Organisations around the globe are looking to move critical data and applications into the cloud. At the same time service providers are looking to manage data center costs by sharing server hardware across multiple customers. This combination creates a significant security issue for both organisations and service providers unless the servers are running secure virtualisation software that ensures absolute separation between virtual machines running on a single server.
This blog will look at how military grade secure virtualization, running on Intel® hardware technology, can help protect cloud environments, and allow for hardware consolidation by allowing secure multi-tenancy even within sensitive environments such as government, medical and financial systems.. For this blog I have been talking to Robert Day, Vice President, Marketing at LynuxWorks, an affiliate member of the Intel® Intelligent Systems Alliance. The 200-plus members of the Alliance collaborate closely with Intel® to create hardware, software, tools, and services to help speed intelligent systems to market.
Moving Data into the Cloud
In the early days of computers data was stored centrally on mainframes and accessed through private dumb terminals. The development of PCs and low cost servers drove a shift towards distributed data with most data stored locally on PCs, or local servers, connected through a local area network (LAN).
We are now moving into a new era in which most organisations, both large and small, are looking to move critical data to the cloud, making it accessible over the Internet from a wide range of user devices including PCs, tablets and smartphones. This is taking us back to a centralized system but is creating new security concerns as the data is stored in shared data centers and accessed over a public network.
We know that endpoints are difficult to secure and moving all the data to one place invites a much more catastrophic breach if attacked. Service providers and other organizations need to ensure that they control direct access to their own data, wherever it is stored, and ensure that their data is protected from other users sharing data centers or servers.
Intel® Virtualization Technology
The latest Intel® processors, including 3rd Generation Intel® Core™ Processors and Intel® Xeon® Processor E3 and E5 families support several hardware virtualization technologies.
- Intel® Virtualization Technology (Intel® VT-x)
- Intel® Virtualization Technology for Directed I/O (Intel® VT-d)
- Extended Page Table (EPT)
LynxSecure from LynuxWorks is a secure separation kernel and hypervisor that has been developed for military applications and transferred into the enterprise domain. LynxSecure provides a secure environment in which multiple operating systems can run simultaneously without compromising security, reliability or data. LynxSecure offers both time-space partitioning and operating-system virtualization and supports multiple heterogeneous, secure and nonsecure, operating system environments. LynxSecure will support common operating systems including Windows, Linux and Solaris, running unmodified ‘guest’ operating systems in their own secure virtual machines.
Figure 1. LynxSecure runs unmodified ‘guest’ operating systems in their own secure virtual machines.
LynxSecure uses the hardware virtualization technologies integrated into the latest Intel® processors. The software enables VT-x features within the processor to manage Guest VMs and ensure privileged operations cannot bypass the hypervisor. LynxSecure utilizes VT-d extensions to ensure that only allowed memory regions are accessed. The software utilizes the EPT technology in Intel® processors to provide a significant boost in performance of guest operating systems while preserving the separation and isolation between them.
Enabling Cloud Deployments in Sensitive Areas
As organizations move critical data and applications to the cloud, service providers need to ensure the servers they are using support a high level of security between users. By using hardware virtualization technology on the latest Intel® processors and secure kernel and hypervisor solutions such as LynxSecure companies can offer their customers secure multi-tenancy server solutions that can be used even within sensitive environments such as government, medical and financial systems.
To learn more about virtualization for embedded devices, visit intel.com/go/embedded-virtualization
For more on flexible, scalable, standards-based communications visit intel.com/go/embedded-communications
LynuxWorks is an affiliate member of the Intel® Intelligent Systems Alliance.
Roving Reporter (Intel® Contractor), Intel® Embedded Alliance
Principal Consultant, Earlswood Marketing
Follow me on Twitter: @simon_stanley