Q&A: Eric Chiu of HyTrustby Steve Ragan - Jul 30 2009, 21:00
The Tech Herald gives Eric Chiu of HyTrust the 10 Question treatment.
There is a new player in the world of virtual security. Based in Mountain View, California, HyTrust is generating some serious buzz from some noted experts in the field. The Tech Herald was lucky enough to catch HyTrust’s CEO Eric Chiu in a semi-slow moment and get him to take on a few questions.
Eric Chiu is a busy man. HyTrust quickly took off, and if the buzz is any indication, he will continue to be a busy man for quite some time. This is a good thing, and we were excited to get him to agree to an email interview. (While we owe a huge thanks to Mr. Chiu himself, we always want to extend thanks to Stephanie Mode for making it happen.)
So why the buzz and hype? What makes HyTrust so special? Businesses are quickly moving to virtual technologies these days. However, with that shift from physical to virtual infrastructures, comes the often nightmarish process of controlling and securing the environment. This is easier said than done. HyTrust’s appliance offers a single point of control and visibility for hypervisor configuration, compliance, and access management. The objective is to offer businesses the ability to still go virtual, but without sacrificing control.
Leading HyTrust as well, co-founding the company, is Eric Chiu. Eric brings significant executive experience in high tech management and finance to the table in his role as CEO. Previously, he was Vice President of Sales and Business Development at Cemaphore Systems, a leader in disaster recovery for Microsoft Exchange. Before that, he led Business Development at MailFrontier until its successful acquisition by SonicWALL. In addition, he led Business Development at mySimon until CNET Networks successfully acquired it.
The Tech Herald (TTH): HyTrust launched April 7, 2009. Now that the first 30-days are over, tell us a little about what has happened. How were you received in the market? What are IT executives saying? What are some examples of both the good and the bad when it comes to the initial thoughts on HyTrust as a company and as an appliance?
Eric Chiu (EC): The HyTrust launch was exciting and enthusiastically received by industry, including by most of the major VMware experts and bloggers (Scott Lowe, Duncan Epping, Cody Bunch, Chris Hoff, Ken Cline, etc.), industry analysts, and customer prospects. We achieved a significant 4X increase in traffic and immediate interest in the HyTrust Appliance, with over 450 HyTrust Community registrations and more than 200 downloads of HyTrust Appliance Community Edition.
IT execs are excited to see all the capabilities provided by the appliance, and how they can achieve compliance with it in place. They are also very excited by the simplicity and transparent nature of the appliance—how it easily enforces policy in the network with no change to user behavior.
The main issue that has come up is that a portion of customers (roughly 20-30%) do not have a separated network configured for hypervisor management, which is actually a recommended best practice of VMware. Most are interested in the HyTrust Appliance functionality and are planning to implement network segregation, which ultimately helps with achieving best practices.
TTH: Almost a month after you launched, you offered a community version of your HyTrust virtualization management appliance. While this is a stripped down version of the enterprise product, what was the reason to offer a free version aimed at the SMB market?
EC: Actually, HyTrust Appliance Community Edition (CE) is a full-featured product. [We stand corrected. It is still somewhat limited when compared to the paid version, but stripped down might have been a bad choice of words. –SR]
As opposed to other community offerings, we’re proud to offer the appliance with no reduced functionality whatsoever. The only limitation is that CE can be used to protect up to 3 hypervisor hosts. We see the benefits as threefold:
1. Allow small and medium businesses to get started with virtualization and enable them as they grow to meet industry and compliance mandates and implement best practices;
2. Give larger organizations the ability to experience the significance of the appliance’s benefits in a very low-touch, easy way, letting them upgrade to protect more hosts when they’re ready; and
3. Obtain feedback from the Community such that we can provide continuous improvement and appliance upgrades. We’ve had over 200 downloads of the appliance in the first month, with a wide range of organizations (small, medium, Fortune 100 and consultants) running HyTrust Appliance.
TTH: Companies, businesses and vendors alike, want to jump on the virtualized bandwagon. It seems everyone has a virtual offering and everyone wants a piece of the fabled cloud. What are some of the common misconceptions you have seen with regard to virtualization?
EC: The two most common misconceptions of those jumping into virtualization are these: 1. That a virtualized host is the same as any other physical server, and 2. They can apply the same manual change control policies to address the new environment.
Response to misconception #1: As opposed to a server, the hypervisor adds an entirely new platform that becomes the lowest point in the stack, below the OS and application layers. In addition, virtualization adds unique capabilities that haven’t existed previously, such as the ability to remotely take a snapshot of a virtual machine (VM) or perform a live migration across hosts.
And response to misconception #2: Virtualization creates a much more dynamic environment; for example, with DRS (automated VMotion) a VM can automatically migrate across hosts 3-4 times a day. Manual change control processes simply cannot keep up.
TTH: What is pushing companies to a virtual platform? Is there more to it than perceived cost savings and compliance, what is the top reasoning your prospective clients and existing clients have for adding a virtualized infrastructure to their business model? What trends have you noticed?
EC: Virtualization is transforming the datacenter. Companies are virtualizing their servers, networking and storage with the key goal of creating a more flexible, adaptable, dynamic and efficient infrastructure environment. Typically, the most compelling initial reason to virtualize is to realize the significant cost savings and efficiencies of server consolidation.
The ability to run 10 or 20 VMs on the same physical hardware allows you to utilize memory, CPU and storage resources much more productively. But the bigger drivers for organizations to virtualize are about flexibility and agility. For example, instead of waiting six weeks to order a physical server, a virtual machine can be provisioned on-the-fly in minutes. This allows companies to launch new applications and respond to business needs much more efficiently.
TTH: What are some examples of how virtualization can help with regard to HIPAA, SOX, and PCI compliance?
EC: Virtualization can help by making the infrastructure more flexible and adaptable, allowing faster and easier changes to new requirements to the infrastructure. However, I don’t believe that virtualization improves compliance… in fact, if not controlled it can be a bigger danger zone. If control of virtualization is addressed correctly through centralization, consistency and automation, it can improve the process of compliance by leveraging the inherent adaptability, flexibility and efficiency benefits of virtualization.
TTH: With regard to the answers from the previous question, how does virtualization hinder the aforementioned regulations?
EC: Many organizations are hesitant to virtualize applications subject to regulatory compliance given the challenges and complexities it introduces. They must make sure the virtual infrastructure meets the same level of regulatory compliance standards, for example, if they’re planning to run applications that involve payment card information (PCI) or patient health information (PHI) within the environment.
Many of the IT requirements around regulations such as PCI, SOX and HIPAA require adequate controls such as access control, audit logging and consistent configuration are in place, as well as data isolation. HyTrust Appliance addresses these and more in an automated way, helping customers become and remain in compliance.
TTH: Aside from misconceptions, what are some problems that businesses can face while attempting to switch to a virtualized infrastructure? How are they resolved?
EC: The two biggest challenges we see every day are these: First, simply a true understanding that virtualization is an entirely new platform and layer (below the OS and application as mentioned previously) that needs to be protected in an entirely different way is lacking. As part of that, virtualization enables many new capabilities like VM start/stop and live migration. So therefore, it cannot be treated the same as physical servers.
Second, many organizations attempt to address issues through manual change control and other processes they’ve used previously, but, unfortunately, in this new dynamic growth environment the result is that they end up struggling to maintain best practices. Manual processes simply cannot keep up, and automation becomes a necessity. A third challenge is related to separation of duties.
Given that virtualization allows you to control the entire computing environment including networking and storage, we see very often that the virtualization team starts getting involved in areas that are traditionally meant for those dedicated IT groups, creating both internal/political and organizational challenges.
TTH: What are three things every company should know about virtualization? What should they be looking for with regard to adoption methods, vendor selection and evaluation, as well as cost?
EC: First, organizations need to look at virtualization differently than they do physical infrastructure, and its impacts and challenges holistically. For example, what applications are you looking to virtualize now and over the next five years? Which hypervisor platform(s) best fits the needs of those applications?
Second, understand and consider up-front the security, compliance and organizational implications, and decide how to best address them from the start. You’ll save your group a lot of struggling down the road, and potentially bigger ‘black eye’ damage to the brand.
Third, understand the types of policies that need to be enforced as they relate to security and compliance. After you have done this work around understanding your current and upcoming needs around virtualization, choose a hypervisor vendor that best fits the applications you will be virtualizing as well as any third-party solutions to address any remaining management, security and compliance needs that need to be addressed.
TTH: What is the exact pricing model used by HyTrust. The website says it varies, but what is a breakdown of the typical cost for a medium sized business with less than 500 users?
EC: HyTrust Appliance is sold on a perpetual license basis with two components. The first is for the appliance itself, which costs $3,000 per virtual appliance. The second component is for each hypervisor host protected, which is $500 per CPU socket, and since most machines are 2-CPU sockets, that’s $1,000 per hypervisor host.
So for a company running 20 ESX hosts in two datacenters running a single HyTrust Appliance per datacenter, the cost is $26,000 for the license fees plus another 25% per year for maintenance and support. Very doable, and customers realize rapid ROI.
TTH: Why HyTrust? There are other vendors on the market with strong reputations who have been around longer, why should businesses looking at virtualization solutions consider a startup?
EC: HyTrust addresses the unique challenges introduced by virtualization through an end-to-end platform and security solution for virtual infrastructure. Most of the major vendors are making incremental improvements to their products focused on making their existing solutions more "virtualization away" -- these are primarily aimed at the guest or VM part of security.
HyTrust is the only solution that not only addresses the platform security needs of the virtual infrastructure platform, but also does it in an elegant way through a network-based appliance solution without requiring agents.