It's almost time for IDF 2014 in San Francisco and this year Bob Ball of XenServer technology, and I will demonstrate safe workloads within OpenStack Cloud based on Citrix XenServer.
Citrix XenServer with Intel for several years working on various projects to support Intel TXT based. There is a separately downloadable add-on package for XenServer that complements that capability on the hypervisor platform, which has now existed since v6.1.
For this demonstration this year? Support for Intel Trusted Execution Technology (TXT) is extended contain combined with OpenStack Cloud secure virtual machines.
So that's all very well, but what does it really for Citrix XenServer customers? Now, the measured boot process is about good values for various components to store known, such as the Xen hypervisor, the Kernel and inited. These are safe, accessible stored as hash values within the TPM chip via an external trust certificate service. Once the known good values have been saved in the TPM for all host resources in the cloud, as each host is started, it's boot process against known good values in the TPM stored is measured. If anything has changed, it is therefore provided in accordance with the risk through the cloud layer.
In just this last week there have been some high-profile "cloud" been security breaches and during the reported problems are very different and completely independent of the type of security I am referring here, the mere presence of these products tends anxiety in many to put people of workloads within a cloud, it will be carried out on site or in a public institution of a service provider. The fact of the matter is that we need to secure them the best we can.
An example of how a customer can use this new technology would continue to be concerned about certain safe workload types and where they run, so it would prevent them can be run on any compromised host. Other examples that we heard from customers that any compromised host would immediately be prevented regardless of the type or level of security expected by assuming all workloads and that host essentially blacklisted and used for the study and / or re-create.
XenServer latest demo extends the previous work with secure VMs done. Essentially, the VM image is encrypted in the OpenStack image memory. When a request is received VM boot, where the hypervisor VM requests the decryption key are executed, which is returned by the management service to confirm the certificate service, the hypervisor unmodified and therefore trustworthy. An essential aspect of this demo is that the customer for their hosts and workloads, all this must be able to manage from their own data center.
at IDF 2014, Bob and I will the demo of this secure workloads hosting within Intel Software & Services Pavilion. They come at the booth # 512 for a chat to see each other and a demo!
0 Komentar