Can I send clients a pre-configured Virtual Machine?
Solution 1:
Okay, there are several posters here saying that you need to know more before you attempt this...
I totally disagree.
It's actually really straightforward to stick a VM on a drive and boot it up at a client. I've done this with Windows Hyper V VMs. Lots of companies do this. I personally don't even bother going through the 'export/import' procedure - I simply take the virtual hard drive (which is just a file anyway so carry it on a USB stick, RDX drive, USB drive or whatever) and configure it as a new virtual machine on the clients server, joining it to their domain.
I think the security issue is a red herring. Clients in the SMB sector who trust you to do work for them already are likely to say 'uh.. the server is over there' and let you get on with it. I'm speaking as someone whose company is certified for information security (ISO 27001) and never gets asked about it.
In a Windows environment you are going to have to think about whether your client's' licensing covers the virtual machine. From a licensing point of view, the poster who suggested vApp in ESXi may be on to something.
If you've already written an app that a client wants, you're really not going to find distributing it as a VM to be technically challenging. Sensibly you will always deliver products to a client with a legal contract in place and it might be worth adding a clause saying that you are not responsible for the VM becoming a virus laden hulk because your client hasn't patched it as part of their environmental management scheme. Take care of that and just go for it.
Solution 2:
It's certainly possible to ship or send a virtual disk or a whole machine folder. I've done it with VDMK disks, merely copy it to a USB and move it, then import to a datastore.
As for would SysAdmins/CTO's allow it? Well, it would depend on the company, not asking us, and I imagine Licensing would get a bit interesting. Would you be happy if someoneone gave you a virtual machine/virtual appliance and said "here you go. It's perfectly safe, really, honestly". You'd want proof that there's nothing nasty or could compramise the network, plus the client would also probably want to configure it to their network, naming structure, etc. There are a incredible amount of security/legal issues and if you don't nail them down right then you could be facing a whole load of hurt.