Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge
Find out how HCI cuts down virtualization costs and complexity

VMware Freestyle Orchestrator: Visual Tool for Configuring User Environments

  • February 9, 2022
  • 12 min read
Alex Samoylenko
Virtualization Architect. Alex is a certified VMware vExpert and the Founder of VMC, a company focused on virtualization, and the CEO of Nova Games, a mobile game publisher.
Virtualization Architect. Alex is a certified VMware vExpert and the Founder of VMC, a company focused on virtualization, and the CEO of Nova Games, a mobile game publisher.

Introduction

Back at VMworld 2020, VMware has introduced its new product, Freestyle Orchestrator. Essentially, it completes and extends the abilities provided by UEM (Unified Endpoint Management), an integral part of Workspace ONE, an intelligence-driven digital workspace platform.

VMware Freestyle Orchestrator is a relatively new way to configure and deploy workflows on Windows and macOS. This technology configures the environment and user profile before installing and updating apps under various conditions. It’s a low-code orchestration platform that enables you with automated onboarding new users within the organization and unified workflows for configuring and delivering apps.

img

Overall, Freestyle Orchestrator solves the issue with sequencing apps installation on users’ desktops and configuring them according to specific conditions based on the current state of the system (for instance, if an app is already installed you just need to update it).

Getting Started

Currently, VMware Freestyle Orchestrator is available on Windows and Mac within the following infrastructure of software components:

  • Workspace ONE UEM 2111 (or more recent version)
  • Workspace ONE Intelligent Hub 2109 (or more recent version) for Windows 10
  • Workspace ONE Intelligent Hub 2111 (or more recent version) for macOS, also Workflow Engine (WFE) 2111 (or more recent version)

That being said, Freestyle Orchestrator works pretty much the same on both platforms, except that the Error Handling option is not yet available on Mac:

Mac

The primary Orchestrator tool is Flow Builder. It helps to visualize a workflow for applications of desktop/groups of desktops and plan steps depending on conditions (IF-THEN-ELSE):

Windows 10

But how would an admin know what steps to take and which conditions to plan, you may ask? Naturally, one needs to know at least something about the target device. That’s why Freestyle Orchestrator operates with sensors, utilizing them as small scripts pushed to target devices. They’ll gather all the necessary information about the environment, including printer connection, installed apps and their versions, hostname, network identification, etc:

Sensors

Also, the VMware repository provides you with varying custom sensors presented as PowerShell scenarios (for Windows) and Shell scripts (for Mac) that you can adjust by yourself.

The Scripts tab above contains scenarios that an admin could run for different configurations of the user OS. The main difference between script and sensor is that the former performs specific actions while the latter is just gathering values.

You can apply scripts and sensors to any object within Smart Groups. These are the UEM groups uniting computers based on software or hardware, OS version, tags, or users/groups. Such a method is an easy and flexible way for applying certain actions to a group of devices:

Edit Smart Group

Assignment Groups

Also, you can run the scripts on-demand for certain devices via Intelligent Hub Catalog.

A typical Freestyle Orchestrator workflow looks something like this:

  • Setting host configuration with the script
  • Installing basic applications and configurations for security purposes
  • Installing user applications (Microsoft Office 365, Zoom, Photoshop, etc)
  • Complete additional operations based on data received from sensors (for example, if the user has outdated Zoom version, it requires an update)
  • Running the script and monitoring its completion for the whole workflow or for the selected devices

Before getting started with the workflows, you’ll need to add some necessary resources within the organizational group (OG), such as apps, sensors, and scripts. After that, you have to define how the business logic will be delivered to the desktop configurations using (Stage Workflow Resources):

Stage Workflow Resources

After creating resources, you’ll need to adjust the workflow for the required platform, decide which Smart Groups will be assigned to it, and how exactly it will be delivered to devices.

Workflow Settings

When you’re finished with workflow and groups, you can install Security Profile, which implies the deployment of the necessary software to guarantee basic security level (antivirus, firewall, Carbon Black, etc):

Security Profile

Some apps may need a Per-App VPN tunnel for security purposes. You can deploy and configure it within the workflow using Workspace ONE Tunnel:

Workspace ONE Tunnel

Now, let’s take a brief look at the Flow Builder interface. An admin can work with either the image or the list, switching between both:

Flow Builder interface

If you want to know how to work with the builder, you can check the Freestyle Orchestrator demo, which was introduced at VMworld 2021:

img

While working with the builder step sequencing, the IF-THEN-ELSE logic is available. For example, we are to check whether the user has Outlook or not, and if they do – we add the Zoom plugin:

Admin Panel

Conditions may be generated based on values from apps, files, registry keys, and, of course, parameters received from sensors. Before the latter is applied, its scenario runs automatically on the target devices to get the actual data.

You can also use complex conditions that consist of AND/OR operators. You can add IF constructions after another IF as well (which will be interpreted as ELSE-IF).

The most useful thing is that upon the end of the workflow configuration process, you can start the scenario of user notification:

User notification

You can either save (SAVE) or publish (PUBLISH) the completed workflow. Do not publish the workflow right away, just save it first.

Workflow

Once the workflow has started, the admin can see its statistics wherein all the necessary information is present (deployed apps, profiles, scripts, sensors, and percentage of devices where this workflow is applied).

Onboarding Windows 10

An important part of the workflow management is Error Handling (for now it is available only for Windows). For example, you can configure flexible timeouts and the number of repeated attempts:

Workflow settings

If you’ve used up all your attempts, you can either skip this step or stop the whole workflow (you can configure it as well).

Another quite useful feature is Time Windows which allows time frames wherein the apps will be configured so not to disturb users with updates during working hours:

Edit time window

It is important to add that Freestyle Orchestrator provides a lot of troubleshooting tools. There’s even a specific tab for that purpose. We can see there the list of all events within the workflows:

Troubleshooting

You can look for the details on all those events on the client side in DSM.log and Workflow.log files. If you’re more interested in the detailed descriptions of what was happening on the server side, check DevicesGateway.log and AW_MDM_API.log files.

Also, you have access to the details on every step of every workflow for every available device. That’s very convenient for understanding the reasons for failed task completions:

Workflow step

Conclusions

All in all, VMware Freestyle Orchestrator is a great tool for workflows configuration and onboarding new devices and users. Visualized interface of planning workflows and conditions allow you to avoid unnecessary complications while orchestrating steps and, as a result, admins’ mistakes. If you want to know how to get your hands on that, read this. Also, it is available within Workspace ONE UEM 2111.

Related articles
VMware vSphere 7 Security Configuration Guide: 15 Things to Know About
Security Tips for VMware vSphere Environments
Tags
Found Alex’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!