Home > Blogs > VMware Workstation Zealot


Horizon FLEX: powerful policy controls

Hello again, Andy here.

Last time I showed you how to build a Horizon FLEX image for mass sharing. This time, I’m going to show you the simple steps needed to ensure that image is securely used.

You’ll be happy to note that there’s significantly less of my shiny red face in this video.

The video concentrates on server controlled dynamic policies. At the time of writing there’s over half a dozen of them, but a customer was quick to correct me when I shared the video, saying  ‘we enforce over 50 policies with FLEX ‘. He is right of course, there are lots of policy decisions you burn into the image at creation time.

The full list of FLEX polices is huge and varies depending upon the client hypervisor (in other words, your mileage may vary). Using a combination of fixed image and dynamic server policy an administrator can specify over 70 distinct control points.

Processor

  • Specify VM memory allocation
  • Specify number of processors assigned to VM
  • Specify number of cores per processor assigned to VM
  • Specify the type of virtualization engine used
    • Automatic, binary, VT-x, AMD-V, VT-x/EPT, AMD-V/RVI
  • Enable / disable acceleration for binary translation
  • Virtualize CPU performance counters
  • Specify process priorities
  • Disable memory page trimming

Storage

  • Map virtual disk to local volume
  • Add virtual hard disk
    • IDE, SCSI, SATA (independent, persistent, non-persistent)
    • New, existing, physical
  • Add virtual CD/DVD
    • ISO, physical (SATA, SCSI, IDE, legacy emulation)
  • Add floppy drive
    • Image, physical
  • Connect CD/DVD at power-on
  • Share local folders with VM
  • Map local folders as network drive
  • Share local folders as read only

Network 

  • Connect network at power-on
  • Create bridge directly to physical network
    • Initially set by admin, user can edit
  • Share host IP address
  • Create private network to host
  • Create custom virtual network
  • Attach to specific LAN segment
  • Custom throttle incoming network traffic
  • Emulate incoming pipe size
    • Modem (28.8Kbps, 56Kbps)
    • ISDN (64Kbps, 128Kbps)
    • Leased line (192Kbps, 1.544Mbps, 45Mbps)
    • Cable (4Mbps, 10Mbps, 100Mbps)
  • Enable VNC access

Hardware

  • Turn USB support on or off
    • Except for keyboard and mouse
  • Specify USB supported level
    • 1.0, 2.0, 3.0
  • Automatically connect new USB devices
  • Add specific USB controller
  • Share Bluetooth devices with VM
  • Connect soundcard on power-on
  • Specify host sound card to use
  • Connect printer at power on
  • Auto-map host printers to VM
  • Add specific printer
  • Hardware accelerate 3D graphics
  • Use host settings for monitor
    • Initially set by admin, user can edit
  • Specify number of monitors to use
    • To a maximum of 10
  • Specify screen resolution
  • Use Retina Mode (mac only)
  • Specify graphics card memory allocated to VM
  • Use enhanced virtual keyboard
  • Share battery info with VM
  • Synchronize guest time with host
  • Specify hardware compatibility level
  • Add parallel port
    • Physical, file
  • Add serial port
    • Physical, file, pipe
  • Add generic SCSI device

User Experience           

  • Go full screen on power on
    • Initially set by admin, user can edit
  • Close application after powering off VM
  • Enable drag & drop between host and VM
  • Enable shared clipboard (cut & paste)
  • Show borders in Unity mode
  • Show badges in Unity mode
  • Add custom colored borders in Unity mode
  • Enable direct access to applications
  • Auto-update embedded VMware Tools
    • Manual, auto, global

Recovery & Protection

  • Revert to snapshot on power-off
  • Auto-create snapshot on power-off
  • Auto-create snapshots
    • Daily, hourly, every 30 mins
  • Specify number of snapshot generations to keep
  • Force local encryption password reset
  • Specify VM expiration date
  • Display custom message for expired VM’s
  • Display custom message for soon expiring VM’s
  • Specify policy server contact frequency
  • Specify policy server contact grace period
  • Remote kill of local VM

Next time, I’ll show you how to easily combine AD, images and policy to give your users the desktop you want them to have.

Thanks and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

This entry was posted in FLEX on by .

About Andy Morris

Andy Morris is a group product line marketing manager for VMware EUC, managing the personal desktop and applications portfolios. Prior to VMware, Andy was VP of product management at Abaca, and worked for AppSense, LogLogic and IBM. Andy holds a computer science degree from DeMontford University.