Recently EMC and Intel paired up on a webcast to talk about the relationship between the two companies… they provided a new proof of concept. As much as I love this relationship and enjoyed the presentation ( I have included them below ), the capability that I am most interested in is the Intel Trusted Execution Technology (TXT) functionality. From a security and virtualization viewpoint this functionality is wonderful. Before I get in to the Intel TXT capability I wanted to step in to security for a couple of seconds.
I find the growth pattern that security has taken on truly amazing. In the internet age.. at first, we didn’t need any security because there was nothing to steal. Then the internet took over our lives and the digital information explosion was on a roll!! It became about protecting the perimeter and then it was all about protecting the information. Then questions came up about the hardware that we run this technology on and whether anyone has corrupted it. Wow… how security and it’s way’s have changed. I love the fact that we are jumping the gun when it comes to understanding the hardware that our information is running on. I love that you can never be too sure. It is like when people ask me about the security of the hypervisor… I always say that at this exact moment, it is safe. In actuality, we have no idea what the future holds but we know that when people want something, they will do anything to get it. You can not expect anything less.
The Intel TXT functionality establishes a root of trust. This technology establishes normal behavior for the bios and the firmware when the system/server is booting and bases future behavior off of it. The hypervisor can then be tested and verified as well. If all is good, then the hypervisor can boot up in normal fashion. If there is not a match, then the hypervisor can not launch. Even creating a policy that indicates that a VM can not reside on a host that does not have the Intel TXT functionality enabled. You know how I love policies. How cool is that!!! Getting this level of security when we are trying to boot the hypervisor is how security should be… that is thinking!!!
Last but not least… I can not ignore what RSA is doing with this technology as well. They showcased this proof of concept at RSA Conference 2010 with the VMware and RSA enVision and Archer technology. Once again helping with the security and compliance requirement and ensuring you have the visibility into this technology and your virtual environment. Without this visibility, you have nothing. What is the point of using it if you can not prove it? RSA enVision and Archer helps you with this. Click here if you want to review the press release from RSA regarding this capability. I truly love that RSA has taken the initiative here. I love the fact that that we can partner with a company that sees security on a new level and can prove it.
#1 by Betsey Bolton on February 1, 2012 - 08:00
Hi Erin.
Your audience can also view the on-demand webcast:
Accelerate the Journey to Your Cloud with EMC and Intel
http://www.emc.com/events/2012/q1/01-12-12-journey-to-cloud-with-emc-and-intel.htm
#2 by thebizarch on February 2, 2012 - 04:27
So, where does identity figure in this “root trust” tree TXT provides? Are we to trust the private key squirrelled away in the TPM? Rather like the house of cards that PKI built upon unsound CA foundations.
Goal posts moved. Same game. Same scoreline. I don’t see TXT as anything other than a glorified Motorola 68K TAS instruction. Am I wrong?
Good detail here: http://en.wikipedia.org/wiki/Trusted_Execution_Technology
–Rob.