OpenStack Trusted Computing Pools

Enterprises are creating private and public clouds which can contain thousands of compute nodes spread across geographic boundaries and in remote locations, but need assurance that the environment is secure. Enterprises and cloud service providers (CSPs) want assurance that their workloads run on trustworthy compute nodes which are verified to be running known and good software and configurations to ensure the integrity of the environment.  

PrivateCore vCage Benefits

  • Trustworthy Compute Pools for OpenStack:  Server attestation and security provides compliance by design
  • Workload Auditability for Compliance:  vCage provides an audit trails of a sensitive workload’s execution environment
  • Simplified Management through OpenStack:  Quickly deploying more trustworthy compute nodes using OpenStack controller management streamlines administration and speeds business
  • Safely Deploy Virtual Private Clouds in Public Infrastructure: Enterprises can leverage the economics and agility of cloud computing to create trusted computing pools on public cloud infrastructure.
  • Malware Protection Against Advanced Persistent Threats (APTs): Attestation validates system integrity and mitigates against APT threat
  • Enables Differentiated Cloud Services: Trusted Computing Pools enable CSPs to charge for services with higher levels of security. 

Using OpenStack in the cloud raises many questions.  When deploying sensitive workloads in a fluid pool of computing resources, how can you keep a compromised system from infecting other systems?  How can you move workloads between systems without spreading malware or exposing images to advanced persistent threats (APTs)?  How can you be sure that sensitive workloads run in trusted environments to satisfy compliance requirements?  

The Cloud Security Foundation: Trustworthy Compute Nodes

Enterprise and CSPs using private and public clouds today lack the assurance that compute nodes are trustworthy and have not been compromised.  While a best practice in security operations is to provide a defense in depth, any defense can be breached.  Servers handling sensitive workloads must be tested to ensure they are trustworthy every time they are booted.  

Traditional approaches such as anti-malware software may not stop threats before they spread to multiple systems across a cloud environment.  Even heuristic-based anti-malware offerings, while providing better protection, do not secure the underlying hypervisor or BIOS on which your virtual machines reside. Anti-malware software is not designed to validate the integrity of underlying servers.  While anti-malware solutions can stop threats inside of a virtual machine (VM), the underlying compute nodes and their VMs are at risk without a method of verifying the trustworthiness of the system and flagging compromised systems.

The PrivateCore vCage Provides Trusted Computing for OpenStack

PrivateCore vCage enables you to know what workloads you are running and know that those workloads are running in a validated, secure environment.  vCage integrates with Openstack to validate servers and protect sensitive server information, enabling enterprises and cloud service providers to validate and securely deploy OpenStack compute nodes.  When requesting a virtual machine from within the OpenStack management dashboard, administrators or the application owner can specify that workloads should execute only on trusted hosts meeting the cloud tenant policy requirements.  

The vCage software-only solution enables enterprises to create OpenStack-based trustworthy compute environment by attesting the integrity of the compute node, hardening the underlying hypervisor based on Linux KVM, and providing a simple, secure management interface for OpenStack Nova compute nodes.