Skyport Systems is announcing Tuesday that its secure server, SkySecure, is shipping for revenue starting this week. And with VMworld coming up next week, the startup is touting its hardware’s capability as a turnkey firewall for VMware‘s vCenter.
SkySecure is a server that is managed from the cloud but resides at the customer premises. That’s where the applications are run, and their only conduit to the network is through Skyport’s I/O controller.
The idea is to build a foundation of secure hardware — “a home on bedrock,” VP of Marketing Doug Gourlay says — for collectively housing applications and their firewalls.
The approach is deeply hardware-based and is not meant for all enterprises. To that end, Skyport set a high bar for declaring general availability of the server, Gourlay boasts; this might be why general availability is arriving a bit later than Skyport’s original June estimate.
As part of its testing during an eight-week window, Skyport doubled the number of devices SkySecure was managing, turned up multiple new customers for the servers (thus putting some pressure on the cloud side of things) and ran penetration tests against the live systems.
Skyport’s early customers include some from the financial sector, as you might expect, as well as from the legal and high-tech industries. And the government, whose networks are attacked continually, has been an eager customer, Gourlay says. “The ‘get it’ quotient in the federal government is extremely high.”
Writing vCenter security templates for SkySecure wasn’t a tough call, since that’s the environment that customers were most eager to see supported, Gourlay says.
But he adds that those customers don’t implement vCenter in they way VMware recommends — with separate lab and production networks and managed firewalls.
“If you read VMware’s design guide, it’s a solid piece of work. It’s a good recommendation. It’s just tough for customers to implement,” Gourlay says.
Often, that means vCenter resides in one place serving both test and production virtual machines. When a VM gets pushed to production, the operator needs a “pinhole” in the production firewall to reach back to vCenter, Gourlay says. (And it’s often a different person who’s in charge of the firewall.)
So in addition to having a template for hosting vCenter, SkySecure addresses the VM security issue. The processes and workflows around vCenter remain the same, but the communications channels to and from vCenter become locked down in SkySecure. Skyport also handles all the administration behind vitual machine migration, using vSphere APIs to apply policy as necessary (and to take them away when the virtual machine is spun down).