Doubling down on security
The general availability milestone for the latest release of the Wind River Titanium Cloud product family has been achieved.
Guest blog by Ron Breault.
While this release is brimming with new features and functionality, Wind River especially ‘doubled down’ on security across the products in the Titanium Cloud portfolio. Moving the security yard sticks to stay a few steps ahead of the ‘bad guys’ is nothing new, but with this release, something different has been achieved.
One of the company’s lead customers expressed during a deep dive, that Wind River “completely exceeded their expectations.” They’re so pleased in fact, that they wanted the company to join them at a security conference later this summer.
This kind of a reception for a new software release is positive for the Engineering team who did the heavy lifting, and it’s equally good news for all the companies putting their trust into Titanium Cloud to run their critical infrastructure.
It bears repeating: “When it matters, it runs on Wind River.”
At a high level, there are three security technologies in our latest update that are particularly important enablers for companies building distributed, SD-WAN or vCPE products on our Titanium Cloud offerings. These technologies are Secure Boot, TPM key storage, and virtual TPM for ultra-secure guest virtual machines (VMs).
Secure Boot is capability which protects the integrity of a product by ensuring the image it boots from has not been tampered with, or in any way altered, since it was originally securely delivered and installed. Achieving this integrity is a multistage process involving cryptographic keys, image signatures, boot loaders, and leveraging special purpose firmware and hardware. A Trusted Platform Module (TPM) is a highly specialised cryptographic co-processor and storage module which systems can employ in a variety of ways to protect ‘secrets’ (e.g. private keys) which are vital to the secure operation of the platform.
By intelligently leveraging the capabilities of a TPM, a platform can implement security controls which even privileged users (e.g. ‘root’) cannot tamper with. A closely related technology is Virtual TPM (vTPM), a relatively recent industry security advancement, which provides the mechanism to enable guest VMs to enjoy the security benefits of a TPM within their contained virtual environment.
Wind River has implemented and delivered features based on these underlying technologies in our latest release. Collectively, they provide an incredibly strong, secure foundation for applications building or deploying on the Titanium Cloud family of products. While each feature is interesting in and of itself, the work on the vTPM in particular is generating a lot of enthusiasm.
vTPM as a concept is not new, but the details of how to implement it are still being actively worked in the open source community. A significant challenge and hurdle has been how to securely manage vTPMs in a modern cloud environment: VMs migrate from server to server; live migration support is a must; underlying hosts may have differing physical TPM devices.
Through significant Wind River R&D, and close partnering with customers, the company have developed an innovative vTPM solution which addresses these challenges. While listening to the details in a recent meeting, a security architect with customers commented: “You guys are truly leading the industry.”
To learn more about the Titanium Cloud portfolio visit here.
Courtesy of Wind River.