for Virtual Environments
May 2012
Top Ten Questions
1.
What is CA ControlMinder™ for Virtual Environments? ... 2
2.
What are the key benefits of CA ControlMinder for Virtual Environments? ... 2
3.
What are the key capabilities of CA ControlMinder for Virtual Environments? ... 2
4.
Does this release include anything from the recently announced HyTrust™ relationship? ... 2
5.
What is the difference between CA ControlMinder™ and CA ControlMinder for Virtual
Environments? ... 3
6.
Do I buy CA ControlMinder for Virtual Environments instead of CA ControlMinder or
should I buy both? ... 4
7.
I am a current CA ControlMinder customer — can I benefit from CA ControlMinder for
Virtual Environments? ... 4
8.
I have heard CA ControlMinder for Virtual Environments described as an “appliance”.
Is this a hardware appliance? What about the HyTrust Appliance? ... 5
9.
Where is CA ControlMinder for Virtual Environments localized? ... 5
10. What are the system requirements for CA ControlMinder for Virtual Environments? ... 5
Questions
1. What is CA ControlMinder™ for Virtual Environments?
CA ControlMinder™ for Virtual Environments is a product that includes the HyTrust Appliance for security and compliance of the hypervisor along with CA Technologies capabilities that provide privileged user management, shared account management, and user activity monitoring. CA ControlMinder for Virtual Environments is an end-to-end security solution for the virtual infrastructure, from the hypervisor to the guest.
2. What are the key benefits of CA ControlMinder for Virtual Environments?
Key benefits of the solution in a virtual environment include helping customers: § Achieve compliance for the virtual data center§ Gain visibility and control over the virtual environment § Automate their security operations and reduce security costs
§ Expedite adoption of virtualization technology for critical applications § Create a secure multi-tenant environment
3. What are the key capabilities of CA ControlMinder for Virtual Environments?
Key capabilities include:§ Virtualization-aware automation of security controls § Privileged user password management
§ Audit-quality user activity monitoring and logging § Segregation of duties
§ Secure multi-tenancy § Hypervisor hardening
4. Does this release include anything from the recently announced HyTrust™ relationship?
Yes, we announced our strategic relationship with HyTrust on August 24, 2011. This release incorporates the HyTrust Appliance. By including the HyTrust Appliance, we are able to secure the VMware5. What is the difference between CA ControlMinder™ and CA ControlMinder for Virtual
Environments?
CA ControlMinder provides coverage of security features from virtual to physical (excluding the hypervisor), including privileged user password management, user activity monitoring, fine-grained authorizations, and UNIX authentication bridging. CA ControlMinder for Virtual Environments provides coverage for the virtual environments from the virtual infrastructure to the guest operating systems, including Privileged User Password Management and CA User Activity Reporting.
CA ControlMinder CA ControlMinder for Virtual Environments
Target Systems Physical & Virtual (not including the
hypervisor) Virtual (infrastructure to Guest)
Pricing by Managed Device Socket/CPU
Key Capabilities § Fine-Grained Access Controls
§ UNIX Authentication Broker § Privileged User Password Mgmt § User Activity Reporting Module
§ Virtualization-Aware automation of security controls
§ Network Zoning
§ Privileged User Password Mgmt § User Activity Reporting Module
§ Hypervisor Hardening & Access Controls
Feature Comparison
Feature CA ControlMinder CA ControlMinder for Virtual Environments
Virtualization-Aware Automation
ü
UNIX Authentication Broker
ü
Fine Grain Access Control: Guest
ü
Fine Grain Access Control: Host/Hypervisor
ü
Audit Logging: Guest
ü
ü
Audit Logging: Host/Hypervisor
ü
Secure Multi-Tenancy: (Business-Aware Network
Isolation/ Segmentation)
ü
Hypervisor Hardening
ü
Two Factor Authentication*
ü
ü
Privileged User Password Management: Guest
ü
ü
Privileged User Password Management:
6. Do I buy CA ControlMinder for Virtual Environments instead of CA ControlMinder or should I
buy both?
They are complementary products and there is value in purchasing both. CA ControlMinder for Virtual Environments is a virtualization-focused solution and CA ControlMinder secures individual servers— physical or virtual machines. While CA ControlMinder for Virtual Environments does secure guest virtual machines, it does not yet provide the level of fine-grained controls provided by CA ControlMinder.
7. I am a current CA ControlMinder customer — can I benefit from CA ControlMinder for Virtual
Environments?
Yes, but with some redundancies because both solutions can provide Privileged User Password
Management and CA User Activity Reporting. For existing CA ControlMinder customers, we recommend using CA ControlMinder for Virtual Environments initially for the HyTrust capabilities. Below is a possible combined configuration: CA ControlMinder CA ControlMinder for Virtual Environments
8. I have heard CA ControlMinder for Virtual Environments described as an “appliance”.
Is this a hardware appliance? What about the HyTrust Appliance?
No, the two components that make up Access Control for Virtual Environments are both virtual (software) appliances. Neither component is sold as a hardware appliance.
9. Where is CA ControlMinder for Virtual Environments localized?
CA ControlMinder for Virtual Environments is localized to Japanese, Korean, and Simplified Chinese.
10. What are the system requirements for CA ControlMinder for Virtual Environments?
Components developed by CA Technologies
§ Environment
— VMware ESX/ESXi — vCenter 4.0 or 4.1 — 1 CPU 64bit — 2GB RAM
— 30GB Available disk space (thin provisioning)
— DB (SQL Server 2005/2008 or Oracle 10g)
§ User Activity Reporting Virtual Appliance — 4 CPU 32bit/64bit
— 8 GB RAM
— 255 GB Available disk space (thin provisioning)
HyTrust Appliance
§ Environment
— Supports VMware ESX/ESXi 3.5, 4.0, 4.1, and 5.0
— Host capable of running 64-bit virtual machines
— For Intel CPUs, virtualization acceleration (VT) needs to be enabled in BIOS
§ HyTrust Appliance Virtual Appliance (64-bit) — Delivered in the Open Virtualization Format
(OVF) — 2 vCPU — 4GB RAM
— 30GB available disk space — 1 physical NIC
§ Access to HyTrust Management Console Web Application
— Firefox v3.6+
— Internet Explorer v7 or v8 § Protected Host Types
