1.0
Table Of Contents
- Introduction and System Requirements
- Learning the Basics of VMware ACE Manager
- Installing and Configuring VMware ACE Manager
- Creating Projects
- Setting Policies and Customizing VMware ACE
- Creating Packages to Deploy to Users
- Deploying and Maintaining Packages
- Installing and Running VMware ACE
- Using Virtual Disks
- Preserving the State of a Virtual Machine
- Networking Virtual Machines
- Configuring Video and Sound
- Connecting Devices to Virtual Machines
- Using Parallel Ports
- Using Serial Ports
- Using USB Devices in a Virtual Machine
- Notes on USB Support in VMware ACE
- Enabling and Disabling the USB Controller
- Connecting USB Devices
- Using USB with a Windows Host
- Replacing USB 2.0 Drivers on a Windows 2000 Host
- Installing USB Devices as a Non-Administrator
- Who Has Control over a USB Device?
- Disconnecting USB Devices from a Virtual Machine
- Human Interface Devices
- Understanding Policies
- Glossary
- Index
- File extensions
- .lck 171
- .REDO 184
- .vmdk 169
- .vmhf 151
- .vmpl 220
- .vmprj 150
- .vmss 180
- .wav 204
- A
- Access
- Adapter
- Add
- Address
- Administrator access
- Athlon 12, 14
- Audio
- AudioPCI 204
- Authentication
- Autorun
- B
- BIOS
- Bridge 189
- Bridged networking
- BSD
- BusLogic 16
- C
- CD
- Celeron 12, 14
- Centrino 12, 14
- Checklist
- Clock
- Color
- Comm port
- Configuration
- Configure
- Connect
- Copy protection
- CPU
- Create
- Creative Labs 17, 204
- Ctrl-Alt 38
- D
- Date
- Decrease
- Defragment
- Deploy
- Devices
- DHCP
- Direct memory access
- Disable
- Disconnect
- Disk
- Disk files 169
- Disks
- Display
- Distribute
- DMA
- DNS 197
- Driver
- Drives
- Duron 12, 14
- DVD
- E
- Enable
- Encryption
- Ethernet
- Expiration
- F
- Files
- Firewall 198
- Floppy
- Forums 20
- FreeBSD
- FTP 197
- Full screen
- G
- Grab
- Graphics
- Guest operating system
- H
- Host computer
- Host operating system 260
- Host quarantine 237
- Host virtual adapter 189
- Host-only networking
- Hot fix
- Hot keys
- I
- ICMP 197
- IDE
- Image file
- Input
- Install
- interface
- Iomega
- IP address
- ISO image file 16, 175, 177
- K
- Keyboard
- Knowledge base 20
- L
- Link
- Linux
- Lock files 170
- LSI Logic 16, 58
- M
- Memory
- MIDI 204
- Mode
- Modifier keys
- Mouse
- MP3 204
- MS-DOS
- Mylex 16
- N
- Named pipe 210, 211
- NAT
- NetLogon 198
- NetWare
- Network
- adding and modifying virtual Ethernet adapters 195
- advanced quarantine 234
- advanced quarantine policies for guest 240
- bridge 189
- bridged networking 259
- changing the configuration 195
- common configurations 191
- components 189
- DHCP server 190
- host virtual adapter 189
- host-only 193, 259
- NAT 192, 196, 260
- NAT as firewall 198
- NAT device 189
- quarantine policies for host computer 237
- restricting host computer access 234
- switch 189
- Token Ring 192
- virtual DHCP server 192, 193
- virtual Ethernet adapter 190
- Virtual Network Editor 261
- virtual switch 189
- zones for advanced quarantine 235
- Network address translation
- Network quarantine 85
- New Virtual Machine Wizard 168, 260
- Newsgroups 20
- NIC
- Novell NetWare
- nq-set 146
- O
- Operating system
- Opteron 12, 14
- P
- Package
- Parallel ports
- Password
- Pentium 12, 14
- Ping 197
- Pipe
- Plug-in
- Policies
- advanced network quarantine for guest 240
- authentication 81, 222
- copy protection 84, 225
- encryption 222
- expiration 83, 224
- network quarantine 85, 230, 234
- network quarantine for host 237
- overview 220
- removable devices 85
- setting 71
- setting for a virtual machine 81
- setting for VMware ACE 74
- using scripts 244
- VMware ACE application 226
- Policy
- Power off
- Preferences
- Printer
- Priorities
- Process scheduler 39
- Processor
- Project
- Q
- Quarantine
- Quit
- R
- RAM
- Real Media 204
- Reclaim
- Redo-log file 184
- Registration 21
- Removable devices 85
- Remove
- Reset
- Restore
- Resume
- Return
- Revert
- Run
- S
- Save
- Screen
- Script
- SCSI
- Security
- Serial connection
- Serial port
- Server
- Set
- Set up
- Settings editor
- Shared folder
- Shortcut
- Shrink
- Silent
- Size
- Snapshot
- Software
- Sound
- Sound Blaster 204
- Start
- Stop
- Suspend
- Swapping
- Switch
- T
- Telnet 197
- Time
- Token Ring 192
- Tools
- Troubleshooting
- U
- UI
- Uninstall
- Unplug
- USB
- V
- Version
- Virtual disk
- Virtual machine
- Virtual machine settings editor
- Virtual Network Editor 261
- Virtual switch 189
- VMnet8 196
- VMware ACE
- VMware ACE Manager
- VMware Tools
- W
- Windows
- Windows 95
- Windows 98
- Windows NT
- Wizard
- Workspaces
- X
- Xeon 12, 14
- Z
- Zip drives
- Zones
CHAPTER 14 Understanding Policies
245
The sample scripts presented in Sample Scripts on page 250 are installed with
VMware ACE Manager. The default location is C:\Program
Files\VMware\VMware ACE Manager\Samples.
The following descriptions give the format for the output that your plug-ins must
write to StdOut to control various policies.
Authentication Plug-Ins
The following table outlines the basic information you need to write authentication
plug-ins.
Question Explanation
When does this script execute? This script executes when the virtual machine is opened.
What relevant environment variables
are available to the script?
No authentication-specific environment variables are
available, but VMWARE_PROJ_ID and VMWARE_MVM_ID
give some context, indicating what virtual machine the user
is trying to open.
What is the expected output? The output of this script is hashed to create a key to encrypt
and decrypt virtual machine files. The first time this script is
run, the output is hashed to encrypt the virtual machine.
When a virtual machine is decrypted, the script must return
the same value. If the script returns a different value, the
virtual machine is not decrypted and the user sees an error
message.
The script may return any value. To ensure best security, a
value that includes only printable characters should be at
least 32 bytes long. For binary data, the value should be at
least 16 bytes long to ensure proper entropy.
What can I do with this script? The script should do one of the following:
• If the user is to be granted access to the virtual machine,
generate the data used to create the key for this user and
send it as output. The data should be unique for each user.
• If the user is to be denied access to the virtual machine,
the script should exit with a non-zero exit code.
Note: This is a reference to the exit code, not the output
value.
Where should the output of the script
go?
The script should send its output to StdOut.