The HyTrust Appliance provides access control, hypervisor hardening and logging for virtual environments. The 2.0 version, announced today, adds new features, including policy federation for global enforcement of administrator roles and access restrictions. Other updates include a root password vault that offers tighter control over administrator access to virtual machines and fully-indexed search for access to the entire virtual infrastructure.
HyTrust, which focuses on the enterprise market, is a virtual appliance that runs in a VMware ESX environment. At present the product only works with hypervisors from VMware. The company also partners with Cisco Systems, which recently introduced a Nexus 1000V virtualized switch and the UCS large-scale blade server platform targeted at virtual environments. Cisco also recently participated in a $10.5 million round of venture funding for HyTrust, along with three VC firms. This is the company's second round of VC funding.
The policy federation feature lets a system administrator connect multiple HyTrust appliances, and even if they are in datacenters scattered around the world, it enables them to have policies and configuration templates automatically replicated between all of those appliance nodes. The root password vault restricts root account access within a virtual system. To restrict that access, HyTrust issues a machine-selected password to a legitimate system administrator that needs access for maintenance or other administrative tasks. The password works for no more than 24 hours, after which the password is revoked. The next time an administrator wants access to the root account, HyTrust issues an entirely new password.
The virtual infrastructure search function operates like a Web search engine for virtual environments, says Eric Chiu, CEO of HyTrust. As virtualization extends from servers to storage, the network and other components, complexity grows. "If you have 1,000 host servers and within them a total 10,000 [virtual machines], how do you find and manage anything in that environment?" he says. The search function lets a system administrator find virtual servers or other virtual resources and manage them. An administrator can search for VMs with the word "payment" in them, for instance, and manage those for PCI compliance. "If you're looking for any object in your environment, you can type it in, hit enter, and all of the results that match will come up," Chiu says.
The HyTrust Appliance Standard Edition is $500 per socket and is licensed on a per-host basis on the number of CPUs. The Enterprise Edition, which includes the root password vault, is $750 per socket.