September 03, 2009, 5:33 AM —
This week VMware is having its annual trade show out in the Bay Area. While I couldn't be there, I wanted to tell you about a product that I had a chance to spend some time with earlier in the year, and produce one of my screencast video reviews on the Hytrust appliance.
The problem with virtualized servers is sort of like Lay's potato chips: you can't just have one. Once you get involved in moving your servers to a VM environment, it becomes harder to manage all the VMs. Yes, VMware has a bunch of tools and they also sell their ESX hypervisor which allows you to load up all your images and manage them, but what is missing from ESX is the ability to handle different rights and user roles: you don't want your users making modifications to your VM configurations, or heavens forbid making copies of the virtual images and taking them out the door.
Hytrust, which sponsored my video, has two different pieces: an appliance that sits inside your data center to segregate management traffic from ordinary users of the VMs themselves. The appliance terminates all SSL and management sessions between the ESX servers and their clients. This ensures that ordinary users can't muck around with the VM configuration, and you can also apply fine-grained security policies to particular administrative rights to enforce separation of duties.
There is also a Web-based console (see the screen shot) that you run to perform all the management operations.
You can also choose from a variety of compliance benchmarks and set them up for different users to be able to just audit, or to also perform remediation. It also integrates with Active Directory, so that you don't have to re-assign particular security roles for your various staff. And, the appliance can grab policies from VMware's VirtualCenter management software.
The appliance can be purchased for as little as $3,000 for software plus $1,000 a year in maintenance fees.
And you cango here to sign up and download a free trial version of Hytrust that will allow you to protect up to three ESX hosts.