Network Isolation: Can be deployed in air-gapped environments
  • Compliance Control: Full control over compliance implementation
  • Audit Trails: Complete control over audit logging and retention

Network Security Considerations

Cloud Deployment:

  • Internet Dependency: Requires reliable internet connectivity
  • Firewall Configuration: Specific ports and URLs must be allowed
  • Certificate Management: VMware-managed certificates
  • DDoS Protection: Built-in protection from VMware’s infrastructure

On-Premises Deployment:

  • Internal Network Control: Management traffic can remain internal
  • Custom Firewall Rules: Complete control over network security policies
  • Certificate Authority Integration: Integration with internal PKI
  • VPN Integration: Direct integration with corporate VPN solutions

Performance and Scalability

Performance Characteristics

Cloud Deployment Performance:

  • Global Performance: Optimized for global device management
  • CDN Acceleration: Content delivery network for faster app downloads
  • Shared Infrastructure: Performance may vary based on tenant load
  • Internet Latency: Dependent on internet connectivity quality
  • Automatic Optimization: VMware continuously optimizes performance

On-Premises Performance:

  • Local Network Speed: LAN-speed connectivity for internal operations
  • Dedicated Resources: Dedicated compute and storage resources
  • Customizable Performance: Ability to optimize for specific use cases
  • Bandwidth Control: Complete control over bandwidth allocation
  • Local Caching: Extensive local caching capabilities

Scalability Models

Cloud Scalability:

  • Elastic Scaling: Automatic scaling based on device enrollment
  • No Hardware Limits: Virtually unlimited device capacity
  • Instant Provisioning: New tenants provisioned within minutes
  • Global Distribution: Automatic load distribution across regions

On-Premises Scalability:

  • Planned Scaling: Requires capacity planning and hardware procurement
  • Cluster Expansion: Add nodes to existing clusters for horizontal scaling
  • Hardware Constraints: Limited by available infrastructure resources
  • Vertical Scaling: Can scale up individual components as needed

Resource and Infrastructure Analysis

Cloud Deployment Resources

Infrastructure Requirements:

  • Internet Connectivity: Reliable, high-bandwidth internet connection
  • Network Configuration: Firewall rules, proxy settings, certificate management
  • Directory Integration: On-premises connectors for Active Directory synchronization
  • Content Delivery: Bandwidth planning for application and content distribution

Operational Considerations:

  • Minimal Infrastructure Management: VMware handles all infrastructure components
  • Automatic Updates: Regular feature updates with minimal downtime
  • Built-in Monitoring: Comprehensive monitoring and alerting capabilities
  • Managed Backup: Automatic backup and disaster recovery
  • 24/7 Support: VMware provides infrastructure-level support

On-Premises Deployment Resources

Infrastructure Requirements:

  • Server Hardware: Multiple servers for high availability and load distribution
  • Database Systems: SQL Server cluster for configuration and device data
  • Storage Systems: High-performance storage for database and content
  • Network Infrastructure: Load balancers, firewalls, and network security
  • Backup Infrastructure: Comprehensive backup and disaster recovery systems

Operational Requirements:

  • Full Infrastructure Management: Customer responsible for all components
  • Planned Maintenance: Regular maintenance windows required for updates
  • Custom Monitoring: Integration with existing monitoring systems
  • Backup Strategy: Customer responsible for backup and DR planning
  • Internal Support: Internal IT team provides first-level support

Management and Operations

Administrative Overhead

Cloud Deployment:

  • Minimal Infrastructure Management: VMware handles all infrastructure
  • Automatic Updates: Regular feature updates with no downtime
  • Built-in Monitoring: Comprehensive monitoring and alerting
  • Managed Backup: Automatic backup and disaster recovery
  • 24/7 Support: VMware provides infrastructure support

On-Premises Deployment:

  • Full Infrastructure Management: Customer responsible for all components
  • Planned Maintenance: Regular maintenance windows required
  • Custom Monitoring: Integration with existing monitoring systems
  • Backup Strategy: Customer responsible for backup and DR planning
  • Internal Support: Internal IT team provides first-level support

Integration Capabilities

Cloud Integration:

  • REST APIs: Comprehensive RESTful API for integration
  • Webhook Support: Real-time event notifications
  • Pre-built Connectors: Connectors for popular enterprise systems
  • SIEM Integration: Built-in integration with major SIEM platforms
  • Limited Customization: Standard integration options only

On-Premises Integration:

  • Full API Access: Complete API access including admin APIs
  • Custom Development: Ability to develop custom integrations
  • Database Access: Direct database access for reporting and integration
  • Legacy System Support: Better support for legacy enterprise systems
  • Custom Workflows: Ability to create custom automation workflows

Use Case Analysis

Cloud Deployment Ideal Scenarios

Rapid Mobile Deployment:

  • Scenario: Organization needs to deploy mobile device management quickly
  • Timeline: 2-4 weeks from decision to production
  • Benefits: Immediate access to latest features, no infrastructure investment
  • Example: Startup scaling rapidly with remote workforce

Global Organization:

  • Scenario: Multi-national company with distributed workforce
  • Benefits: Global CDN, automatic scaling, consistent experience
  • Considerations: Data residency requirements in different countries
  • Example: Consulting firm with offices in 20+ countries

Limited IT Resources:

  • Scenario: Small to medium organization with limited IT staff
  • Benefits: Reduced operational overhead, automatic updates
  • Trade-offs: Less customization, dependency on VMware
  • Example: Healthcare organization with 500 mobile devices

On-Premises Deployment Ideal Scenarios

High Security Requirements:

  • Scenario: Government or defense contractor with strict security requirements
  • Benefits: Complete data control, air-gapped deployment capability
  • Requirements: Significant IT infrastructure and expertise
  • Example: Defense contractor managing classified mobile devices

Regulatory Compliance:

  • Scenario: Financial services with strict data residency requirements
  • Benefits: Complete audit control, data sovereignty
  • Considerations: Higher operational costs, longer deployment timeline
  • Example: Bank managing mobile banking applications

Legacy Integration:

  • Scenario: Large enterprise with complex legacy system integration needs
  • Benefits: Custom integration capabilities, database access
  • Requirements: Significant development and integration effort
  • Example: Manufacturing company integrating with ERP systems

Migration Considerations

Cloud to On-Premises Migration

Migration Process:

  1. Data Export: Export device configurations and policies
  2. Infrastructure Setup: Deploy on-premises infrastructure
  3. Configuration Recreation: Recreate policies and configurations
  4. Device Re-enrollment: Re-enroll devices to new environment
  5. User Communication: Coordinate with end users for transition

Migration Challenges:

  • Data Limitations: Some cloud data may not be exportable
  • Feature Differences: Some cloud features may not be available on-premises
  • Timeline: 6-12 months for complete migration
  • User Impact: Potential disruption during device re-enrollment

On-Premises to Cloud Migration

Migration Process:

  1. Assessment: Evaluate current configurations and customizations
  2. Cloud Tenant Setup: Provision cloud tenant and configure basics
  3. Policy Migration: Recreate policies in cloud environment
  4. Phased Migration: Migrate devices in phases
  5. Decommission: Decommission on-premises infrastructure

Migration Benefits:

  • Reduced Operational Overhead: Eliminate infrastructure management
  • Access to Latest Features: Immediate access to new capabilities
  • Improved Scalability: Automatic scaling capabilities
  • Timeline: 3-6 months for complete migration

Decision Framework

Choose Cloud Deployment If:

  • ✓ You need rapid deployment (weeks vs. months)
  • ✓ You have limited IT infrastructure resources
  • ✓ You manage a global, distributed workforce
  • ✓ You want automatic updates and new features
  • ✓ You’re comfortable with data in VMware’s cloud
  • ✓ You have standard device management requirements
  • ✓ You want predictable operational costs

Choose On-Premises Deployment If:

  • ✓ You have strict data residency or sovereignty requirements
  • ✓ You need extensive customization and integration capabilities
  • ✓ You have significant existing VMware infrastructure investments
  • ✓ You require air-gapped or highly secure environments
  • ✓ You have complex legacy system integration needs
  • ✓ You want complete control over the infrastructure
  • ✓ You have the IT resources to manage the infrastructure

Future Considerations

Cloud-First Development

  • New Features: New capabilities typically released in cloud first
  • AI and Analytics: Advanced analytics and AI features in cloud
  • Modern Protocols: Support for latest device management protocols
  • Integration Ecosystem: Expanding cloud-native integration options

On-Premises Evolution

  • Hybrid Capabilities: Enhanced hybrid cloud capabilities
  • Container Support: Containerized deployment options
  • Edge Computing: Support for edge computing scenarios
  • Migration Tools: Improved tools for cloud migration

Conclusion

The choice between Workspace ONE UEM Cloud and On-Premises deployment is a strategic decision that will impact your organization’s endpoint management capabilities for years to come. Both options provide comprehensive device management capabilities, but with different trade-offs in terms of control, customization, cost, and operational overhead.

Cloud deployment offers rapid time-to-value, reduced operational complexity, and access to the latest features, making it ideal for organizations seeking agility and simplicity. On-premises deployment provides maximum control, customization capabilities, and data sovereignty, making it suitable for organizations with specific security, compliance, or integration requirements.

Key Success Factors:

  • Requirements Analysis: Thoroughly analyze your security, compliance, and integration requirements
  • Pilot Program: Consider running a pilot with both deployment models
  • Total Cost Analysis: Evaluate 3-5 year total cost of ownership
  • Future Strategy: Align your choice with your organization’s digital transformation strategy
  • Change Management: Plan for organizational change management regardless of deployment choice

“The decision between cloud and on-premises UEM isn’t just about technology capabilities—it’s about aligning your endpoint management strategy with your organization’s risk tolerance, operational capabilities, and long-term business objectives.” – Enterprise Mobility Architect

As the endpoint management landscape continues to evolve with new device types, operating systems, and security threats, organizations should regularly reassess their deployment strategy to ensure it continues to meet their changing needs and takes advantage of new capabilities and improvements.

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *