VMware unveils tool to create secure, isolated environments

VMware this week is expected to announce secure virtualization software for a company’s laptop users, telecommuters and contractors that keeps their personal data separate from sensitive corporate data.

VMware says its Assured Computing Environment, or ACE, will allow an IT manager to create a second or third standard isolated PC configuration that can run on any PC a user has. It uses virtual machine technology to allow a second PC operating system with its applications to run in a container that is secure and isolated from other containers and applications on any desktop or laptop.

“We believe that assured computing environments is the way all corporate PCs will be configured over time,” says Michael Mullany, vice president of marketing at VMware.

Today the company has VMware Workstation, a power tool for technical professionals that have to deal with multiple operating system setups on a daily basis. Workstation, however, does not have the same focus as ACE, which is to isolate one environment from another. The company also offers GSX Server and ESX Server, which let IT managers divvy up a server into separate virtual machines and run multiple operating systems per processor.

With VMware ACE, you could set up an environment on, say, a contractor’s machine that would protect your corporate data from unintentional harm from malware or viruses that may exist on their PC.

Mullany explains VMware ACE’s rationale: “You may have just hired a contractor to do some work for you for 30 days. They are going to be working onsite on sensitive data. The question is, how do you give them access to enterprise resources?”

Today an IT administrator would often let contractors connect their own laptops to the corporate network. The problem with this model is that now a laptop with a nonstandard operating system – and potentially loaded with viruses and Trojans – is being introduced into the corporate net, and any data on the corporate network is now intermixed with the contractors’ personal data. When the contractors leave after 30 days, they could walk away with sensitive documents even if they didn’t intend to just because there is no way to keep them apart. 

That’s not a great solution.

VMWare’s ACE is designed to solve that problem.

“With VMware ACE you can give the contractor a DVD that contains your corporate standard image to install on their laptop,” Mullany says. “The image contains a separate copy of Windows or Linux and all the applications but only allows the contractor to connect to X Corp.’s network.”

Mullany says you can configure the image so it doesn’t allow the contractor to copy data from that environment to a peripheral device or even connect to a floppy drive. You’ve created an isolated environment on the laptop. You can set it to self-destruct in 30 days. 

The telecommuter PC presents the same problem. A lot of companies let users dial in to the corporate network from their home PCs using VPNs. The problem is that you are allowing a home PC onto your corporate network. As we all know, PCs can have adware, spyware and random viruses running on them.

Virtual rights management in VMware ACE lets an administrator control access to disk drives and any other peripherals you can connect into your ACE environment.

It lets IT administrators install Linux, Windows or NetWare operating systems.

VMware ACE starts at $100 per user and will be available for either Intel or AMD PCs. It is scheduled to ship in the fourth quarter of this year, although users may download it from VMware’s site this week.