SummaryThere is a problem with which we, as security professionals, have been grappling since security became an issue: separation of administrator duties. Should there be a master administrator, or should there be separate application administrators with rights limited to their apps? More important, how many admins are too many? And what individual rights should they have? How do you enforce those rights? The questions go on and on. Throw a little virtualization into the mix and you have a witch's brew indeed.
HyTrust, essentially, manages admins in a virtual world. It does this by doing four things: it authenticates and verifies admins, it limits and controls access, it provides a real audit trail that can be depended on, and it verifies platform integrity at the hypervisor level. This is access management on steroids for admins. It is, really, a gateway for virtual system administrators.
The user interface is almost precisely like VMware. If your admin is used to VMware, deploying HyTrust will be completely intuitive. Additionally, it does some things that vCenter cannot do, such as adding constraints. For example, it can set rules for what can and cannot be done - and by whom - during the staging of new VMs.
Another important feature is root password vaulting. This allows the automatic assignment of root passwords that are set to expire at some predetermined time. This is good for vendor support engineers, for example.
Hooks into special Intel chips allows hardware-level determination of whether or not the hypervisor has been compromised. While HyTrust is assessing hosts, it can remediate many types of problems that it discovers.
At a glance
Product: HyTrust Appliance
Price: $750 per CPU for each ESX/ESXi host
What it does: A Swiss Army knife for managing the administration and the concurrent security of a virtual system.
What we liked: Think of this as a suite of must-have tools for dealing with all of the day-to-day issues that bedevil security and system administrators.