Compliance and security in the Multi-cloud.


Information included in this article comes from my research into VMware Explore US 2023 sessions and blogs. As such there is no confidential information, but some things might not be generally known. Also I guess they are still in flux before Explore EMEA…

I have previously written and delivered some VMUG talks about compliance checking in what is now called Aria Operations. This feature is still available and very useful. I had a large hospital run an ISO27001 report and hand it straight to the consultants. They were done in 1 hour!

As we move more and more into multi-cloud environments, there is a need – a very urgent need – to check compliance in these complex environments. Even if you only consider one hyperscaler such as AWS, there are hundreds of parameters that can be misconfigured. For compliance, but also basic security! Do you have virtual machines with public IP addresses ? Are your IAM roles secure? The problem was well described in an episode of the excellent Cybersecurity Sauna podcast.

Aria Automation for Clouds

Through an acquisition VMware got its hands on a product renamed to CloudHealth Secure State. A bit weird because it has nothing to do with the CloudHealth cloud cost product. It was then renamed – deep breath here – Aria Automation for Secure Clouds. And it seems … it is now in End Of Availability and replaced with Tanzu Guardrails (formerly Aria Guardrails). I hope you are still following?

Secure Clouds is a SaaS application, actually running in AWS. You can only connect cloud and Kubernetes accounts. No onsite vSphere, which makes sense.

Aria Automation for Secure Clouds

The great thing is of course that you can bring together all your accounts here. You can also use more frameworks than in Operations, notably the Mitre ATTACK framework, which is very useful. I wrote about Mitre and Secure Clouds more in detail here.

Tanzu Guardrails

Aria Guardrails – now Tanzu – was announced as part of the Tanzu Hub offering. I will write a separate post about the name changes. This product basically does the same as Secure Clouds, you can even jump to your old product dashboard from the interface. The difference is of course that Guardrails builds on the Graph database in Hub. As such it enhances all the centralised info you keep there. So I guess it is more future proof and will integrate with new AI services VMware is talking about.

Tanzu Guardrails Overview Dashboard

Guardrails looks simpler and cleaner. It has policies to monitor certain frameworks or security settings. You cannot only monitor them, but also enforce them to remediate any drift in your configs!

Guardrails policies

In Findings you can watch the results of the policies in your environment.

Guardrails Findings

I a curious to see what other announcements will come from Explore EMEA in November. Meanwhile there is a Hands-on Lab where you can test Guardrails: Aria Guardrails – Getting Started (HOL-2421-02-CMP).


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.