HyTrust, Inc. US Headquarters
1975 W. El Camino Real Suite 203
Mountain View, CA 94040, USA
Phone: (650) 681-8100
Toll Free: (844) 681-8100
Fax: (650) 681-8101
Phone: (650) 681-8100, option 2
The agility and power of virtualization and cloud packages such as VMware ESXi have brought new capabilities in terms of automation, time to market and general flexibility to IT organizations around the world. However, the same factors that have contributed to the tremendous success of virtualization and cloud also mean that the hypervisor is a prime target for hackers and a prime candidate for enhanced security.
Of course, the outsider isn’t your only concern, you need to worry about insiders as well. With the coming of new technologies such as NSX, you need to consider how to keep virtual administrators in their appropriate “swim lanes”. Role and asset-based access control help you define who can do what to which objects, with workflows supporting secondary approval for sensitive or high impact operations in addition to integration with Active Directory to help ensure a seamless deployment.
Generally speaking comprehensive logging is useful, particularly when trying to troubleshoot. In cases where you have to do forensic cleanup after a breach, comprehensive logs are indispensable. Furthermore, most regulations like HIPAA, PCI-DSS and the like require certain information like unique userids, source IP addresses, before and after states of reconfigured resources as well as record of failed or denied operations. We capture all of these and more, helping with compliance, forensics and troubleshooting.
HyTrust CloudControl can assess VMware vSphere hosts to identify configuration errors using pre-built assessment frameworks, such as PCI DSS, C.I.S. Benchmark, VMware Best Practices, or even custom user-defined templates. The solution actively eliminates configuration problems quickly and easily via active remediation. It also allows proactive monitoring of hosts, eliminates configuration drift, and ensures ongoing compliance according to a defined standard, all without manual effort or scripts.
Virtualization has changed the world of IT forever. We now have tremendous agility and the ability to spin up infrastructure in seconds, but these advances have not come without challenges.
In the past, storage, compute and networking were all managed via different interfaces owned by different groups in IT. With the coming of VMware NSX, everything can be managed by a single interface. Do you really want your server team making changes to the network? Do you really want your network guys rolling out servers?
Access Control for NSX allows you fine grained control over who can do what. RBAC – Role-Based Access Control, allows audit (and security best practices) friendly Separation of Duties and Least Privilege. Strong authentication including Two Factor Authentication such as RSA SecurID and CA Authminder as well as RADIUS and TACACS+ support help ensure the right people have access to your admin console. Enhanced logging helps not only with compliance but also trouble shooting.
Access control is fine grained, with dozens of NSX specific permissions and six new NSX specific, predefined admin roles such as Network Engineer, Firewall Admin and Security Auditor. Better yet, all roles are customizable, ensuring that the tool adapts to meet your needs rather than you having to adapt to the software.