Products & Releases

HyTrust Launches HyTrust Appliance Version 2.0

New version adds Policy Federation, Full-Index Search, and Root Password Vault features
Mountain View, CA., March 25, 2010 — HyTrust, Inc., the leader in policy management and access control for virtualization infrastructure, announced today the general availability of HyTrust Appliance Version 2.0. Built specifically for enterprises that want to maximize their return on investment in virtualization, yet whose 'virtual footprint' remains limited due to a lack of visibility and control, the solution empowers them to virtualize with assurance that controls for access, compliance and accountability are firmly in place. The new version adds exciting new features, such as Policy Federation, Full-Index Search and Root Password Vault, in addition to enhancements that improve performance and the ability to massively scale while speeding deployment.

What's New At-A-Glance

Federated Deployment: A secure distributed system architecture allows for automated replication of policies and templates across multiple HyTrust Appliances as well as geographic boundaries. For larger enterprises with multiple datacenters and collocation facilities, it ensures consistency of controls across the entire infrastructure.

Root Password Vault: Locks down privileged host accounts and provides passwords for temporary use to enable time-limited privileged account access. Root accounts on hypervisors are extremely powerful and, as a consequence, can create a significant liability if they fall into the wrong hands. With the aid of Root Password Vault, all root account access is attributable to an individual and every action is logged, providing far greater visibility and accountability.

Virtual Infrastructure Search: Supports massive scale deployments with quick and easy accessibility of all virtual infrastructure objects, policies and logs.

Object Policy Labels: Creates a policy categorization structure similar to "Web 2.0 tagging" for virtual infrastructure objects, enabling better organization and tighter, more consistent controls. Enables access, network segment and zoning policies, allowing administrators to dictate which virtual machines are allowed to connect with which network segments or hosts via RuleSets and Constraints. (Ref. virtual infrastructure segmentation)

Remote API: An interface to remotely access and automate HyTrust Appliance administration. Enables the kind of scalability demanded by the largest enterprise virtualization deployments.

Router-Mode: A deployment option that forces all virtualization management traffic to flow through the HyTrust Appliance. The appliance acts as a router for the "protected" management subnet wherein, for example, ESX/ESXi hosts and vCenter Server would use HyTrust Appliance as the default gateway. This adds yet another flexible deployment option to the existing options, ensuring HyTrust Appliance will easily adapt to any enterprise architecture.

"Building on the excitement, early success and recognition that followed the market introduction of HyTrust and HyTrust Appliance in 2009, this major new release takes the solution to a new level," said Eric Chiu, president and CEO, HyTrust. "These latest advancements in best-of-breed control and policy management further empower customers to capitalize on virtualization, and in more meaningful ways such as with tier-one applications."

HyTrust recently announced that it closed Series B financing in the amount of $10.5 million, with new investors Granite Ventures and Cisco Systems participating in the round along with existing investors Trident Capital and Epic Ventures. The new funding will continue to drive development and innovation.

The Real Security Issue: Visibility and Control

Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address.

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

"As we've said from the start, the security issues that need to be addressed," says Chiu, "have more to do with treating virtualization as a new platform and layer, and, as with any new platform, a new approach is needed to address it properly. The recent Gartner report corroborates the need for visibility and control, consistent policy management and enforcement, role-based access control and configuration management."

Single Purpose, Single Point of Control

HyTrust Appliance was built with a single purpose in mind: to enable more organizations to virtualize more critical workloads by giving customers a single point of control and visibility over their virtual infrastructure. The appliance provides the broadest range of fundamental, if not critical, capabilities for virtualization datacenters to be "operationally ready" including:

Virtual Infrastructure Policy Management: Enables the creation of enforceable constraints within virtual infrastructure that may be applied directly to virtual machines, virtual switches, hosts and other objects and map precisely to their operational requirements.

Unified Access Control: Enables highly granular access policies for consistent access control at the hypervisor-layer and a turnkey solution to ensure secure privileged account access.

Hypervisor Hardening: Ability to proactively monitor and remediate VMware vSphere hosts based on pre-built or custom assessment frameworks, such as PCI DSS, C.I.S. Benchmark, VMware Best Practices, all without manual effort or scripts.

Audit-quality Log Management: Provides granular, user-specific, virtual infrastructure access log records that can be used for regulatory compliance, troubleshooting, and forensic analysis.

Market Consensus

Industry analysts most knowledgeable about virtualization concur with the core issues and HyTrust's approach. And five hundred users of the HyTrust Community edition and numerous enterprise customers say HyTrust Appliance is essential in meeting their operational controls and compliance requirements.

"As a leading web-event registration provider and retailer, Active Outdoors provides hunting & fishing organizations with a cost-effective way to register and collect payments from millions of consumers," said Greg Collett, IT Security at Active. "In order to protect our customers and their financial information, it's imperative that our infrastructure be compliant with the Payment Card Industry Data Security Standard. As we begin to embrace virtualization, Active Outdoors recognizes the need for additional controls to secure the virtual infrastructure. Active Outdoors has chosen HyTrust Appliance to address these identified needs. HyTrust Appliance will enable us to enforce access control and segmentation across our virtual infrastructure. HyTrust will give us the ability to confidently virtualize our infrastructure--enjoying all the benefits of virtualization--without compromising the security of our customers or putting our compliance efforts at risk."

"More applications are being deployed on virtual infrastructure every day, including a growing number of Tier 1, business-critical workloads," said Dave Bartoletti, senior analyst & consultant, Taneja Group. "As a result, the virtual infrastructure now demands the equivalent security and compliance controls as exist for physical environments. HyTrust Appliance 2.0 delivers virtual infrastructure control and compliance by simplifying and automating all essential elements of platform security and is well positioned to become an essential part of virtualization reference architecture."

Bartoletti concludes: "If you want to virtualize more workloads, faster and with more confidence, we recommend adding the HyTrust solution to your virtual infrastructure management toolkit today."

Availability & Pricing

Three editions of HyTrust Appliance 2.0 are now generally available as follows:

HyTrust Appliance Community Edition, a free full-featured version of the product downloadable from the Web and supporting up to three hosts.

HyTrust Appliance Standard Edition, which supports an unlimited number of hosts, offers more flexible deployment options, and is licensed on a per-host basis on the number of CPUs at $500 per socket.

HyTrust Appliance Enterprise Edition, which supports an unlimited number of hosts, even more flexible deployment options, federation of multiple HyTrust Appliances, privileged account management via Root Password Vault, two-factor authentication, a remote API for additional management flexibility, and licensed per-host based on number of CPUs at $750 per socket.

About HyTrust (

Virtualization Under Control.

HyTrust', headquartered in Mountain View, CA, is the leader in policy management and access control for virtual infrastructure. HyTrust empowers organizations to virtualize more—including servers that may be subject to compliance—by delivering enterprise-class controls for access, accountability, and visibility to their existing virtualization infrastructure. The Company is backed by top tier investors Granite Ventures, Cisco Systems, Trident Capital, and Epic Ventures; its partners include VMware; Symantec (Nasdaq: SYMC); Citrix (Nasdaq: CTXS); and RSA (NYSE: EMC).

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading