2.0
Table Of Contents
- VMware ACE Administrator’s Manual
- Contents
- About This Book
- Introduction and System Requirements
- Learning the Basics of Workstation ACE Edition
- Terminology for This Chapter
- Setting Up Your Administrative Workstation
- Overview of the Workstation ACE Edition Window
- Accessing Commands in the Workstation ACE Edition Window
- Workstation ACE Edition Window Elements
- ACE Master Icons in the Sidebar
- Adding ACE Masters to ACE 2 Management Servers
- Viewing ACE Masters in the Sidebar
- Using the ACE Icons on the Home Page
- Viewing the Summary for an ACE Master
- Viewing the Summary for All ACE Instances Managed by an ACE 2 Management Server
- ACE Menu
- New ACE Master, Connect to ACE 2 Management Server, and Open Hot Fix Commands in the File Menu
- ACE Master Toolbar
- Creating Packages to Distribute to Users
- Basic Steps for Creating and Deploying ACE Packages
- Keeping Users Up-to-Date
- Installing, Configuring, and Upgrading Workstation ACE Edition
- Installing and Configuring the ACE 2 Management Server
- ACE 2 Management Server Setup Options
- System Requirements for the ACE 2 Management Server
- Features of the ACE 2 Management Server
- Components of the ACE 2 Management Server
- Using SSL Certification and Protocol
- Installing the ACE 2 Management Server
- Configuring the ACE 2 Management Server
- Using Event Logs
- Stopping and Starting the Apache Service Manually
- Logging On to the ACE 2 Management Server
- Using the ACE 2 Management Server
- Unblocking Port Traffic and Changing Port Assignments
- Creating and Configuring ACE Masters
- Creating an ACE Master
- Creating a New ACE Master
- Cloning an ACE Master from an Existing ACE Master
- Cloning an ACE Master from an Existing Virtual Machine
- Cloning a Virtual Machine from an ACE Instance
- Networking ACE Instances
- ACE Master Settings
- Virtual Machine Settings
- Setting and Using Policies and Customizing VMware Player
- Taking Advantage of Policies
- Using the Policy Editor
- Setting Policies
- Setting Access Control Policies - Activation and Authentication
- Setting Host-Guest Data Script Policies
- Setting Expiration Policies
- Setting Copy Protection Policies
- Setting Resource Signing Policies
- Setting Network Access Policies
- Before You Begin: Read These Notes About Host Policies
- Getting Started with Setting Network Access
- Using the Network Access Wizard to Configure Network Access
- Using the Zone, Ruleset, and Rule Editors to Configure Network Access
- Using the Zone Editor to Set Up and Configure Network Zones
- Using the Ruleset and Rule Editors to Configure Host and Guest Access
- Network Properties Packaging
- Understanding the Interaction of Host Access and Guest Access Filters With Tunneling Protocols
- Setting Removable Devices Policies
- Setting USB Device Policies
- Setting Virtual Printer Policies
- Setting Runtime Preferences Policies
- Setting Snapshot Policies
- Setting Administrator Mode Policies
- Setting Hot Fix Policies
- Setting Policy Update Frequency
- Writing Plug-In Policy Scripts
- Customizing the VMware Player Interface
- Package Settings
- Custom EULA
- Instance Customization
- Benefits of Instance Customization
- Overview of the Instance Customization Process
- Before You Specify Instance Customization Settings, Perform These Tasks
- Downloading the Microsoft Sysprep Deployment Tools
- Specifying Package Settings for Instance Customization
- Placeholder Values to Use in Instance Customization
- Packaging with Instance Customization Enabled
- How ACE Instance Customization Completes on the ACE User’s Machine
- Package Lifetime
- Encryption
- Deployment Platform
- Setting Up a Remote Domain Join
- Troubleshooting Setup Issues
- Creating Packages and Deploying Them to Users
- Preview, Save, Test, Publish
- Pocket ACE
- Installing and Using VMware Player and ACE Instances
- Installing the ACE Package on a Windows Host Computer and Running the ACE Instance
- Installing VMware Player on a Windows Host Computer
- Installing an ACE Instance on a Windows Host Computer
- Installing an ACE Package Silently on a Windows Host Computer
- Uninstalling VMware Player from a Windows Host Computer
- Uninstalling an ACE Instance from a Windows Host Computer
- Running the ACE Instance on a Windows Host Computer
- Installing the ACE Package on a Linux Host Computer and Running the ACE Instance
- Installing VMware Player on a Linux Host Computer
- Installing the ACE Instance on a Linux Host Computer
- Installing an ACE Package Silently on a Linux Host Computer
- Uninstalling an ACE Instance from a Linux Host Computer
- Uninstalling VMware Player from a Linux Host Computer
- Running the ACE Instance on a Linux Host Computer
- Controlling Which Virtual Machines and ACE Instances Run on a Host
- Running VMware Player
- Starting VMware Player
- Entering a Client License in VMware Player for an ACE Instance
- Quitting VMware Player
- Enlarging VMware Player to Fill the Screen
- Understanding VMware Player Status Indicators
- Viewing Messages, Notifications, and the ACE Information Dialog Box
- Controlling Devices Attached to VMware Player
- Setting VMware Player Preferences
- Taking Snapshots in VMware Player
- Using Shared Folders
- Printing from VMware Player
- Troubleshooting Problems
- Troubleshooting Tools
- Preserving the State of an ACE Instance
- Installing the ACE Package on a Windows Host Computer and Running the ACE Instance
- Instance View
- Opening a View of All Instances Managed by a Server
- Setting Up Queries to Search for Instances
- Showing, Hiding, Moving, and Resizing Columns in the Instances Table
- Adding Custom Database Fields by Adding Columns
- Changing the Sort Order of the Instances Table
- Deactivating and Reactivating Instances from the Instance View
- Resetting Expiration Dates for an Expired Instance by Clicking Reactivate
- Using the Details View
- Using the Connect to ACE 2 Management Server Command to Open an Instance View
- Appendix: Using the VMware ACE 2 Management Server Database Schema and Querying the Audit Event Log Data
- Glossary
- Index
- Updates for the VMware ACE Administrator’s Manual
VMware ACE Administrator’s Manual
62 VMware, Inc.
toeveryoneandtheprivatekeyisknownonlytothemessagerecipient.URLsthat
requireanSSLconnectionstartwithhttps.
ThefollowingisadescriptionofhowtheACE2ManagementServerusesSSL.
AtACE2ManagementServerinstallation,twofilesarecreated:
AnRSA1024‐bitkey(filename:server.key)–Thisistheprivatekey.
Aself‐signedcertificate(filename:server.crt)–Itis“self‐signed”becauseits
signatureisverifiedbythepublickey,whichisembeddedinthecertificate.
Bydefault,thesefilesarestoredintheSSLdirectoryintheVMwareACE2
ManagementServerprogramdirectory.
Theself‐signedcertificate,whichisapubliccertificate,isvalidfor10yearsfromthe
dateandtimeatwhichtheserverisinstalled.ThecertificatefileisencodedinPEM
format.Youcanbrowsethefiletoseeitspropertiesasfollows:
OnaWindowshostsystem:InWindowsExplorer,navigatetothelocationofthe
server.crtfileanddouble‐clickthefilename.
OnaLinuxhostsystem,usethiscommand:
openssl x509 -in /var/lib/vmware/acesc/ssl/server.crt -text
WhenanACEmasterconnectstoanACE2ManagementServer,itdownloadsthe
publiccertificateforthatserverandanychainofcertificatesrequiredtoverifytheserver’s
publiccertificate.Aservercertificatemighthaveachainofseveralcertificatesthatmust
beverifiedstepbystepuntiltheverification
processreachestheroot(trusted)
certificateinthecertificatestore.Thefirsttimeaconnectionismadetoaserverbyany
ACEmasteronaWorkstationACEEditionadministratormachine,thecertificateis
downloadedtotheWorkstationACEEditionhostsystem.
Thestoreorcollectionofcertificatesthatis
downloadedwhenanACEmasterconnects
toaserverisincludedineachACEpackagethatyoucreatewiththatACEmaster.Itis
savedintheACEResourcesdirectory.WhenyoudeployandrunanACEinstanceof
thismaster,theVMwarePlayerapplicationusesthecertificatesincludedinthe
package
toverifyconnectionsmadetotheACE2ManagementServer.Itverifiesthatthe
certificatesthatareintheACEpackagematchthoseprovidedbytheserver.Iftheydo
notmatchexactly,VMwarePlayerdisplaysanerrormessageanddoesnotrunthe
instance.
N
OTEAsnotedabove,theself‐signedcertificateisvalidfor10years.Ifyoushould
needtoreplaceanexpiredcertificate,youcandothatbydeployingtheaffectedACE
mastersinanupdatepackage,whichwouldincludethenewcertificate.Donotmodify
certificatestomakethempermanent.