Encrypting and setting up an expiry date for a virtual machine is one of the new features in VMware workstation 10. It continues in every version after it including the latest VMware workstation 15. This would be a handy option in testing environment or if you are preparing a virtual machine for a contractor or third party member who does not need to use the VM after a certain time. This will allow administrators to restrict the virtual machine access automatically by policies and settings while deploying. Here is a step by step guide explaining how to configure the expiring virtual machine in VMware workstation 15 (and earlier versions up to 10) and how it can be renewed or re-used when it is required.
You must have the latest VMware workstation (Version 10 or later) to get this expiry VM feature. Also the particular virtual machine should be encrypted with password to set restrictions and expiry date.
Here is the screenshot shows that both restriction and expiry options are disabled because the particular Virtual machine is ‘Not encrypted’.
How to Configure Expiring Virtual Machine?
1) Go to the settings of a virtual machine and encrypt it.
Encryption process will take some time to complete depending on the size of the virtual machine. Once encryption completed, you could see the enabled restriction options.
When a VM is encrypted with a password, the following dialog box will prompt when you try to power on next time.
2) Click ‘Enabled restriction’ and set a password. This will protect other users from modifying settings of the virtual machine. But still, these users can use encryption password which was created in step-1 to open and power on the particular virtual machine.
But, without knowing the restriction password, a user can’t modify VM settings or export it to a different host.
The ‘Require the user to change the encryption password’ will force the user to change the encryption password when the particular virtual machine is copied or moved to a different host or in the same host.
For example, once this virtual machine is copied or moved to different or same host, encryption password needs to be changed. This option allows the end user to have own different password than original password. It is similar to force a user to change a new password in the Windows domain active directory environment.
In this case, I copied the same virtual machine on the same host computer and opened it, first time I had to enter the encryption password which was set initially, but immediately it popped up to set a new encryption password as shown below.
Remember – This is just a new encryption password to open and run the virtual machine. The restriction password which protects from modifying settings remains same on copied or moved the virtual machine.
‘Allow USB connection’ restriction will restrict the users to connect USB devices to the virtual machine. It is a very useful feature in the production environment to add additional security.
3) The expiry date can be set easily in the next option.
Under Advanced option, you will find expiry messages, time server that VMware workstation will check/synchronize the time and some more options. All settings are very easy to set up. Customizing them will give a professional approach in deploying expiry virtual machine in your environment.
Here is the message appeared when a user tried to open expired virtual machine in VMware workstation 10/15.
4) If you like to extend (Renew) the expiry date or change the date for expired virtual machine or remove expiry settings, you must use the restriction password (configured in step 2) and modify these settings.
This is really a great feature on a desktop virtualization software. It would be great to implement in your production or lab environment by restricting virtual machine access for end users or testers.