HyTrust updates security appliance and moves into the cloud

As virtualization continues to strengthen its grasp over both private data centers and public cloud computing environments, one of the biggest barriers that continue to surface is the need to address and extend security measures.

HyTrust, a provider of access control and policy enforcement for the virtual infrastructure, is trying to fill that gap. The company launched out of stealth mode in April 2009 by announcing its first product, simply called the HyTrust Appliance, which was used to lock down and secure VMware ESX hypervisors and provide an audit trail for every touch point within the hypervisor or the virtual machine. The original security product was available as either a physical or virtual appliance, and it provided immediate support for VMware Infrastructure 3.5 environments and planned support at a later date for VMware vSphere 4.0, Citrix XenServer, and Microsoft Hyper-V.

During VMworld 2010, the company made a few announcements that extend HyTrust further into the VMware and cloud computing security world.

The first concerns a new tool called HyTrust Cloud Control and out-of-the-box integration between HyTrust Appliance and VMware vCloud Director. The combination of the two solutions provides strong authentication, role-based accessed control, security, and visibility to VMware-based clouds. This offering should address key security and compliance concerns of enterprise organizations that are considering migrating their applications from a private virtualized data center to a multitenant public cloud service.

Eric Chiu, president and CEO of HyTrust said, “HyTrust addresses those concerns head-on by allowing enterprises to maintain and extend their policies into the cloud while giving them the visibility they need to ensure compliance.”

Cloud Control offers strong authentication and role-based access control along with audit capabilities to help certify that an organization’s data is protected in the cloud. Consumers can see who has and doesn’t have access to their cloud applications and data.

Other specific capabilities provided by HyTrust Cloud Control include multifactor authentication and federated identity; persistent zoning for multitenancy; granular role-based access control for separation of duties; detailed audit logging for compliance; and hardening and monitoring of the cloud services platform.

HyTrust also announced it is expanding its partnership with security vendor RSA (RSA is owned and operated by EMC, which also owns VMware). The company is adding integration into the RSA enVision platform for Security Information and Event Management (SIEM). Doing so will provide a more comprehensive assessment of security events from across the entire enterprise.

The appliance should integrate well with RSA enVision. The HyTrust appliance’s detailed logging and auditing information will get passed to enVision for deeper analysis and archiving. This information can be rolled up into a broader set of logs that would include information from VMware hosts and vCenter for a more holistic view of the entire environment. Capturing and collecting the data is one thing, but it’s what you do with it afterward, the analytics, that make it interesting and useful.

Finally, HyTrust also announced an upgrade to its HyTrust Appliance to version 2.1, bringing with it added capabilities for more flexible infrastructure segmentation and role-based management. No longer offered as a physical appliance, the new version comes only as a virtual machine appliance. And the company no longer seems to have much interest in supporting other hypervisor platforms, as it remains focused on VMware technology. HyTrust 2.1 supports the latest version of VMware vSphere 4.1, VMware vSphere Hypervisor, and the forthcoming vCloud Director extensions for creating multitenant clouds.

The updated HyTrust appliance also has active-active high availability clustering; in case one of the two HyTrust images crashes, the system will continue to perform the auditing work.

Significant improvements have been made to audit logs as well, allowing archiving of all vCenter events into a centralized SysLog repository as well as compliance-related configuration reporting without post processing.

Other areas of improvement include support for smart card two-factor authentication; support for complex, multi-domain directories; and single sign-on via Windows pass-through authentication.

But perhaps one of the more interesting updates is the additional support for access to virtualization resources at the network layer, specifically for the Cisco Nexus family of switches. The appliance adds support for Cisco Nexus 7000 end-of-row and Nexus 5000 top-of-rack switches, but it is the support for the Cisco Nexus 1000V switch that is most interesting. The new appliance will be able to perform authorization of Nexus 1000V command-line statements on a very granular level.

The HyTrust Appliance will be available in September priced at $750 per CPU for each VMware ESX hypervisor host. The company is also offering a Community Edition as a free full-featured version of the product that supports up to three hosts to get you started.

This story, “HyTrust updates security appliance and moves into the cloud,” was originally published at InfoWorld.com. Follow the latest developments in virtualization and cloud computing at InfoWorld.com.