Intel, OpenStack, & Trust in the Open Cloud. Intel Introduction

Similar documents
Upcoming Services in OpenStack Rohit Agarwalla, Technical DEVNET-1102

OSDC.de 2013 Introduction to OpenStack. Justin Clift Open Source & Standards RH 17 April 2013

DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing

The Road to a Secure, Compliant Cloud

Increasing Security and Compliance in the Cloud

Jumpstart your Production OpenStack Deployment with

"Charting the Course... H8Q14S HPE Helion OpenStack. Course Summary

Introduction To OpenStack. Haim Ateya Group Manager, EMC

Red Hat OpenStack Platform 10 Product Guide

Intel s Architecture for NFV

Dynamic Resource Allocation and Management Using OpenStack

White Paper The Storage System Best Suited for OpenStack FUJITSU Storage ETERNUS DX S4/S3 series and ETERNUS AF series

Enterprise & Cloud Security

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

Build your own Cloud on Christof Westhues

OpenStack Cloud Storage. PRESENTATION TITLE GOES HERE Sam Fineberg HP Storage

Cloud Essentials for Architects using OpenStack

Introduction to OpenStack

HPE HELION CLOUDSYSTEM 9.0. Copyright 2015 Hewlett Packard Enterprise Development LP

Cloud Builders. Billy Cox. Director Cloud Strategy Software and Services Group

Infrastructure-as-Code and CI Infrastructure at Open Stack A look at one of the largest CI systems and system administration

OpenStack Mitaka Release Overview

COMP4442. Service and Cloud Computing. Lecture 04: OpenStack. Prof. George Baciu PQ838.

An Introduction to Red Hat Enterprise Linux OpenStack Platform. Rhys Oxenham Field Product Manager, Red Hat

RE-IMAGINING THE DATACENTER. Lynn Comp Director of Datacenter Solutions and Technologies

IN2P3-CC cloud computing (IAAS) status FJPPL Feb 9-11th 2016

Oracle Solaris Virtualization: From DevOps to Enterprise

Runtime VM Protection By Intel Multi-Key Total Memory Encryption (MKTME)

Anand Bhadouria Chief Cloud Technologist. December 10, 2014

Build Cloud like Rackspace with OpenStack Ansible

High Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack

Deploying TeraVM in an OpenStack Environment

BRKDCT-1253: Introduction to OpenStack Daneyon Hansen, Software Engineer

Contrail Cloud Platform Architecture

1. What is Cloud Computing (CC)? What are the Pros and Cons of CC? Technologies of CC 27

NFV Infrastructure for Media Data Center Applications

Reimagining OpenStack*

Intel and Symantec: Improving performance, security, manageability and data protection

OpenStack in 10 minutes with DevStack

Road to Private Cloud mit OpenStack Projekterfahrungen

Minimal OpenStack Starting Your OpenStack Journey

DEPLOYING NFV: BEST PRACTICES

BCS EXIN Foundation Certificate in OpenStack Software Syllabus

DEEP DIVE: OPENSTACK COMPUTE

Contrail Cloud Platform Architecture

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

BUILDING A PRIVATE CLOUD. By Mark Black Jay Muelhoefer Parviz Peiravi Marco Righini

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Architecture and terminology

VMware + OpenStack. Dan Wendlandt Director of Product Management VMware VMware Inc. All rights reserved.

Huawei FusionSphere 6.0 Technical White Paper on OpenStack Integrating FusionCompute HUAWEI TECHNOLOGIES CO., LTD. Issue 01.

Enterprise Cloud Computing. Eddie Toh Platform Marketing Manager, APAC Data Centre Group Cisco Summit 2010, Kuala Lumpur

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

opportunity Mechanisms to Protect Data in the Open Cloud

CONSIDERATIONS FOR YOUR NEXT CLOUD PROJECT CLOUDFORMS & OPENSTACK DO S AND DON TS

Building a Video Optimized Private Cloud Platform on Cisco Infrastructure Rohit Agarwalla, Technical

POWERED BY OPENSTACK. Powered by OpenStack. Globo.Tech GloboTech Communications

Quantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer

Best Practice Deployment of F5 App Services in Private Clouds. Henry Tam, Senior Product Marketing Manager John Gruber, Sr. PM Solutions Architect

NephOS. A Single Turn-key Solution for Public, Private, and Hybrid Clouds

NFV Infrastructure Manager with High Performance Software Switch Lagopus

NephOS. A Single Turn-key Solution for Public, Private, and Hybrid Clouds

Getting Started with OpenStack

Lenovo ThinkCentre M90z with Intel vpro Technology. Stefan Richards Intel Corporation Business Client Platform Division

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Cloud Computing. Amazon Web Services (AWS)

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation

4th Generation Intel Core vpro Processors with Intel VMCS Shadowing

SUSE OpenStack Cloud

CLOUD ARCHITECTURE & PERFORMANCE WORKLOADS. Field Activities

Human Centric. Innovation. OpenStack = Linux of the Cloud? Ingo Gering, Fujitsu Dirk Müller, SUSE

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

GSE/Belux Enterprise Systems Security Meeting

OpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist

Akraino & Starlingx: A Technical Overview

Enhanced Privacy ID (EPID), 156

School of Software / Soongsil University Prof. YOUNGJONG KIM, Ph.D. Soongsil University

33% 148% 2. at 4 years. Silo d applications & data pockets. Slow Deployment of new services. Security exploits growing. Network bottlenecks

Windows IoT Security. Jackie Chang Sr. Program Manager

OpenStack Networking: Where to Next?

One-Stop Intel TXT Activation Guide

Introducing SUSE Enterprise Storage 5

SUBSCRIPTION OVERVIEW

NTT Com Press Conference March 1, 2016 #enterprisecloud

Xen Project Overview and Update. Ian Pratt, Chairman of Xen.org, and Chief Scientist, Citrix Systems Inc.

THE CEPH POWER SHOW. Episode 2 : The Jewel Story. Daniel Messer Technical Marketing Red Hat Storage. Karan Singh Sr. Storage Architect Red Hat Storage

OpenStack Networking Services and Orchestration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

Container Deployment and Security Best Practices

MWC 2015 End to End NFV Architecture demo_

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

RED HAT CEPH STORAGE ROADMAP. Cesar Pinto Account Manager, Red Hat Norway

A Peek at the Future Intel s Technology Roadmap. Jesse Treger Datacenter Strategic Planning October/November 2012

Boot Attestation Service 3.0.0

OpenStack Architecture and Pattern Deployment with Heat. OpenStack Architecture and Pattern Deployment using Heat Ruediger Schulze

Highly Available OpenStack Deployments with NetApp & Red Hat's OpenStack platform June 26, 2015

Actual Agility with SDN: Weaving SDN into Data Center Automation May 6, John Burke Principal Research Analyst & CIO

Five years of OpenStack at CERN

ServerReady and Open Standards Accelerating Delivery

Meet the Increased Demands on Your Infrastructure with Dell and Intel. ServerWatchTM Executive Brief

Dataplane Networking journey in Containers

Transcription:

Intel, OpenStack, & Trust in the Open Cloud Intel Introduction 1

Intel enables OpenStack Cloud Deployments 2

Intel Contributions to OpenStack Telemetry (Ceilometer) Object Store (Swift) Erasure Code Metrics Object Storage Policy Image Store (Glance) OVF Meta-Data Import User Interface (Horizon) Compute (Nova) Enhanced Platform Awareness (EPA) Trusted Compute Pools (Extended with Geo Tagging) Intelligent Workload Scheduling Expose Enhancements Block Storage (Cinder) Filter Scheduler Network Services (Neutron) Intel DPDK vswitch VPN-as-a-Service (Accelerated with Intel QuickAssist Technology) Key Encryption & Management Legend: Compute Network Storage Other Focus for today: Trusted Compute Pools (TCP) with OpenAttestation, Enhanced Platform Awareness (EPA) 3 3

OpenStack Release Cadence Intel Contributions First Deployments 6 month cadence KEYSTONE HORIZON CINDER QUANTUM KEYSTONE HORIZON CINDER QUANTUM KEYSTONE HORIZON HEAT CEILOMETER CINDER NEUTRON^ KEYSTONE HORIZON MARCONI SAVANNAH TROVE IRONIC TRIPLE O BARBICAN HEAT CEILOMETER CINDER NEUTRON KEYSTONE HORIZON Queuing Hadoop Database Bare Metal Deployment/Management Key Management Orchestration Measurement Block Storage Networking Identity Dashboard Image Store Object Store Compute AUSTIN Oct 2010 BEXAR Feb 2011 CACTUS Apr 2011 DIABLO Sep 2011 ESSEX Apr 2012 FOLSOM Sep 2012 GRIZZLY Apr 2013 HAVANA Oct 2013 ICEHOUSE Apr 2014 Planned / Incubation ^ Component name change Intel continues to strengthen existing modules while contributing to new ones 4 4

Server Security Technologies A Fresh Look at Intel VT Hardware Provides Stronger Isolation of VMs Traditional server VMM-based uses Isolation needed for: Separation of development and production environments Intel Virtualization Technology Intel VT for IA- 32 and Intel 64 (Intel VT-x) HW support for isolated execution Intel VT for Directed I/O (Intel VT-d) HW support for isolated I/O Technology demonstrations New cloud security-related uses Isolation of workloads in multi-tenant cloud Memory monitoring for malware detection VM1 VM2 Device isolation for protection against DMA attacks VMM 5

Server Security Technologies Intel Trusted Execution Technology (Intel TXT) Hardens and Helps Control the Platform Enables isolation and tamper detection in boot process Complements runtime protections Hardware based trust provides verification useful in compliance Trusted Launch Verified platform integrity reduces malware threat Trusted, Tagged Compute Pools Control VMs based on platform trust and location to better protect data Internet Trust status and geolocation usable by security and policy applications to control workloads Compliance Hardware support for compliance reporting enhances auditability of cloud environment 6

Enhanced Platform Awareness Allows OpenStack* to have a greater awareness of the capabilities of the hardware platforms Expose CPU & platform features to OpenStack Nova scheduler Use ComputeCapabilities filter to select hosts with required features Processor Unencrypted Data ABCDEFGH IJKLMNOP QRSTUVW Faster Encryptions Faster Decryptions Data In Motion Encrypted Data #@$%&%@#& %@#$@&%$@ #$@%&& - Intel Advanced Vector Extensions (Intel AVX) for workloads requiring heavy numerical computation - Intel AES-NI or PCI Express accelerators for security and I/O workloads - Up to 10x encryption & 8x decryption performance improvement observed 1 Intel CPU features exposed in Oct 13 Havana release, PCI Express support expected soon Intel AES-NI = Intel Advanced Encryption Standard New Instructions 1 - See http://www.oracle.com/us/corporate/press/173758 7

Intel Red Hat OpenStack Collaboration Common vision: Open Hybrid Cloud Common goals: Enterprise grade OpenStack built on enterprise grade Linux Build a unified ecosytem aligned behind the OpenStack community (avoid fragmentation) Positioned for success: 10+ yrs of history of delivering enterprise grade features & performance via collaboration in Linux, Virtualization and now OpenStack. August 2012: Red Hat announces Red Hat OpenStack Preview and collaboration with Intel begins. Initial project: Validate Trusted Compute Pool (TCP) use case with RHEL/OSP 8 *Other names and brands may be claimed as the property of others.

Intel and Red Hat: Better Together Driving synchronized innovation and comprehensive solutions Delivering enterprise-grade features, including security, reliability, scalability, and performance, to Red Hat Enterprise Linux Working to optimize kernel-based virtual machine (KVM) and enhance KVM virtualization management in ovirt and Red Hat Enterprise Virtualization. Now working together to drive enterprise adoption of OpenStack by delivering secure, trusted, high performance private and hybrid clouds 9

Intel, OpenStack, & Trust in the Open Cloud Intel Contributions In Depth 10

Intel TXT Components = SW/FW = HW From Intel From OEM From ISV Intel TXT relies on a set of enhanced hardware, software, and firmware components designed to protect sensitive information from software-based attacks Intel VT-x and Intel TXT support (VMX+SMX) Intel VT-x and Intel TXT support Xeon Xeon Intel TXT and Intel VT-d support in IOH IOH/PCH Intel Software BIOS AC Module SINIT AC module AC modules and platform initialization BIOS TPM v1.2 TPM by 3 rd Party (TCG* compliant) TPM Support Intel TXT Toolkit 3rd Party SW MLE, Hosted OS Apps etc. 11

Trusted Compute Pools (TCP) Enhance visibility, control and compliance Today: TCP Solution Platform Trust - new attribute for Management Intel TXT initiates Measured Boot as basis for Platform Trust Open Attestation (OAT) SDK Remote Attestation Mechanism https://github.com/openattestation/openattestation TCP-aware scheduler controls placement & migration of workloads in trusted pools Future: TCP with Geo-Tagging Use geo-location descriptor stored in TPM on Trusted Servers to control workload placement & migration Work in progress targeting a future release beyond Icehouse 1 source: McCann what s holding the cloud back? cloud security global IT survey, sponsored by Intel, May 2012 TCP is enabled in OpenStack since Sep 12 release (Folsom) No computer system can provide absolute security under all conditions. Intel Trusted Execution Technology (Intel TXT) requires a computer system with Intel Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). The MLE could consist of a virtual machine monitor, an OS or an application. In addition, Intel TXT requires the system to contain a TPM v1.2, as defined by the Trusted Computing Group and specific software for some uses. For more information, see here 12

Open Attestation Software (OAT) OpenAttestation (OAT) SDK Add cloud management tools capable of establishing hosts' integrity information Remotely retrieve and verify hosts' integrity with TPM quotes Cloud/virtualization management tools which are currently enabled for OAT OpenStack, ovirt 13

Intel Red Hat collaboration on TCP Red Hat and Intel Validation of TCP use case with with Red Hat Enterprise Linux Openstack Platform: Completed March 2013 Packaging of OAT for Fedora: Completed June 2013 OAT Repo for Red Hat Enterprise Linux OpenStack Platform: Completed October 2013 available here: http://repos.fedorapeople.org/repos/gwei3/oat/ep el-6/ OAT=Open Attestation Server 14 *Other names and brands may be claimed as the property of others.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback