Abstract: Systems and methods for managing communications during the orchestration of workspaces by multiple remote orchestrators are described. In an illustrative, non-limiting embodiment, a first orchestrator with respect to a workspace executed by a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the first orchestrator to: create a first payload with a first data portion; and receive, from a second orchestrator with respect to the workspace, a hash of at least a second data portion exclusive of the second data portion, where the second orchestrator is configured to send a second payload comprising the second data portion to the client IHS, and where the client IHS is configured to validate the second payload, at least in part, based upon the hash.

Abstract: Systems and methods support updates to an Information Handling System (IHS). A workspace is instantiated on the IHS based upon a received workspace definition, where the workspace identifies an available update to a system operating on the IHS. A request is made for a first credential used for validation of the IHS by a first remote workspace orchestrator. The workspace provides the first credential to a second remote workspace orchestrator that controls access to updates to the system operating on the IHS. The second remote workspace orchestrator uses the first credential to validate the IHS with the first remote workspace orchestrator. The workspace performs the available update to the system operating on the IHS using a second credential provided by the second remote workspace orchestrator upon validation of the IHS by the first remote workspace orchestrator. The IHS maintains separate confidentiality with each remote orchestrator providing credentials for the update.

Abstract: Systems and methods are provided for managing capabilities of workspaces operating on an Information Handling System (IHS). A request is received from a user of the IHS for access to a protected resource. A security context and a productivity context are determined for operation of a primary workspace on the IHS. Two or more applications are identified for operation within the primary workspace, where the applications provide access to the protected resource, and where the applications include overlapping capabilities. Based on the security context and the productivity context for the primary workspace deployment, two or more of the applications with overlapping capabilities are selected for operation within the primary workspace.

Abstract: Systems and methods support operation of primary on an Information Handling System (IHS) and the operation of subordinate workspaces on peripheral devices coupled to the IHS. The IHS receives a primary workspace definition from a remote orchestrator and instantiates a primary workspace based upon the primary workspace definition, where the instantiated primary workspace operates using core resources of the IHS and provides access to a protected resource. The IHS reports, to the remote orchestrator, an inventory of peripheral devices that are detected as coupled to the IHS. In response, one or more subordinate workspace definitions are received from the remote orchestrator, where each of the subordinate workspace definitions are for operation of a subordinate workspace by one of the peripheral devices coupled to the IHS. Based on the received subordinate workspace definitions, operation of subordinate workspaces is initiated on peripheral devices coupled to the IHS.

Abstract: Systems and methods support updates peripheral devices that may be coupled to an Information Handling System (IHS), such as provided at shared-use workstations. The IHS reports, to a remote orchestrator, an inventory of peripheral devices that are coupled to the IHS. In response, the remote orchestrator provides the IHS with files for updates to some or all of the coupled peripheral devices. As part of the updates, the remote orchestrator also designates a specific peripheral device as a proxy for making updates to other peripherals of the shared-use workstation. The IHS transmits the files to the proxy peripheral device, where the files are stored in a memory of the proxy peripheral device. The proxy peripheral device uses the files to update the other peripherals of the shared-use workstation, such as when the peripherals are not in use by the IHS, or after the IHS has been disconnected.

Abstract: Systems and methods are provided that may be implemented by services executing on one or more remote servers and on an endpoint information handling system to remotely erase (i.e., clear or remove) biometric fingerprint credential data that is previously stored on non-volatile memory of a discrete “match-on chip” fingerprint reader (MOFR) of the endpoint information handling system, as well as to erase separate non-biometric OS user identifier (ID) fingerprint enrollment information stored on separate system non-volatile memory of the endpoint information handling system.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods are provided for managing capabilities of workspaces operating on an Information Handling System (IHS). A request is received from a user of the IHS for access to a protected resource. A security context and a productivity context are determined for operation of a primary workspace on the IHS. Two or more applications are identified for operation within the primary workspace, where the applications provide access to the protected resource, and where the applications include overlapping capabilities. Based on the security context and the productivity context for the primary workspace deployment, two or more of the applications with overlapping capabilities are selected for operation within the primary workspace.

Abstract: Systems and methods for distributed orchestration using delegate workspaces are described. In an illustrative, non-limiting embodiment, a remote orchestrator with respect to a workspace executed by a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the remote orchestrator to: communicate with a database of delegate workspaces, each delegate workspace instantiated by a respective one of a plurality of edge IHSs; and assign a management task with respect to a client IHS's workspace to a delegate workspace executed by a selected edge IHS, where the delegate workspace is selected, at least in part, based upon information stored in the database.

Abstract: Systems and methods support updates peripheral devices that may be coupled to an Information Handling System (IHS), such as provided at shared-use workstations. The IHS reports, to a remote orchestrator, an inventory of peripheral devices that are coupled to the IHS. In response, the remote orchestrator provides the IHS with files for updates to some or all of the coupled peripheral devices. As part of the updates, the remote orchestrator also designates a specific peripheral device as a proxy for making updates to other peripherals of the shared-use workstation. The IHS transmits the files to the proxy peripheral device, where the files are stored in a memory of the proxy peripheral device. The proxy peripheral device uses the files to update the other peripherals of the shared-use workstation, such as when the peripherals are not in use by the IHS, or after the IHS has been disconnected.

Abstract: Systems and methods support updates to an Information Handling System (IHS). A workspace is instantiated on the IHS based upon a received workspace definition, where the workspace identifies an available update to a system operating on the IHS. A request is made for a first credential used for validation of the IHS by a first remote workspace orchestrator. The workspace provides the first credential to a second remote workspace orchestrator that controls access to updates to the system operating on the IHS. The second remote workspace orchestrator uses the first credential to validate the IHS with the first remote workspace orchestrator. The workspace performs the available update to the system operating on the IHS using a second credential provided by the second remote workspace orchestrator upon validation of the IHS by the first remote workspace orchestrator. The IHS maintains separate confidentiality with each remote orchestrator providing credentials for the update.

Abstract: Systems and methods support operation of primary on an Information Handling System (IHS) and the operation of subordinate workspaces on peripheral devices coupled to the IHS. The IHS receives a primary workspace definition from a remote orchestrator and instantiates a primary workspace based upon the primary workspace definition, where the instantiated primary workspace operates using core resources of the IHS and provides access to a protected resource. The IHS reports, to the remote orchestrator, an inventory of peripheral devices that are detected as coupled to the IHS. In response, one or more subordinate workspace definitions are received from the remote orchestrator, where each of the subordinate workspace definitions are for operation of a subordinate workspace by one of the peripheral devices coupled to the IHS. Based on the received subordinate workspace definitions, operation of subordinate workspaces is initiated on peripheral devices coupled to the IHS.

Abstract: An Information Handling System (IHS), such as a workspace orchestration service IHS, observes location information of a device, and receives location information logged by the device. The observed location information may include telemetry of the device, and/or the received device-logged location information may include below-OS telemetry of the device The IHS correlates the observed location information with the received device-logged location information, and adjusts a security score of the device in accordance with the resulting correlation. Where the device is a workspace instantiation client IHS, the logged location information is logged by the workspace, and the security score is the security score of the workspace. Also, the workspace orchestration service IHS may build a definition for the workspace, that includes one or more localized entitlements for the workspace, or may build the workspace definition to include remediation action, based on the location information and/or adjusted security score.

Abstract: Systems and methods for managing communications during the orchestration of workspaces by multiple remote orchestrators are described. In an illustrative, non-limiting embodiment, a first orchestrator with respect to a workspace executed by a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the first orchestrator to: create a first payload with a first data portion; and receive, from a second orchestrator with respect to the workspace, a hash of at least a second data portion exclusive of the second data portion, where the second orchestrator is configured to send a second payload comprising the second data portion to the client IHS, and where the client IHS is configured to validate the second payload, at least in part, based upon the hash.

Abstract: System and methods support workspaces operating on an Information Handling Systems (IHS). A primary workspace definition is received by the IHS from a remote orchestrator. A primary workspace is instantiated based upon the primary workspace definition, where the instantiated primary workspace provides access to a protected resource. One or more subordinate workspaces are identified that operate by peripheral devices that are coupled to the IHS, where each subordinate workspace supports one or more roles of authorized operations by a respective peripheral device. The roles may correspond to specific functions of the first of the reported peripheral device that are available for use by the primary workspace. One or more of the subordinate workspaces are selected for use by the primary workspace based on the roles supported by the subordinate workspaces.

Abstract: Workspace instantiations are monitored for potentially suspicious behavior. When a workspace is instantiated, a client endpoint computer creates a log of historical workspace instantiations. Each time the client endpoint computer requests, receives, or executes a workspace, the client endpoint computer adds and timestamps a new entry in the log of historical workspace instantiations. The log of historical workspace instantiations thus represents a rich database description of each workspace, its corresponding workspace definition file, and its corresponding timestamp. A workspace orchestration service may monitor how frequently the log of historical workspace instantiations is generated and flag or alert of unusual or anomalous counts. Any current workspace instantiation may thus be terminated as a security precaution.

Abstract: Workspace instantiations are monitored for potentially suspicious behavior. A client endpoint computer creates and maintains a log of historical events associated with a workspace instantiation. Each time the client endpoint computer processes an event associated with the workspace instantiation, the client endpoint computer adds and timestamps a new entry in the log of the historical events associated with the workspace instantiation. The log of the historical events thus represents a rich database description of the workspace instantiation, its corresponding workspace definition file, its corresponding workspace lifecycle events, and their corresponding timestamps. A workspace orchestration service (perhaps provided by a server) may monitor the log of historical events and flag or alert of any entries indicating suspicious behavior. Any current workspace instantiation may thus be terminated as a security precaution.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor and a memory, the memory having program instructions that, upon execution by the processor, cause the client IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a first workspace based upon a first workspace definition; allow a user to execute a non-vetted application in the first workspace; determine that the first workspace is compromised; and receive, in response to the determination, from the workspace orchestration service, one or more other files or policies configured to enable the client IHS to instantiate a second workspace based upon a second workspace definition, where the second workspace definition allows execution of a vetted application corresponding to the non-vetted application.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.