TFD15 Primer: SkyPort Systems

Skyport Systems, founded in 2013, will be participating in its second Tech Field Day event at TFD 15. While reading up on Skyport Systems, I was immediately reminded of the “good old days” when having an Intrusion Detection System (IDS) was state of the art. After taking a look at the SkySecure system, I immediately felt like I was comparing a Model T to a Ford Mustang.

SECURITY IN A BOX

Let’s dive a bit deeper into what SkySecure is. Skyport bills the solution as “Cloud Managed, Secure, Hyperconverged”. Yes, there are a lot of buzzwords in there, but it is also a very fair description. To start, SkySecure is a hardware appliance that you rack in your DC. After that, you can power it up, provide internet access, and you’ll see the new device appear in your cloud management portal. For those folks who are looking for a no-touch solution, centralized management such as this is about as good as it gets.

Since this is a security appliance, there are checks and measures put in place. When a device first connects to the management cloud, the software and hardware are verified. This not only guarantees that the appliance has not been tampered with; it also provides an easy way to ensure that the right hardware showed up at the proper site. As someone who has been on the receiving side of a hardware mix-up, I appreciate this.

TRUST, BUT VERIFY

So what is it exactly that SkySecure does? In short, it provides a highly scrutinized environment for workloads to run in. The terminology used is “compartments”, but from what I gather, these are essentially policies or templates which define workloads. Here you can define characteristics such as access policies. One example that I have seen was defining things like access to Windows Update, NTP, and Kerberos for a Domain Controller.

Keeping with the secure by default theme, guests VMs are secure by default. The compartment is constructed prior to the VM being created, resulting in a true “clean” environment. When new machines are built, a known and verified clean ISO image is used to build the virtual machine. I found this point particularly interesting. Yes, you can use existing templates, but offering the ability to build a machine from scratch, from a verified clean source is something that may be of paramount importance to some organizations.

CLOSING THOUGHTS

Being able to audit traffic to and from individual machines is critical to organizations of any size. But being able to ensure that each virtual machine is running in its own clean environment … that definitely makes for a “sleep better at night” argument.

The biggest challenges that I see with this approach though is the delivery mechanism. From what I can tell, the hyperconverged solution runs on Xen. Yes, there are third-party solutions out there for common tasks (e.g. backup / data protection), but that might be a limiting factor. Yes, VMs can be imported into SkySecure, but how many organizations are willing to jump from VMware (or even Hyper-V)? Where I can see this being a great fit is in highly-secure environments. It may not be a complete rip and replace situation. However, maybe all you need to do is move key infrastructure over to it.

Skyport systems will be presenting at Tech Field Day 15 on Wednesday, September 27th at 15:30.

Disclaimer: I was invited to participate in Tech Field Day as a delegate. All of my expenses, including food, transportation, and lodging are being covered by Gestalt IT. I did not receive any compensation to write this post, nor was I requested to write this post. Anything written above was on my own accord.