“Video Killed the Radio Star”


How legacy applications can be integrated with the cloud workspace

In 1979, “The Buggles” stormed the charts with their song “Video Killed the Radio Star”. However, the radio is still alive, coexisting peacefully with other media. While it has lost some of its significance, it has survived successfully by adapting to the new conditions. In the new world of SaaS and cloud applications, legacy applications are “threatened” by the crowding out that is occurring in the market. However, legacy applications, too, will survive.

Goal: Peaceful coexistence

The number of SaaS and cloud applications in business environments is continuously increasing; these are, however, no green-field environments, but are populated with existing and sometimes dearly cherished Windows applications such as SAP R3 or AS400-based host applications. After all, no company will simply replace its existing application landscape by new applications, but will migrate existing applications into the new cloud universe, while minimizing related work and cost as well as impacts on end-users, with the goal to allow for the peaceful coexistence of all kinds of applications within today’s device-independent workspace without any usage- and management-related problems and issues.

Move legacy applications to the workspace with the speed of light

Terminal server farms are playing a key role when it comes to integrating existing applications. They move them into the workspace with the speed of light by allowing companies to provision their legacy applications even on devices that are not able to execute Windows applications. In many cases, client software must be installed for this purpose, which is affecting the degree of flexibility.

Warp drive for integration: MyWorkspace

MyWorkspace allows companies to connect existing with new applications with even more speed and greater ease-of-use. MyWorkspace is seamlessly integrated with the Microsoft Remote Desktop Services, enabling the usage of legacy Windows applications on any device, without the need to install software on the respective device. The browser-based approach ensures that no business-critical information is stored on unmanaged devices.


MyWorkspace allows all companies to implement BYOD or COPE initiatives on all device platforms, including device classes that do not enjoy a high degree of adoption yet, such as smart TVs or displays in IoT devices.

MyWorkspace has been designed to help every company on its way into the cloud – without cost-intense migration or modification of existing processes and workflows. And, to speak with Gerhard Uhlenbruck, for some long-cherished legacy applications, MyWorkspace allows for “peaceful coexistence, which means that you continue to play the first fiddle, even in a piano concerto.”

Posted in Technical details | Leave a comment

Weekly Feature Update – CW19/2016

The MyWorkspace team is pleased to announce the launch of the following new features and platform changes:

  • Help us to improve our product
    We will ask you as an administrator of MyWorkspace from time to time now to give us feedback about our software.Please help us and use the chance to influence how MyWorkspace evolves:
  • MyWorkspace Mobile App – Influencer Program
    We are working a lot on our upcoming integration of MyWorkspace into the M42Mobile application. We accepting additional registrations for the influencer program which gives you early access to the latest version of our mobile app. Register right now here.
  • Remote Apps in your Mobile Enterprise Sandbox
    With MyWorkspace we are beaming your Remote Apps directly into your mobile enterprise sandbox. This makes it possible to serve Remote Apps, Terminal Sessions and full virtual desktops in a very convenient way to managed and un-managed devices. All form factors are supported. The M42Mobile application becomes your day by day companion to make your workspace mobile. Register to our influencer program right now.
  • Windows 10 Agent is available
    Beside the Mac OS X agent we also offer a Windows 10 agent which allows users to launch locally installed applications directly from your browser. End users can get a single aggregated view on their modern workspace. It doesn’t matter if the user wants to use SaaS, Web, Remote or Local apps. The Windows 10 agent is available here.

It has been crafted to reflect what our users told us they need and it also builds upon new technology capable of addressing future needs.

Interested in the new capabilities?
Try the new features today by simply logging into your MyWorkspace instance. All features are active and usable instantly.

Any questions, wishes or ideas? Try our ideas portal, check out our knowledge base or drop a mail to support@matrix42.com.

Posted in Features & Updates | Leave a comment

The menhir has had its day…

… but of course, only when it comes to IT… We will certainly continue to pay due interest and respect to the archeologically noteworthy menhirs or monoliths from ancient times, not to forget Obelix whom we can hardly imagine without his menhir. For IT, on the other hand, the time has come to do without monolithic applications where user/rights management was included within the business application. In the wake of cloud computing and SaaS, this link between application servers and identity infrastructures has been cut, to be closed again with methodologies such as federated security.

Common monoliths – directory services

Certainly you still remember the 2000ies with their Y2K issues. Within this first decade of the 21st century, Microsoft, vendor of the de-facto standard Windows Domain System, launched Active Directory as a state-of-the-art and powerful LDAP directory. This technology was quickly adopted by many applications, creating an ecosystem where single sign-on became the standard for Windows applications.

Federated security for IT

The 2000ies are over, and our world has experienced profound and dramatic changes. As opposed to Asterix and Obelix, who fought successfully against the changes going on in their world, IT must be flexible and responsive to such changes. Software-as-a-service applications find their way into business environments. Applications are provisioned by managed service providers, and temporary business allies collaborate within one service. IT is challenged to grant application access to end users without allowing the application to query the user database, for instance, Active Directory, directly. Server-to-server communications are highly unsuitable for such scenario and also much too restrictive on applications. Therefore, federated security is used for software-as-a service, web and, increasingly, for on-premise or native applications. In simple terms, only the client (web browser) needs access to the authorization mechanism and the actual application when this method is used. Both must be trusted applications, which is defined in common protocols such as SAML2 or oAuth2.

Obelix the gold-seeker – about tokens & claims

Both the SAML2 and the oAuth2 protocol are essentially based on the exchange of security tokens between both systems; i.e., the browser as client requests an authorization token at the server that handles the log-in. This token normally has a digital signature by the private key of the authorization system; information within the token is not encrypted, but this is not really necessary. The primary goal is to ensure that authorization information about a user comes from a trusted source and is not changed on its way to the application. TLS/SSL-based encryption is evolving into a standard. The application can validate the signed token with the public key of the authorization system. For this purpose, Matrix42 MyWorkspace uses an end-to-end asymmetric encryption methodology, based on X509 certificates.

If a security token can be created and validated by an authorization system, information on a user’s rights to use an application can be stored within this token; these “claims” define which rights and roles a user is granted in the target application. The oAuth2 protocol uses the JWT token format, which is described in more detail in the this article.

Resisting changes, in a positive sense

Federated security is an approach that ensures security by protecting information against changes, rather than encrypting this information, which means that while authorizations are not encrypted, but can be viewed by all involved parties, their origin and consistency are protected by a digital signature – one of the next blog articles will examine the most popular protocols, SAML2p and oAuth2, from a technical perspective.

While IT monoliths can be replaced, Obelix, on the other hand, shall be allowed to keep his monolithic menhir as a powerful “supporting argument” to defend and protect his world.

Posted in Technical details | Leave a comment

Weekly Feature Update – CW18/2016

The MyWorkspace team is pleased to announce the launch of the following new features and platform changes:

  • New HowTo: Integrate Remote Desktop Services into MyWorkspace
    MyWorkspace offers a comprehensive integration of the Remote Desktop Services to offer client-less access to Virtual Desktops, Terminal Server Sessions or Remote Apps. Our new technical getting started guide describes step-by-step how to integrate an existing Remote Desktop Services farm into MyWorkspace. Read the full article in our knowledge base here.
  • MyWorkspace Mobile App
    We see more and more users who want to use MyWorkspace from their mobile device, smartphone or table. Because of that our M42Mobile app offers access to your modern cloud based workspace and integrates the identity federation platform.

    IMG_0745 IMG_0746

    If you are interested in participating our Mobile Apps Beta program please drop us a message with your preferred iTunes account here.

  • Platform improvements & performance enhancements
    Also this week we used the chance to enhance our identity and access management platform to offer you a secure, reliable and scalable service. Especially the performance during the log in process was increased dramatically.

It has been crafted to reflect what our users told us they need and it also builds upon new technology capable of addressing future needs.

Interested in the new capabilities?
Try the new features today by simply logging into your MyWorkspace instance. All features are active and usable instantly.

Any questions, wishes or ideas? Try our ideas portal, check out our knowledge base or drop a mail to support@matrix42.com.

Posted in Features & Updates | Leave a comment

Tips on How to Set up the Cloud Workspace

Sir Winston Churchill once said: “We shape our buildings; thereafter they shape us.” This is also true or even especially true for the workspace; in the age of the mobile workforce the focus is more on the design of the personal cloud-based workspace, rather than on spatial concepts. After all, high workforce productivity and satisfaction are directly related to the functionality, efficiency and security of the work environment. Similar to the ancient Greek temple builders, MyWorkspace relies on the tested and proven pillar principle.


No company that moves into the cloud will just throw away their equipment to set up completely new cloud workspaces. Most companies take their existing “furniture”, i.e., existing applications along and add some cloud “furnishings” to set up hybrid clouds where multiple applications are connected and data are exchanged automatically. Independent from the details of the workspace set-up, it is the following three pillars that form the foundation of the cloud workspace:

1) Identity & Access Management

Employees want to access their applications and data anytime, from any device and anywhere without having to manage a plethora of web addresses and log-in data themselves. MyWorkspace requires one single password to be used as access portal to their personal workspace – a very easy and convenient approach for end users, ensuring highly satisfied employees. Therefore, it is mandatory for the IT staff to have a look at identity & access management when setting up the cloud-based workspace. MyWorkspace combines new federated security methodologies with existing infrastructures such as the local Active Directory, which makes it possible to put all applications, be it SaaS, web or legacy applications, under the same “cloud roof”; it is also a prerequisite for on- and especially off-boarding processes. The option to withdraw permissions in case of need immediately and completely is invaluable. Therefore, identity & access management is one of the supporting pillars of the (hybrid) cloud-based workspace. It looks as follows:


2) Remote and legacy apps

Employees want access to all of their applications and normally they do not distinguish between services and applications that are provisioned from the cloud or those that are provisioned locally for their work. Therefore, MyWorkspace integrates locally installed applications as well as the Microsoft Remote Desktop Services seamlessly into the modern workspace, no matter whether it is provisioned on-premise or from the cloud. Here is a video with more detailed information:

3) Software and license compliance

New subscription-based licensing models increase the flexibility of cloud services and provide all companies access to solutions that were previously reserved to large corporations only. However, usage-based billing models often lack transparency, which is requested and urgently needed by IT and finance departments. Therefore, MyWorkspace ensures a detailed overview of all cost and concrete utilization rates of cloud services, SaaS and web apps – in compliance with works council regulations and in anonymized form, if desired. Such overview looks as follows:


These three pillars provide every company a stable and sustainable basis, on which cloud-based workspaces can be set up according to company-specific requirements. Finally, let’s come back again to the ancient Greeks and say that MyWorkspace is an advocate of Pericles who said: “It’s the people that make a city, not the buildings.”

Posted in Technical details | Tagged , , , | 1 Comment

Weekly Feature Update – CW17/2016

The MyWorkspace team is pleased to announce the launch of the following new features and platform changes:

  • Proxy Support for AD Connector
    The MyWorkspace Active Directory Connector just needs a working outbound HTTPs connection to the internet to establish a trustworthy and secure tunnel to MyWorkspace. Sometimes enterprises need to follow a pre-authorized proxy policy which means the proxy server requires special credentials. The MyWorkspace AD Connector now support proxy servers, incl. pre-authorisation. More details can be found in our Knowledge-Base: read the article.
  • Visibility Conditions
    Sometimes it happens that Software as a Service or Web-Applications are not working in every browser. To not confuse your end users MyWorkspace offers now visibility conditions on the application level to dynamically show or hide applications based on the browser and the underlaying operating system.


    Define simple or complex visibility conditions for your applications based on the browsers user agent definition.

  • Frontend Performance
    We upgrade the underlaying frameworks of our frontends to the latest and greatest stable versions. This brings a better performance esp. in older browser for free. In addition the new version of our UI framework delivers better compatibility between the different browser vendors.

It has been crafted to reflect what our users told us they need and it also builds upon new technology capable of addressing future needs.

Interested in the new capabilities?
Try the new features today by simply logging into your MyWorkspace instance. All features are active and usable instantly.

Any questions, wishes or ideas? Try our ideas portal, check out our knowledge base or drop a mail to support@matrix42.com.

Posted in Features & Updates | Leave a comment

Smooth Workspace for Everybody: Our Recipe…

For their fans, smoothies are their daily portion of health and fitness and even make them happy, because they can be made without specific cooking skills and combine the properties and benefits of their ingredients into a balanced and effective mixture. What are the ingredients of a workspace solution that leads to happy end users, a happy IT department and a happy company alike?


In many organizations, the happiness and fitness or productivity of end users, the IT department and the entire company are rather clouded, since work styles have undergone radical changes. While in the past administrators provisioned the required applications for their users on an in-house server within the company’s own data center, today’s provisioning and sourcing models are increasingly based on web or SaaS applications. Companies use at least ten and very often many more external SaaS applications, which results in a high degree of complexity for both the users and the IT staff. Users are challenged to memorize various passwords, user IDs and web addresses; the IT staff, on the other hand, must master environments where both personal and business applications are used for business purposes – quite an unhappy situation, since they lack a transparent overview of assets and licenses, which in turn limits their cost control possibilities or makes such control even impossible.

Our Recipe…. Ingredients for the Smooth Workspace
MyWorkspace provides the recipe for the happiness- and productivity-inducing workspace. The solution consists of a combination of the following “ingredients”:

  1. For the end users
    • One single password for everything; automatic and secure log-in to all business applications;
    • No more URL madness; company favorites for easy access to applications;
    • Everywhere access to workspace; company access from anywhere and at any time.
  2. For the IT staff
    • Higher security levels; automated on- and off-boarding processes for employees;
    • Highly granular access; role-based access control for business applications, data and IDs
    • Compliance management and audit of security requirements for employees and IT staff.
  3. For the company
    • Continued use of existing systems; use and enhancement of existing infrastructures to integrate SaaS and web applications;
    • Easy integration of all application types; SaaS, web and legacy applications can be added with one click.
    • Cost optimization; management and optimization of subscriptions for SaaS and web applications.

The clouds will soon be lifted, and the mood will brighten considerably once the many app clouds above people’s heads are removed to make way for the sun to come through and each user works with his or her personal cloud only.

Have our ingredients whet your appetite for the smooth workspace? Then have a look at our recipe in more detail: MyWorkspace by Matrix42. The device-independent workspace of the future.

Would you like to have a smoothies? No problem – click here for lots of smart recipes.

Posted in Strategy | 1 Comment