As organizations shift workloads to virtualized platforms to realize cost efficiencies, the security risks associated with virtualization are not being addressed effectively. Analyst firm Gartner advises that “adequate controls on administrative access to the Hypervisor/VMM layer and to administrative tools are lacking,” and “a compromise of the virtualization layer could result in the compromise of all hosted workloads.” Additionally, the report notes that “there is a potential loss of separation of duties for network and security controls,” especially as “workloads of different trust levels are consolidated onto a single physical server without sufficient separation.”
"Most virtualized workloads are being deployed insecurely, introducing significant organizational risk,” said Neil MacDonald, VP and Gartner fellow. “Installation of x86 virtualization platforms should be treated as one of the most critical software layers in data centers, but tools and processes are relatively immature and staff, resellers and consultants are still learning. Because of the critical support the hypervisor/VMM layer provides, administrative access to this layer must be tightly controlled.”
PowerBroker for Virtualization enables granular delegation of administrative privileges, and provides detailed and flexible reporting including keystroke logging of administrative actions on virtual guests and host hypervisors for a secure and compliant virtualized datacenter environment. PowerBroker for Virtualization provides two-click entitlement reports, as well as a programmatic role-constrain mechanisms to ensure segregation of duties. Supported platforms include VMware ESX, Solaris Zones, AIX WPAR and IBM z/VM, providing coverage for a majority of the datacenter virtualization initiatives being considered or already under way.
“The virtualization wave is sweeping across datacenter server infrastructures, undoubtedly providing cost efficiencies, but also magnifying the risks from poorly managed privileges,” said John Mutch, CEO of BeyondTrust. “PowerBroker capabilities that provide centralized security controls and insight, coupled with special pricing to support virtualization initiatives, make it a must-have component for securing datacenter virtualization initiatives.”
Deploying separate point solutions for privileged identity management on guest operating systems and hypervisors is sub-optimal, as it makes it very difficult to enforce consistent policies across the virtual environment. PowerBroker for Virtualization bridges that gap and provides a unique blend of guest control capabilities, host hypervisor control capabilities, as well as virtual platform specific cost-effective deployment capabilities for secure datacenter virtualization.
In addition to the core privilege delegation, reporting and compliance capabilities that PowerBroker provides, the following capabilities make PowerBroker for Virtualization even more compelling for datacenter virtualization projects:
VMware ESX platform support – PowerBroker is certified by us for the VMware ESX base OS on ESX versions 3.0, 3.5 and 4.0, providing capabilities to manage and report on administrative rights granularly, including the ability to start or stop services that impact the guest operating systems.
Solaris Zones support – PowerBroker supports all types of Solaris Zones, including the Global Zone, Sparse Root Zones, Whole Root Zones, Branded Zones and Containers. PowerBroker also includes a Zones-aware package installer to optimize deployment for Solaris Zones.
IBM AIX Workload Partitions (WPAR) & z/VM support – PowerBroker supports AIX System WPARs and can also be used to manage Application WPARs. PowerBroker includes a WPAR-aware package installer for optimized deployment in WPARs. PowerBroker also supports distributions built for z/VM environments.
Support for more than 30 Guest Operating Systems – PowerBroker supports a wide range of operating systems, typically used to run enterprise applications in the datacenter. PowerBroker provides full support for the entire range of platforms as guest operating systems in virtualized environments.
Additionally, as part of the BeyondTrust Privileged Access Lifecycle Management technology architecture, BeyondTrust PowerKeeper provides automated password management capabilities for privileged host and guest accounts in virtual environments. PowerKeeper ensures critical credentials like root for VMware Hypervisors are only divulged on a need-to-have basis for time-limited privileged account access, complementing the security provided by PowerBroker for Virtualization.
For more information about BeyondTrust PowerBroker for Virtualization, visit our website at: http://www.beyondtrust.com/PowerBroker-For-Virtualization.aspx.
Pricing and Availability BeyondTrust PowerBroker for Virtualization is currently available, with special pricing to support cost efficiencies for virtualization projects.
For pricing information, please contact BeyondTrust at: +1 800-234-9072 or via email at [email protected]
BeyondTrust empowers IT to eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and servers with globally proven solutions that increase security and compliance without impacting productivity. With over 25 years of global success, BeyondTrust is the pioneer of Privileged Access Lifecycle Management (PALM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world's 10 largest banks, seven of the world's 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held and headquartered in Los Angeles, California, with East Coast offices in Greater Boston as well as Washington DC, and EMEA offices in London, UK. For more information, visit www.beyondtrust.com.