EVM Control™ - provides real-time, policy-based management and control for private cloud, virtual infrastructures and virtual desktop environments. Policy-based control can be applied at key operations, configuration, change and VM lifecycle points as well as triggered by management events and administrative/operational activities. Policies can ensure the enforcement of IT standards and can enforce configuration, resource, security and operational standards to improve reliability and availability, and reduce risk.

Challenges

Virtualization adds significant new challenges to establishing and ensuring IT policy enforcement and compliance but without effective policy-based management in the virtual environment, IT organizations are exposed to security and compliance risks and left with a complex and costly to manage IT infrastructure. Enforcing policy-based control is difficult in these environments for a number of reasons:

• Enforcement Points - The complexities of these environments make it very difficult to instrument “when” and “where” policies need to be executed and enforced. When the environments are distributed and/or heterogeneous the instrumentation becomes even more difficult.
• Lack of Visibility - Limited visibility constrains the scope and effectiveness of policies. The more comprehensive the policy requirement the broader the information and visibility necessary to enable it.
• High Latency - Real-time virtual environments require “just-in-time” policy enforcement, not “after-the-fact” remediation, particularly in relation to security and compliance. High-latency or stale information will limit policies effectiveness or preclude its use.
• Context, Scope and Flexibility – Policies that are too brittle will require constant upgrading, will not provide broad enough coverage or will not be reusable. Policies need enough context to be adapt to a wide range of circumstances and conditions

Solution

EVM Control™ provides configurable policy enforcement points and enables real-time policy enforcement across the enterprise cloud environment. It leverages a number of patent-pending technologies to adapt policies to be applied based on contextual information about the environment and each particular situation.

EVM Control™ enables policy-based management across virtual server, desktop and private cloud environments enforcing a wide range of policies including security, compliance, standards, resource, and operational policies. Comprehensive cross-domain visibility and situational awareness dramatically increase the depth and breadth of automation scenarios.

Benefits

• Adaptive Policy-Based Management - ensures adherence to configuration, resource, security and compliance standards, even in complex, rapidly changing virtual environments. Policies can adapt to a broad range of conditions and situations leveraging patent-pending SmartTags™ which provides policies with the necessary context and characteristics.
• Real-Time Policy Enforcement – patent-pending Virtual Control Surface™ ensures policies are enforced just-in-time across the virtual infrastructure. Policies can be enforced across a distributed environment, and at strategic control points. These include for example VMs before they start, change state or get reconfigured. Policies for virtual infrastructure elements such as hosts can be checked when provisioned or leaving maintenance mode. Any policy can also be processed on demand, on a scheduled basis or integration via web service.
• Policy-Based Event and Alerting – alerts and events can be initiated based on any combination performance, configuration, resource, system events, power operations and state changes. Decisions about how and when to initiate alerts can be context-driven based upon patent-pending SmartTag™ classifications, location time profiles, content and settings.
• VM Lifecycle, Configuration and Resource Policy Enforcement – Policies can enforce VM provisioning, snapshoting, cloning and decommissioning as well as placement, allocation, free pace, virtual hardware, memory, cpu, and reservations.
• Security and Compliance Policy Enforcement – Security and compliance policies can be enforced for resources, allocation, configuration, firewalls, networks, application, patch and setting for VMs, Hosts, Virtual Desktops, Clusters and more. Policy Simulation - enables a safe transition of new policies to a managed environment, and ad hoc, on-demand checks ensure systems are compliant before deployment.

Key Features

EVM Control leverages patent-pending SmartState™ technology to provide real-time, policy-based management, security, and compliance for virtualized environments. Policy-based controls over virtual machine usage at selectable operations and configuration life cycle points ensure IT standards are enforced, improving reliability and availability, while reducing risk.

• Configurable Policy Enforcement Points - enables policy enforcement anywhere throughout virtual infrastructures and VM life cycles, across a range of operational and configuration points, providing maximum flexibility. Policies can be enforced at desired points such as on VM discovery, registration, creation, cloning, snapshoting or provisioning, power operations or reconfiguration. Policies can also be enforced for virtual infrastructure elements – for example polices can be enforced against hosts at time of provisioning, upon entering or exiting maintenance mode or being added to or removed from a cluster. Policies can also be keyed off of infrastructure or change and configuration management events.
• Adaptive Policy Engine - dynamically determines the optimal combination of configuration, operations, security, and business policies appropriate for an event, a host, or a virtual machine. The engine leverages real-time configuration information about the virtual environment in selecting and applying policies, enabling policy enforcement against even new or unknown machines. Offline VMs can be fully evaluated, minimizing risk, and allowing the identification of systems requiring updates without the overhead required to start systems before they can be managed.
• Extensible Actions - provides a comprehensive and extensible set of automated responses to policy decisions such as generating notifications, issuing warnings, and quarantining or disabling virtual machines. EVM Control can also invoke workflows or user-defined scripts and automation to address complex enforcement, quarantine or remediation issues.
• Simulation and On-Demand Enforcement - evaluates interactions between policies to perform “what if” and impact analysis, and ensure a safe transition of new policies to a managed environment. Policy checks verify correct configurations are in place, before deployment or during activities like problem determination.
• Role Delegation and Separation of Duties - enables domain owners to define and implement only those policies appropriate to their operational responsibilities.
• Logging and Auditing - documents and records system modifications and policy changes with a detailed history of changes and transactions.