Anturis and CloudPassage Halo are complementary products that attack infrastructure monitoring from different directions. Anturis is a cloud-based portal that monitors systems connectivity, systems, MySQL databases and websites. CloudPassage Halo monitors operating systems instances and the comparatively sticky compliance of instance state machines.
Both use portals, which contain the configuration lists of your infrastructure. The portals are designed to be external gatherers of information from instances. The products send alarms when there's an error condition, but neither "fixes" the problems it finds — that's up to the administration and technical savvy of monitoring personnel.
Neither product talks to traditional enterprise systems management or help desk applications natively, although there's some programmability with both products. Instead, it's up to the administrator to deal with the alarm condition, and the underlying conditions that lead to the fault identified. Both are different than IPMI or SNMP protocol-based monitoring tools, and blissfully, both monitor Windows and Linux instances (but neither monitors MacOS X). CloudPassage Halo plays into fixed or cloud constructs, while Anturis is better poised (but not limited to) fixed infrastructure. Both can handle "multi-tenant" construction.
CloudPassage is all about configuration management and compliance, and watchful eyes on deployed systems. Halo comes in three forms, Basic, NetSec, and Professional. At minimum, it allows multi-cloud firewall automation and security alerting. The NetSec form adds access control (which we feel is mandatory), two-factor authentication, support, and account management. The Professional (and most costly version) is the most comprehensive and feature-complete version.
All three versions work in/on internal server infrastructure assets, cloud, or multi-cloud constructs. Halo can be deployed with cloud stacks, so that the compliance and firewalling automation/hardening can be automated for rapid change up and instance bursting. It has several facets, but it's a compliance reporting tool, and except for firewall hardening, it plays a passive role and doesn't fix problems that it finds.
It can, however, when used with active configuration control, help admins produce "gold images" of various combinations that are lean, have a smaller attack surface, are up-to-date, patch and fix-wise, and create a baseline image integrity. Were it to be an active controller, e.g. fixing tool as well, Halo would be totally dangerous in its place as a root/service-authorized tool — easily explosive in hostile hands.
Halo polls/scans on queue, spawning a scan comparing instance software and settings against the NIST database of known Common Vulnerability and Exposures. It pipes this information to the CloudPassage Portal for reporting purposes, although it's also possible to use its server-based daemons in direct queries — if you have its keys.
Keys are static, but could be admin-regenerated. The fact that the integrity can be viewed means that a static key, in our estimation, is a bad idea. Key life and potential key distribution to other staff, admins, or third-parties increases the potential for problems. It's a critical component to control.
Sign up for CIO Asia eNewsletters.