I had been meaning to give HyTrust some more love. After winning the Best of Show & Gold award at VMworld 2009, it is more than worth checking out.
(Note: I generally try to shy away from writing “promo” type posts and the like, however I strongly believe in HyTrust, and what they provide in the way of security for your virtualizaiton environment. I should also note here… that this is not a paid review, nor was it prompted by the HyTrust folks in any way.)
What is HyTrust
From the HyTrust site:
The HyTrust™ offers a centralized, single-point-of-control for virtual infrastructure access, policy management, security configuration, and compliance. By combining the same control mechanisms of the physical world into a comprehensive solution for virtual infrastructure, HyTrust cost-effectively enables virtual infrastructure to achieve the same level of operational readiness as that of physical infrastructure.
Essentially, the HyTrust appliance functions as an intelligent proxy of sorts for all commands going into and out of your VMware environment:
Basically it allows you to filter all of your multitude of connections (SSH, API, vSphere Client, etc) through a single proxy that allows for fine grained control of actions against the infrastructure. It also provides a method for logging access centrally, that can cover both vCenter, the vSphere client, and any direct host manipulation (ssh, etc). In other words, it gives you one spot to look when you have an incident, rather than piecing together logs from multiple sources.
How do I try it? (Community Edition)
Well, while all of the above is fine and dandy, if you’re anything like me, you will want to kick the virtual tires in a lab setup. To do this, HyTrust provides a free Community Edition. The community edition will protect up to three hosts (great for the vSphere starter editions!), and can be downloaded after signing up at the HyTrust site. As the Community Edition is offered as a vApp, installation is a snap, download and deploy.
There are some configuration tasks to be taken care of afterwards, but… they are covered in the “installation” pdf (just below the download of the Community Edition). For a PDF, it’s quite good, and covers the basic “Demo” setup, as well as tying it to Microsoft Active Directory, including setting the permissions it requires 🙂
I strongly encourage you to go forth and give it a go.