1.0
Table Of Contents
- Introduction and System Requirements
- Learning the Basics of VMware ACE Manager
- Installing and Configuring VMware ACE Manager
- Creating Projects
- Setting Policies and Customizing VMware ACE
- Creating Packages to Deploy to Users
- Deploying and Maintaining Packages
- Installing and Running VMware ACE
- Using Virtual Disks
- Preserving the State of a Virtual Machine
- Networking Virtual Machines
- Configuring Video and Sound
- Connecting Devices to Virtual Machines
- Using Parallel Ports
- Using Serial Ports
- Using USB Devices in a Virtual Machine
- Notes on USB Support in VMware ACE
- Enabling and Disabling the USB Controller
- Connecting USB Devices
- Using USB with a Windows Host
- Replacing USB 2.0 Drivers on a Windows 2000 Host
- Installing USB Devices as a Non-Administrator
- Who Has Control over a USB Device?
- Disconnecting USB Devices from a Virtual Machine
- Human Interface Devices
- Understanding Policies
- Glossary
- Index
- File extensions
- .lck 171
- .REDO 184
- .vmdk 169
- .vmhf 151
- .vmpl 220
- .vmprj 150
- .vmss 180
- .wav 204
- A
- Access
- Adapter
- Add
- Address
- Administrator access
- Athlon 12, 14
- Audio
- AudioPCI 204
- Authentication
- Autorun
- B
- BIOS
- Bridge 189
- Bridged networking
- BSD
- BusLogic 16
- C
- CD
- Celeron 12, 14
- Centrino 12, 14
- Checklist
- Clock
- Color
- Comm port
- Configuration
- Configure
- Connect
- Copy protection
- CPU
- Create
- Creative Labs 17, 204
- Ctrl-Alt 38
- D
- Date
- Decrease
- Defragment
- Deploy
- Devices
- DHCP
- Direct memory access
- Disable
- Disconnect
- Disk
- Disk files 169
- Disks
- Display
- Distribute
- DMA
- DNS 197
- Driver
- Drives
- Duron 12, 14
- DVD
- E
- Enable
- Encryption
- Ethernet
- Expiration
- F
- Files
- Firewall 198
- Floppy
- Forums 20
- FreeBSD
- FTP 197
- Full screen
- G
- Grab
- Graphics
- Guest operating system
- H
- Host computer
- Host operating system 260
- Host quarantine 237
- Host virtual adapter 189
- Host-only networking
- Hot fix
- Hot keys
- I
- ICMP 197
- IDE
- Image file
- Input
- Install
- interface
- Iomega
- IP address
- ISO image file 16, 175, 177
- K
- Keyboard
- Knowledge base 20
- L
- Link
- Linux
- Lock files 170
- LSI Logic 16, 58
- M
- Memory
- MIDI 204
- Mode
- Modifier keys
- Mouse
- MP3 204
- MS-DOS
- Mylex 16
- N
- Named pipe 210, 211
- NAT
- NetLogon 198
- NetWare
- Network
- adding and modifying virtual Ethernet adapters 195
- advanced quarantine 234
- advanced quarantine policies for guest 240
- bridge 189
- bridged networking 259
- changing the configuration 195
- common configurations 191
- components 189
- DHCP server 190
- host virtual adapter 189
- host-only 193, 259
- NAT 192, 196, 260
- NAT as firewall 198
- NAT device 189
- quarantine policies for host computer 237
- restricting host computer access 234
- switch 189
- Token Ring 192
- virtual DHCP server 192, 193
- virtual Ethernet adapter 190
- Virtual Network Editor 261
- virtual switch 189
- zones for advanced quarantine 235
- Network address translation
- Network quarantine 85
- New Virtual Machine Wizard 168, 260
- Newsgroups 20
- NIC
- Novell NetWare
- nq-set 146
- O
- Operating system
- Opteron 12, 14
- P
- Package
- Parallel ports
- Password
- Pentium 12, 14
- Ping 197
- Pipe
- Plug-in
- Policies
- advanced network quarantine for guest 240
- authentication 81, 222
- copy protection 84, 225
- encryption 222
- expiration 83, 224
- network quarantine 85, 230, 234
- network quarantine for host 237
- overview 220
- removable devices 85
- setting 71
- setting for a virtual machine 81
- setting for VMware ACE 74
- using scripts 244
- VMware ACE application 226
- Policy
- Power off
- Preferences
- Printer
- Priorities
- Process scheduler 39
- Processor
- Project
- Q
- Quarantine
- Quit
- R
- RAM
- Real Media 204
- Reclaim
- Redo-log file 184
- Registration 21
- Removable devices 85
- Remove
- Reset
- Restore
- Resume
- Return
- Revert
- Run
- S
- Save
- Screen
- Script
- SCSI
- Security
- Serial connection
- Serial port
- Server
- Set
- Set up
- Settings editor
- Shared folder
- Shortcut
- Shrink
- Silent
- Size
- Snapshot
- Software
- Sound
- Sound Blaster 204
- Start
- Stop
- Suspend
- Swapping
- Switch
- T
- Telnet 197
- Time
- Token Ring 192
- Tools
- Troubleshooting
- U
- UI
- Uninstall
- Unplug
- USB
- V
- Version
- Virtual disk
- Virtual machine
- Virtual machine settings editor
- Virtual Network Editor 261
- Virtual switch 189
- VMnet8 196
- VMware ACE
- VMware ACE Manager
- VMware Tools
- W
- Windows
- Windows 95
- Windows 98
- Windows NT
- Wizard
- Workspaces
- X
- Xeon 12, 14
- Z
- Zip drives
- Zones
www.vmware.com
234
VMware ACE Administrator’s Manual
Using Advanced Network Quarantine
Advanced network quarantine features allow you to control the host computer’s
access to the network. This is useful if you want to give the virtual machine access to
the network but block or restrict host computer access.
You can apply different policies to the host computer based on the network to which
the host is attached.
Advanced network quarantine features also allow you to apply different policies to the
virtual machine based on the network to which the host is attached.
For example, a mobile worker using an unmanaged laptop computer may have
VMware ACE installed and use the virtual machine, which you manage, to connect to
a corporate VPN from remote locations. When the mobile worker comes to the
corporate office, you may regard the unmanaged laptop computer as a security risk,
because you do not know whether the host operating system is infected by viruses.
Using advanced network quarantine, you can block the host operating system from
the network but still allow the guest operating system running in VMware ACE to
connect to the corporate VPN — or even allow the guest to have full network access.
Note: You can use advanced network quarantine features only if you select
Quarantined access to specific networks and machines in the policy editor, then
select Static quarantine in the Network Quarantine Wizard. You cannot use these
features if you select None in the network quarantine pane of the policy editor, and
you cannot use them with dynamic, version-based or custom network quarantine.
To take advantage of advanced network quarantine, you must use a text editor to
make changes to one or more policy files.
Depending on the policies you want to establish, you must add some or all of the
following:
• Zone descriptions — Define characteristics that clearly identify each network for
which you want to set advanced network quarantine policies. These settings go
in app.vmpl in the main folder for the project. For details, see Defining Zones
on page 235.
• Host policies — For each zone you have defined, you may set policies to enable
or restrict the host computer’s network access when it is connected to that
network zone. These settings go in app.vmpl in the main folder for the project.
For details, see Defining Host Policies on page 237.
• Guest policies — For each zone you have defined, you may set policies to
control the virtual machine’s network access when the host computer is