Most of us are familiar with VMware – a package that allows you to run "virtual machines" (VMs) on your desktop or server computers. This type of software has a range of uses, from security (you can lock down the settings and capabilities of each VM so they can't destroy the host machine's configuration) to multi-OS operation (if you need to use a second operating system infrequently, you can run it inside a VM instead of having to set up a dual-boot system).

VMware ACE takes the VMware concept a step further, providing the ability to construct virtual machines and then distribute them to users, retaining central control of these VM "packages" once they've been distributed.

So why would you need to do this? Say, for instance, that you're an organisation with a large number of contract staff, all with their own hardware, and these staff need to use some of your corporate systems (fileshares, groupware and printing are the three obvious ones). It's often not possible to integrate their kit safely into your world (they might have necessary software that isn't on your "accepted" list, for instance, or they might have justified concerns that including their laptops into your corporate policy will break their systems) and so the alternative is to ship them all a virtual machine that's built and locked down to your specifications and let them run this on their existing platform.

The first thing you do, then, is build yourself a virtual machine. As with all the other functions of the package, configuration is handled via ACE Manager, and if you've ever run a VM under standard VMware, the process will be very familiar. Because the virtual machine pretends to be a collection of computer hardware, you won't be stumped by things like Windows licence keys (which are registered against hardware serial numbers) because you're effectively shipping the hardware with the OS. You must, of course, give appropriate thought to the licensing implications of doing so. VMware supports a variety of operating systems in its VMs – Windows 3.1 and later (even Vista, in experimental form), a number of common Linuxes, NetWare 5/6, Solaris (9 and 10, though both only experimentally) and some odds and sods such as MS-DOS and FreeBSD. The creation process is wizard-based, and the questions it asks are easy to comprehend.

Nothing unsual so far, then. The new bit that you'll get with ACE relates to the distribution of your VMs; because you want to apply restrictions to what the users can do, you'll set appropriate policies in the rights management tools. You can restrict a whole raft of things - the network ranges the VM can access, the expiration date for the VM (so you can time-bomb it), whether it can access removable storage devices, how the user authenticates, and so on. The rights management tool is pretty intuitive, with the usual tree-on-the-left, detail-on-the-right two-pane view.

Once you're happy with your VM (you can, incidentally, run it up to test it within ACE Manager) it's time to create a package. When you hit the button, it'll check that everything's present and will then create appropriate installer archives for both the ACE runtime software and the virtual machines themselves. The result is one or more standard Windows installer filesets, with the core stuff bundled into MSI files to make life easy for remote and/or unattended installations.

VMWare ACE is a neat idea. It's a concept that didn't exist a few years ago when, as a contractor, my client's network manager insisted on making my PC part of his domain, whose group policy both blew away some of my necessary software and installed an AV package that took hours to get rid of later on. This concept is perfect for those whose staff or colleagues need to use their own equipment, but who are concerned about the security and network integrity implications of allowing unmanaged kit onto the organisation network.


Although you can theoretically ship a single copy of, say, Windows XP to multiple users, remember to give detailed thought to licensing matters if you're distributing commercial operating systems and/or application software, as this will have a significant effect on the total cost of using the system.