How does VMware fit into this picture?

vCenter RoleVMware, a strategic partner for HyTrust, built vCenter to manage VMware vSphere environments. It provides some powerful virtualization management capabilities for fault tolerance, capacity management, and high availability. As organizations begin their push to virtualize tier-1 mission-critical applications however, they frequently discover that vCenter lacks the appropriate capabilities to address certain risks.

Separating “Security” from “Management”First and foremost, as a core element of the infrastructure, vCenter serves in a vital capacity for virtual infrastructure—the “brains” of the operation. As such it should be protected from threats. Even though vCenter has some built-in access control and capabilities, it is a security best practice to separate the management functions from the security functions so that vCenter does not become a single point of failure. Access should be limited not just from within vCenter but rather should be limited to vCenter. Placing vCenter behind the protection of HyTrust Appliance ensures that vCenter remains less vulnerable to improper access and can continue to serve in its primary management function without interruption.

Limited View from vCenter From its vantage point inside the virtual infrastructure architecture, vCenter lacks a comprehensive view. Without the ability to see all host-level operations, it is impossible to control (and log) everything that transpires. HyTrust Appliance provides a single point of visibility and control for all host-level operations, which ensures the consistency in policy that is mandatory for the virtualization of tier-1 mission-critical applications.

Rigid, Hierarchical Access ControlsIn vCenter it’s straightforward to implement role based access controls (e.g. only allow network admins to access networking resources) but extending that model to address today’s higher level use cases is extremely challenging. The unique HyTrust approach of labeling virtual objects allows unlimited flexibility in building and enforcing policy.

Architecture MattersLastly, it is worth noting that vCenter was built from the ground up as a management application, not a security application. As such, vCenter was not built to provide the granularity in policy enforcement that is a requirement for more secure deployments. That lack of granularity in enforcement carries through to the logs, which are quite adequate for troubleshooting but lack the specificity demanded by auditors. vCenter also lacks a federated architecture, which again makes it susceptible to becoming a single point of failure and also makes it difficult to deploy consistent policies across a large enterprise. HyTrust Appliance not only employs a federated architecture but also provides granular object-level controls and granular user-specific logs that will satisfy the scrutiny of any auditor.