AirWatch is a mobile technology platform founded in 2003 and acquired by VMware in 2013 for $1.54 billion and developed as Workspace One (WSONE).

There are 4 licensing types, Standard, Advanced, Enterprise and Enterprise for VDI.

You can review the licensing details here and WSONE related video below.

To briefly summarize;

Standard: Basic application, device profile management, location monitoring functions etc.

Advanced: Standard Edition plus enterprise functions such as Content Locker, Tunnel, Secure Email Gateway, Boxer, People Search, and Telecom.

Enterprise: Standard and Advanced edition plus Horizon Apps.

Enterprise for VDI:All Workspace One functions plus all components required for desktop virtualization (vSphere, vSan, Horizon) are included in this version.

To speak technically, the WSONE is composed of the following components.

Device Server (DS): The unit in which all end devices are first met, where the device registration, profile updates, health status, Self Service portal, application catalog are managed. Depending on the performance and redundancy requirement, the load balancer can be positioned to be more than one behind.

Airwatch Admin Console (AC): Central interface for management and integration operations. Depending on the performance and redundancy requirement, the load balancer can be positioned to be more than one behind.

Database: The central database in which all WSONE data is kept and supports only Microsoft SQL Server releases including Always-ON. By being application servers (AC and DS) are stateless, the entire system can be restored if the database is recovered.

Tunnel: WSONE provides Proxy and Per-app VPN support to the environment, so it provides secure access to enterprise resources via VMware Tunnel using VMware Browser (Proxy) or desired applications (Per-app), in accordance with your criteria. Proxy service supports Relay and Endpoint topology, Per-App can also be installed on two separate servers as Front-end and Back-end to provide extra security. The version of Windows and Linux is still available, but has been replaced in recent releases with Unified Access Gateway (UAG).

Secure email Gateway (SEG): By acting as a proxy when positioned in front of the ActiveSync server, it allows you to ensure that the email service is only provided on registered devices of the specified criteria. It supports redundancy be positioned when required.

Content Gateway: We can briefly name it the On Prem Dropbox service. It Requires Content Locker app to be accessed from a mobile device. This software has DLP features and support integration with the apps within the WSONE. Although this service can still be avaliable for Windows and Linux, it has already been replaced on recent releases with Unified Access Gateway.

Unified Access Gateway (UAG) : It is a virtual appliance with Photon OS and will be replacing and combining services  such as VMware Tunnel, Content Gateway, Horizon Security Server and Reverse Proxy in one place.

Identity Manager: It provides functions such as application access control, application provisioning and SSO. It can be served as both SaaS and On Premise.

Deployment with AirWatch Cloud Connector

VMware Identity Manager Connector in Outbound Mode

VMware Enterprise System Connector: It acts as a proxy so that Directory and Certificate Services, E-mail relay etc. can be accessed without direct Internet access. Security definitions are directly applied for ESC, so there becomes no direct access to your important servers on your internal network.

AirWatch Cloud Messaging (AWCM): Provides security to back-end systems using the VMware Enterprise System Connector. AWCM is an alternative to Google Cloud Messaging  (GCM) and allows Android devices to work without GCM (without public Internet and Google ID). It is the only way to manage Windows Rugged  devices.