Tresys recently launched VM Fortress, a product based upon work done at the U.S. government's National Security Agency and has been made available as SELinux.VM Fortress is designed to enhance virtual machine security "by confining virtual machines in a patent-pending sandboxing mechanism. This strong, independent control over system resources strictly limits what each virtual machine can access, stopping exploits that virtualization alone cannot." It's clear that organizations needing to run workloads in a very secure, isolated environment would find this product intriguing.
Who needs this?Tresys presented believable scenarios in which organizations in the areas of finanical services, government, transportation and power generation could be open to attack or require the ability to demonstrate complete control of endpoint (desktop, laptop, remote sensing stations and the like) environments to comply with regulations.
Snapshot AnalysisVM Fortress is based upon SELinux components that are a standard part of most enterprise Linux offerings including Red Hat's Red Hat Enterprise Linux (RHEL) and Novell's SUSE Linux Enterprise Server (SLES). This is due to the fact that Tresys' engineering team took part in the effort to create NSA's SELinux. The company has continued to refine and improve upon the technology in SELinux.
Many different approaches to endpoint management and securty have emerged in the past. Tresys faces competition from many different sectors including suppliers focused on desktop virtualization, management of virtual resources and even those in the network virtualization area. Although Tresys' VM Fortress appears to offer appealing capabilities, it is not at all clear that IT decision makers will learn of the company's offerings before choosing a solution from VMware, Citrix or some other large supplier in the space.
I would suggest that decision makers find out about Tresys and consider the strong security and management offered by VM Fortress while designing their endpoint virtualization architecture.