Virtualizing the Management Layer with Intigua

About two weeks ago I spent a very interesting hour with Shimon Hason (Co-Founder & CEO), Phil Neray (VP of Marketing) and Tomer Levy (Co-founder).

Intigua? Where have you perhaps heard that name before?

Intigua won the Best of VMworld 2012 in the New Technology category.

So what is Intigua? The blurb from their website says…


Intigua was founded in 2010. Currently they have an R&D facility in Herzliya, Israel and their headquarters are located in Boston (and not in Palo Alto).

They secured $8.6 million funding in January 2013. They revealed their product at VMworld last year, and that is where I first met them.

(The following is my summary and understanding of the solution they provide)

What is this management stack that they speak about?

Let’s take a look at the typical enterprise environment. Your virtual machines could possibly (and probably) have the following agents installed

  1. Anti-virus Agent
  2. IPS/IDS Agent
  3. Backup Agent
  4. Monitoring Agent
  5. Software Management (LanDesk/Altiris for example)
  6. VMware tools
  7. Configuration Management

There could be more, there probably are (here is a list of currently supported applications).

There also could be less, your mileage will vary according to your environment.

There is a great chance that each of the above agents come from a different vendor, and therefore that will require a separate management application to manage all your agents. And of course this will require a separate GUI that you will login for each and every application.

There is a very big chance that each and every of these are managed by different teams, different people, and there is a chance that none of the teams has insight or knowledge of what the other applications are doing.

Virtualization separated the operating system from the underlying hardware - through the use of a hypervisor.

VMware can encapsulate applications (ThinApp) and allow you to separate the application from the underlying OS and have it essentially run in a bubble. This of course is great for a VDI environment.

What caught my attention was something that was said during the session

“5 minutes to deploy a VM - 5 weeks to prepare for production.”

Here is one of the slides that explains it a bit more. 

Too long to go to production

All of the above are a highly resource-intensive, mainly human resources.

Looking at he slide above you can understand why the deployment of a VM is so simple, but getting it just to the correct configuration, and compliance can take time, a considerable amount of time.

And here is what Intigua does.

Intigua Architecture

They have developed a virtual container that is installed in each VM.
On top of this virtual container all the above agents are installed and interact with the underlying OS.

So why another layer? If you actually think of this, it is actually very necessary.

Take the following example.

DeveloperA spins up a VM, by default VMware tools gets installed, Antivirus of course. The VM will not need monitoring, no backup, no IPS.

The VM then goes from Development to Staging.
The machine now needs to backed up, but still does not need monitoring or IDS.


Off go the emails to the relevant parties, “Please install this and that but make sure you don’t install X or Y”.

Why not have a Central point of management that will do this for you?

If you could take the VM, tag it with the Staging Tag, and all the correct agents would be installed. I’ll take 3 of those please!

Let’s look at another scenario..

You have 4 agents on a VM, and during the backup window, the Backup agent consumes 100% of your CPU, causing a number of alerts to go out to your NOC, because your monitoring agent is not available. Up until now, there was not much you could do.

Intigua has the ability to throttle each and every agent under its control.


So here I can set a limit that my agent will never consume all the available resources on the VM, affecting the applications, or other agents. Or waking me up at 03.00 in the morning!

How about agent upgrades? A vulnerability was exposed in one of the agents, and you need to upgrade all across the board. You could do that with the native tools, or just add a new package , with the new version, edit the policy and it will go out to all the current servers. And if the update cause problems? Rollback? Very simple!

The concept reminds me of VMware Mirage where the operating system is sliced into layers, allowing for maximum portability and flexibility through upgrades.

But it is not only a one way street, i.e. Intigua manages everything, but the backend management application does not have any knowledge of the underlying agent. As of late they have added two way functionality that will also update the backend application of all the changes done on the agents as well. It can also manage the policies and settings on these backend applications. If you would like to create a new Virus scan schedule on you SEP server, Intigua will be able to do this.

With their REST API, the Central server can interact with your orchestration platform and handle all of the installations for you, report back to the management application, a good two way conversation!

A typical flow could possibly be:

  • User deploys from self-service portal.
  • Chooses Machine type (Dev/Staging/Prod)
  • Passes information to Intigua REST API - which will in turn through the VMware API deploy all the correct applications and policies needed for this VM.

So can benefit from this solution? Intigua is aiming for the Enterprise market, the customers that have compliance requirements and have a number of challenges in this area. This kind of solution can reduce so much complexity in managing the lifecycle of your applications.

Of course Cloud option are also there - each endpoint can be managed regardless of it being in your Private Cloud or at a Public Cloud provider.

Intigua will be at VMworld in San Francisco and advise you to go by their booth, and have a look at their product. I am sure you will get a much more detailed (and definitely a better sales pitch) overview from them when you drop by.


Disclaimer: I have not received any compensation for this review. The information here was taken from a personal briefing I had with the 3 gentlemen above. I was asked if they could take me to dinner at VMworld, but I have not yet decided if I will accept that invitation. I wrote this because I find the technology interesting and see potential in this product. (and I am also a bit of a softy for Israeli startups.. )