Computacenter (UK) Ltd

Computacenter - VMware Workspace One

Computacenter provides VMware Workspace ONE - a secure enterprise platform delivering and managing any app on any device. By integrating app access management, unified endpoint management, and real-time application delivery, Workspace ONE engages digital employees, reduces the threat of data loss, and modernizes traditional IT operations for the mobile-cloud era.

Features

  • Enterprise app catalog delivers the right apps to any device
  • Catalog can be easily customized to transform employee onboarding
  • Conditional Access policy enforcement to mobile, web, and Windows apps
  • Record application, device and console events to capture detailed information
  • Allow desktop administrators to automate application distribution and updates
  • Remotely monitor and manage all devices connected to your enterprise
  • Enforce authentication strength and restrict access by device restrictions
  • Automate device compliance for advanced data leakage protection
  • Federates even the most complex on-premises Active Directory topologies
  • Leverage both new and existing forms of 3rd party authentication

Benefits

  • Email app supports your mail accounts and integrates with repositories
  • View integrated calendar without having to navigate between apps
  • Secure email and attachments through the VMware AirWatch SEG
  • Use content app to push/manage secure content on the device
  • Support your end users with remote assistance and troubleshooting
  • Remote configuration management allows employees to provision new devices anywhere
  • Employees determine desired level of access and corresponding management
  • User interface is simple, intuitive and responsive
  • Self-Service App Store meets consumer-style expectations

Pricing

£881.25 per unit per year

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 9 9 6 1 4 6 7 8 6 0 6 8 4 9

Contact

Computacenter (UK) Ltd

Karen Baldock

+44 (0) 1707 631000

government@computacenter.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Computacenter service has no constraints that the buyer should be aware of.
System requirements
Refer to VMware Workspace ONE Reference Architecture for requirements

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times for standard issues are within 8 hours during operating 9:00 -5:30 (mon-fri)

Weekend support is available at additional costs subject to customer requirements.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The Computacenter web chat facility hasn’t been designed to any accessibility standards, however a design feature is that the users can increase the font size can been increased to users who have visibility impairments.
Web chat accessibility testing
Computacenter have not used assistive technology user to test our web chat support.
Onsite support
Yes, at extra cost
Support levels
Please refer to our website for support details: https://www.air-watch.com/services/customer-support/

Technical Account Specialists are available at an additional cost
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a comprehensive pre-installation checklist that includes all network and technical requirements that must be satisfied to help ensure a successful implementation. Our Account Executives and Professional Services team members will support you throughout the entire process, from pre-implementation meetings through the final hand-off to our Global Support Team.
- Upon the successful completion of all implementation deliverables, you can continue to leverage our breadth of professional services resources in the form of our global Support Services, extensive technical documentation and robust knowledgebase
Access a comprehensive and easily accessible catalog of training resources that provides varying levels of product knowledge and technical expertise, depending on the administrator role
Options include on-demand access to product documentation, instructional videos, online forums and instructor led training courses
Service documentation
No
End-of-contract data extraction
Per Section 2.9 Deletion of Service Data from the VMware Data Privacy Addendum: Following expiration of the Agreement, we will endeavor to delete your Service Data within a reasonable period of time, except to the extent we are required to retain any Service Data for compliance with applicable law. If we are unable to delete your Service Data for technical or other reasons, we will apply measures to ensure that your Service Data is blocked from any further Processing.

At the end of the contract, VMware can assist the customer in using solution controls to export data within the Workspace ONE solution. Customers in a Dedicated Cloud deployment can leverage a robust data mart. Data is secured in transmission.

Workspace ONE has defined data retention and data disposal policies to safeguard data throughout its lifecycle.

Customers can export Workspace ONE data at any time from the administrator consoles.
End-of-contract process
Per Section 2.9 Deletion of Service Data from the VMware Data Privacy Addendum: Following expiration of the Agreement, we will endeavor to delete your Service Data within a reasonable period of time, except to the extent we are required to retain any Service Data for compliance with applicable law. If we are unable to delete your Service Data for technical or other reasons, we will apply measures to ensure that your Service Data is blocked from any further Processing.
- At the end of the contract, VMware can assist the customer in using solution controls to export data within the Workspace ONE solution. Customers in a Dedicated Cloud deployment can leverage a robust data mart. Data is secured in transmission.
- Customer data in the solution is overwritten every 30 days.
- Please refer to the VMware Data Privacy Addendum for additional details: https://www.vmware.com/help/workspace-one-privacy.html

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
- Workspace ONE is accessible via web browser and native mobile app and is easy to user regardless of device.
- The Workspace ONE portal functions as a mobile app and a browser-based console. The mobile app version of the solution is available for download to corporate-owned or BYOD devices. The solution integrates with a desktop app launcher to deploy an HTML5-enabled desktop version.
Eliminate need for employees to register each device through flexible deployment options for the browser and native mobile app:
- Employees can log-in and gain access to applications based on unique policies set for each app.
Service interface
No
API
Yes
What users can and can't do using the API
API configuration is done through the AirWatch console. Available APIs can be found on my.airwatch.com The solution provides full support for all major OEM Mobile Device Management APIs as they become available. Due to inherent manufacturer OS and API limitations, some features are not supported across all devices or OS versions.

Do you provide API documentation for your service?
HTML
PDF

Is there a sandbox or test environment for your API?
We offer two options for user acceptance testing (UAT): a “sandbox” environment and a dedicated environment
- UAT Sandbox – Create individual or combined sandboxes for UAT users within a single AirWatch environment, leveraging the multitenancy of the solution
- UAT Environment – Create a new cloud environment solely for UAT, independent of the production environment and using dedicated hardware and software
- UAT sandboxes and environments are scoped and priced separately
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Administrators can build a branded login experience across desktop and mobile devices using customizable templates
Use company logo for featured components of the solution:
-- Login prompts
-- Application Launcher
-- Favicon
-- Add background picture
-- Company and product name

Scaling

Independence of resources
Our solution meets strict requirements for high availability and redundancy through load balancing across multiple, geographically disparate data centers. We eliminate any single point of failure through the use of redundant equipment, network, power and clustering of key components.
-- We have a guaranteed standard SLA of 99.9%

Analytics

Service usage metrics
Yes
Metrics types
Administrators can gather metrics from Workspace ONE via VMware AirWatch and VMware Identity Manager reporting and logging:
-- View events within Workspace ONE to capture detailed information
-- The VMware AirWatch solution records all console activity and provides data in a detailed log of users accessing the system and the events or actions taking place.
--- Customers can use the built-in event log, customizable dashboards, integrated reporting engine and AirWatch Hub to audit the web console and end-user actions.
-- The VMware Identity Manager admin console provides audit event reports for resource entitlements for groups and users.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
VMware

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
- Global data center operations have undergone SSAE16 SOC2 Type II audits.
- Basic passwords, certificate private keys, client cookie data and tokens are encrypted in the SaaS environment with a derived AES 256-bit symmetric encryption algorithm
-- Customers can enable encryption at rest for user first name, last name, email and phone number
-- We do not store AD/LDAP passwords in our database
- VMware Content Locker, VMware Boxer and VMware AirWatch App Wrapping solutions use AES 256-bit encryption to secure data on mobile devices
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
System administrators can record/export application, device and console events and reports via Workspace ONE console

Use built-in VMware AirWatch reporting engine to regularly export solution data

Export console data using interactive dashboards (CSV), reports (CSV), the AirWatch Hub (PDF), and event log (CSV)

Export VMware Identity Manager audit event logs and reports (CSV)

Integrate with security information/event management solutions for enhanced logging of events occurring in the console

Deploy Workspace ONE Intelligence custom reports service to access a wider set of parameters and critical data on apps, devices, and OS updates
Data export formats
Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • IWork – Numbers, Keynote, Pages
  • Zipped Files – 7z, ZIP, GZIP, BZIP2, TAR
  • Images – PNG, JPEG, TIF, BMP, GIF, EPUB, TIFF
  • Audio – AAC, ALAC, MP3, WAV
  • Video – MOV, MP4
  • Other – PDF, HTML, XML, CSV, RTF, TXT, MSG
  • Microsoft Office – Excel, PowerPoint, Word
  • Additional types, such as certificates, can be uploaded by admins

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We have a guaranteed standard SLA of 99.9% for all Workspace ONE components

VMware Identity Manager as part of Workspace ONE SLAs are defined here: http://www.vmware.com/download/eula/workspace-one-service-license-agreement.html

VMware AirWatch SLAs are defined within the AirWatch Hosted Services Policy here: http://www.air-watch.com/downloads/pricing/hosting-services-policy.pdf
Approach to resilience
Our solution meets strict requirements for high availability and redundancy through load balancing across multiple, geographically disparate data centers. We eliminate any single point of failure through the use of redundant equipment, network, power and clustering of key components.
We have a guaranteed standard SLA of 99.9% Additional information can be provided upon request.
Outage reporting
In the unlikely event of a security incident, we will notify the appropriate customer IT stakeholders. Email announcements will maintain open lines of communication between support staff and customers regarding change management events, incident events and problem events.

We will provide at least five days’ or as much advance notice as possible via email of maintenance windows.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We have a formal Access Control policy that includes roles and responsibilities for Asset Owners, Asset Custodians and Users to help ensure proper access to information assets.

Strong passwords are required for access to production environments and corporate resources. Password policies are developed according to industry best practices and are technically enforced through Active Directory.

All access privileges are technically enforced using role-based access control, separation of duties and the principle of least privileges.

Production environment access requires two-factor authentication, is secured by VPN using AD credentials and is restricted to authorized members of applicable teams.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Less than 1 month
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19/03/2019
What the ISO/IEC 27001 doesn’t cover
Our ISO/IEC 27001 certification covers all our managed service people, processes and IT systems. The areas of our business not covered are those that fall outside the following: The scope of Certificate number IS 516767 is for the Group Information Security Management System in relation to the UK based Information Services Division encompassing data centre, telephony, system development, implementation, operations, administration and maintenance functions for Computacenter Group Systems, UK Corporate IT Systems and Customer Facing IT Systems including the Managed Services – Service Management Tool Suite (SMTS). This is in accordance with the Statement of Applicability v7.0 dated 03/02/2017. The scope of Certificate number IS559935 is for the protection of Computacenter and customer information that is accessed, processed or stored by personnel of the Service Operations Division Operational Support and Data Centre Services teams. This is in accordance with the Statement of Applicability v7.3 dated 04/12/2017. The scope of Certificate number IS 621751 is for protection of information that is accessed, processed or stored by personnel providing Computacenter contracted Desktop Infrastructure Services including Service Management, ITIL Service Lines, Supply Chain Services, Service Operations Engineering Support, Project Support and Operational Security. In accordance with the Statement of Applicability v4.3 dated 12/01/2018.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
GemServ
PCI DSS accreditation date
September 2018
What the PCI DSS doesn’t cover
Only the data centres for the specific controls of Requirements 9 – Restrict physical access to cardholder data and 12 - Maintain a policy that addresses information security for all personnel of PCI DSS v3.2.1, which is not relevant for this service.
Other security certifications
Yes
Any other security certifications
Various which can be discussed

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Group ISMS contains a consistent security assurance framework and accompanying baseline set of Information Security Policies that are to be used throughout the Computacenter Group.
Information Security Policies define the minimum security standards for the Computacenter Group. They consist of technical, procedural and staff behavioural rules that work in concert to preserve the security aspects of Computacenter IT Systems and the information that they process.
The Group ISMS Information Security Policy set is divided into categories covering topics such as Information Security Management, End-user responsibilities and Acceptable Usage plus technology specific security requirements.
An 'Acceptable use Policy' (AUP) document is included in the Policy set, as a minimum, which must be read and understood, for ensure employee’s know their obligations and comply with this and any other Security Policies that relate to their role in the organisation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Group Change Management service is based on ITIL best practice and has the primary objective of protecting the client production services from outage and disruption resulting from change. Our Group Change Management team acts as the primary interface for the client to control changes to IT Infrastructure. The process is applied and governed to ensure that changes are recorded, evaluated, prioritised, planned, tested, authorised, implemented, documented and reviewed in a controlled manner with minimal or no disruption to the service.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have in-house vulnerability management processes to cover scheduled and ad-hoc scanning, identification, notification, remediation and reporting. Customer specific programs are also deployed.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring processes are based and run in accordance with the service and customer requirements.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management processes are based on the requirements of each service and interface with our customer, as required by the contract

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£881.25 per unit per year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
- TestDrive provides a full functionality free trial option for Workspace ONE
- Hands-on Labs provide guided functionality for Workspace ONE

Service documents

Return to top ↑