Tresys VM Fortress provides an easy-to-use tool to configure and deploy virtualization across an enterprise. The Deployment Manager is used to create "sandboxes" that use SELinux to contain access to system resources. In the first Deployment Manager screenshot, sandboxes are defined and populated with VM images. Note the check box that allows end users to populate the sandbox with VM images from an administrator defined list. This screen shot also defines the network cards the sandbox can access.

The second and third screen shots show the checkboxes that allow access to network cards and shared folders. Access to various other system devices such as removable media and sound cards is configured similarly.

Several system-wide configuration items need to be set for the target system. This screenshot shows one of the system configuration items: listing the network interfaces on the host. Other system-wide options include: setting user names and passwords (and root password), shared folders, and whether other optional utilities (like sshd) are installed on the system. Finally, the "Launcher Options" allows the administrator to determine the what the end user interface looks like. From this option, the user can be presented a Launcher (see screenshot below) that facilitates starting and stopping the VMs and adding or removing VMs from a sandbox, or the VMs can start automatically so that no user interface is needed on the host OS.

After configuring the system security on the Deployment Manager, a set of ISOs are created that include a kickstart file that automates much of the RHEL install process. Because the administrator specified the network interfaces for the sandboxes on the Deployment Manager, we can check these during the install process to make sure the hardware matches the intended configuration. You are also given the opportunity to check the network cables to make sure the ethernet cards are connected as expected.

Once the installation process completes, the user is presented a customized interface based on the limited need to interact with the host OS. The user can change the mouse configuration (left vs right handed), the speaker volume, log off the system, and use the Launcher to manage the VMs. The Launcher won't even show up if the VMs are configured to start automatically. This screenshot shows the limited menu options as well as the "Advanced" view of the Launcher. In the default view, the Launcher doesn't show the sandbox information, it just lists the available VMs.

Root users are provided a more standard Linux user experience with the normal menu options. Root users can also run Tresys Brickwall Professional to modify the SELinux configuration for some of the support services on the system (i.e., sshd, cups). Root users can also manually add and remove VM images from sandboxes and back up the system. Even as root, no changes to the SELinux configuration constraining the sandboxes can be made.