Had a long rant with my IT department yesterday. I dont want a work laptop. They are locked down completely, you cannot do practically anything personal on them. When I travel I dont want to have to drag around two machines through airport security etc. So Parallels on my Mac is perfect. I use a very clean, i.e. nothing installed but what is needed XP VM to do all my work in. I use a VPN connection that isolates all my work network traffic from the VM while the rest of my Mac can do what it wants on the internet. But technically I am not compliant with all the work policies. I am using my own copy of windows with administrator rights. etc. What I would really like is to create a VM image from, or get a VM image from my IT department that I can run in Parallels. They can have all the admin rights for configuration management purposes on that VM and all the Active directory stuff will work far better than my setup now. But the IT people say that they require SafeBoot on all portable machines and that they cannot encrypt, at the disk level, a VM etc. I would argue that they dont need to for a VM and that the disk file being encrypted on top of the Host machines native hard drive is fine. But, if you want to be able to migrate BootCamp drives to and from VM then, ideally we would want support from the VM environment to use these platform specific tools that are native to the OS in the VM. Seems to me like a huge marketing opportunity if you ask me. If Parallels could market the big IT world with a security feature like that and define the IT departments support boundary cleanly. Because they will want to control the whole box unless you can prove to them why they dont have to. I suppose that might also mean a VM profile that is locked to ensure isolate networking for the VM's vpn connection etc. Personally I hold out no hope at all for my IT dept (govt), but I would like to figure out a way to be compliant with the security requirement of disk encryption. I was a PGP whole disk user till the hosed up with 10.6, and now its sooo expensive. I dont want to encrypt my user account with file vault.. hoses up time machine. Seems like it could be done within the VM with the right VM environment support.. or as a part of the Parallels product itself. But I think tis needed.
