VMware ACE as a tool for computer-room desktop maintenance Ing. Lukáš Slánský, Mgr. Tomáš Hudec Institute of Electrical Engineering and Informatics, University of Pardubice, Czech Republic [email protected], [email protected]

Abstract systems which run on top of it. Each VM can have the same set of standard virtual hardware (i.e. CPU, memory, VMware ACE is one of the latest products in the family of hard disk, graphical device, input/output devices). An tools of VMware Company. It offers unmodified OS can run inside this type of VM instruments for consistent, safe and rapid production and (see Fig. 2). This is referred as native virtualization or full distribution of client computers. Main benefit is the virtualization. Examples include VMware Workstation, possibility to secure ’s environment VMware Server (formerly GSX Server), Parallels against changing and possible misuse of installed Desktop or Adeos. software. Institute of Electrical Engineering and Informatics uses VMware ACE as a tool for distributing safe desktop environment in computer-rooms. Its proper usage lowers the maintenance costs and simultaneously eliminates Application threats leading to compromising target desktop by both external environment and students. Desktop systems can be simply provided with different prepared systems according to individual teacher’s demands.

Bare HW 1. What is the Virtualization Fig. 1. Before Virtualization In general, virtualization is a technique for hiding the physical hardware and replacing it by virtual hardware of the same type or even duplicating it creating exact copy of the bare hardware [1]. This technique is not that new. In 1970s already existed Application Application virtual machine from IBM called VM/370 [2]. The heart Operating Operating of this system was virtual machine monitor which runs on System System bare hardware (IBM370) and does the multiprogramming, Virtual HW Virtual HW providing several virtual machines of the same type (also IBM370) which can run operating system installable on Virtualization Layer this machine. In this example, virtual machine is the exact copy of the hardware. Several operating systems can be Bare HW installed in several VM in the same time on only single piece of hardware. Fig. 2. After Virtualization Such virtual system can require some modifications to the operating system that has to run on top of it. The idea is to There are also other techniques of virtualization at the somewhat hide real hardware by kind of API which can operating system level. There techniques enable some make VM much simpler and it can then achieve higher servers to have isolated secure environment inside the OS. performance. The system calls to VM can be called The same OS kernel must implement this environment hypercalls (, ) or diagnose code and hosts such servers. Examples are -VServer, (IBM). This type of virtualization is called Virtuozzo, and FreeBSD Jails. para-virtualization. Another examples beside Xen and The last example is application virtualization. It allows Parallels Workstation is VMware ESX Server or running the applications locally without being installed. Win4Lin 9x. Such virtualized application runs in the special virtual Other virtualization method is hiding bare hardware environment which is the layer between the application (see Fig. 1) details and providing some kind of and the OS. This environment eliminates conflicts standardized hardware possibly of the same type. This between the application and the rest of the system or VM can be installed on more types of hardware and between applications themselves. Examples include Java provides consistent standard environment for operating Virtual Machine, Thinstall, Altris or Trigence. 2. Virtualization – Pros and Cons VM simplifying installation of the same system to just copying. If something goes wrong during installing Virtualization comes with some enhancements and updates of any kind, you can easily come back to the benefits but also can have some drawbacks [3]. Let us snapshot you made in the past. examine the benefits of its features and possible drawbacks. 2.5. Testing and debugging environment

2.1. Standardization The use of the previously described snapshots can be applied by software developers for tuning a new software, The key benefit is that standard HW is provided in the drivers etc. Virtual machines provide excellent VM, so operating systems have uniform environment environment for testing and debugging. If the driver or (possibly leaving only CPU as a “pass-through” update fails so that it crashes the operating system, component). On top of other hardware there is a virtual developer can return to previous state very easily. standardized one. For example on top of some SCSI Stability of the system while trying changes in RAID-level hard disk there it can be virtualized some configuration can be tested this way too. Administrators kind of standard SCSI or even IDE hard disk. The same can easily rollback to previous configuration if the change for network adapters, sound cards etc. This benefit has of crashes or damages the system. One can make even course requirements for the VM layer to be able to virtual networks from virtual machines and latency or operate the various kinds of HW. packet loss can be easily tested using different configuration in the operating systems without need of 2.2. Isolation several physical machines.

With virtualization it is possible running single service (or 2.6. Summary of pros and cons: set of application) in the single VM, so potential crash of the service or the OS itself does not interfere with the + Easier management of HW, reduced administration other OSs running in different VMs on the same HW. and maintenance costs. Except the performance, virtual machines are independent – Concentration risk, failure takes down several VMs machines. This has also another benefit: One can install + Better utilization of HW. applications which use several places in the OS to store its + Standard HW, no need for special drivers in the OS, data (i.e. registry, files across several possibly system increased system reliability and stability. folders) in different virtual machines. So application + Isolation of applications or even OSs / application which replaces system libraries does not break any portability. functionality to the other applications which can run in ± Cost – requires better HW, cheaper from some number different VM. There is no need to modify such software. of servers. + Mobility, duplication. 2.3. Consolidation + Fast recovery, debugging/testing environment, rollback of changes. Virtual machines increase utilization. If we have more servers each running on its own hardware, each one is using only its HW resources, possibly wasting some CPU 3. VMware ACE time when the service is not needed. On a single machine, several VM with servers can run concurrently, so if one VMware ACE1 is an enterprise class desktop service is not used, another server can make use of the virtualization tool. Security administrators can package an CPU. Also management of a single machine is easier than IT-managed PC within a secured virtual machine and management of several pieces of HW. The drawback is deploy it to an unmanaged physical PC [4]. Once that there is a risk that a failure of the HW shuts down installed, VMware ACE offers complete control of the many servers at the same time. Very reliable HW is hardware configuration and networking capabilities of an therefore needed. unmanaged PC, transforming it into an IT-compliant PC endpoint. 2.4. Mobility VMware ACE enables IT desktop managers to apply enterprise IT policies to a virtual machine containing an Virtual machines are easy to move or even duplicate to operating system, enterprise applications and data to another physical machine. In case of HW failure one can create an isolated PC environment known as an assured replace HW component or even the whole machine with computing environment. another one. The new piece of HW can be different brand Through Virtual Rights Management technology, but it has no consequences to the OS inside VM. No need VMware ACE enables IT desktop managers to control for new drivers, no need to reinstall. Only VM has to be assured computing environment lifecycles, secure modified to use the new HW. Many virtual machines also have a feature of snapshoting the OS state. This snapshot can be transferred easily to another physical machine with 1 ACE – Assured Computing Environment enterprise information on PCs and ensure compliance For this purpose is created special virtual machine with with IT policies. basic installation of OS and the insecure application. Unlike other products, VMware ACE is a hardware System is setup to auto-logon with account that has independent solution that can be provisioned to any PC enough rights for insecure application to run. and works either connected or disconnected from the However, such configuration would assure any special enterprise network. security. The security is enforced via VMware ACE: 1) the state of the virtual machine (especially HDD data) 3.1. Key features of VMware ACE is persistent, it could not be altered – it is rolled back on any restart of the virtual machine and 2) the Internet Manageability connection is limited only to servers that the insecure • Create standardized hardware independent application should use. Therefore any virus or cracker environments and deploy them to any PC. could get into system and if it eventually does it cannot • Virtual Rights Management interface. Control stay there for long. VMware ACE lifecycle, security settings, network settings or system configuration. 4.4. Solution – virtualized desktops Security • Rules-based network access. Identify and quarantine Fully virtualized desktops work in other way. The system unauthorized or out-of-date VMware ACE environments. contains any extra application – it is just added into Enable access to the network once the VMware ACE Active Directory. environment complies with IT policies. The AD account of the virtualized desktop computer sets • Tamper-resistant computing environment. Protect the the system to auto-logon with very limited account. The entire VMware ACE environment, including data and only action that user could do is executing applications on system configuration, with seamless encryption. desktop. There is no main menu, no panel, user cannot • Copy protected computing environment. Prevent end use context menu or even press CTRL+ALT+DEL and users from copying enterprise information. start or kill process. It can just start pre-arranged desktop Usability items. • End users can revert to a previous state within seconds The only application delivered to the computer is and can work online or when disconnected from the VMware ACE virtual machines. There can be more VMs enterprise network. for different purposes – one as the general desktop (i.e. MS Office or IrfanView), one for mathematical applications (Matlab), one for graphics (Photoshop), etc. 4. Secure computer-rooms desktop via The virtual machines have standard security setup – users VMware ACE can logon with their credentials. Furthermore the state of the virtual machine could be anytime reverted and any 4.1. Starting position security breach (virus, cracker) could be eliminated. In our environment we use one specifically configured • 30 computers (3 GHz P4s with 256 MiB RAM) in virtual machine. It has no installed OS – it has just empty computer-rooms – full Windows desktop with many HDD and prepared connections to CD-ROM images of applications installed. Some applications need special OS installation media. It is used for education in operation insecure setup hacks (i.e. write permissions in system systems installation. folder). 4.5. Conclusion • Active Directory domain server with computer and user accounts. The virtualization of the computer-room desktop computers is a good way for securing the desktop system. 4.2. Considered output The host system could be configured as virtually non-breakable and could use just virtual machines that run • 17 computers with “common” desktop and some real desktop system with many production applications. virtualized applications. The main disadvantage is great resource consumption. All • 13 computers used exclusively as virtualized desktops. resources (processor and especially RAM) are shared • All computers fully operational, easily manageable between host system and all running virtual machines. and as secure as possible. 256 MiB RAM seemed to be critically low. Therefore all computer-rooms boxes were upgraded to 512 MiB RAM 4.3. Solution – standard desktop and this seems to be the minimum for successful running of the virtualized desktop. Standard end user computers could be installed in a common way like any other desktop. The only difference between old and new approach is in installing insecure applications. Such applications should never be installed directly into OS. 5. References

[1] Virtualization [online]. 2004-05-10, last revision 2006-11-14 [cit. 2006-11-12].

[2] A. Tannenbaum: Modern Operating Systems. Prentice-Hall USA 2001 (second edition), ISBN 0-13-031358-0

[3] C. Wellie: The Pros and Cons of Virtual Machines in the Datacenter [online]. Published on 2006-01-30 [cit. 2006-11-12].

[4] VMware ACE for Enterprise Desktop Management. c2006 [cit. 2006-11-13].