diff --git a/.esvmrc b/.esvmrc
deleted file mode 100644
index e428a228515..00000000000
--- a/.esvmrc
+++ /dev/null
@@ -1,41 +0,0 @@
-{
-  "defaults": {
-    "plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ],
-    "config" : {
-      "cluster": { "name": "shield" },
-      "indices.store.throttle.max_bytes_per_sec": "100mb",
-      "discovery" : {
-        "type" : "zen",
-        "zen.ping.multicast.enabled": false,
-        "zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ]
-      },
-      "shield" : {
-        "enabled" : true,
-        "system_key.file": ".esvm-shield-config/system_key",
-        "audit.enabled" : false,
-        "transport.ssl": true,
-        "http.ssl": true,
-        "ssl" : {
-          "keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
-          "keystore_password" : "testnode"
-        },
-        "authc": {
-            "esusers.files" : {
-                "users" : ".esvm-shield-config/users",
-                "users_roles" : ".esvm-shield-config/users_roles"
-            }
-        },
-        "authz.store.files.roles" : ".esvm-shield-config/roles.yml"
-      }
-    }
-  },
-  "clusters": {
-    "shield": {
-      "version": "1.4",
-      "nodes": [
-        { "node": { "name": "node01" } },
-        { "node": { "name": "node02" } }
-      ]
-    }
-  }
-}
diff --git a/.esvmrc_active_dir b/.esvmrc_active_dir
deleted file mode 100644
index a6ee25cce35..00000000000
--- a/.esvmrc_active_dir
+++ /dev/null
@@ -1,49 +0,0 @@
-{
-  "defaults": {
-    "plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ],
-    "config" : {
-      "cluster": { "name": "shield" },
-      "indices.store.throttle.max_bytes_per_sec": "100mb",
-      "discovery" : {
-        "type" : "zen",
-        "zen.ping.multicast.enabled": false,
-        "zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ]
-      },
-      "shield" : {
-        "enabled" : true,
-        "system_key.file": ".esvm-shield-config/system_key",
-        "audit.enabled" : false,
-        "transport.ssl": true,
-        "http.ssl": true,
-        "ssl" : {
-          "keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
-          "keystore_password" : "testnode"
-        },
-        "authc": {
-            "esusers.files" : {
-              "users" : ".esvm-shield-config/users",
-              "users_roles" : ".esvm-shield-config/users_roles"
-            },
-            "active_directory" : {
-              "domain_name" : "ad.test.elasticsearch.com",
-              "url" : "ldaps://ad.test.elasticsearch.com:636",
-              "unmapped_groups_as_roles" : "false",
-              "files" : {
-                "role_mapping": ".esvm-shield-config/role_mapping.yml"
-              }
-            }
-        },
-        "authz.store.files.roles" : ".esvm-shield-config/roles.yml"
-      }
-    }
-  },
-  "clusters": {
-    "shield": {
-      "version": "1.4",
-      "nodes": [
-        { "node": { "name": "node01" } },
-        { "node": { "name": "node02" } }
-      ]
-    }
-  }
-}
diff --git a/.esvmrc_open_ldap b/.esvmrc_open_ldap
deleted file mode 100644
index d69b1e6fa5e..00000000000
--- a/.esvmrc_open_ldap
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  "defaults": {
-    "plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ],
-    "config" : {
-      "cluster": { "name": "shield" },
-      "indices.store.throttle.max_bytes_per_sec": "100mb",
-      "discovery" : {
-        "type" : "zen",
-        "zen.ping.multicast.enabled": false,
-        "zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ]
-      },
-      "shield" : {
-        "enabled" : true,
-        "system_key.file": ".esvm-shield-config/system_key",
-        "audit.enabled" : false,
-        "transport.ssl": true,
-        "http.ssl": true,
-        "ssl" : {
-          "keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
-          "keystore_password" : "testnode"
-        },
-        "authc": {
-          "ldap" : {
-            "url" : "ldaps://54.200.235.244:636",
-            "user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"],
-            "group_search.group_search_dn" : "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com",
-            "group_search.subtree_search" : false,
-            "unmapped_groups_as_roles" : "false",
-            "files" : {
-              "role_mapping": ".esvm-shield-config/role_mapping.yml"
-            }
-          }
-        },
-        "authz.store.files.roles" : ".esvm-shield-config/roles.yml"
-      }
-    }
-  },
-  "clusters": {
-    "shield": {
-      "version": "1.4",
-      "nodes": [
-        { "node": { "name": "node01" } },
-        { "node": { "name": "node02" } }
-      ]
-    }
-  }
-}
diff --git a/.esvm-shield-config/role_mapping.yml b/dev-tools/esvm/.esvm-shield-config/role_mapping.yml
similarity index 100%
rename from .esvm-shield-config/role_mapping.yml
rename to dev-tools/esvm/.esvm-shield-config/role_mapping.yml
diff --git a/.esvm-shield-config/roles.yml b/dev-tools/esvm/.esvm-shield-config/roles.yml
similarity index 100%
rename from .esvm-shield-config/roles.yml
rename to dev-tools/esvm/.esvm-shield-config/roles.yml
diff --git a/.esvm-shield-config/system_key b/dev-tools/esvm/.esvm-shield-config/system_key
similarity index 100%
rename from .esvm-shield-config/system_key
rename to dev-tools/esvm/.esvm-shield-config/system_key
diff --git a/.esvm-shield-config/users b/dev-tools/esvm/.esvm-shield-config/users
similarity index 100%
rename from .esvm-shield-config/users
rename to dev-tools/esvm/.esvm-shield-config/users
diff --git a/.esvm-shield-config/users_roles b/dev-tools/esvm/.esvm-shield-config/users_roles
similarity index 100%
rename from .esvm-shield-config/users_roles
rename to dev-tools/esvm/.esvm-shield-config/users_roles
diff --git a/dev-tools/esvm/.esvmrc b/dev-tools/esvm/.esvmrc
new file mode 100644
index 00000000000..5ab0373086c
--- /dev/null
+++ b/dev-tools/esvm/.esvmrc
@@ -0,0 +1,77 @@
+{
+  "defaults": {
+    "plugins": [
+      "lmenezes/elasticsearch-kopf",
+      { "name": "shield", "path" : "file:../../target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" },
+      { "name": "license", "path" : "file:/Users/<user>/.m2/repository/org/elasticsearch/elasticsearch-license-plugin/1.0.0-beta1/elasticsearch-license-plugin-1.0.0-beta1.jar" }
+    ],
+    "config" : {
+      "cluster.name": "shield",
+      "indices.store.throttle.max_bytes_per_sec": "100mb",
+      "discovery": {
+        "type": "zen",
+        "zen.ping" : {
+          "multicast.enabled": false,
+          "unicast.hosts": [ "localhost:9300", "localhost:9301" ]
+        }
+      },
+      "shield": {
+        "enabled": true,
+        "system_key.file": ".esvm-shield-config/system_key",
+        "audit.enabled": true,
+        "transport.ssl": true,
+        "http.ssl": true,
+        "ssl.keystore": {
+          "path": "../../src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
+          "password": "testnode"
+        },
+        "authc.realms" : {
+          "esusers": {
+            "type" : "esusers",
+            "order" : 0,
+            "files" : {
+              "users" : ".esvm-shield-config/users",
+              "users_roles" : ".esvm-shield-config/users_roles"
+            }
+          }
+        },
+        "authz.store.files.roles" : ".esvm-shield-config/roles.yml"
+      }
+    }
+  },
+  "clusters": {
+    "shield": {
+      "version": "1.4"
+    },
+    "oldap": {
+      "version": "1.4",
+      "config": {
+        "shield.authc.realms.oldap": {
+          "type": "ldap",
+          "order": 1,
+          "url": "ldaps://54.200.235.244:636",
+          "user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"],
+          "group_search.group_search_dn": "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com",
+          "group_search.subtree_search": false,
+          "unmapped_groups_as_roles": "false",
+          "files": {
+            "role_mapping": ".esvm-shield-config/role_mapping.yml"
+          }
+        }
+      }
+    },
+    "ad": {
+      "version": "1.4",
+      "config": {
+        "shield.authc.realms.ad": {
+          "type": "active_directory",
+          "order": 1,
+          "domain_name": "ad.test.elasticsearch.com",
+          "url": "ldaps://ad.test.elasticsearch.com:636",
+          "unmapped_groups_as_roles": "false",
+          "files": {"role_mapping": ".esvm-shield-config/role_mapping.yml"}
+        }
+      }
+    }
+  }
+}
diff --git a/dev-tools/esvm/readme.txt b/dev-tools/esvm/readme.txt
new file mode 100644
index 00000000000..3460871b88a
--- /dev/null
+++ b/dev-tools/esvm/readme.txt
@@ -0,0 +1,26 @@
+Running ESVM with Shield
+
+Upgrade/Install:
+npm install esvm -g
+
+Running:
+1) cd to elasticsearch-shield/dev-tools/esvm
+2) modify the elasticsearch-license plugin directory in .esvmrc file
+3-a) For native users
+./esvm
+3-b) For openldap users
+esvm oldap
+3-c) For active directory users
+esvm ad
+
+Users and roles are stored in .esvm-shield-config
+
+Troubleshooting:
+- elasticsearch is installed under ~/.esvm/<version>
+- turn on debug in ~/.esvm/1.4.1/config/logging.yml
+- esvm --fresh will reinstall ES
+- plugins will not re-install, you can remove them manually by ~/.esvm/1.4.1/bin/plugin --remove shield
+- errors during startup will not show up.  If esvm fails startup look in ~/.esvm/1.4.1/logs/*
+
+
+