Segmenting the infrastructure

One of the huge benefits of virtualization is the compression of multiple physical layers of systems into a much more manageable, single, logical system. Rather than having physically separated servers and network switches, for example, all of that hardware gets flattened down into a logical representation, making it far easier to perform tasks like backup, disaster recovery, etc. The flip side of this equation is that, because previously physical components are now just logical applications or services running on the host, it is potentially far easier to purposely or even inadvertently disrupt operations.

The simplest way to illustrate this risk is via the virtual network switch. In the physical world, the network switch is not only tucked away in a server closet but may have locks on the rack, keycards on the doors, cameras in the room, redundant power sources and built-in hardware bypass. In the virtual world however, a simple right-click of the mouse on the virtual switch brings up a dialog box to power down the device. This presents a significant risk to organizations that rely on these virtual machines as part of their core infrastructure (e.g. switches, firewalls, mail servers, directory servers, etc.)

HyTrust Appliance can eliminate these risks by providing strict access control over which individual or role is allowed to access the virtual infrastructure. HyTrust Appliance can granularly determine on a command-by-command basis what tasks each individual is entitled to perform, eliminating the possibility that an individual can shut down pieces of the infrastructure without express permissions. And HyTrust Appliance can also define the relationships between objects with the virtual infrastructure via Object Policy Labels, similar to "Web 2.0 tagging" for virtual infrastructure objects, which enables better organization and tighter, more consistent controls.