hardware, the integrity of virtualized and non-virtualized Intel x86 servers and workloads is verified remotely using Intel® Trusted Execution Technology (TXT) and Trusted Platform Module (TPM) technology on Intel Xeon processors. If this “remote attestation” finds discrepancies with the server, BIOS, or VM —suggesting the system may have been compromised by cyber-attack—the boot process can be halted. Otherwise, the application instance is launched in a verified, trusted environment spanning the hardware and the workload.
In addition to assuring the integrity of the workload, Cloud Integrity Technology 3.0 also enables confidentially by encrypting the workload prior to instantiation and storing it securely using OpenStack Glance. An included key management system that you deploy on premise gives the tenant complete ownership and control of the keys used to encrypt and decrypt the workload.
Cloud Integrity Technology 3.0 builds on earlier releases to assure a full chain of trust from bare metal up through VMs. It also provides location controls to ensure workloads can only be instantiated in specific data centers or clouds. This helps address the regulatory compliance requirements of some industries (like PCI and HIPAA) and geographical restrictions imposed by some countries.
What we announced at OpenStack Summit is a beta availability version of Intel Cloud Integrity Technology 3.0. We’ll be working to integrate with an initial set of cloud service providers and security vendor partners before we make the software generally available. And we’ll submit extensions to OpenStack for Cloud Integrity Technology 3.0 later this year.
Cloud computing is letting businesses slash time to market for new products and services and respond quickly to competitors and market shifts. But to deliver the benefits promised, cloud service providers must assure tenants their workloads are running on trusted platforms and provide the visibility and control they need for business continuity and compliance.
Intel Xeon processors and Cloud Integrity Technology are enabling that. And with version 3.0, we’re enabling it across the stack from the hardware through the workload. We’re continuing to extend Cloud Integrity Technology to storage and networking workloads as well: storage controllers, SDN controllers, and virtual network functions like switches, evolved packet core elements, and security appliances. It’s all about giving enterprises the tools they need to capture the full potential of cloud computing.