1.0
Table Of Contents
- Introduction and System Requirements
- Learning the Basics of VMware ACE Manager
- Installing and Configuring VMware ACE Manager
- Creating Projects
- Setting Policies and Customizing VMware ACE
- Creating Packages to Deploy to Users
- Deploying and Maintaining Packages
- Installing and Running VMware ACE
- Using Virtual Disks
- Preserving the State of a Virtual Machine
- Networking Virtual Machines
- Configuring Video and Sound
- Connecting Devices to Virtual Machines
- Using Parallel Ports
- Using Serial Ports
- Using USB Devices in a Virtual Machine
- Notes on USB Support in VMware ACE
- Enabling and Disabling the USB Controller
- Connecting USB Devices
- Using USB with a Windows Host
- Replacing USB 2.0 Drivers on a Windows 2000 Host
- Installing USB Devices as a Non-Administrator
- Who Has Control over a USB Device?
- Disconnecting USB Devices from a Virtual Machine
- Human Interface Devices
- Understanding Policies
- Glossary
- Index
- File extensions
- .lck 171
- .REDO 184
- .vmdk 169
- .vmhf 151
- .vmpl 220
- .vmprj 150
- .vmss 180
- .wav 204
- A
- Access
- Adapter
- Add
- Address
- Administrator access
- Athlon 12, 14
- Audio
- AudioPCI 204
- Authentication
- Autorun
- B
- BIOS
- Bridge 189
- Bridged networking
- BSD
- BusLogic 16
- C
- CD
- Celeron 12, 14
- Centrino 12, 14
- Checklist
- Clock
- Color
- Comm port
- Configuration
- Configure
- Connect
- Copy protection
- CPU
- Create
- Creative Labs 17, 204
- Ctrl-Alt 38
- D
- Date
- Decrease
- Defragment
- Deploy
- Devices
- DHCP
- Direct memory access
- Disable
- Disconnect
- Disk
- Disk files 169
- Disks
- Display
- Distribute
- DMA
- DNS 197
- Driver
- Drives
- Duron 12, 14
- DVD
- E
- Enable
- Encryption
- Ethernet
- Expiration
- F
- Files
- Firewall 198
- Floppy
- Forums 20
- FreeBSD
- FTP 197
- Full screen
- G
- Grab
- Graphics
- Guest operating system
- H
- Host computer
- Host operating system 260
- Host quarantine 237
- Host virtual adapter 189
- Host-only networking
- Hot fix
- Hot keys
- I
- ICMP 197
- IDE
- Image file
- Input
- Install
- interface
- Iomega
- IP address
- ISO image file 16, 175, 177
- K
- Keyboard
- Knowledge base 20
- L
- Link
- Linux
- Lock files 170
- LSI Logic 16, 58
- M
- Memory
- MIDI 204
- Mode
- Modifier keys
- Mouse
- MP3 204
- MS-DOS
- Mylex 16
- N
- Named pipe 210, 211
- NAT
- NetLogon 198
- NetWare
- Network
- adding and modifying virtual Ethernet adapters 195
- advanced quarantine 234
- advanced quarantine policies for guest 240
- bridge 189
- bridged networking 259
- changing the configuration 195
- common configurations 191
- components 189
- DHCP server 190
- host virtual adapter 189
- host-only 193, 259
- NAT 192, 196, 260
- NAT as firewall 198
- NAT device 189
- quarantine policies for host computer 237
- restricting host computer access 234
- switch 189
- Token Ring 192
- virtual DHCP server 192, 193
- virtual Ethernet adapter 190
- Virtual Network Editor 261
- virtual switch 189
- zones for advanced quarantine 235
- Network address translation
- Network quarantine 85
- New Virtual Machine Wizard 168, 260
- Newsgroups 20
- NIC
- Novell NetWare
- nq-set 146
- O
- Operating system
- Opteron 12, 14
- P
- Package
- Parallel ports
- Password
- Pentium 12, 14
- Ping 197
- Pipe
- Plug-in
- Policies
- advanced network quarantine for guest 240
- authentication 81, 222
- copy protection 84, 225
- encryption 222
- expiration 83, 224
- network quarantine 85, 230, 234
- network quarantine for host 237
- overview 220
- removable devices 85
- setting 71
- setting for a virtual machine 81
- setting for VMware ACE 74
- using scripts 244
- VMware ACE application 226
- Policy
- Power off
- Preferences
- Printer
- Priorities
- Process scheduler 39
- Processor
- Project
- Q
- Quarantine
- Quit
- R
- RAM
- Real Media 204
- Reclaim
- Redo-log file 184
- Registration 21
- Removable devices 85
- Remove
- Reset
- Restore
- Resume
- Return
- Revert
- Run
- S
- Save
- Screen
- Script
- SCSI
- Security
- Serial connection
- Serial port
- Server
- Set
- Set up
- Settings editor
- Shared folder
- Shortcut
- Shrink
- Silent
- Size
- Snapshot
- Software
- Sound
- Sound Blaster 204
- Start
- Stop
- Suspend
- Swapping
- Switch
- T
- Telnet 197
- Time
- Token Ring 192
- Tools
- Troubleshooting
- U
- UI
- Uninstall
- Unplug
- USB
- V
- Version
- Virtual disk
- Virtual machine
- Virtual machine settings editor
- Virtual Network Editor 261
- Virtual switch 189
- VMnet8 196
- VMware ACE
- VMware ACE Manager
- VMware Tools
- W
- Windows
- Windows 95
- Windows 98
- Windows NT
- Wizard
- Workspaces
- X
- Xeon 12, 14
- Z
- Zip drives
- Zones
CHAPTER 14 Understanding Policies
239
This approach allows you to specify the host zones in a different order from that in the
list of zone descriptions.
Using the examples above, VMware ACE first searches for a match for the Eastern
Regional Office zone description (zone.description.1 criteria in the zone
descriptions). If it finds a match, it applies the host quarantine policies defined for
host.zone.0.
You may specify the following policies for each zone:
host.zone.<zone_number>.blockIPv4 = "1"
This policy specifies whether IPv4 network traffic should be blocked. If you add this
policy with a value of 1, IPv4 traffic is blocked. The policy defaults to 0, which allows
IPv4 traffic.
Note: The advanced network quarantine features have not been tested with IPv6.
Use of these features in an IPv6 environment is not supported.
host.zone.<zone_number>.exceptions.IPv4 = "<dns_name_or_IP>"
This policy specifies a list of exceptions to the policy specified by the blockIPv4
settings. You may mix DNS names and IP addresses in a comma-separated list. Do not
use any spaces in the comma-separated list. For each item in the list, you may specify
a subnet — for example, /24 — if you wish. You may specify subnets for both IP
addresses and DNS names. When you specify blockIPv4 = "1", the list is a
whitelist. When you specify blockIPv4 = "0", the list is a blacklist.
host.zone.<zone_number>.restrictARP = "0"
host.zone.<zone_number>.restrictDHCP = "0"
host.zone.<zone_number>.restrictDNS = "0"
host.zone.<zone_number>.restrictICMP = "0"
These policies may appear in the policy file and are set to 0 by default. Do not change
these defaults, which are required for the zone detection feature to work properly.
Defining Modified Default Host Policies
By default, the host computer has network access. This default and other defaults can
be changed by specifying a default policy. To specify a modified set of default policies,
use the same parameters that are described in this section, except substitute the
prefix host.default for the prefix host.zone.<zone_number> shown in
the descriptions above. You can specify new defaults for blockIPv4 and
exceptions.IPv4. You do not need to specify the parameters present, key or
descriptionName when you set these defaults; do not use them with the
host.default prefix.