The new virtual machine (VM) configuration management tool from Configuresoft aims to ease the Sarbanes-Oxley (SOX) compliance burden for IT staffers and easily identify software licensing concerns. Instead of requiring IT to track software licensing costs or sift through confusing VM problem reports -- which saddle IT with the uneasy task of identifying the culprit -- ECM software purports to make sense of the information and automatically resolve problems.
ECM software for virtualized environments is particularly important as data centers strive to stay in compliance with software licensing requirements. ECM can track the software packages deployed in virtual guests, and its relatively straightforward interface indicates how many licenses are owned, how many are installed and where licenses should be added.Grappling with SOX
Configuresoft's ECM software also reports networking and host security issues and configuration changes in host and guest machines. The software also graphs the levels of compliance with regulations like SOX, so IT managers can view business-unit compliance status per day and on average over time.
Theresa Lanowitz, the founder and CEO of analyst firm vokeStream in Minden, Nev., said that Sarbanes-Oxley has given companies like Configuresoft a raison d'être as companies wade through a sea of compliance requirements. Prior to SOX, IT departments used general asset management practices to control software licensing costs. But now, SOX has made monitoring software licenses and tracking costs all the more onerous, as data centers with many applications and licenses need more precise tools to manage it all and resolve problems automatically.
"Compliance [with the requirements of] government agencies is a relatively new thing. As a result we see a lot of new products and tools to assist with solving the problem," Lanowitz said.
The U.S. Army, for example, uses Configuresoft ECM to adhere to pre-established templates that reflect compliance with local policies. Because the Army is subject to monthly audits by an Information Assurance group, its Directorate of Information Management (DOIM) receives reports on compliant and noncompliant machines throughout the enterprise and resolves these issues automatically with ECM, according to Configuresoft's website.
According to Configuresoft VP of Marketing Andrew Bird, the ECM product stands out from the crowd of VM configuration management tools in that the tool indicates to IT staff how to fix the problems it catches and reports when those changes have been made.
"Most software offerings out there spit out huge reports of problems that no one actually looks at," he said. "ECM can tell you where to make changes to correct those problems and can automatically make those fixes to get systems into compliance," Bird said. "You can have an infrastructure of 11,000 servers, and with a mouse click, fix a whole set of issues on all of those servers at once."Configuresoft features and competition
Major enhancements to ECM for virtualization that include memory and CPU monitoring and operational reports:
- host and guest memory and CPU use reports to identify underutilized servers, configuration changes and performance of a given guest;
- firewall security reports that view all the firewall settings throughout the virtual infrastructure and identified vulnerabilities;
- operation reports on tasks such as how to improve storage utilization. The ECM software views storage allocation and orphaned files and delivers the information to IT. It also analyzes network configurations across the virtual infrastructure and reports traffic issues.
Currently, ECM supports only VMware virtual machines, but Configuresoft plans to support other virtualization platforms in future editions.
And an impressive array of major companies uses the 9-year old Configuresoft's offerings. Some big-name clients include Verizon Communications Inc., Fannie Mae, and United Parcel Service of America Inc. In February the analyst firm Enterprise Management Associates ranked Configuresoft among the 'best of the best' in the category of system configuration management.
There's competition, of course. Other configuration management tools include Tripwire Inc., Ecora Software Corp. Active Reasoning Inc. and Solidcore Systems. And market newcomer Black Duck Software Inc. also helps IT contend with thorny licensing issues. The company offers tools to can scan code and ensure that all pieces of an application comply with software licensing terms, Lanowitz said.
With approaches like Configuresoft now on the market, providers may be on the way to solving the twin problems of Sarbanes-Oxley requirements and configuration management in virtual environments. "If Configuresoft does everything the company claims," said Lanowitz, it "will help solve a lot of problems."
Let us know what you think about the story; email Bridget Botelho, News Writer.