Sensitive configuration options are encrypted – Passwords stored in the
configuration file are encrypted.
Database security – The database store contains sensitive data such as
cryptographic keys. Configure your database security so that it is protected from
intrusion and protected in case of data loss. For more information about features
that are available to protect your data, see your database documentation.)
SSL encrypts data through the use of a public‐key and private‐key pair. The public key
is known to everyone and the private key is known only to the message recipient.
URLs that require an SSL connection start with https.
During ACE Management Server installation, the following two files are created:
server.key – An RSA 1024‐bit key, this is the private key.
server.crt – A self‐signed certificate. Its signature is verified by the public key,
which is embedded in the certificate. This public certificate is valid for 10 years
from the date and time at which the server is installed. The certificate file is
encoded in PEM format.
By default, these files are stored in the SSL directory in the VMware ACE Management
Server program directory.
VMware Player, which runs the ACE instances, does not trust any certificates stored on
the host machine on which it is running. Instead, it relies on a complete certification
chain that is included in the ACE package. Using self‐signed certificates is adequate for
most security needs.
You can, however, use a certificate issued by a certificate authority. If you have multiple
ACE Management Server instances, you can use one certificate for all or you can use a
different certificate on each one.
Using SSL Certificates and Protocol
When an ACE‐enabled virtual machine connects to an ACE Management Server, it
downloads the public certificate for that server and any chain of certificates required to
verify the server's public certificate. A server certificate might have a chain of several
certificates that must be verified step by step until the verification process reaches the
root, or trusted, certificate in the certificate store. The first time a connection is made to
a server by any ACE‐enabled virtual machine on a Workstation administrator machine,
the certificate and its verification are downloaded to the Workstation host system.
VMware, Inc.
Chapter 2 Planning an ACE Management Server Deployment
21