eWeek reviews VMware ACE

Quoting from eWeek:

VMware Inc.’s VMware ACE provides an innovative way to manage remote users and guest desktop systems in the enterprise.

VMware ACE lets IT managers create what the company calls an “assured computing environment” on Windows-based desktop systems in isolated or remote settings, and it controls these systems using predefined policies.

VMware ACE, released in December, leverages VM (virtual machine) technology to create a secure Windows PC environment. Using VMware ACE Manager (the management interface in VMware ACE), IT managers can apply custom policies to VMs preinstalled with guest operating systems, applications and data, and then easily deploy them via network shares, CD or DVD.

VMware ACE Manager is priced at $795 per license. The end-user VMware ACE license is priced at $99 per PC. A $995 VMware ACE Starter Kit includes a single VMware ACE Manager license and four VMware ACE end-user PC licenses.

VMware ACE is not designed to replace corporate desktops. However, our tests show the product would be a good fit in extended enterprise desktop infrastructures such as remote access sites and guest PC systems.

We’ve seen no other VM software that provides such a high level of policy management in the desktop environment. Competitors such as Leostream Corp. and PlateSpin Ltd. offer products for converting standard operating systems into VMs, as well as a centralized management platform. However, these systems mostly target server farms and data centers. Further, Microsoft Corp. has yet to include policy management in Virtual Server 2005, its stand-alone server virtualization software.

VMware ACE supports a wide range of guest operating systems, including Windows, Linux and Solaris, but the host operating system is Windows-only. We tested VMware ACE using Windows Server 2003 as the host and Windows XP Professional as the guest client.

VMware ACE Manager provides comprehensive and granular rule sets for governing VM usage. Its version-based network access policies let administrators restrict network access and limit guest systems to only assigned resources.

VMware ACE Manager’s user interface provides intuitive wizards for configuration settings. The end-user client’s new VM UI behaves like a normal Windows application; for example, we could resize or minimize the UI window. The VMware ACE application, which runs on a separate virtualization layer independent of the host operating system, is governed by predefined policies.

The VMware ACE client can suspend the VM application by default upon exit. This is a useful feature that enables users to save their work by suspending the VMware ACE application and logging back on at a later time.

We used VMware ACE Manager’s Virtual Rights Management capabilities to apply different policies to govern VM usage for test clients. After we set up an IIS (Internet Information Services) Web server to host the network policy, the VMware ACE client connected to the policy server during startup to download the configuration settings. We also used the policy server to update configurations.

We could restrict the VM client’s access to the network based on IP addresses or subnets; we could also restrict users’ Internet access.

We encrypted data and configuration files on VMs when they were installed. This capability is useful because it prevents users from tampering with the VM’s files.

IT managers can create a standard VM package with preinstalled applications and data for remote deployment. The package can comprise data files to be stored on the network, or IT staff can store it on CDs or DVDs. The process is straightforward, but because VMware ACE does not include authoring hardware, we had to use third-party software to generate CDs or DVDs.