Managing the whole
Conceptually, management of these elements can be enabled by a layer of abstraction between service management and desktop delivery, often called workspace management. This layer of abstraction provides several key capabilities:
Policy: Effective management enables IT and the business to collaboratively define policies for who gets access to what, and under what conditions. These policies are essential for automating resource permissioning while fulfilling security and compliance imperatives.
Automation: The automation of resource provisioning eliminates the latencies that result when service requests have to be manually executed by IT staff. A single point of control for provisioning automation also eliminates the problems that arise when IT staff keep writing individual provisioning scripts on an ad hoc basis over time -- and store them in random places.
Integration: A layer of management acts as an integration hub between service management, VDI, HR applications (which can trigger provisioning changes), mobility management (which can provide important session context data), and any other system relevant to user access.
Self-service: At most organizations, changes in user access aren't exclusively driven by business policies. Line of business managers and users are also free to make certain decisions about digital resources. A management system should provide for this business self-service.
Reporting: Access management should give managers visibility into key metrics and events such as rejected requests, failed provisionings, user uptake rates, etc. In more advanced scenarios, visibility into service cost per user can be calculated.