By Ellen Messmer, Network World | August 26th, 2014
Boundary controls ensure VMware workloads only run in trusted locations.
HyTrust, in a partnership with Intel, today said its cloud security software used with VMware-based virtual machines can now ensure those VMs will only run in designated trusted locations based on what’s called new “boundary controls.”
Through a tagging process, these boundary controls let system administrators via HyTrust software restrict where specific VMs and data in them, which is held encrypted, will be allowed to run in terms of geo-location. This hardware-based approach relies on use of Trusted Execution Technology co-developed with Intel (Intel TXT).
Supported through the HyTrust CloudControl and DataControl software, boundary controls create a high-security zone cluster for production or development, according to HyTrust President Eric Chiu.
HyTrust says the boundary controls process works so that if a virtual machine is copied or removed from its defined location, it won’t run at all and the data will not be decrypted on untrusted hosts or hosts outside the defined policy.
Jim Greene, technology lead for security at Intel’s data center group, points out there are underlying hardware requirements for these boundary controls based on TXT to work, including Intel’s ‘Westmere’ generation of processors and the Trusted Platform Module to enable necessary BIOS functions. This is all gear that’s been available for several years.
Next year HyTrust expects to have something similar out for OpenStack/KVM also based on use of Intel hardware.