Implementing the HyTrust Appliance – Part 3

16 08 2011

Roles, Rules, & Constraints (Oh my.)

IMO, the flagship features of the HyTrust Appliance (HTA) are the additions to the default vCenter Server security mechanisms through a more granular set of access controls to the virtual environment.  As always, a layered approach to security is ideal, and use of the appliance provides just that. For more background, check out my previous posts on the HTA:

Implementing the HyTrust Appliance – Part 1 (deployment, configuration considerations)

Implementing the HyTrust Appliance – Part 2 (compliance templates, root password vaulting)

Read the rest of this entry »

Implementing the HyTrust Appliance – Part 2

29 03 2011

Last time I went into our deployment of the HyTrust Appliance (HTA), some configuration considerations, and setting up the appliance for centralized authentication using Active Directory.  For this post I will talk a bit about our use of host compliance templates and, my favorite feature, root password vaulting. Read the rest of this entry »

Implementing the HyTrust Appliance – Part 1

25 02 2011

It happened for our Windows infrastructure several years ago, and now it’s happening at the hardware virtualization layer – we’re too big for our britches and lack a solid methodology for monitoring, securing, and maintaining our vSphere systems as we continue to expand.  Originally, I approached HyTrust regarding their HyTrust Appliance (HTA) primarily as a means to implement two-factor authentication for the virtual infrastructure via RSA SecureID.  Our RSA/two-factor project is in limbo, but I quickly realized that HyTrust had much more to offer us than just two-factor authentication.  Their implementation of host configuration templates alone has made it worth the purchase, not to mention the granular access policies and auditing, and root password vaulting (my favorite).  Over a couple of posts, I hope to relay some of the implementation trials, tribulations, and successful milestones as we roll the HTA into production and start to get a better handle on our environment.

Read the rest of this entry »