HyTrust saw the virtual handwriting on the wall and undertook to determine what aspects of virtualization, especially security, needed a new approach. They focused on the hypervisor and that means they were targeting VMware's Virtual Center. HyTrust sees an opportunity to address an inherent weakness in managing the virtual infrastructure: policy enforcement at the platform level. Currently, their product supports VMware ESX and ESXi releases 3.5 and 4.0.
Hytrust's product is an appliance that is intended to be used to build and deploy what the company refers to as "operationally ready" virtual infrastructures. These infrastructures aim to provide security, compliance and IT controls. The key to the HyTrust appliance is that it sits between vCenter and all of those administrators who may need to access it.
The HyTrust Appliance is used to set the policies that determine who can access what at the hypervisor level and it provides security, access control and compliance management and auditing. The goal is to make the virtual infrastructure appear as a physical environment to the users. Administrators of virtual systems have multiple tasks to perform, such as resource allocation, network configuration changes and virtual machine manipulation. Sometimes this means accessing the infrastructure directly. It is useful to have some controls over this access, and that includes robust logging. And that is where the HyTrust tool comes in.
With all of that said, what does the appliance actually do? The best way to position it is policy. This is a policy-driven device and, as we know, policy-driven devices simplify the tasks they are intended to support, provide good centralized auditing and address compliance issues. This tool is no exception.
Areas that the HyTrust Appliance covers include role-based access control to the infrastructure, object-based enforcement of the policies, auditing and simple, template-based configuration. In short, it centralizes all access control through a proxy approach that allows strong authentication using tokens.
This was a first-rate presentation at the SC World Congress. The presenter was well-rehearsed and he finished his presentation in under the allotted time. He responded well to our questions and did not meander into marketing hype. Rather, the meat of the presentation was a discussion of the product itself. The virtual world is an emerging, but extremely important, market. We saw this approach to managing the administration of the infrastructure as critically important.
We also anticipate that with the advent of large-scale cloud computing, especially private clouds, some scalable, security-focused, auditable method of managing the infrastructure itself is absolutely necessary. We think this product has the potential to provide those capabilities. I like that the product is targeted at the bare-metal implementation of the hypervisor, since that is the emerging environment for virtualized and cloud computing. I also like that it has robust logging/auditing because the entire evolution of virtualization presents significant challenges to compliance reporting. This is largely because the audit capabilities in the virtual world have not yet caught up to those in the physical world.
The virtual world also presents a few challenges of not quite so much concern in the physical world. For example, there really are two levels of the architecture (at least): the bare metal (hypervisor level) and the virtual machine level. These two parts of the virtual environment have very different management, logging and access control requirements. There is a tendency to treat each as we do in the physical world, but when we merge the physical world with the virtual world we may lose some important controls and logging.
What that means is that connecting into the virtual world from the physical world is not quite the same as connecting solely within the physical environment. An example of that is firewalling. Failing the presence of a virtual machine-aware virtual firewall, it is very difficult to firewall virtual machines from outside the virtual environment. Solving the problem of managing the virtual environment at its various levels is an important objective going forward, and we think that the HyTrust product may show promise in that regard.
There was nothing that I didn't like about this product, given, of course, that demoing the product was not part of the presentation. I am sufficiently interested in the HyTrust Appliance that I plan a demo shortly. For your part, if you are virtualizing or have begun the virtualizing process, you know well the challenges that this product can solve for you. I think that it almost is axiomatic that this type of innovation is most likely to come from smaller companies seeking out an important niche to fill and this product is no exception to that supposition. Take a look at this one. It may well become de rigueur for the well-equipped VMware virtual environment.
Product: HyTrust Appliance
Cost: $3,000 per virtual appliance.
The problem it solves: Secure management, access control and compliance-level logging of virtual environments at the infrastructure level.
What we liked: The positioning of the product in securing and managing the virtual world at the hypervisor level.
What we didn't like: Nothing. This product has lots of potential.