offering from Dome9 is trying to make the cloud more secure by providing an automated service to centralize and consolidate security management across both private and public clouds and in and outside of your data center. It will manage all of your Window and Linux servers' existing built-in firewalls without having to tie up a lot of IT security personnel in the process.A new
The product uses agents or talks directly to a VM hypervisor (VMware, Citrix and Hyper-V are all supported) and Amazon's APIs to automate secure access. For example, you can open and close RDP ports on a timed schedule to make sure that someone didn't inadvertently leave them open when they were done with a remote connection. It can also close ports without locking out legitimate server admins, who need to get in on an as-needed basis, and without having to bother the overall security administrator to temporarily grant access.
The basis of their service is an SaaS app called Dome9 Central (shown above, click to enlarge), which is used to manage everything. The service shows the servers are listed in groups and indicates which ports are open and closed for the various protocols you can connect to. You just click a button on a particular server to get access from a specific IP address for a specified time period. It is that easy. You can also send email invites to particular server admins or developers that will enable access to specific resources. You can map individual users to be granted access to specific machines as part of their login process. Set up takes a few minutes, once you install the agents on your servers.
All accesses are also logged for compliance and auditing purposes. If you move your server from one cloud to another, your policy is attached to the server and moves to become active in its new location.
There are products available that have static firewall policies. But none that I have seen have the breadth and scope to handle different servers. Neither can they be automated to the extent that Dome9 allows nor are they completely SaaS-based. Hytrust.com is the one that comes closest, but they have a hardware-based solution and are only relevant to securing your VMware installations.
The service is available now. There are two plans: a single server and admin is available free, but doesn't include any auditing. The regular plan starts at $20 per server per month, billed and pro-rated on an hourly basis, with the first two weeks free. (There are quantity discounts, too.) They are also announcing a partnership with GoGrid as their first MSP that will resell this service to their customers, and are looking at other MSPs to partner with.