HyTrust CloudControl Overview

HyTrust CloudControl (CloudControl) offers system managers and administrators an end-to-end virtualization security platform to manage access, standardize and control configuration, and protect a virtual infrastructure within a customer's environment. CloudControl is installed as a virtual appliance and is designed to fit easily within the configuration and architecture of most data centers. Supported host types include: 

• ESXi
• vSphere vCenter Server
• NSX Manager
• vSphere Web Client Server (WCS)

Users can perform management operations on virtual machines and the underlying infrastructure using their current identity as defined in a user directory service such as Microsoft Active Directory. With CloudControl, users can also continue using the same management client software and other agent programs to which they are accustomed, such as VMware vSphere Client, an SSH client, and web browser applications.

CloudControl provides consistent authentication of users across multiple access methods and provides rich authorization and entitlement controls. It also provides a central point for security and compliance administration, policy enforcement, and logging for all accesses and changes made to the virtual infrastructure. CloudControl administrators can define access control policies based on user roles within an organization, on the individual virtual objects (including virtual machines, networks, and storage), and on the server hosts that users need to access in the course of doing their daily work.

With CloudControl, you can greatly reduce the risks of virtualization by providing strict access control over which individual or role is allowed to access the virtual infrastructure, and whether they can make changes. CloudControl determines on a command-by-command basis what tasks each individual is entitled to perform. This ensures that unauthorized individuals can not shut down pieces of the infrastructure without explicit permissions.

Additionally, CloudControl automatically configures VMware ESXi hosts to match customer-defined templates and continually monitors the protected virtual infrastructure to ensure that the ESXi host configurations continue to match the defined templates—eliminating guesswork and saving time for the users charged with maintaining the virtual infrastructure.

The combination of centralized access control and policies, configuration management, and logging all help to make CloudControl a great security and compliance solution for customers.