Maintaining compliance and ensuring security in virtual environments is very difficult due to the complexity, rate of change, and access control challenges. In many ways, the same dynamics of virtualization that have enabled rapid provisioning, dynamic reconfiguration, and shared infrastructures, create a new set of security and compliance challenges. The ability to reconfigure networks, manipulate VM snapshots, tamper with VMs, and mix disparate workloads requires automated management and control to ensure security. Maintaining compliance with regulatory or enterprise standards is rendered more difficult by the many additional ways systems can now be accessed, changed, and manipulated.

The ManageIQ EVM Suite™ provides continuous and comprehensive discovery and tracking, event disclosure, baselining, and drift detection for the virtual infrastructure and the associated VMs. This creates a detailed and complete view of the complex, high-speed changes occurring in the environment. Leveraging patent-pending Adaptive Management Platform™, role-based administration, and operations can be delegated at a very fine-grained level, ensuring only the minimum required access necessary. EVM enables the specification and enforcement of policies across VM provisioning, configuration,VM and host operations, and VM lifecycle activities. Policies can be used to control access and operations, VM configuration content, including software, patches, accounts, users, groups, settings, virtual hardware and networking, as well as VM placement and resource allocation and usage.

EVM™ uses unique patent pending technologies to enforce Virtual Infrastructure policies. For example, during VM provisioning, security and configuration policies can be automatically checked while the VM is still offline with no requirements for any agent or update to the VM. During a VM Power On operation, the VM configuration can be checked against policies – before the VM is started. If the VM does not conform to policies, it can be rejected, quarantined, or automatically reconfigured or relocated. The policies can automatically be adapted for different stages of the VM lifecycle, different requirements such as running in the DMZ, or for classified, highly secure systems. All of these activities are thoroughly logged and controlled through role-based access control. EVM provides the ability to create a wide spectrum of policies to ensure that your environment is secure and running with your requirements.

• Configuration Policies enforce operating system requirements, check versions, and verify the existence of key services. Account Policies to verify account existence and account properties while Application Policies check application versions and properties.
• Resource Allocation Policies ensure that VMs are correctly configured and optimized for CPU, memory, and storage, and properly placed in the virtual infrastructure.
• Security and Compliance Policies check for patches and security configuration including firewall, network, and account access.
• VM Lifecycle Policies manage VM provisioning, operations, and retirement throughout the virtual infrastructure by role and job function.