You can encrypt your virtual machine with a password to control access to the virtual machine and its contents. If you have Fusion Pro, you can also enable restrictions for the virtual machine to prevent users from changing certain virtual machine settings and to set an expiration date and time for the virtual machine.

When you enable restrictions for a virtual machine, you can set an expiration date and time for the virtual machine.

Use these guidelines when configuring encryption and restrictions:

  • If you have a Fusion license, you can enable and disable encryption only if the virtual machine does not already have restrictions enabled.

  • If restrictions are already enabled for a virtual machine, you can change encryption and restrictions settings only if you have a Fusion Pro license. If you have a Fusion license, encryption and restrictions settings are read-only. You can change only the encryption password.

  • Restrictions policies are enforced only on virtual machines that are compatible with Fusion 5 and later.

Prerequisites

  • Suspend or shut down the virtual machine.

  • If you plan to turn on restrictions for the virtual machine, verify that you have a Fusion Pro license.

Note:

These instructions do not apply to Horizon FLEX virtual machines. To create a Horizon FLEX virtual machine, you must use Fusion Pro with a Horizon FLEX license. For information about encrypting and enabling restrictions for Horizon FLEX virtual machines, see the VMware Horizon FLEX Administration Guide.

Procedure

  1. Select Window > Virtual Machine Library.
  2. Select a virtual machine in the Virtual Machine Library window and click Settings.
  3. Under Other in the Settings window, click Encryption & Restrictions.
  4. Select Enable Encryption and set the encryption password.

    The password must be six characters or longer.

    Important:

    Make a record of the encryption password. If you forget the encryption password, Fusion does not provide a way to retrieve it.

  5. (Optional) To store the encryption password in the Keychain password management system on your Mac, select Remember Password.
  6. Click OK.
  7. (Optional) (Fusion Pro only) To enable restrictions for the virtual machine, perform these steps.
    1. Select Enable Restrictions and set the restrictions password.
      Important:

      Make a record of the restrictions password. If you forget the restrictions password, Fusion does not provide a way to retrieve it.

    2. Click Configure.
    3. On the Restrictions tab, select the appropriate restriction options.

      Option

      Description

      Require the user to change the encryption password

      If the virtual machine is moved or copied, this option requires the user to change the encryption password for the virtual machine.

      Allow USB devices to be connected to this virtual machine

      USB device connections are allowed.

    4. On the Expiration tab, set the appropriate expiration options.

      Option

      Description

      Restrictions Management Server

      Specify any server that supports the HTTPS protocol to use as a trusted time source for the virtual machine.

      Server contact frequency

      Set the frequency with which the virtual machine contacts the server for a time check.

      Maximum time the virtual machine can be used without server contact

      Select how many days the virtual machine can be used without having to contact the time server.

      Expire the virtual machine after

      Set the date and time on which the virtual machine expires. After the virtual machine expires, you can delete or extend the expiration date.

    5. On the Messages tab, specify custom messages to show when the virtual machine has expired or is about to expire.
    6. On the Certificates tab, add certificates the virtual machine trusts when contacting the time server.
    7. Click Save.
    8. Click the Lock icon to lock restrictions on the virtual machine.

      After a virtual machine is locked, users must provide the restrictions password to edit the current restrictions.

Results

The virtual machine is encrypted. Users must provide the encryption password to open the virtual machine.

If you enabled restrictions for the virtual machine, many virtual machine configuration settings are hidden from the user of the virtual machine. To change these hidden virtual machine settings, users must have Fusion Pro and provide the restrictions password.

If you set an expiration date for the virtual machine, the virtual machine verifies the time and compares it to the expiration date when it is powered on. While running, the virtual machine periodically checks the time and stores all successful time stamps as the last trusted timestamp. If the last trusted timestamp exceeds the date set for the virtual machine expiration, the user receives a warning message and the virtual machine is suspended.