Systems and methods for orchestrated VPN consolidation for modern workspaces

The invention claimed is: 1. A method for VPN (Virtual Private Network) session management for a plurality of workspaces operating on an Information Handling System (IHS), the method comprising: registering a VPN consolidation function of the IHS with a workspace orchestration service that is remote from the IHS and manages deployment of the plurality of workspaces on the IHS; instantiating a first workspace according to a first workspace definition provided by the workspace orchestration service; instantiating a second workspace on the IHS, wherein the second workspace comprise a VPN workspace that operates according to a second workspace definition provided by the workspace orchestration service, wherein the second workspace definition comprises credentials for tunneling to a first VPN endpoint; receiving, from the workspace orchestration service, a handle for communicating VPN data between the first workspace and the VPN workspace; and transmitting the VPN data between the VPN workspace and the first VPN endpoint via a tunnel generated based on the credentials provided in the second workspace definition. 2. The method of claim 1 , wherein the handle further comprises a token specifying a duration of the validity of the handle for communicating VPN data between the first workspace and the VPN workspace. 3. The method of claim 2 , wherein the handle further comprises one or more conditions for evaluating the validity of the token. 4. The method of claim 3 , wherein the conditions comprise a minimum security score that must be maintained for the handle to remain valid, wherein the security score is determined based on a validation of an integrity of the first workspace. 5. The method of claim 2 , wherein the token is generated by the workspace orchestration service based on a unique identifier of the IHS and based a unique identifier of the first workspace. 6. The method of claim 1 , wherein the first workspace is not provided credentials for tunneling to the first VPN endpoint. 7. The method of claim 1 , further comprising instantiating a third workspace on the IHS, wherein the third workspace comprises an additional VPN workspace that operates according to a third workspace definition provided by the workspace orchestration service, wherein the third workspace definition comprises credentials for tunneling to a second VPN endpoint. 8. The method of claim 1 , wherein the interface of the handle comprises an API (Application Programming Interface) for communicating VPN data between the first workspace and the VPN workspace. 9. The method of claim 1 , wherein the handle further comprises an IPC (Inter-Process Communication) resource of the IHS for use in communicating VPN data between the first workspace and the VPN workspace. 10. The system of claim 1 , wherein the first workspace is not provided credentials for tunneling to the first VPN endpoint. 11. The system of claim 1 , wherein execution of the instructions by the processors further causes the IHS to instantiate third workspace on the IHS, wherein the third workspace comprises an additional VPN workspace that operates according to a third workspace definition provided by the workspace orchestration service, wherein the third workspace definition comprises credentials for tunneling to a second VPN endpoint. 12. The system of claim 1 , wherein the handle further comprises a token specifying a duration of the validity of the handle for communicating VPN data between the first workspace and the VPN workspace. 13. An Information Handling System (IHS) supporting VPN (Virtual Private Network) session management for a plurality of workspaces operating on the IHS, the IHS comprising: an embedded controller comprising a logic unit and a memory storing program instructions that, upon execution by the logic unit, cause the embedded controller to: register a VPN consolidation function of the IHS with a workspace orchestration service that is remote from the IHS and manages deployment of the plurality of workspaces on the IHS; one or more processors; and a memory coupled to the processors, the memory storing program instructions that, upon execution by the processors, cause the IHS to: instantiate a first workspace according to a first workspace definition provided by the workspace orchestration service; instantiate a second workspace on the IHS, wherein the second workspace comprises a VPN workspace that operates according to a second workspace definition provided by the workspace orchestration service, wherein the second workspace definition comprises credentials for tunneling to a first VPN endpoint; receive, from the workspace orchestration service, a handle for communicating VPN data between the first workspace and the VPN workspace; and transmit the VPN data between the VPN workspace and the first VPN endpoint via a tunnel generated based on the credentials provided in the second workspace definition. 14. The IHS of claim 13 , wherein the first workspace is not provided credentials for tunneling to the first VPN endpoint. 15. The IHS of claim 13 , wherein execution of the instructions by the processors further causes the IHS to instantiate third workspace on the IHS, wherein the third workspace comprises an additional VPN workspace that operates according to a third workspace definition provided by the workspace orchestration service, wherein the third workspace definition comprises credentials for tunneling to a second VPN endpoint. 16. The IHS of claim 13 , wherein the handle further comprises a token specifying a duration of the validity of the handle for communicating VPN data between the first workspace and the VPN workspace. 17. The IHS of claim 13 , wherein the handle further comprises a token specifying a duration of the validity of the handle for communicating VPN data between the first workspace and the VPN workspace. 18. The IHS of claim 17 , wherein the handle further comprises one or more conditions for evaluating the validity of the token. 19. The IHS of claim 18 , wherein the conditions comprise a minimum security score that must be maintained for the handle to remain valid, wherein the security score is determined based on a validation of an integrity of the first workspace. 20. A system supporting a plurality of workspaces operating on an Information Handling System (IHS), the system comprising: a workspace orchestration service that is remote from the IHS and that manages deployment of workspaces on the IHS; and the IHS comprising: an embedded controller comprising a logic unit and a memory storing program instructions that, upon execution by the logic unit, cause the embedded controller to: register a VPN consolidation function of the IHS with a workspace orchestration service; a processor; and a memory coupled to the processor, the memory storing program instructions that, upon execution by the processor, cause the IHS to: instantiate a first workspace according to a first workspace definition provided by the workspace orchestration service; instantiate a second workspace on the IHS, wherein the second workspace comprises a VPN workspace that operates according to a second workspace definition provided by the workspace orchestration service, wherein the second workspace definition comprises credentials for tunneling to a first VPN endpoint; receive, from the workspace orchestration service, a handle for communicating VPN data between the first workspace and the VPN workspace; and transmit the VPN data between the VPN workspace and