Centrally stored, locally run policy managed macOS VMs
VM Policy Management
- Manage VMs access to local and remote resources and functionality with policies
- Defined as a combination of Users/Groups and Rules
- Structured as a JSON file for extensibility
- Define global policy or VM specific policy
- Managed centrally or in a distributed manner
- Private key based security for the Policy file


VM Configuration and Control
- Control VM access to resources – RAM, CPU, etc
- Limit VM runtime actions – Networking, disk access, USB device access, shared folders
- Set Group based controls for large client base
- Configure fine grained specific user based controls
VM Encryption
- On the Fly Encryption (OTFE) for disk image
- aes-ecb encryption algorithm supported
- Integrated with VM policy for even tighter control on VM security


Registry
- Stores policy managed macOS VMs, similar to other container image and tag registries
- Exposes simple pull commands in anka client to deliver policy managed VMs on user mac workstations
- Supports certificate based push and pull actions to restrict access to the managed VMs
- Communication protocol between Anka Secure Client and registry is designed to support incremental pull and push for responsive user experience