IGELOmnissa

Sales Playbook

IGEL + Omnissa

Overview

IGEL for Omnissa reps: the hidden multiplier

Lead with IGEL as the immutable endpoint layer that makes Horizon and Workspace ONE easier to buy, safer to run, and faster to scale.

TL;DR for Omnissa sellers

  • IGEL is the hardened, read-only endpoint OS.
  • Omnissa orchestrates the workspace; IGEL protects the endpoint state.
  • Together: less endpoint blame, lower TCO, faster deployments.

Problem

The gap: modern workspaces, old & risky endpoints

What customers are trying to do

  • • Migrate to Horizon 8 / Horizon Cloud or expand VDI/DaaS.
  • • Roll out Workspace ONE UEM for unified management.
  • • Support hybrid/remote workforces without chaos.
  • • Pass compliance without exploding cost.

Where deals stall or shrink

  • • Windows refresh tied to hardware spend.
  • • Branch/clinic endpoints keep getting compromised.
  • • Security can't prove device compliance before access.
  • • IT can't patch/manage 1,000+ disparate PCs and laptops.
Risk

Omnissa gets blamed when endpoints are breached or unreliable.

Constraint

Budget for Horizon / Workspace ONE is tied up in PC refresh.

Opportunity

Decouple the workspace win from endpoint cost & risk with IGEL.

Joint Value

IGEL + Omnissa: secure, adaptive workspace continuum

What IGEL actually is

IGEL is a hardened endpoint OS designed for VDI, DaaS, SaaS, and secure browser use cases - replacing Windows at the workspace access layer with an immutable, prevention-first baseline.

  • • Immutable, read-only, tamper-resistant
  • • No local data to exfiltrate or ransom
  • • Chain-of-trust from firmware to session
  • • Centralized, policy-based control (UMS)

How it amplifies Omnissa

Workspace promise + endpoint reality

Omnissa orchestrates secure digital workspaces; IGEL ensures only known-good, immutable endpoints reach them.

Zero Trust in practice

IGEL enforces trusted boot and no local data; Workspace ONE applies conditional access and posture.

Cost & lifecycle

Extend device life 3-5 years and reduce endpoint ops burden - making bigger Omnissa deals easier to fund.

Where IGEL sits in the Omnissa stack

Workspace & Apps

Horizon / App Volumes

Desktops and apps from cloud or datacenter.

Access & Identity

Workspace ONE Access

Conditional access, SSO, policy engine.

Management & Analytics

Workspace ONE UEM

Unified endpoint management and telemetry.

Endpoint OS & Endpoint Security

IGEL OS

Read-only OS with no local data, plus chain-of-trust from firmware to session.

How It Works

From hardware to Horizon session: the secure path

1) IGEL OS at the workspace access layer

  • • Convert existing x86 devices to IGEL OS.
  • • Immutable, read-only image with signed updates.
  • • No local apps/data; everything runs in Horizon or browser.

2) Omnissa workspace fabric

  • • Launch Horizon sessions via Blast/PCoIP/RDP.
  • • Workspace ONE UEM applies policy and inventory.
  • • Workspace ONE Access enforces conditional access & MFA.

3) Security & operations

  • • Boot chain validated before sessions start.
  • • Patch once in Horizon images, not across endpoints.
  • • Most device issues resolved by reimage in minutes.

Sales Plays

Top joint plays: pick your persona

Use the persona filter to lead with the right play, then generate a full play pack in Spike.

Filter by buying persona

Play #1

Modernize Without Refresh Budget unlock

Target: CIO, EUC Director, Workspace Modernization Lead.

Trigger

  • • Windows 10/11 refresh looming.
  • • Aging PC fleet; rising support cost.
  • • Existing Horizon or Workspace ONE footprint.

Joint solution

  • • IGEL OS on existing PCs/laptops/thin clients.
  • • Workspace ONE UEM for unified management.
  • • Horizon 8 or Horizon Cloud for desktops.
  • • Optional: App Volumes for app delivery.

Value props

  • • Extend device life by 3-5 years.
  • • Cut endpoint TCO by up to ~60%.
  • • Patch once in Horizon, not 10,000 times at the workspace access layer.

Talk track

We can deliver your Horizon roadmap without buying a new PC fleet. IGEL turns what you already own into secure, managed Horizon endpoints.

Play #2

Zero Trust at the Endpoint Enforcement Layer Risk & compliance

Target: CISO, SecOps Director, Compliance Officer.

Trigger

  • • NIS2, HIPAA, PCI-DSS, or SOC2 audits.
  • • Remote/BYOD expansion with unmanaged devices.
  • • Incidents tied to compromised endpoints.

Joint solution

  • • IGEL OS with TPM-backed chain-of-trust and no local data.
  • • Workspace ONE Access + UEM for conditional access and posture.
  • • Horizon as the controlled execution environment.

Value props

  • • Zero data at rest at the endpoint.
  • • Tamper-resistant boot chain to reduce attack surface.
  • • Clear, auditable controls story for regulators.

Talk track

We're not asking you to detect every breach - we design the endpoint so there's nothing valuable to steal, and every device is verified before it connects.

Play #3

Hybrid Work Made Simple

Target: Workspace Architect, Digital Employee Experience lead.

Trigger

  • • Hybrid users complain about inconsistent login/performance.
  • • Mix of on-prem Horizon and cloud desktops.
  • • Too many device types to manage cleanly.

Joint solution

  • • IGEL OS as a single, predictable workspace access layer across devices.
  • • Horizon 8/Cloud for consistent desktops and apps.
  • • Workspace ONE for policy and DEX.

Value props

  • • Fewer workspace-related tickets by standardizing the workspace access layer.
  • • Faster onboarding for remote/contract workers.
  • • Same experience from any location or device.

Talk track

IGEL gives you a single, predictable workspace access layer. Omnissa gives you a single, predictable workspace. Hybrid users stop caring where they log in from - because it just works.

Play #4

Regulated Workspace Resilience

Target: Compliance lead, IT director (healthcare, finance, public sector, manufacturing edge).

Trigger

  • • Strict sector compliance requirements.
  • • Clinic or branch endpoints mixing OT and IT.
  • • Audit-driven modernization project.

Joint solution

  • • IGEL OS on clinical/branch endpoints.
  • • Horizon delivering controlled desktops/apps.
  • • Workspace ONE for access control and logging.

Value props

  • • Audit-ready access trails and immutable endpoints.
  • • PII/PHI never stored locally on the device.
  • • Faster re-auth and session roaming for frontline workflows.

Talk track

We separate the messy world of clinic devices from the clean world of compliant apps. IGEL neutralizes the endpoint; Omnissa governs the access.

Play #5

App Delivery Simplified

Target: IT infrastructure manager, cloud architect.

Trigger

  • • Too many golden images to maintain.
  • • Mix of legacy and modern app packaging.
  • • Desire to standardize on App Volumes.

Joint solution

  • • App Volumes for just-in-time app delivery into Horizon.
  • • IGEL App Portal for signed, modular endpoint apps.
  • • Optional: IGEL Managed Hypervisor for fallback use cases.

Value props

  • • Reduce image sprawl and speed up rollback.
  • • Consistent app delivery story across the workspace access layer and cloud.

Talk track

App Volumes feeds the Horizon desktops. IGEL App Portal feeds the endpoints. Together you get a unified, secure app ecosystem across the workspace access layer and cloud.

Talk Tracks

What to say when IGEL enters the deal

Explain IGEL in 30 seconds

IGEL turns any device into a secure, managed Horizon endpoint. It's a hardened OS that can't be tampered with, stores no local data, and extends the life of existing hardware - all while integrating with Workspace ONE and Horizon.

Signals that scream "Bring IGEL"

  • We're delaying Windows refresh to manage cost.
  • Our remote or clinic endpoints keep getting compromised.
  • We can't prove device compliance before workspace login.
  • We need to repurpose old PCs for Horizon Cloud.
  • We don't have the people to patch 1,000+ endpoints.

Competitive landmines IGEL helps you defuse

Just run Windows on the endpoint.

IGEL eliminates the local Windows attack surface and patch chaos, while still delivering Windows from Horizon.

Low-cost thin client / cheaper OS plays

IGEL adds a prevention-first posture: signed modules, chain-of-trust, and validated integrations.

We'll bypass with AVD/W365.

IGEL supports AVD/W365 too - standardize the workspace access layer while keeping Omnissa for advanced control, app strategy, and DEX.

Identity-alignment one-liners

  • If endpoint risk needs to go to zero, look at IGEL.
  • If your job is workspace experience, IGEL keeps endpoints from undermining Horizon.
  • If you want bigger Omnissa wins without bigger budgets, IGEL helps fund the project.

Customer Outcomes

Proof points: what it looks like in the wild

Healthcare: follow-me workspaces

IGEL endpoints + Horizon + tap-in/tap-out SSO. PHI never touches the device.

  • • Sub-5-second re-auth
  • • Compliance alignment
  • • No local PHI on clinic PCs

Financial branches

Repurpose out-of-support PCs; Horizon Cloud delivers desktops; Workspace ONE enforces policy.

  • • Lower endpoint TCO
  • • No branch downtime for refresh
  • • Strong security posture

Hybrid workforce at scale

Boot into a compliant endpoint on compatible x86 hardware - ideal for contractors and BYOD.

  • • Managed workspace on any device
  • • Clear separation of personal vs corporate
  • • Faster onboarding

Objections

Common objections & how to steer them

We're already standardizing on Windows endpoints.

Reframe: This isn't Windows vs IGEL. It's local Windows vs datacenter Windows. Horizon still delivers Windows; IGEL ensures the endpoint isn't the weakest link.

Thin clients are cheaper; why IGEL?

Reframe: Hardware is only part of the story. IGEL brings immutable OS, chain-of-trust, signed modules, and validated integrations - protecting the Horizon investment.

Does this overlap with our SASE / IAM stack?

Reframe: SASE and IAM secure the path and identity; IGEL secures device state. They're complementary layers in the same Zero Trust story.

Will this slow down our Horizon project?

Reframe: Most customers deploy IGEL in parallel. Converting devices is faster than replacing them, and IGEL often unblocks stalled workspace projects.

Next Steps

Make IGEL a standard move in Omnissa deals

  1. Qualify for IGEL signals. When you hear refresh pressure, endpoint risk, or compliance anxiety, pull IGEL into discovery.
  2. Position IGEL as a multiplier. The "secure zero layer" that makes Horizon and Workspace ONE easier to buy and safer to run.
  3. Pull IGEL in early. Use joint discovery/workshops to shape the endpoint + compliance story.
  4. Co-demo the experience. Show an IGEL-booted device logging into Horizon with Workspace ONE policies applied.

Every Omnissa deal that includes IGEL is stickier, bigger, safer, and faster.

S

Spike AI

Spike is an assistive drafting companion. Always review, fact-check, and approve every response before sharing. Using this workspace for inappropriate or non-business content violates IGEL's Code of Conduct and may result in access suspension.