Enterprises are creating private and public clouds which can contain thousands of compute nodes spread across geographic boundaries and in remote locations, but need assurance that the environment is secure. Enterprises and cloud service providers (CSPs) want assurance that their workloads run on trustworthy compute nodes which are verified to be running known and good software and configurations to ensure the integrity of the environment.
Using OpenStack in the cloud raises many questions. When deploying sensitive workloads in a fluid pool of computing resources, how can you keep a compromised system from infecting other systems? How can you move workloads between systems without spreading malware or exposing images to advanced persistent threats (APTs)? How can you be sure that sensitive workloads run in trusted environments to satisfy compliance requirements? Enterprise and CSPs using private and public clouds today lack the assurance that compute nodes are trustworthy and have not been compromised. While a best practice in security operations is to provide a defense in depth, any defense can be breached. Servers handling sensitive workloads must be tested to ensure they are trustworthy every time they are booted. Traditional approaches such as anti-malware software may not stop threats before they spread to multiple systems across a cloud environment. Even heuristic-based anti-malware offerings, while providing better protection, do not secure the underlying hypervisor or BIOS on which your virtual machines reside. Anti-malware software is not designed to validate the integrity of underlying servers. While anti-malware solutions can stop threats inside of a virtual machine (VM), the underlying compute nodes and their VMs are at risk without a method of verifying the trustworthiness of the system and flagging compromised systems. PrivateCore vCage enables you to know what workloads you are running and know that those workloads are running in a validated, secure environment. vCage integrates with Openstack to validate servers and protect sensitive server information, enabling enterprises and cloud service providers to validate and securely deploy OpenStack compute nodes. When requesting a virtual machine from within the OpenStack management dashboard, administrators or the application owner can specify that workloads should execute only on trusted hosts meeting the cloud tenant policy requirements. The vCage software-only solution enables enterprises to create OpenStack-based trustworthy compute environment by attesting the integrity of the compute node, hardening the underlying hypervisor based on Linux KVM, and providing a simple, secure management interface for OpenStack Nova compute nodes. PrivateCore vCage Benefits
The Cloud Security Foundation: Trustworthy Compute Nodes
The PrivateCore vCage Provides Trusted Computing for OpenStack