HyTrust Announces Enhanced Security Solutions for VMware Cloud Provider Program Partners
HyTrust workload security solutions, integrated with VMware® software and Intel®, address security and compliance requirements faced by VMware Cloud Provider Program Partners and their customers
BARCELONA and MOUNTAIN VIEW, CA September 12, 2017—HyTrust, a leader in workload security solutions, today made moves to broaden security and compliance offerings for VMware Cloud Provider Program Partners with further integration of HyTrust solutions and VMware vCloud DirectorÒ (vCD). This enhanced technical offering builds on HyTrust’s existing integration with NSXÒ and vCenterÒ with the ability to include discrete vCloud Director driven workload encryption for vCloud Director tenants. The solution utilizes Intel® Xeon® processors hardware-based security technologies to address the current needs of VMware Cloud Provider Program Partners who are committed to providing secure and regulatory compliant cloud offerings to their customers. Demonstrations of this technology will be exhibited at the VMworld 2017 Europe in Barcelona.
As customers move to public and hybrid cloud environments, VMware Cloud Provider Program Partners must ensure a level of data security that allows them to achieve scale efficiencies and to operate in today’s round-the-clock business environment. HyTrust, leveraging Intel technology, delivers critical partner services through regulatory compliance automation, unplanned outage prevention, data breach prevention across clouds and the enablement of new partner revenue streams, such as: Data Sovereignty, Data Geo-Fencing-As-A-Service, and Compliant Cloud Services.
With the new VMware vCloud Director for Service Provider integration, HyTrust provides a level of security and trust that enables the following:
Private and Hybrid Cloud Enforcement
Paired with HyTrust CloudControl, VMware SDDC allows VMware Cloud Provider Program Partners to offer high quality secure service to their customers including:
- Bolstering authentication, enforcing policies and creating a separation of duties for a more secure system
- Two-factor authentication and root password vaulting
- Automated templates for PCI, NIST, FISMA, FIPS, HIPAA, SOX and FedRamp to enforce best practices and compliant configurations
Data Encryption Across Clouds
HyTrust DataControl encryption, hardware accelerated by Intel AES-NI, VMware Cloud Provider Program Partners can provide secure multi-cloud environments:
- Intel® Data Protection Technology with AES-NI and Secure Key protects customer data in use, at rest and in motion, to as workloads move across clouds.
- Privately owned keys and served from the customer’s or CSP’s own key management server – never from a public cloud vendor.
- HyTrust KeyControl* key management is validated and ‘VMware Ready’ certified to serve keys for vSphere 6.5 VM encryption and vSAN 6.6 encryption.
Data/Geo-Fencing for Data Sovereignty
Leveraging Intel® technology, HyTrust DataControl enforces boundaries by enforcing controls for workload execution. HyTrust solutions provide a simple way to geo-fence and assure that critical workloads only execute on specific physical servers in specific data centers or private cloud locations.
Audit and Compliance Readiness
With increasing focus on security and data privacy partners run the risk of losing potential business if they don’t embrace new regulations and change their security strategy to ensure compliance. With HyTrust, partners will be able to provide readiness dashboards, audit-quality reports, security alerts, hypervisor hardening and auto-remediation for policy enforcement for their vSphere managed cloud environments.
Eric Chiu, Founder and President, HyTrust
“HyTrustisexcitedtoworkwiththeVMwareCloudProviderPartnerProgram,” saidEricChiu, presidentandfounderofHyTrust. ” HyTrust‘slongstandingpartnershipwithVMwareandouruniqueworkloadsecurityplatformmakesusanidealpartnerforVMwareCSPstocreateandenforcesecuritypoliciestoenablesecureandcompliantcloudsolutionsfortheircustomers.”
RajeevBhardwaj, vicepresident, ProductManagement, CloudProviderSoftwareBusinessUnit, VMware
“WithVMwarevSphere® 6.5 ourpartnersareabletoprovideencryptionofvirtualmachinesatthehypervisorlevel; nowtheywillbealsoabletoprovidehardwarebasedencryptionandincreasedauditingwhichwillappealtotheircustomers’ needsforstrictcomplianceandenhancedsecurity. OurnewvCloudDirectorfunctionalityenablingcustomerstoutilizeHyTrusttoencrypttheirworkloadsisaresultofourincreasedcollaborationandfurtherfunctionalintegrationtobetterserveourcustomers.
Raejeanne Skillern, VP and GM of the Cloud Service Provider Business, Intel:
“HyTrust with VMware utilizing Intel security technologies rooted in hardware makes cloud computing safer and compliance easier by letting you establish and enforce security policies. It gives cloud service providers the ability to offer public and hybrid cloud services with a single control point for cloud deployment and configuration. Intel Xeon Scalable processors with Intel Trusted Execution Technology (Intel TXT) and Intel AES New Instructions (Intel AES-NI) give cloud service providers the assurance they are utilizing the speed, reliability, and security available in the newest server products released by Intel.”
HyTrust products are available immediately via HyTrust channels partners. For more information, visit the VMware or HyTrust (E620) booths at VMworld Europe in Barcelona, watch this Multi-Tenant Data Sovereignty with vCD video (http://bit.ly/2vUWno4), or contact your HyTrust or VMware representative. For more information, visit: https://www.hytrust.com
HyTrust’s mission is to make private, public and hybrid cloud infrastructure more trustworthy for enterprises, service providers and government agencies. HyTrust provides solutions that automate security controls for software-defined computing, networking and storage workloads to achieve the highest levels of visibility, granular policy control and data protection. HyTrust customers benefit from being able to accelerate cloud and virtualization cost savings while improving their security posture by automating and enforcing security policies in real time, adapting quickly to compliance requirements, and preventing unplanned outages.
Headquartered in Mountain View, CA, HyTrust is backed by the leading providers of strategic IT infrastructure including VMware, Cisco, Intel and Fortinet; by the vanguard of innovative solutions for the intelligence community, In-Q-Tel; and by a world class group of financial investors including Sway Ventures, Granite Ventures, Trident Capital and Vanedge Capital.
# # #
*Other names and brands may be claimed as the property of others.
Intel, the Intel logo, and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.
VMware, vCloud, vCloud Director, NSX, vCenter, vCenter Server, VMware Cloud, NSX and vSphere are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions.
At the end of last year, VMware assisted our technology partner Fujitsu with a SAP Scale-Out BWH benchmark (SAP BW edition for SAP HANA Standard Application Benchmark Version 2). The benchmark was run on Fujitsu PRIMEQUEST 2800B3, 1 TB RAM configured systems, with four Intel Broadwell CPUs (Intel Xeon E7-8880 v4). As a result of the performance demonstrated by this test, SAP provided support forSAP Scale-Out deployments for up to 8 active nodes (7 Worker + 1 Master) with vSphere 6.5.
Why is this important? Previously we only had support for this deployment option on older CPU generations and vSphere 5.5, which will reach end of support in September 2018. If you have deployed SAP HANA Scale-Out on vSphere 5.5, then, please consider upgrading to vSphere 6.5 as soon as possible.
We performed the benchmark with 3.9 billion initial records on a 4 node Scale-Out native and virtual deployed configuration. The SAP HANA native and virtual tests were on the same HW using the same OS and HANA system configuration, to make the native and virtual results comparable.
The benchmark consists of 3 phases. The table below shows the test results of a physical (Test Case 1 cert 2017051) and virtual (Test Case 2 cert 2017052) deployed SAP HANA system.
1. Data load phase
2. Query throughput phase
3. Query run-time phase
For more details around the benchmark please check out https://www.sap.com/about/benchmark/appbm/netweaver.sap-bw-edition-for-sap-hana-benchmark-version-2.html
Please note, that the natively running HANA system had 176 compute threads, whereas the virtual running SAP system had only 128 vCPUs due to the vSphere 6.5 limitation available (48 threads less). This explains the around 10% longer time for data load and query execution. The query runtime phase was comparable and shows no degradation to the natively installed system.
Test case 1 (native) – cert.no. 2017051: 4 x Fujitsu PRIMEQUEST 2800B3 (Intel Xeon Processor E7-8880 v4, 4 procs, 88 cores, 176 threads), BW Edition for HANA Version 2 (3900000000 records) 3-tier, SAP NetWeaver 7.50, SuSE Linux Enterprise Server 12, SAP HANA 1.0
Test case 2 (virtualized) – cert.no. 2017052: 4 x Fujitsu PRIMEQUEST 2800B3 (Intel Xeon Processor E7-8880 v4, 4 procs, 88 cores, 176 threads), BW Edition for HANA Version 2 (3900000000 records) 3-tier, SAP NetWeaver 7.50, SuSE Linux Enterprise Server 12 on VMware vSphere 6.5, SAP HANA 1.0
As an additional test, we ran the SAP HANA Hardware Check Configuration Tool (HWCCT) on the natively running SAP HANA systems and the virtual environment to verify if we are able to maintain, the SAP defined TDI storage and network KPI’s. Both systems passed the HWCCT tests with all KPIs for HANA met for this test.
SAP is currently updating their SAP support note for SAP HANA on vSphere 6.5 and will release it shortly.
Details on the SAP HANA on vSphere support status can get found on this page: SAP Wiki VMware pages.
Details about the used Fujitsu PRIMEQUEST 2800B3 systems are here: Fujitsu PRIMEQUEST Website.