1.0
Table Of Contents
- Introduction and System Requirements
- Learning the Basics of VMware ACE Manager
- Installing and Configuring VMware ACE Manager
- Creating Projects
- Setting Policies and Customizing VMware ACE
- Creating Packages to Deploy to Users
- Deploying and Maintaining Packages
- Installing and Running VMware ACE
- Using Virtual Disks
- Preserving the State of a Virtual Machine
- Networking Virtual Machines
- Configuring Video and Sound
- Connecting Devices to Virtual Machines
- Using Parallel Ports
- Using Serial Ports
- Using USB Devices in a Virtual Machine
- Notes on USB Support in VMware ACE
- Enabling and Disabling the USB Controller
- Connecting USB Devices
- Using USB with a Windows Host
- Replacing USB 2.0 Drivers on a Windows 2000 Host
- Installing USB Devices as a Non-Administrator
- Who Has Control over a USB Device?
- Disconnecting USB Devices from a Virtual Machine
- Human Interface Devices
- Understanding Policies
- Glossary
- Index
- File extensions
- .lck 171
- .REDO 184
- .vmdk 169
- .vmhf 151
- .vmpl 220
- .vmprj 150
- .vmss 180
- .wav 204
- A
- Access
- Adapter
- Add
- Address
- Administrator access
- Athlon 12, 14
- Audio
- AudioPCI 204
- Authentication
- Autorun
- B
- BIOS
- Bridge 189
- Bridged networking
- BSD
- BusLogic 16
- C
- CD
- Celeron 12, 14
- Centrino 12, 14
- Checklist
- Clock
- Color
- Comm port
- Configuration
- Configure
- Connect
- Copy protection
- CPU
- Create
- Creative Labs 17, 204
- Ctrl-Alt 38
- D
- Date
- Decrease
- Defragment
- Deploy
- Devices
- DHCP
- Direct memory access
- Disable
- Disconnect
- Disk
- Disk files 169
- Disks
- Display
- Distribute
- DMA
- DNS 197
- Driver
- Drives
- Duron 12, 14
- DVD
- E
- Enable
- Encryption
- Ethernet
- Expiration
- F
- Files
- Firewall 198
- Floppy
- Forums 20
- FreeBSD
- FTP 197
- Full screen
- G
- Grab
- Graphics
- Guest operating system
- H
- Host computer
- Host operating system 260
- Host quarantine 237
- Host virtual adapter 189
- Host-only networking
- Hot fix
- Hot keys
- I
- ICMP 197
- IDE
- Image file
- Input
- Install
- interface
- Iomega
- IP address
- ISO image file 16, 175, 177
- K
- Keyboard
- Knowledge base 20
- L
- Link
- Linux
- Lock files 170
- LSI Logic 16, 58
- M
- Memory
- MIDI 204
- Mode
- Modifier keys
- Mouse
- MP3 204
- MS-DOS
- Mylex 16
- N
- Named pipe 210, 211
- NAT
- NetLogon 198
- NetWare
- Network
- adding and modifying virtual Ethernet adapters 195
- advanced quarantine 234
- advanced quarantine policies for guest 240
- bridge 189
- bridged networking 259
- changing the configuration 195
- common configurations 191
- components 189
- DHCP server 190
- host virtual adapter 189
- host-only 193, 259
- NAT 192, 196, 260
- NAT as firewall 198
- NAT device 189
- quarantine policies for host computer 237
- restricting host computer access 234
- switch 189
- Token Ring 192
- virtual DHCP server 192, 193
- virtual Ethernet adapter 190
- Virtual Network Editor 261
- virtual switch 189
- zones for advanced quarantine 235
- Network address translation
- Network quarantine 85
- New Virtual Machine Wizard 168, 260
- Newsgroups 20
- NIC
- Novell NetWare
- nq-set 146
- O
- Operating system
- Opteron 12, 14
- P
- Package
- Parallel ports
- Password
- Pentium 12, 14
- Ping 197
- Pipe
- Plug-in
- Policies
- advanced network quarantine for guest 240
- authentication 81, 222
- copy protection 84, 225
- encryption 222
- expiration 83, 224
- network quarantine 85, 230, 234
- network quarantine for host 237
- overview 220
- removable devices 85
- setting 71
- setting for a virtual machine 81
- setting for VMware ACE 74
- using scripts 244
- VMware ACE application 226
- Policy
- Power off
- Preferences
- Printer
- Priorities
- Process scheduler 39
- Processor
- Project
- Q
- Quarantine
- Quit
- R
- RAM
- Real Media 204
- Reclaim
- Redo-log file 184
- Registration 21
- Removable devices 85
- Remove
- Reset
- Restore
- Resume
- Return
- Revert
- Run
- S
- Save
- Screen
- Script
- SCSI
- Security
- Serial connection
- Serial port
- Server
- Set
- Set up
- Settings editor
- Shared folder
- Shortcut
- Shrink
- Silent
- Size
- Snapshot
- Software
- Sound
- Sound Blaster 204
- Start
- Stop
- Suspend
- Swapping
- Switch
- T
- Telnet 197
- Time
- Token Ring 192
- Tools
- Troubleshooting
- U
- UI
- Uninstall
- Unplug
- USB
- V
- Version
- Virtual disk
- Virtual machine
- Virtual machine settings editor
- Virtual Network Editor 261
- Virtual switch 189
- VMnet8 196
- VMware ACE
- VMware ACE Manager
- VMware Tools
- W
- Windows
- Windows 95
- Windows 98
- Windows NT
- Wizard
- Workspaces
- X
- Xeon 12, 14
- Z
- Zip drives
- Zones
www.vmware.com
230
VMware ACE Administrator’s Manual
Network Quarantine Policies
Network quarantine policies give you fine-grained control over the network access
you provide to users of your virtual machines.
Using a packet filtering firewall, the network quarantine feature of VMware ACE lets
you specify exactly which machines or subnets a virtual machine may access. This
means that you can, for example, configure the virtual machine so it is allowed to
connect only to your VPN server, which then controls access to other resources.
Network quarantine rules can be dynamic. This means, for example, that you can
quickly lock virtual machines out of all or part of your network to help combat the
spread of a worm or virus without deploying updated packages.
You can also set different network quarantine policies for virtual machines based on a
version you assign. This means you can, for example, give out-of-date virtual machines
access to the server that provides a required patch or software update but not to
other parts of your network.
You set and modify network quarantine policies with a wizard. Open the policy editor
from the Commands list on the project or virtual machine details page, select
Network quarantine, select Quarantined access to specific networks and machines,
then click Network Quarantine Wizard.
The following sections provide background on some of the decisions you make as
you set network quarantine policies for a virtual machine. For step-by-step
instructions on using the Network Quarantine Wizard, see Setting Network
Quarantine Policies on page 85.
Selecting the Type of Network Quarantine
The following four types of network quarantine are available:
• Static quarantine — You specify a single list of approved or disapproved
networks and machines. The list is stored with the virtual machine and
distributed as part of the package. If you need to make any changes in the
future, you must create a package containing at least the policies for the
affected virtual machine and distribute the update to your users.
Static quarantine is somewhat simpler to configure and may be the most
convenient choice if you do not plan to change the access list.
• Dynamic quarantine — You specify a single list of approved or disapproved
networks and machines. The list is stored on a server. Each time the virtual
machine runs, and at regular intervals while it is running, it checks the server