H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Transcription

1 H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments

2 Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service provider sharing virtualized computing resources offers a potentially high ROI to all parties. To achieve the financial promise of multi-tenant private clouds, the costly practice of air gapping servers and network segments must be replaced with logical segmentation and strong virtual infrastructure access controls. By default, VMware vsphere privileged users have powerful privileges that undermine workload isolation, and neither the virtualization platform nor traditional security measures overcome this vulnerability. HyTrust solves these problems by enforcing access control policies for vsphere users and encrypting virtualized resources, effectively segmenting virtual networks and thoroughly isolating each tenant s critical applications and data. Enterprises can now accelerate adoption of private clouds and increase profitability without risking unauthorized user access to any tenant s workloads. HyTrust: Cloud Under Control HyTrust has become the de facto standard for access control, logging, and policy enforcement in VMware environments. By filling gaps in virtual infrastructure security and compliance, HyTrust gives enterprises the assurance they need to virtualize their mission critical applications, implement private clouds, pass security audits, and reap the financial benefits of increased virtualization. HyTrust CloudControl enforces role-based and assetbased policies covering VMware privileged users, virtual resources, and management interfaces. It also secures the vsphere platform and virtualized workloads by providing virtual network segmentation; comprehensive, audit-quality access logs; strong authentication; and virtual infrastructure hardening. HyTrust DataControl provides strong encryption and integrated key management for virtual machines from the time they are created until they are securely decommissioned. Cloud Under Control 1

3 YOUR CHALLENGE Interest in private and hybrid cloud adoption is surging because clouds offer large operational and financial benefits. By sharing application, compute, and network resources in a virtualized environment, business units and cloud service providers(csp)can boost IT speed and efficiency, business agility, resource utilization, and profitability. To achieve these benefits without taking on unmitigated risks, cloud tenants critical applications and confidential data must be as secure and compliant as they have been in the traditional data center. In particular, every tenant s workloads must be completely isolated from every other tenant s workloads and administrators. To use a VMware expression, the cloud provider must prevent nosy neighbors from tampering with any tenant s virtualized assets. Putting air gaps between servers and network segments was once an effective way of isolating critical applications. Today, air gapping s poor resource utilization would take an unacceptably large bite out of the ROI of a multi-tenant private cloud. The economics of the cloud require highly efficient logical segmentation and isolation of tenant workloads. The dynamic nature of cloud environments also requires that logical segmentation be policybased and automated. Effectively isolating workloads in the cloud requires: Preventing unauthorized communications between one cloud tenant s virtual machines (VMs) and virtual networks and any other tenant s resources. Preventing any tenant s vsphere privileged users from either exposing their own workloads to others (accidentally or intentionally) or gaining unauthorized access to another tenant s workloads. Logging all virtual infrastructure administrative activity per tenant to ensure compliance Providing granular encryption to secure the data at rest Cloud Under Control 2

4 A major challenge for cloud architects is that the vsphere platform doesn t provide the access control and infrastructure segmentation granularity that are essential for isolating critical workloads. vsphere users typically have extensive administrative privileges that allow them to conduct high impact operations on other tenants virtual resources. For example, an administrator can connect one tenant s virtual network to another s, a major vulnerability and compliance violation for most enterprises. The virtualization platform cannot automatically enforce policies limiting user access to specific resources in multi-tenant environments. In addition, vsphere users can act anonymously by sharing a root account or by using a management interface that does not log their activity, such as an SSH direct-to-host connection. An administrator can clone a VM holding another tenant s sensitive data, for instance, knowing that the action can t be traced back to them. Enterprise cloud owners and CSPs must be able to monitor and record each vsphere user s activity at all times in order to ensure accountability and prove compliance with regulations. Like the virtualization platform, traditional firewalls do not mitigate these visibility and control risks. In particular, they don t ensure tenant-level segmentation of network and other virtualized resources as well as access management. THE HYTRUST SOLUTION HyTrust makes secure multi-tenancy possible by closing gaps in virtual infrastructure access control, network segmentation, and logging, as well as adding critical data security through encryption. By doing so, it fulfills the requirements for effective workload isolation preventing unauthorized communications, preventing unauthorized access, and logging all administrative activity described above. Enterprises can now move forward with private and hybrid cloud adoption plans knowing that their critical applications and data are truly isolated from other tenants users and virtual environments. Cloud Under Control 3

5 HyTrust CloudControl labels each tenant s virtualized resources and enforces policies based on those labels to ensure strict isolation of each tenant s resources HyTrust CloudControl sits between vsphere privileged users and all management interfaces to the virtualization infrastructure. From this central vantage point, it intercepts and logs all administrative requests and enforces role- and resource-based policies that protect workloads from unauthorized access. If a vsphere network administrator attempts to connect any VM to an inappropriate network segment, HyTrust CloudControl will deny the request. If an administrator tries to move a PCI VM from a cluster meant for PCI regulated workloads to a non-pci cluster, HyTrust CloudControl will deny the attempt. Cloud Under Control 4

6 HyTrust CloudControl s fine grained policies can prevent any vsphere user other than a tenant s own users from conducting any operations on the tenant s VMs. In addition, virtual asset-specific controls can protect individual workloads from isolation-breaking acts. Through a unique method of labeling virtual assets and enforcing policies governing changes to those assets, HyTrust CloudControl allows multiple entities to have complete control over their own slices of the infrastructure without compromising the integrity of their neighbors workloads. If an administrator attempts an operation on a PCI Virtual Machine such as reconfiguring the network to a non-pci network HyTrust CloudControl denies the attempt based on the virtual machine s attributes. HyTrust CloudControl s logging remedies several virtualization platform weaknesses. It centrally records every action attempted by every vsphere user of every tenant conducted through any management interface. HyTrust logs contain considerably more detail than platform logs, including source IP addresses and records of failed and denied attempts. Most importantly, HyTrust CloudControl establishes accountability and a dependable audit trail by tying every record to the unique ID of the user who attempted the operation. Resource labeling enables HyTrust to log the tenant and virtualized resource associated with every request. Enterprises and CSPs can use the data to create per-tenant and per-asset Cloud Under Control 5

7 reports. This information can be essential for compliance with the specific logging requirements of major regulations and can make incident response, forensic analysis, and audit support much faster and more efficient. HyTrust DataControl addresses another critical area of concern in shared infrastructure: the security of the data itself. Virtual machines are dynamic and highly mobile. They are also easily replicated and copied, so it is critical that that the data they contain is only accessible to those who need to see it. HyTrust encryption is operationally transparent, and automatically detects if hardware acceleration (AES-NI) is available, ensuring hardware encryption speeds. HyTrust s policy-based key management is easy to deploy and use. Most HyTrust customers prefer to keep key management in house, but HyTrust s hardened virtual appliance can also be deployed in high-availability configuration in the cloud. With HyTrust, enterprises and CSPs can run mission critical workloads in multi-tenant environments without concerns about nosy neighbors breaching their security or causing compliance violations. They can dispense with costly air gapping and close the functionality gaps that prevent the virtualization platform from providing strict workload isolation. Most importantly, they can achieve the operational agility, cost savings, and ROI available from the cloud without taking on unacceptable risks. For more information on how HyTrust enables greater virtualization of workloads that must stay compliant, visit questions to sales@hytrust.com, or call HyTrust at for a free consultation. Cloud Under Control 6