Home > Blogs > VMware Workstation Zealot > Category Archives: FLEX

VMware Workstation Zealot

Official blog of VMware Workstation

Category Archives: FLEX

VMware Workstation target at the PwnFest hacking competition

VMware Workstation is among the targets of the PwnFest hacking competition. At this event, which is organized along the Power of Community security conference in Seoul, security researchers are demonstrating their attack capabilities. The event is modeled after the well-known Pwn2Own competition.

Earlier today at the event, the 360 Marvel Team and security researcher Lokihardt (JungHoon Lee) used the same issue to demonstrate that they could execute code on the VMware Workstation host from the guest. We have received details on this issue directly from the researchers and we are now working on a solution. We have confirmed that the issue is limited to VMware Workstation and VMware Fusion and that ESXi is not affected.

We would like to thank the organizers of the event, the 360 Marvel Team, and Lokihardt for working with us to address the issue.

November 13 update
Today, we’ve published VMware Security Advisory VMSA-2016-0019 which documents the release of VMware Workstation 12.5.2 and VMware Fusion 8.5.2. These new Workstation and Fusion versions address the issue that was demonstrated at the PwnFest event. The issue has been assigned CVE identifier CVE-2016-7461.

– VMware Security Response Center and VMware Workstation Team

Workstation 12.5 Pro and Player now available!

Start your upgrade engines!

WS-125-boxes

The Workstation team is proud to announce general availability of VMware Workstation 12.5 Pro and VMware Workstation 12.5 Player! These updates are free for all VMware Workstation 12 Pro and Workstation 12 Player users.

Buy or Upgrade Now!

Users on Workstation 7 and greater are now eligible for upgrade pricing!

Current customers can grab the bits from below, or from our in-app upgrade feature:

Workstation Pro

vmware.com/go/getworkstation

Workstation Player

vmware.com/go/getplayer

Workstation Player works best for businesses when paired with Horizon FLEX. Did you know you can manage a whole fleet of user’s local virtual machines from a single management console?

This release supports the latest Windows 10 Anniversary Edition from Microsoft, and is ready to support Windows Server 2016 upon its release.

This release also includes numerous bug fixes, security updates and performance improvements, including:

A Linux host with kernel 4.6 fails to launch Workstation because the vmmon and vmnet drivers are not built successfully. This issue is resolved.
If you configure Revert to snapshot when a VM is powered off from Options-> Snapshots, the VM actually reverts to a snapshot when suspended. This issue is resolved.
On Windows Server 2016 Technical Preview host, help links do not appear. This issue is resolved.
Workstation menu View->Fit Guest Now does not work for Windows Vista guest with VMware Tools installed. This issue is resolved.
If your Windows host has an NVDIA GPU, you might hit the VMware Workstation unrecoverable error: (svga) when running a 3D application in the guest. This issue is resolved.
VMware Workstation Pro resolves an issue where you cannot boot virtual machine on a 64-bit Braswell N3150 processor and the following error appears:
- MONITOR PANIC: vcpu-0:VERIFY vmcore/vmm/main/cpuid.c:376 bugNr=1036521.
The guest OS uses the full amount of memory allocated to the virtual machine even if you try to limit the amount of memory used by the guest OS through the BCDEdit ‘truncatememory’ option. This issue is resolved.

There are many more fixes, please check out the Release Notes for Workstation Pro and the Release Notes for Workstation Player for more detail.

In Other News…

Did you hear we’re giving away 20 Oculus Rift headsets?

What are our users saying?

We put a camera in front of the door to our VMworld 2016 session (which you can watch here!) Well, in a couple of words, it sounds like this:

Horizon FLEX 1.5 now shipping

Horizon FLEX 1.5

Andy here again. I’m delighted to announce that Horizon FLEX 1.5 is now shipping. This update is huge. We’ve got server side improvements, client side improvements, probably even improvements in the bit that connects the two!

Sorry, I’ll try and be serious, this is after all a very big deal. It’s been just 6 months since we shipped Horizon FLEX 1.0, and less than 3 months since we shipped 1.1. This release adds many of the features you requested.

The ability to remotely wipe a VM from a host machine
Granular control over USB devices
Policy control over a common file system between the host and client
More lenient user controls over RAM and CPU allocation
Greater integration with Active Directory for encryption / decryption
Limit to single instance of virtual image

We’ve even improved the way you distribute the Horizon FLEX Clients, and added the ability to make a desktop shortcut for your virtual image. Your users are going to love this.

Watch the introductory video below to learn more.

To access the software, just sign in to your account and download it from either support or from the store.

Thank you.

Horizon FLEX: giving users the desktop they need

It’s finally here, the day you’ve been waiting for, how to define a Horizon FLEX entitlement!

Hello, it’s Andy again. Today’s short video once again features a shiny me, but it’s thankfully very short: just over 90 seconds after you skip all the fancy bumpers we put at the front and back of it.

To recap, in part one I showed you how to build a Horizon FLEX compatible image. In part two, I showed you how to define acceptable use policy for groups of people. In today’s lesson, we’re going to take everything we’ve learned so far, sprinkle it with AD groups and build entitlements.

Entitlements are just the fancy way of saying that the people in accounting get access to a different image than the one you give the sales people, and those differing images can operate under different acceptable use polices.

The next section on the Horizon FLEX administrator’s console shows all the VM’s that are in use, what policies are being enforced, and even gives you the ability to tweak the settings for a specific user.

Machines in use

Bonus point! If you’re using VMware Mirage to manage your virtual images (and you really should) that information appears in the console too. Fantastic.

Next time, I think I might show you sometime I call my Russian Doll demo. It showcases why more people use VMware hypervisors than any other. It’s truly mind blowing.

Thanks and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

Horizon FLEX: powerful policy controls

Hello again, Andy here.

Last time I showed you how to build a Horizon FLEX image for mass sharing. This time, I’m going to show you the simple steps needed to ensure that image is securely used.

You’ll be happy to note that there’s significantly less of my shiny red face in this video.

The video concentrates on server controlled dynamic policies. At the time of writing there’s over half a dozen of them, but a customer was quick to correct me when I shared the video, saying ‘we enforce over 50 policies with FLEX ‘. He is right of course, there are lots of policy decisions you burn into the image at creation time.

The full list of FLEX polices is huge and varies depending upon the client hypervisor (in other words, your mileage may vary). Using a combination of fixed image and dynamic server policy an administrator can specify over 70 distinct control points.

Processor

Specify VM memory allocation
Specify number of processors assigned to VM
Specify number of cores per processor assigned to VM
Specify the type of virtualization engine used
- Automatic, binary, VT-x, AMD-V, VT-x/EPT, AMD-V/RVI
Enable / disable acceleration for binary translation
Virtualize CPU performance counters
Specify process priorities
Disable memory page trimming

Storage

Map virtual disk to local volume
Add virtual hard disk
- IDE, SCSI, SATA (independent, persistent, non-persistent)
- New, existing, physical
Add virtual CD/DVD
- ISO, physical (SATA, SCSI, IDE, legacy emulation)
Add floppy drive
- Image, physical
Connect CD/DVD at power-on
Share local folders with VM
Map local folders as network drive
Share local folders as read only

Network

Connect network at power-on
Create bridge directly to physical network
- Initially set by admin, user can edit
Share host IP address
Create private network to host
Create custom virtual network
Attach to specific LAN segment
Custom throttle incoming network traffic
Emulate incoming pipe size
- Modem (28.8Kbps, 56Kbps)
- ISDN (64Kbps, 128Kbps)
- Leased line (192Kbps, 1.544Mbps, 45Mbps)
- Cable (4Mbps, 10Mbps, 100Mbps)
Enable VNC access

Hardware

Turn USB support on or off
- Except for keyboard and mouse
Specify USB supported level
- 1.0, 2.0, 3.0
Automatically connect new USB devices
Add specific USB controller
Share Bluetooth devices with VM
Connect soundcard on power-on
Specify host sound card to use
Connect printer at power on
Auto-map host printers to VM
Add specific printer
Hardware accelerate 3D graphics
Use host settings for monitor
- Initially set by admin, user can edit
Specify number of monitors to use
- To a maximum of 10
Specify screen resolution
Use Retina Mode (mac only)
Specify graphics card memory allocated to VM
Use enhanced virtual keyboard
Share battery info with VM
Synchronize guest time with host
Specify hardware compatibility level
Add parallel port
- Physical, file
Add serial port
- Physical, file, pipe
Add generic SCSI device

User Experience

Go full screen on power on
- Initially set by admin, user can edit
Close application after powering off VM
Enable drag & drop between host and VM
Enable shared clipboard (cut & paste)
Show borders in Unity mode
Show badges in Unity mode
Add custom colored borders in Unity mode
Enable direct access to applications
Auto-update embedded VMware Tools
- Manual, auto, global

Recovery & Protection

Revert to snapshot on power-off
Auto-create snapshot on power-off
Auto-create snapshots
- Daily, hourly, every 30 mins
Specify number of snapshot generations to keep
Force local encryption password reset
Specify VM expiration date
Display custom message for expired VM’s
Display custom message for soon expiring VM’s
Specify policy server contact frequency
Specify policy server contact grace period
Remote kill of local VM

Next time, I’ll show you how to easily combine AD, images and policy to give your users the desktop you want them to have.

Thanks and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.

Horizon FLEX: remote image management and policy enforcement

Hi, I’m Andy from VMware.

Today I’d like to show you something exciting from VMware that may not have made it on to your radar – remotely managed policies for Player Pro users!

Back in December we launched a new product called Horizon FLEX. The concept behind FLEX is simple, Player Pro & Workstation are fantastic for you on your PC or Linux box, but can be a little bothersome for the person responsible for rolling out 500 copies of them to everyone in sales, or worse, to your senior exec team.

Horizon FLEX matches AD credentials against your library of managed virtual images, makes them available to valid users, and then enforces best practice use policies. It’s incredibly simple for your users to use, and gives you peace of mind that your containerized desktops are secure, licensed, and being used by only the right people.

Here’s a 2 minute video of me sweating under the studio lights that should give you a flavor for what Horizon FLEX can do for you.

Great – that’s the marketing fluff out of the way, but I know as seasoned Player Pro / Workstation users you’re more interested in how different this is from the process you already have in place. So here’s another 2 min video that demonstrates the various steps.

One of things I don’t make clear in the video is ‘why are there two passwords?’ This is our cunning plan to give you extra flexibility. The first password is used to encrypt the virtual machine image and needs to be given to the user in order for them to access the image. The second password is an IT-only security switch. Using this, you can remote into your users’ computer and change the VM settings that are normally out of their reach. It gives you the ability to fine tune the performance of a VM without having to open all the dangerous controls to users who probably won’t know the right way to use them.

Next time I’ll show you how to define that policy I mentioned.

Thanks for reading and if you’d like to know more, or to download a free trial of Horizon FLEX, please click here.