Dome9′s premise is simple – use a centralized SaaS-based offering to help manage your distributed cloud access-control (read: firewall) management challenge using either an agent (in the guest) or agent-less (API) approach across multiple cloud IaaS platforms.
Their first iteration of the agent-based solution focuses on Windows and Linux-based OSes and can pretty much function anywhere. The API version currently is limited to Amazon Web Services.
Dome9 seeks to fix the “open hole” access problem created when administrators create rules to allow system access and forget to close/remove them after the tasks are complete. This can lead to security issues as open ports invite unwanted “guests.” In their words:
Keep ALL administrative ports CLOSED on your servers without losing access and control.
Dynamically open any port On-Demand, any time, for anyone, and from anywhere.
Send time and location-based secure access invitations to third parties.
Close ports automatically, so you don’t have to manually reconfigure your firewall.
Securely access your cloud servers without fear of getting locked out.
The unique spin/value-proposition with Dome9 in it’s initial release is the role/VM/user focused and TIME-LIMIT based access policies you put in place to enable either static (always-open) or dynamic (time-limited) access control to authorized users.