Security-conscious IT managers stand to gain a promising new option today, as a novel tool from software virtualisation pioneer VMware enters beta testing.

VMware ACE (Assured Computing Environment) is designed to provide a virtual machine (VM) desktop that can link to corporate networks and applications with precisely-tailored permissions.

It could offer an attractive means to govern access rights for mobile staff, teleworkers and contractors.

Administrators can configure VMs to stop users installing their own software, or copying corporate data onto hard disks or removable media. Expiration options allow the VM's functions to be disabled after a particular date. ACE VMs can be distributed with all the runtime software needed to host the VM, so that the recipient need only load a DVD into their system, from which the VM automatically runs.

"We think this is the first exciting thing to happen to the enterprise desktop for a long time," said Michael Mullany, VMware marketing vice-president. "Spyware, adware and viruses mean that few firms allow remote workers to connect their home PCs or laptops to the corporate LAN. Using ACE, these users can run their enterprise applications inside a VM on their own computers."

Some testers said that ACE can also be used to provision corporate desktops over the LAN, or to manage distributed services such as e-learning.

"It's an absolute doddle to use," said Dave Parsons of ALG Software, a business performance software developer that has been testing ACE. "It does not create the ISO image (for CD-ROM or DVD media), but it splits the VM data into appropriate files. We use the ACE management tools, which are similar to VMware Workstation, to create and package a virtual machine for distribution. The package includes the VM, plus the VMware software needed to run it." ALG plans to use ACE for customer training, and expects to make substantial cost savings.

"I can decommission server equipment from the training room to produce cost savings," Parsons said. "I expect similar savings in other areas such as our foreign training sites," he added.

Many IT chiefs have been considering virtualisation for provisioning corporate desktops, but previous VM products have not been designed to prevent users from tampering with configurations of VMs, such as those for network connections or firewall settings.

The news comes at a time when virtualisation technologies are being widely evaluated. Earlier this month, Intel president Paul Otellini said that the chip giant would soon launch new chips to enable desktop systems to run multiple operating systems concurrently using VMs.

For the latest news for IT professionals, visit ITWeek.co.uk