Startup NetCitadel today launched with a product called OneControl intended to automate what might otherwise be manual research and changes related to configuring firewalls, switches or other gear when virtual-machine (VM) workloads are spun up or down in enterprise data centers or cloud environments.
"We're helping enterprises go from manual processing that's time-consuming to show automated responses to network events," says Mike Horn, co-founder and CEO of NetCitadel, about the purpose of the OneControl virtual appliance. Used in data centers, it can automate determinations about firewall, router and switch settings based on the preferred corporate security policy relative to VM-based workloads, eliminating the need for an administrator to manually research it.
[ NEWCOMERS: 13 security startups to watch in 2013 ]
Horn says OneControl can be installed to work with the various VM platforms, including VMware, Xen and Hyper-V. In a VMware-based environment, it can work with VMware's vDirector and vCloud APIs "to map the intelligence of the virtual device," says Horn, noting OneControl keeps track of the VM resource pool and related information such as IP addresses to determine what changes might need to be made to network firewalls, switches or routers to conform to security policy.
Available for about $25,000, the product competes against similar security-policy management and orchestration offerings from Cisco and Juniper. The idea is when VM workloads are moved around, OneControl can immediately advise on changes that need to be made to gear that today includes certain Cisco and Juniper routers, switches, firewalls and security gateways. A typical question it's designed to answer is, "If vMotion happens inside a network, how does that impact firewall devices?" says Horn. In the future, NetCitadel plans to bring intelligence about other gear, such as load balancers, into the equation as well.
OneControl can be deployed in either the enterprise network or cloud services, though the main testing so far has been toward supporting the Amazon AWS cloud, says Horn.
OneControl has been in early adoption for about five months at Kenettek, the Broken Arrow, Okla.-based managed services and data center provider which serves the oil and gas industry, among others. Almost the entire Kenettek data center is virtualized, says Ken Dobbins, service manager there, noting that OneControl is saving a huge amount of time in configuring services in routers and firewalls when new VM server clusters are spun up or otherwise changed for customers.
OneControl immediately provides security-policy directions to the Kenettek help desk staff rather than requiring they research how the VM-based change will impact security policy-based configurations related to firewalls and routers. This not only saves a huge amount of time, but it's turning out that it also saving on VMware licensing charges which are now based on "committed RAM per hour," says Dobbins. In the energy sector where data related to SCADA controls is collected during certain peak hours, it makes a difference, he points out.
NetCitadel, based in Mountain View, was founded in 2010 by Horn with Theron Tock, CTO, and Vadim Kurland. The company has received an undisclosed amount of funding from New Enterprise Associates.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: email@example.com.
Read more about wide area network in Network World's Wide Area Network section.
This story, "Startup NetCitadel Aims to Orchestrate Security Management Controls in Virtualized Nets" was originally published by Network World.