If you have tried it or if you use it, please tell about it??
How does it compare to vShield Zones??
Thank you, Tom
That is all I can tell you:
VMware vShield Zones provides a inline firewall that sits between two
different virtual switches, much like the older versions of Altor and
Reflex Systems products. vShield Zones is integrated directly into the
VMware Distributed Switch, but at the same time has an external
management interface which makes it fairly difficult to configure.
There is a rumour that this will change in future releases however. For
Zone to Zone firewalls, this is a valuable tool and comes with Advanced
or higher VMware vSphere licenses. Which will account for its
popularity.
HyTrust product on the other hand approaches compliance from the
management of the virtual machines by providing an access control
gateway between virtualization management tools and the virtualization
hosts. Their approach to compliance is to use tags attached to
components of the virtual environment (vSwitches, VMs, Hosts, etc.) and
only allow those elements with like tags to be attached to each other.
As an added bonus, the HyTrust product comes with a mechanism to apply
one of the existing security standards and your own policies to a given
virtualization host. While HyTrust can be bypassed in an emergency the
gateway is robust enough to handle requests made by the vSphere Client,
vSphere SDK, VI SDK, PowerCLI, and SSH connections. HyTrust can also
be used with VMware vSphere and Virtual Infrastructure 3. We may
eventually see this tool be coded for XenServer and Hyper-V as there
are no real dependencies on a given virtualization host.
Starwind Software Developer
Hello,
HyTrust and Vshield Zones are TWO completely different products and devices.....
HyTrust is a centralized Authentication/Authorization Appliance for use within the Virtualization Administration Network so that you can control at a fine grain exactly what administrators can do on each ESX host, vCenter, etc. It is a proxy type device that fits before your administrative service or management consoles, it is NOT a firewall. I.e
Outside <-> Firewall <-> Administrator VMs/Systems <-> HyTrust <-> Virtualization Administration Network Systems (vCenter, Service Consoles, Management Consoles, etc.)
vShield Zones is a generic Zone to Zone firewall that fits between virtual switches within your environment. I.e
vSwitch1 <-> vShield Zones <-> vSwitch2
vShield Zones does not provide authentication/authorization control that HyTrust does and HyTrust does not provide FW capability.
Two very different appliance, both useful, but very different.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]