Archive for January, 2011

VMware ACE and it’s Validity in an Enterprise Environment

January 19, 2011 Leave a comment

The target audience of my blog is enterprise virtual admins running deployments of vSphere, XenApp, XenDesktop, View, and other enterprise class virtualization solutions. And while these are each companies flagship products, we often overlook other products that can be used as solutions to scenarios that arise.

My company is going through a merger, and part of that merger is a systems conversion. However, since we are a larger bank, the usual approach of performing conversion of everything on one night cannot be taken. Attempts were made to try to run our applications on their environment, but a few major issues were found and progress was very slow at resolving them. Naturally, with target deadlines approaching fast, other solutions were looked at. My team suggested we look at using some sort of virtualization solution, such as VMware Player or Workstation. We were greenlit to start looking into a solution and gather design ideas, specs, and cost.

After some digging and dealing with volume licensing issues, support from VMware, and centralized management, we stumbled upon VMware ACE. For those who aren’t familiar with ACE, VMware describes it best as:

Deploy and manage secure, portable client PC environments across the enterprise and beyond. With VMware ACE, your organization can combine the power and versatility of virtual machines with the security and control of centrally managed PCs, making it easier to:

Manage virtual desktops from a single point of control, even in remote and branch offices.

Increase security and flexibility for secure mobile computing.

Safely extend corporate resources to 3rd party unmanaged desktops.

Basically its a virtual desktop environment using a secure Type II Hypervisor. ACE allows you to create a VM inside of Workstation, and then package it into an ACE package installer, complete with security and lifecycle policies as well as its own copy of ACE Player to run the VM on the target host. Throw in an ACE Management Server, and you now have a centralized place to manage all of your ACE packages, update and centrally push new policies to packages already deployed, activate or deactivate packages in the field, as well as track which VM is running on what physical host.

ACE includes a host of features including support for Windows 7, 128bit AES Encryption of the VM files, SmartCard Support, Kiosk and Unity modes, all while provide an easy solution to deploy a standardized VM image to multiple PCs. It can be managed centrally, without the need for a large infrastructure investment that more complicated virtual desktop solutions require.

In our case, we were under a time crunch, so while a more in-depth virtual desktop solution would have worked wonders, and cut back on some post deployment management task such as patching, AV deployments, troubleshooting and adherence to a gold image standard for all PCs regardless of user interaction, ACE certainly solved the major hurdles the project team was finding. ACE allowed us to create one image, secure it and deploy it across 2000 machines, all while being able to perform a large degree of centralized management. And if all goes well, it appears we may have created a standard deployment solution for future acquisitions going forward.

I certainly think products like this have a valid existence in enterprise environments given the proper circumstances, yet they are overlooked because they may not be considered an enterprise class solution. In our case we needed a quickly deployable solution, with little financial investment, that contained a central management solution, and could be removed quickly post conversion. ACE fit all those needs, and is a great product that I would recommend highly if it fits your requirements. Remember, just because you are an enterprise level IT shop, doesn’t mean you only can deploy enterprise class productions for all requirements that arise. Its always good to think outside the box and explore all options.