CompatibleOne & Intel

CompatibleOne and Intel are cooperating to deliver a hardware based root of trust for workloads in open clouds.

Intel.jpg

This cooperation aims to offer Trusted Compute Pools services to users who require improved visibility and control in the infrastructure where their services run. This is delivered by providing pools of compute nodes which are verified in running known and good hypervisors for ensured trustworthy environment.

Trusted Compute Pools: Cloud subscribers may have applications or virtual machines that need to run in trustworthy environments. Thanks to hardware-based security features, such as Intel® Trusted Execution Technology (TXT), cloud service providers are able to build Trusted Compute Pools.  Combined with remote attestation server from Open Attestation, an open source project, service providers can ensure that the compute node is running software with verified measurements. Thus they can establish the foundation for a trusted cloud stack. Through the use of Trusted Compute Pools, cloud subscribers can request services to be run on verified compute nodes.

Trusted Brokerage Services: CompatibleOne is an open source cloud service broker i.e. a cloud services management software with brokering capabilities. CompatibleOne can provision, deploy and manage any type of cloud services (from IaaS to PaaS), these services being supplied by heterogeneous service Providers selected according to Service Level Agreement (SLA) as defined between the consumers and the platform operators. This means that customers may specify their proper SLA, which their workloads request, in terms of security policy, such as specifying the trustworthiness of the compute nodes on which these workloads will be processed. In that case, CompatibleOne platform will provision and deploy these workloads on the most compliant cloud providers i.e. only the ones who have deployed Trusted Compute Pools. CompatibleOne is able to do so in a complete secured (TLS) and non-intrusive fashion through native OpenStack API (Nova). Thanks to its secured post-configuration and monitoring services it will also be able to enforce the security policy at run time.

The combination of Trusted Compute Pools, Trusted Brokerage Services and OpenStack provides all means to insure that the customers' VMs are processed in a trustworthy environment:

  1. Intel TXT attests that the chain made by H/W, Bios, OS, hypervisor is secured.
  2. OpenStack (Folsom version) which has integrated support for Trusted Compute Pools (see specifications), is able to attest tothe trustworthiness of the compute nodes on which these workloads will be processed (including hypervisor such as KVM).
  3. CompatibleOne integrating OpenAttestation features is able to deploy workloads only on attested computing nodes and to control at any moment that the VMs deployed on OpenStack Trusted Compute Pools are still compliant with security policy defined by customers' SLA.

This significantly reduces the uncertainty in terms of security. In the case of an Hybrid Enterprise IT (public organization or private firm) with a strong security policy, this solution will offer to the CIO a comprehensive set of tools which can be customized to fit with the governance rules of the enterprise, and integrated well with their operational environments. Plus they will be able to deal only with providers able to support Trusted Compute Pools.

 “CompatibleOne has pioneered the use of Trusted Compute Pools in a cloud service broker and by doing so has set the pattern for the industry to follow. Cloud users will now be able to obtain and use trusted infrastructure from service providers.” Billy Cox, Intel Director of Cloud Software Strategy.

Read more about the CompatibleOne TXT Case Study

For more information, contact  us.


This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 4.5.1 - Documentation - Legal Notice

Site maintained by