We were recently approached by Matrix42 to look at their workspace management solution. We have written about several unified workspace solutions in the past, but Matrix42 has a more traditional approach, where the endpoint is central, and the cloud only plays a minor role.
Whereas all unified workspace players today focus on the modern workspace, where virtualisation in the cloud plays a major role, Matrix42 still chooses the traditional, proven workspace. Matrix42 still really focuses on managing all devices (endpoints) and the software that runs on them. This usually done from an on-premise server at the customer, but nowadays it can also be done from the cloud, through a SaaS model. Virtualising desktops and applications is not possible with Matrix42, as it is not their model. However, you can manage virtualised servers as endpoints.
Matrix42, therefore, focuses on managing the endpoint: the desktop, laptop, server, iPhone, iPad or Android smartphone. The company also offers endpoint security, licensing and helpdesk options. Matrix42 is a complete suite solution; all components work well together. There is no combination of best-of-breed.
The four components of Matrix42
Matrix42’s suite consists of four main components:
- Unified Endpoint Management
- Service Management
- Endpoint Security
- Software Asset Management
These four components make up the suite. Although they are developed independently of each other, they are integrated closely together. The integrations ensure that things are handled better and more efficiently. With best-of-breed solutions, this is often possible, but it has to be set up and configured separately. With Matrix42 it works immediately. The components of Matrix42 can also be purchased separately. This way, you get the benefits of such a large suite with out-of-the-box integrations.
Matrix 42 Unified Endpoint Management (formerly Silverback)
The Silverback Unified Endpoint Management (UEM) product from Matrix42 is the oldest component and has been in development since the early 90s. With this solution, you can manage all endpoints and place them within one policy. Furthermore, it is possible to develop a single strategy that is automatically suitable for multiple types of devices. In principle, you don’t have to make separate policies for Windows, iOS and Android, although that is possible. You can also create separate policies for each user group.
With such a UEM policy, you can set what the user can and can’t do on his endpoint. This varies enormously: from whether or not to install applications independently, which settings are available to the user and which are not, to apply default settings, to the use of the USB port on the endpoint. With the endpoint security solution, Matrix42 offers additional possibilities for this.
Ultimately, the most important feature of Silverback Unified Endpoint Management is that a laptop or smartphone loads a business configuration and applies the security according to the business policy. Think of authentication, single sign-on, encryption and the like. On a smartphone, Android Enterprise can be activated. A standard set of enterprise applications can also be deployed with the Matrix42 UEM solution. This brings the endpoint under the management of the company and allows a system administrator to control things remotely through the Matrix42 portal; from deploying updates or new applications, to remotely wiping the system or just the enterprise environment.
Balancing between security and user-friendliness
In the old days, making a company policy used to be equal to shutting down the system and, above all, rendering it unusable as far as possible in the context of safety. Over the years, people have learned that this does not work. Employees continue to look for ways to bypass security, so it is much wiser to look for innovative security solutions or safeguards with an alternative where the user experience is not immediately destroyed.
Matrix42 goes along with this. Blocking USB sticks, for example, is possible, but Matrix42 also has the ability to encrypt data copied to USB sticks as a standard. As a result, the data on the USB stick can only be read on systems that are known within the company network. An employee can therefore not share the documents with third parties or view them on his private computer. Also, a company could choose to only allow USB devices whose serial number is known or from devices that fall into a certain category. External drives are not, keyboards and mice are. This is a feature of the Matrix42 endpoint security product, specifically.
Installing software through a portal
Making it impossible for users to install applications themselves often causes a lot of resistance. Ultimately, it is up to the company to decide which rule it wants to apply. In general, we see that companies are more flexible with this, but in many industries, it is still unthinkable. Governments, financial institutions, large industrial companies generally want to control and close down as much as possible.
For those companies, Matrix42 can still be a good compromise. Through a self-service portal, users can install applications themselves. They can search within a catalogue for applications that the company has made available and then add these to their system. Depending on the application, it can be installed directly, but it may also be that a manager first needs to approve whether the user is allowed to use this application. In this way, license costs can remain more manageable.
If each user is going to install the complete Adobe Create Cloud Suite from about 70 euros per month, the license costs will quickly increase by tens of thousands of endpoints. The company can set which applications require approval and which do not. Because an agent from Matrix42 runs on each endpoint, an application can be downloaded and installed on the system almost immediately.
Software Asset Management
Another component of the Matrix42 suite is software asset management. This gives the Matrix42 customer and user a clear overview of their licenses and contracts. The use of licenses can also be viewed. Via the agents on the endpoints, all installed applications can be detected and, therefore, also the required licenses. It is also possible that virtualisation has been applied to some physical servers, where several virtual machines (VMs) are running. This requires more licenses or, in some cases, one license per CPU core. This could occur in the case of an Oracle database server, for example. These are things that Matrix42 can recognise and map out automatically. In this way, organisations can always ensure sufficient licenses.
At this moment, Matrix42 does not offer support for Kubernetes containers, but they are working on that.
In addition to license management, Matrix42 also does contract management. For example, if a company purchases a license for a SaaS application, or rents a hundred or so servers or clients, those contracts can be included in the contract management system. This system extracts the most important variables from these contracts. For example, it is easy to check how much warranty there is on an endpoint, or a notification can be sent in time to the right person that a license is about to expire and be automatically renewed. The person responsible can then make a conscious choice to renew or cancel and choose an alternative. It often happens that companies are attached to an automatically renewed contract.
Service Management – the IT helpdesk
The IT helpdesk, or Service Management, is another component of the Matrix42 suite. Users can create incidents themselves if they experience a problem. It also often happens that one of the other components automatically creates a ticket. For example, a manager has to approve a request for the use of a software application or detect possible malfunctions in a system. In fact, the Service Management solution is always used when something needs to be checked or approved by another employee or manager.
Part of the Service Management solution is the Workflow Studio. With this, certain business processes can be activated or executed via drag-and-drop. In this way, things that normally require a lot of manual work can be automated. It is also possible to speed up the execution of high-priority tasks.
Suppose that ransomware is detected on multiple PCs within a short period of time. Then a high-priority workflow could isolate certain critical business data within the network, temporarily preventing communication. However, it can also be less critical, think of e.g. onboarding or offboarding of employees. A workflow can ensure that they are correctly created or deactivated in all systems.
Endpoint Security (formerly EgoSecure)
In mid-2018, Matrix42 incorporated EgoSecure. This security company adds the last component to Matrix42. With this solution, Matrix42 offers endpoint protection against malware. EgoSecure is especially good at analysing the behaviour of applications, to stop it if it has or appears to have malicious intentions. As a result, they are less dependent on hashes than traditional security parties, although analysing the behaviour at an endpoint is now the standard in the security landscape.
Nevertheless, it is a very solid addition to the Matrix42 suite because it allows the company to offer a real overarching solution.
Matrix Self Service portal (MyWorkspace)
Finally, back to the Matrix42 Self Service portal. This is called MyWorkspace and is accessible for every user within the company. What makes this portal unique is that it lies, as a layer, on top of all components. The portal can be adapted to the corporate identity of the company and looks the same for each component.
Both administrators and users make intensive use of this portal. As mentioned before, it could be used to install applications, for helpdesk tickets and to approve requests from team members. Companies can run all workflows and supplies through this portal. Think of ordering a new desk, company clothing or business cards. It is also configurable so that you can indicate what your clothing or shoe size is, what name, job title, address and phone number should be on the business card. By linking a workflow to this again, the order could be placed automatically.
Matrix42 MyWorkspace offers, as it were, a cockpit for every employee in which he or she can arrange everything. Something that e.g. ServiceNow also does for many enterprise organisations.
We are curious if and how Matrix42 will embrace the modern workspace in the future, where more and more workloads will move to the cloud and become a larger part of the infrastructure. At the moment, Matrix42’s cloud ambitions only include the SaaS model for the management portal.