security

Cisco and Granite Ventures invest in Hytrust

Duncan Epping · Feb 24, 2010 ·

I just received the following announcement and thought it would be interesting for you as well:

HyTrust, Inc., the leader in policy management and access control for virtual infrastructure, announced today that it has secured $10.5 million in Series B financing. New investors Granite Ventures and Cisco Systems participated in the round of financing, as did existing investors Trident Capital and Epic Ventures. Len Rand, partner at Granite Ventures, will take a seat on the HyTrust Board of Directors. HyTrust will use the capital to drive development, sales and marketing, and fuel the company’s next stage of growth.

“We are excited to welcome Cisco not only as a HyTrust partner but now also as a strategic investor,” added Chiu. “It’s great validation for HyTrust when the worldwide leader in networking places its confidence, via financial backing, in our approach to policy management and access control for virtual infrastructure. We look forward to deepening our relationship with the Server Access & Virtualization business unit at Cisco, tightening our existing integration with Cisco Nexus 1000v and Unified Computing System products, and working closely with Cisco’s Security business unit to address the needs of our joint customers. We feel strongly that policy management is key to enabling the ‘next generation data center’ and we couldn’t be more excited to have gained the backing of the company that coined the phrase.”

source

Remove the ESXi web welcome screen

Duncan Epping · Jan 28, 2010 ·

I received a question from a customer who wanted, for security reasons, to remove the ESXi web welcome screen. This is the screen that enables you to download the vSphere Client and RCLI and even browse datastores.

I’ve tested it and removing (or renaming) the following file will lead to a blank page when the ESXi host is accessed via http(s):

/usr/lib/vmware/hostd/docroot/index.html

<edit>

William Lam created another work around which is definitely a more elegant solution: Remove the ESXi web welcome screen.

</edit>

Draft version of the vSphere Security Hardening Guide available

Duncan Epping · Jan 26, 2010 ·

VMware published the draft version of the vSphere Security Hardening Guide. Keep in mind that it’s still draft and needs tweaking. The Team needs your feedback, so if you have any comments please don’t hesitate to reach out and leave a comment on the community forums.

Overall, there are more than 100 guidelines. The guide itself is split into the following major sections:

Please bare in mind the following:

Another new aspect of the guide is the desire to create it with input from the VMware community. This draft is available for public comment for a period of approximately one month. VMware’s intention is to incorporate public feedback into the next revision of the guide, which will be the final version. However, this current revision is the result of a private review of an initial draft, and so we believe that the final version will not differ too significantly. This revision can therefore be used for customer production deployments today, with the caveat that some new guidelines might be added and some existing ones slightly modified.

Thanks Charu for posting these! They contain really valuable info.

HyTrust Appliance 1.5

Duncan Epping · Aug 19, 2009 ·

HyTrust just published info on their latest and greatest version of their appliance which will be released on the 24th of August and will carry version number 1.5. Hytrust sits between your virtual environment and the admin and enforces granular authorization of all virtual infrastructure management operations, according to user role, object, label, protocol and IP address. If you will attend VMworld I suggest you head over to their booth and ask for a demo.

Additional New Features:

Support for VMware vSphere (ESX 4.0 and vCenter 4.0)
Support for VMware ESXi (all versions)
Two‐factor authentication including RSA SecureID
Label‐based policy enforcement
VM‐to‐host and VM‐to‐network segment control
VM tag policy import
XACML policy import/export
AD policy import for virtual machine management

HyTrust Appliance, the community release

Duncan Epping · May 5, 2009 ·

I wrote about HyTrust a month ago. Today HyTrust announced a community version. In short, for up to three host you can use a fully featured version of the Hytrust Appliance for free…

HyTrust Appliance, Community Edition is now available for download now as a pre-built, VMware-compatible virtual appliance to members of HyTrust Community. To join the community free of charge, go to http://www.hytrust.com/community/register. Support for Community Edition is provided by the Community via online forum participation and direct community member interaction.

You can find the full press release here.

Now, back to the VMware vSummit again… and I hope to do some technical blogging again soon.