VMware ACE

 Prev   Contents   Last   Next 

Network quarantine policies give you flexible control over user access to network resources. For example, you can

• Allow users to access only specified machines or subnets.
• Require that users have up-to-date virtual machines in order to access network resources.
• Temporarily block virtual machine access to network resources to control a virus outbreak.

For more information, see Network Quarantine Policies.

Select Network quarantine to control whether the virtual machine has normal network access or restricted access on the basis of rules you specify.

To allow unrestricted network access, select None - access to all networks and machines.

To specify network quarantine settings, select Quarantined access to specific networks and machines, then click Initial Setup to set quarantine policies. The wizard guides you through the settings. You may rerun the wizard at any time to change the settings.

When you click Initial Setup, the Network Quarantine Options panel appears.

Select the type of network quarantine you want to apply to the virtual machine, then click Next to continue through the wizard.

• Static quarantine — You specify a single list of approved networks and machines or of networks and machines that are off-limits. The list is stored with the virtual machine and distributed as part of the package. If you need to make any changes in the future, you must update the package and distribute the update to your users. If you select this option, see Static Quarantine for the next steps in the wizard.
• Dynamic quarantine — You specify a single list of approved or disapproved networks and machines. The list is stored on a server. The virtual machine checks the server frequently and retrieves the list. If you need to make any changes in the future, you update the list stored on the server. If you select this option, see Dynamic Quarantine for the next steps in the wizard.
• Version-based quarantine — You specify two lists of approved or disapproved networks and machines. One list is used for up-to-date virtual machines. The other list is used for out-of-date virtual machines. The lists are stored on a server. The virtual machine checks the server frequently and retrieves the lists. VMware ACE uses the list of approved or disapproved networks and machines that is appropriate for the virtual machine's version. If you need to make any changes to the lists or the network quarantine version in the future, you do so by updating the information stored on the server. If you select this option, see Version-Based Quarantine for the next steps in the wizard.
• Custom quarantine using script — You specify two lists of approved or disapproved networks and machines. You also specify a script that runs to determine which list the virtual machine should use. If you select this option, see Custom Quarantine Using a Script for the next steps in the wizard. For guidelines on how to write custom quarantine scripts, see Writing Plug-In Policy Scripts.