It’s almost time for IDF 2014 in San Francisco and this year Bob Ball from XenServer Engineering and I will be demoing secure workloads within OpenStack clouds based on Citrix XenServer.

Citrix XenServer has been working with Intel for several years on different projects related to the support of Intel TXT. There is a separately downloadable supplemental pack for XenServer that adds this functionality to the hypervisor platform, which has now existed since v6.1.

For this year’s demo? Support for Intel Trusted Execution Technology (TXT) is being extended to include secure virtual machines combined with OpenStack clouds.

So this is all very well, but what does it really mean for Citrix XenServer customers? Well the measured boot process is about storing known good values for various components, such as the Xen hypervisor, the kernel and inited. These are securely stored as hash values within the TPM chip, accessible via an external trust attestation service. Once the known good values have been stored in the TPM for all host resources within your cloud, as each host starts up, it’s boot process is measured against the known good values stored in the TPM. If anything has changed, it is considered compromised, hence earmarked accordingly by the cloud layer.

In just this past week, there have been a few high profile “cloud” security breaches and whilst the issues reported are very different and completely unrelated to the types of security I am referring to here, the mere presence of these articles tends to put fear in many people of running workloads within a cloud, whether on premise or in a public setting run by a service provider. The fact of the matter is we need to secure these the best we can.

One example of how a customer might use this new technology would to be concerned about certain secure workload types and where they run, hence it would prevent them from running on any compromised host. Other examples that we heard of from customers is that any compromised host would immediately be prevented from accepting any workloads regardless of type or security level expectation and that host is essentially blacklisted and earmarked for investigation and/or rebuild.

Architecture for Trust Attestation Service

XenServer’s latest demo extends the work done so far with secure VMs. Essentially the VM image is encrypted in the OpenStack image store. When a VM boot request is received, the hypervisor where the VM will be run requests the decryption key, something returned by the management service upon confirm of the attestation service that the hypervisor is unmodified and hence can be trusted. A key aspect of this demo is that the customer is able to manage all this for their hosts and workloads from within their own data centre.

At IDF 2014, Bob and I will be hosting the demo of these secure workloads within Intel’s Software & Services Pavilion.  Do come down to see us on booth #512 for a chat and a demo!