Building Trust and Compliance in the Cloud with Intel ... · Building Trust and Compliance in the ... Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology

WHITE PAPERIntel® Trusted Execution TechnologyIntel® Xeon® Processor Secure Cloud Computing

Building Trust and Compliance in the Cloudwith Intel® Trusted Execution Technology

EXECUTIVE SUMMARYThe Taiwan Stock Exchange Corporation (TWSE) is a financial institution operating asa stock exchange that provides trading for 758 listed companies in Taiwan. Its pri-mary business drivers include developing new financial products and boosting thenumber of services it offers. This paper highlights the systems, solutions, andapproach Intel used in a joint proof of concept (PoC) with TWSE to address its busi-ness needs and increase the overall trust and security of its cloud infrastructureusing Intel® Trusted Execution Technology (Intel® TXT), Cisco Unified ComputingSystem* (UCS*) servers, and software solutions from HyTrust, McAfee, and VMware.

TWSE needed to build a more secure foundation for sensitive cloud workloads. It isusing the components from these companies to establish trusted compute pools (TCP)providing the additional elements of security, visibility, and control needed to putmore applications and workloads into its cloud infrastructure. From this initial proof-of-concept deployment, TWSE expects many other business units to be able to moreeffectively use cloud infrastructures to increase business agility, reduce costs, andimprove asset utilization without compromising security considerations.

Contributors

Intel CorporationJames J. Greene

Martin GuttmannKou-Hui LiJinn Parng

Raghu Yeluri

TWSECheng-Yi Wu

Ken Wu

HyTrustHemma Prafullchandra

Ken Sigel

McAfeeEd Reynolds

VMwareGargi Keeling

Developing effective,

efficient, and proven security

and trust solutions to

minimize the complexities of

managing cloud infrastructures

Trust and Security ChallengesThe rapid adoption and growing deploymentof cloud infrastructure and solutions—inter-nal, external, and/or federated—introducesnew trust and security challenges.

In cloud infrastructure, systems are auto-matically provisioned. Applications aredeployed and moved from system to sys-tem based on available IT resources. Whilethis creates powerful efficiency and agilitybenefits, it often does so at the expense ofcreating new security and trust concerns.

There is very little visibility to the operat-ing state of the infrastructure in thismulti-tenant environment. Depending onthe organization’s industry segment, theremay be many regulations that specifysecurity controls, enforcement, and visibili-ty to enable compliance.

Organizations need effective, efficient, andproven security and trust solutions to mini-mize the complexities of managing theircloud infrastructures and the workloads theywish to host there. They also need integra-tion with existing IT systems and securitytools. Finally, trust solutions need to enableautomated security reviews and audits toensure security and overall trust.

Fundamentally, organizations are searchingfor solutions and systems that behave in anexpected way, ensuring that issues of trustare effectively addressed and managed.

A fundamental business and technicalrequirement for the cloud infrastructureunder construction at TWSE was to providesecure systems and trusted compute envi-ronments. TWSE has established that it iscrucial to integrate software application

The Taiwan Stock Exchange Corporation Develops a Secure Cloud Infrastructure

solutions that will provide overall trustand security for its cloud infrastructureand fully use hardware-based security andprovide root of trust and platform attesta-tion. The goals for the organization wereto enable:

• Greater visibility into the securitystates of the hardware platforms run-ning infrastructure as a service (IaaS)for its private clouds

• Production of automated, standard-ized reports on the configuration ofthe physical and virtual infrastructurehosting customer virtual machinesand data

• Controls based on the physical locationof the server and location of the virtu-al machines and control the migrationof these virtual machines onto accept-able servers, per specified policy

• Collection of measured evidencethat services infrastructure complieswith security policies and regulateddata standards

To explore the capabilities and challengesof implementing such an infrastructure,TWSE engaged Intel and other key ecosys-tem members to develop a multi-phasedproof of concept (PoC) implementation of asecure cloud based on familiar tools, plat-forms, and software. The capabilities thePoC needed to provide included:

• Measured boot for servers with plat-form attestation

• Creation of TCPs

• Security-controlled workload place-ment in the TCPs

• Security controlled workload migra-tion in TCPs

• Security and platform trustIntegrated and extended with McAfeeePolicy Orchestrator* (McAfee ePO*)

TWSE Business Needs and Priorities To support its plans to deliver new busi-ness services for both internal and exter-nal brokers, TWSE decided to build a cloudinfrastructure. A fundamental businessand technical requirement for the infra-structure is to provide secure systemsand trusted compute environments. Thus,it is crucial to integrate software applica-tion solutions that will provide TWSE withoverall trust and security for its cloudinfrastructure and fully use hardware-based security and provide root of trustand platform attestation.

In a cloud infrastructure, systems can beautomatically provisioned based on needs.Applications are deployed and movedfrom system to system based upon avail-able IT resources—not whether the sys-tems have the required trust policies inplace. TWSE requires appropriate trustpolicies. But tracking migration, reporting,applying policies, and auditing where andon what systems workloads are runningcan be a complex undertaking.

To address TWSE's overall businessrequirements in its cloud PoC infrastruc-ture, solutions need integrated function-ality for cohesive and greater overalltrust and support for security, policyenforcement, audits, reporting, and com-pliance. For efficient operation, solutionsneed to provide:

• Integration for existing IT opera-tional solutions including governance,risk, and compliance (GRC)

• Security information and event man-agement (SIEM)

• Security and server management

• Server security risk dashboard

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology

2

Contents

Executive Summary ..................................................1

Trust and Security Challenges ..........................2

Business Needs and Priorities ..........................2

Enabling Trust for Cloud Infrastructure ......3

Intel TXT: A Foundation for Trust,Visibility, and Control in the Cloud ................3

Enabling Platform Attestation ..........................4

TCP Overview ................................................................5

Multi-Phased Cloud Infrastructure PoC ......6

Defining PoC Use Cases................................6

Trust System and PoC Solutions Architecture ........................................................7

Measured Boot for Cisco UCS Systems: Platform Attestation ....................................8

Creating TCPs and Workload Migration....10

Integrated and Extended Security and Platform Trust with McAfee ePO ......11

Summary ......................................................................12

Appendix A: Overview of Steps for IntelTXT and TPM Configuration for Cisco UCSSystems ........................................................................14

Appendix B VMware Software Solutions ....15

Appendix C: McAfee ePO ....................................15

Appendix D: HyTrust Appliance ....................16


Figure 1 is an example of the integratedsecurity and compliance elements of thisPoC solution aligned to meet TWSE's busi-ness requirements, ranging from systemdeployment and provisioning and effec-tive policy control to trust enforcementand audits.

Enabling Trust for CloudInfrastructureTo address business and technicalrequirements for TWSE's cloud infrastruc-ture, the organization worked with Intelon a joint, phased PoC. Goals were todemonstrate solutions, starting withhardware-based security, to provide rootof trust platform verification and attesta-tion. This included enabled hypervisor andsoftware solutions that effectively man-age and apply policies in the cloud infra-structure starting with known, trustedsystems and a virtual machine manager(VMM) kernel.

Organizations that are using or want touse cloud services are starting to requirecloud service providers to better securethe hardware layer and provide greatertransparency into the system activitieswithin and below the hypervisor. Thismeans that cloud providers should beable to:

• Give organizations greater visibilityinto the security state of the hardwareplatforms running the IaaS for their pri-vate clouds.

• Produce automated, standardizedreports on the configuration of thephysical and virtual infrastructure host-ing customer virtual machines and data

• Provide controls based on the loca-tion of the server and virtual machinesand control the migration of these vir-tual machines onto acceptable serversper specified policy (e.g., FISMA andDPA requirements)

• Provide measured evidence that theservices infrastructure complies withsecurity policies and regulated datastandards

What is needed is a set of foundationalbuilding blocks for developing more trust-worthy clouds. These building blocks canbe summarized as:

• Creating a chain of trust rooted inhardware that extends to includethe hypervisor

• Hardening the virtualization environ-ment using known best practices

• Providing visibility of assets, con-trols, and enforcement for complianceand audit

• Using trust information as part of thepolicy management for cloud activity

• Using infrastructure and services toaddress data protection requirements

• Using automation to bring it alltogether and achieve scale and man-agement efficiency

3

Intel TXT: A Foundation for Trust,Visibility, and Control in the CloudOverall trust and security in a cloud com-puting infrastructure must begin with theservers and base compute systems. Thebasic elements of this trusted platform ide-ally (and in the case of Intel TXT) spanhardware, firmware, and software to pro-vide the best balance of tamper-resistanceand functionality.

Intel TXT is available with many serversfeaturing the Intel® Xeon® processor E3, E5,and E7 families. Platform-level enhance-ments provide the building blocks to enablevisibility, trust, and control in the cloud. AsFigure 2 shows, Intel TXT includes supportand capabilities in the microprocessor,chipset, I/O subsystems, and other platformcomponents. Designed to measure the exe-cution environment and protect sensitiveinformation from software-based attacks, itoperates with Trusted Platform Module*(TPM*), an industry-standard device thatcan securely store artifacts used to verifyintegrity of the platform.

Figure 1. Components and Roles for Integrated Security and Compliance


Hardware-based root of trust—when cou-pled with an enabled operating system,hypervisor, and solutions—is the founda-tion for a more secure computing platformthat can ensure hypervisor and VMMintegrity at boot from rootkits or otherlow-level attacks. It establishes the trust-worthiness of the server and host plat-forms. The hardware-based root of trustuses open industry standards developedby Trusted Computing Group (TCG) toestablish and ensure platform trust andstore measurements in a TPM.

The solution works by providing a root oftrust—a processor-based, tamper-resistantenvironment that compares firmware,BIOS, and operating system or hypervisorcode to known good configurations toestablish a measured, trusted environmentprior to launch. If integrity and trust arenot verified in the launch process, IntelTXT identifies that the code has beencompromised, which lets you protect thesystem and remediate the problem. Thebasic process for an Intel TXT launchprocess is shown in Figure 3.

Because Intel TXT can evaluate and reporton platform integrity using attestationmechanisms, it can provide valuableinsights and controls when used in thecontext of cloud computing models. Thisallows other key software—virtualization,cloud orchestration and management, andsecurity policy applications—to understandand use platform integrity attributes tocontrol workloads and data and betteraddress security risks by keeping sensitiveor regulated workloads separate from plat-forms with unknown integrity status. Thisis a concept that Intel and like-mindedsolution companies call TCPs. Numeroussystem and software vendors are develop-ing solutions that integrate hardware-based root of trust capabilities, supportingIntel TXT to further extend and address

4

security and trust issues for cloud infra-structure.

Enabling Platform Attestation There are mechanisms to establish plat-form trust. The platform must have:

• Root of trust for measurement(RTM). This is provided by Intel TXT

• Root of trust for reporting (RTR).This is provided by the TPM

• Root of trust for storage (RTS). Thisis provided by the TPM

Figure 2. Components of Intel TXT and its Solution Stack

Figure 3. Creating a Foundation of Trust with Intel TXT


5

RTM, RTR, and RTS are the foundationalelements of a single platform. For usecases to be instantiated and deliveredin a cloud, two key questions must beanswered:

1. How would the entity needing thisinformation know if a specific plat-form has Intel TXT enabled if a spe-cific server has a defined or compli-ant BIOS or VMM running on it (i.e.,can it be trusted)?

2. Why should the entity requestingthis information (which, in a cloudenvironment, could be a resourcescheduler or orchestrator trying toschedule a service on a set of avail-able nodes or servers) trust theresponse from the platform?

The answers to these key questionsdetermine:

• How a given server is added to aTCP

• How a service is placed on a serverin a TCP

• How and where a service getsmigrated in the pool

Attestation provides the definitiveanswers to these questions. Attestationelevates the operational value of rootsof trust by making the information fromthe root of trust visible and usable byother entities. It is the process of provid-ing a digital signature of a set of plat-form configuration registers (PCR)—a setof registers in a TPM that are extendedwith specific measurements for variouslaunch modules of the software—andhaving the requestor validate the signa-ture and the PCR contents. To validate,the requestor first invokes theTPM_Quote command, specifying:

• An attestation identity key to per-form the digital signature

Platform trust status is attested at launch. Ifthe launch is trusted, that platform can beadded to the trusted pool. Within this pool,systems and workloads can be tagged withsecurity policies. The access and executionof apps and workloads can also be moni-tored, controlled, and audited.

Creating TCPs is a way to aggregate trustedsystems and segregate them from untrust-ed resources. It provides an infrastructure tosupport the separation of higher-value, moresensitive workloads from commodity appli-cations and data. The principle of operationis to:

• Create a part of the cloud to meetthe specific and varying securityrequirements of users

• Control access to an identified por-tion of the cloud so that onlyapproved workloads and applicationsget deployed there

• Enable audits of that portion of thecloud so that users can verify compliance

• The set of PCRs to quote

• A nonce to ensure freshness of thedigital signature

Next, it validates the signature and makes adetermination about the trust of thelaunched server by comparing the measure-ments from the TPM quote with known-good measurements. It is a critical IT opera-tions challenge to manage the known-goodmeasurement for hypervisors, operatingsystems, and BIOS software to ensure theyare all protected from tampering and spoof-ing. This capability can be internal to a com-pany, from a service provider, or deliveredremotely as a service by a trusted thirdparty (TTP), as shown in Figure 4.

TCP Overview TCPs, as shown in Figure 5, are physical orlogical groupings of computing platforms in adata center that have demonstrated integri-ty of key controlling components (e.g., BIOSand hypervisor) in the launch process. IntelTXT provides a hardware-based mechanismfor verifying and reporting on platform trustas a foundation for creating trusted pools.

Figure 4. TWSE PoC Systems and Solutions


6

Such TCPs enabled by Intel TXT allow IT togain the benefits of the dynamic cloud envi-ronment while still enforcing higher levels ofprotection for critical workloads. Also, use ofTCPs eliminates the need for air-gapped clus-ters of servers.

Multi-Phased Cloud Infrastructure PoCThe objective of the comprehensive PoCwas to highlight solutions and systems thatwill effectively address TWSE's needs andenable broader, policy-based trust for itsplanned cloud infrastructure. TWSE alsoneeded to integrate and test solutions thatwould support overall trust and security forits IT and operations.

A skilled team participated in the PoC, fromplanning to execution. It included partici-pants from TWSE, Cisco, HyTrust, Intel,McAfee, Systex, and VMware with expert-ise from infrastructure engineers, solutionexperts, IT operations, security architects,and business leads.

The PoC needed to clearly define a criticalset of operational use cases, which it charac-terized under an umbrella concept of creatingTCPs based on Intel TXT-enabled platforms.It also wanted to showcase software solu-tions, trust, and security functionality, so acritical part of the PoC was to highlightseamless integration of hardware root oftrust, platform attestation, and policy securi-ty solutions with TWSE's cloud Infrastructureto address comprehensive trust and security.

Defining PoC Use Cases The team began by defining use cases forcreating TCPs with Intel TXT. These usecases were started by enabling trust fromcompute platforms via Intel TXT and thenextending the trust and security throughoutoperational software solutions and systemsto create the base TCPs. From there, theyestablished use cases that would be integralto these TCPs (Figure 6). The

Figure 5. Creating the TCPs

Figure 6. TCPs Use Cases

Figure 7. Intel TXT Trusted Compute Cloud Solution Reference Architecture


7

evolution of the phased approach isdescribed in Table 1.

Trust System and PoC SolutionsArchitecture For the PoC, the team designed a system andsolutions architecture and phased set ofactivities as defined above. The PoC exam-ined TWSE’s current solutions and systemsand its overall enterprise operational andmanagement solutions. It also examined theIntel TXT Trusted Compute Pools CloudSolution Reference Architecture (Figure 7) asa baseline for building the PoC architecture.Since trust and security need to go from bot-tom to top, it is crucial to know the trust lev-els of the hardware platform and the hyper-visor, as discussed previously. For the PoCimplementation, the team selected a numberof systems and solutions based on TWSE cur-rent and future directions and businessneeds. As shown in Figure 4, these included:

• Cloud system and infrastructuresupported by Cisco. This included afabric-based converged UCS M3 serverwith the Intel Xeon processor E5 fami-ly and Intel TXT enabled, equippedwith the TPM. For testing, the PoCused three blades to be able to estab-lish a mix of trusted and untrustedplatforms in the PoC environment.

• Virtualization solutions supported byVMware. Managing the virtualized infra-structure was VMware vCenter Server*5.1 with VMware ESXi* 5.1 hypervisor,which allows enterprises to use theirown security certificates when securingremote sessions. VMware ESXi 5.1 alsoprovides full, integrated support andfunctionality for Intel TXT and enablesremote platform attestation measure-ments to detect possible maliciouschanges to BIOS and other critical base

STEPS

A. Measure launch of the server BIOS and VMM of

Intel TXT-enabled servers.

B. Validate measured vs. expected server measure-

ments as known-good values or whitelist meas-

urements against measured data.

C. Report the trust status of the server as trusted

or not trusted based on the results of the meas-

ured launch process.

A. Add only trusted server to the TCPs of servers

based on policy.

A. When a cloud service/VM is provisioned, the

service owner requires (and requests via policy)

a placement of the service in a trusted pool.

B. Orchestration software will place workload on

servers in the trusted pool.

A. Migration of workloads is triggered (for planned

or unplanned reasons); the orchestration soft-

ware determines the optimal set of servers to

migrate workloads.

B. Migration policies are examined for the trusted

servers.

C. Allow or disallow workload migration based on

policy; the migration is completed or aborted.

A. Ensure security is up-to-date to conform to secu-

rity compliance

B. Verify & report on integrity of security technolo-

gy in the Trusted Pool

DESCRIPTION

Measure boot forservers

Perform platformattestation and createtrusted complete pools

Place workloads in theTCPs

Migrate workloads to compute pools

Integrate and extendsecurity and platformtrust with McAfee ePO

PHASE

1

2

3

4

5

Table 1. Evolution of the Phased Approach

software components of the servers.VMware ESXi 5.1 measures the criticalcomponents of the hypervisor stackwhen the system boots and storesthese measurements in the PCR of the

TPM on the platform. The measured ele-ments include the VMkernel*, kernelmodules, drivers, native managementapplications that run on ESXi, and anyboot-time configuration options.

8


• Trust and policy solution supported byHyTrust and HyTrust Appliance*. Theteam used HyTrust Appliance 3.5 betaversion, which provides extensive supportfor Intel TXT. The HyTrust Appliance veri-fies the integrity of the physical hardwareof the host to ensure the underlying plat-form is fully trusted and can implementpowerful policies based on this informa-tion. It can ensure that specified work-loads are only permitted to be instantiat-ed on specific hosts or clusters. It alsointercepts all administrative access andchange requests, determines whether arequest is in accordance with the organi-zation’s defined policy, and permits ordenies the request as appropriate. TheHyTrust Appliance is not a physical pieceof hardware; it is a VMware vSphere*-compatible virtual appliance deployedalongside the rest of the virtual infra-structure. The HyTrust Appliance uses thevSphere APIs to build out the functionali-ty and the integrated verifier that meas-ures the base software components ofthe servers, and also possible tamperingof the hypervisor image, by comparingthe measurement data provided by IntelTXT through vSphere APIs with expectedknown-good values. Finally, it providesdirect sharing of trust and security infor-mation with McAfee ePO.

• Security management solution support-ed by McAfee. McAfee ePO unifies securi-ty management through an open plat-form, simplifies risk and compliance man-agement, and provides security intelli-gence across endpoints, networks, data,and compliance solutions. It helps to man-age security, streamline and automatecompliance processes, and increase overallvisibility across security managementactivities. McAfee with HyTrust ePOextensions enables communication withthe HyTrust Appliance.

Figure 8. Trust Status Dashboard Indicating Two Trusted and One Untrusted Host

PoC, the team used a prerelease version of theHyTrust Appliance that fully integrates remoteattestation capabilities. As shown in Figure 8,the trust status dashboard of the HyTrustAppliance shows an unknown BIOS trust sta-tus, unknown VMM status, and overallunknown status for the second Cisco UCSblade, on which the team had consciously dis-abled the Intel TXT support.

For virtualization, the team used VMwarevCenter Server 5.1 running on VMware ESXi5.1, which provides full support and functional-ity for Intel TXT. As discussed earlier, Intel TXTenables platform measurements to detect pos-sible malicious changes to BIOS and other criti-cal base software components of the servers.When executed on an Intel TXT-enabled sys-tem, VMware ESXi measures the critical com-ponents of the hypervisor stack when the sys-tem boots and stores these measurements inthe PCR of the TPM on the platform. Themeasured elements include the VMkernel, ker-nel modules, drivers, native management appli-cations that run on ESXi, and any boot-timeconfiguration options.

The next critical component of the PoC architec-ture is the HyTrust Appliance, which providesextensive support for Intel TXT and alsoincludes the robust policy control functionalityfor this use case. It essentially establishes theparameters and policies that define the TCP.

Measured Boot for Cisco UCS Systems:Platform Attestation The PoC used the Cisco UCS M3 blade server,which is a cornerstone for TWSE's cloud com-puting infrastructure. As noted, the Cisco UCSblade systems are fully Intel TXT-enabled andcan establish and provide attestation of theintegrity and trust of the server and platforms.

Optionally, the TPM provides facilities for provid-ing the trust status to external entities such asmanagement tools, security apps, etc. As dis-cussed, the process of establishing the integrityof the platform is called remote attestation. Byproviding evidence of the hardware and soft-ware configuration of a platform to an author-ized remote party, remote attestation allowsthe remote party to establish trust on an IntelTXT-enabled platform. For the PoC, the teamdisabled Intel TXT on one of the Cisco UCSblades to highlight this differentiation and con-trol capability. A step-by-step summary of howto enable Intel TXT on a Cisco UCS server isincluded in Appendix A.

Although all of the Cisco blades used in this PoCare fully Intel TXT-capable, it was important tohave a contrast of trusted and untrustedservers to differentiate our trusted pools andprove the controls and status reporting mecha-nisms. For this reason, the team disabled IntelTXT in the system BIOS configuration settingsin one of the Cisco UCS blades to prohibit thesystem from executing a trusted launch. For the


As shown in Figure 9, the HyTrustAppliance manages:

• Critical platform attestation functionality

• Whitelisting of known good measurements

• Trust operation and report dashboardsfor TCPs

• A broad set of other virtualizationsecurity controls for workloads,servers, and administrators

Ensuring security and access control instal-lation of any software—including theHyTrust Appliance and all other solutions—requires authentication and accessapproval. The HyTrust Appliance and solu-tions were used to detect, measure, andreport the trust of both the server plat-forms and the hypervisor and to implementworkload controls (e.g., VM migration) basedon required platform trust attributes.

Figure 9. HyTrust Appliance with Remote Trust Attestation Architecture

9

Figure 10. Trust Attestation Service: Trust Report View

The team used the HyTrust Appliance to executethe remote attestation process to gather trustdata. The results of the platform attestation arerepresented in the HyTrust Appliance trust statusdashboard. As described in the previous section,the remote attestation process provides an inde-pendent evaluation of the integrity measure-ments of the firmware, BIOS, and VMM againstknown-good (whitelist) and securely makes thatassertion available to the HyTrust Appliance poli-cy enforcement and reporting components. Theevaluation of the measurements is comprehen-sive and covers:

• The core of the BIOS

• The BIOS configurations

• The VMM kernel

• Various VMM modules that are loadedas part of the VMware ESXi launch

Figure 10 shows a snapshot of the actualmeasurements of an ESXi server and thewhitelist values. Finally, McAfee ePO unifiessecurity management through an open plat-form and simplifies risk and compliance man-agement. Dashboards provide security intelli-gence across endpoints, networks, data, andcompliance solutions. It helps to managesecurity, streamline and automate complianceprocesses, and increase overall visibilityacross security management activities. Thisis the final component needed to meet thesecurity management objectives of the PoCand the business needs of TWSE.

Creating TCPs and Workload Migration The robust software and functionality of theHyTrust Appliance enabled the team to securelymeasure trust for both the Cisco UCS server plat-forms and the VMware ESXi (hypervisor). The abilityto measure the hypervisor software at boot timeand store these measurements in the TPM provedthe trustworthiness of the servers, using the inte-grated hardware root of trust and Intel TXT to com-plete the verification of the BIOS and VMM.

• Created TCPs with Intel TXT

• Identified and labeled the sensitive work-loads that required protection

• Configured trust policies to establish trustrequirements

• Assigned and managed workload migrationbased on defined trust polices

• Enforced trust policies end-to-end

• Recorded all activities, including audit andcompliance, and provide reporting

HyTrust automatically assigns the applicable truststatus to compute servers and then ensures theseparation between trusted and untrusted pools bycontinuously enforcing policies that identify thetrust status.

HyTrust Appliance assigns and manages workloadmigration based on the defined trust polices, check-ing to see if the predefined trust and operationalpolicies are met before it allows workload migration.Besides displaying the denial information (Figure 11)to allow the request onto an untrusted system, it iscritical to point out HyTrust Appliance also appliedenforcement policy and did not allow the workloadto be migrated due to the established trust securitypolicy. All requests and actions were recorded forfuture policy reviews, audits, and reporting.

The PoC team took a systematic approach to testeach aspect of the TCP use cases. Knowing thetrust status of both the servers and hypervisorsenabled the team to highlight to TWSE the platformtrust information and then define a full and appro-priate set of operational policies and controls. Theteam applied HyTrust Appliance, which providedtight integration with VMware vSphere and McAfeeePO. This made it possible to fully demonstrate theoperational details of the TCPs use cases:

• Creation of TCPs

• Workload placement in the TCPs

• Workload migration in the TCPs

• Integration with McAfee ePO

The robust functionality of HyTrust Applianceenables the team to:

• Intercept all administrative requests for thevirtual infrastructure

• Determine whether the request was in accor-dance with defined policy

• Permit or deny the request

• Record all administrative access and changerequests

To apply effective end-to-end trust policies for thecloud infrastructure, the team:


10

Figure 11. Displaying the Denied Migration Response for Trust Policy Violation


11

For the end-to-end enforcement of trust poli-cies—including reporting, audit, and compli-ance—the team examined an array of function-al scenarios. It reviewed functionality includingassigning and managing policies, access levelprivileges to enable role-based access, hypervi-sor and guest container hardening templates,and policy resources. It also migrated work-loads of both trusted and untrusted computesystems (according to policies) and poolsincluding extending security for overall pass-word control, with use of strong authenticationand root password vaulting.

It is important to note that the HyTrustAppliance is integrated with VMware vCenterServer by using the open, plug-in architecture;however, the console for the HyTrustAppliance provides a significantly moredetailed set of information for overall policyreporting, auditing, and overall compliance andmanagement functionality. As an example,Figure 12 shows the HyTrust Appliance logviewer, including specific details related toadministrator activity.

Integrated and Extended Security andPlatform Trust with McAfee ePO To address TWSE's requirements for overallpolicy, broader overall trust, security manage-ment, and detailed reporting of its cloud infra-structure, the team used the HyTrustAppliance, which provides extended trustinformation and enables direct support andreporting with the leading security informa-tion and event management (SIEM) and gov-ernance, risk management, and compliance(GRC) solutions.

The PoC used the HyTrust Appliance toextend and integrate trust information foreach hypervisor and the virtualized resourcefunctionality to the McAfee ePO console.This provided TWSE with another commonand aggregated management view for itscloud infrastructure.

The direct integration of the HyTrustAppliance dashboard shows users the Intel

Figure 12. HyTrust Appliance Log Viewer in the vCenter Plug-in

Figure 13. McAfee ePO with Host Trust Status indicated by HyTrust Appliance ePO Extension

TXT trust status of the host on which eachVM is running. The HyTrust Applianceassesses compliance by comparing a host’scurrent configuration with a hardening con-figuration template that was customizedbased on TWSE requirements to meet partic-ular regulation requirements for control. Itthen provides assessment data into the mas-

ter McAfee ePO dashboard for reporting andanalysis. HyTrust Appliance gives McAfeeePO a record of all administrative activities,including a unique user ID and operationsattempted by the privileged user, includingdenied or failed attempts. Figures 13through 15 show the HyTrust Applianceintegration with McAfee ePO.

Figure 15. McAfee ePO Displaying Drill-Down of Administrator Activity Chart

Figure 14. McAfee ePO Displaying Administrator Activity and Trust Status Captured byHyTrust Appliance


12

McAfee ePO's flexible automation capabilitystreamlines workflows, dramatically reducingthe cost and complexity of security and com-pliance administration.

Summary The PoC completed by a team from TWSE,Systex, Intel, HyTrust, McAfee, VMware, andCisco successfully highlighted TCP use casesincluding integrated trust solutions and trust-aware, policy-driven functionality, which are animportant foundation for enhanced cloud secu-rity. The outcome of the PoC helped TWSE togain confidence that such an implementationcould help it:

• Address its requirements

• Increase visibility

• Gain efficiencies

• Strengthen protection

• Significantly increase overall trust

McAfee ePO's flexible automation capabilitystreamlines workflows, dramatically reducingthe cost and complexity of security and com-pliance administration.

The PoC team took a systematic approach todesign, implement, and test each aspect of aset of capabilities that began with establish-ing and verifying platform integrity and evolv-ing through incremental TCP use cases.Establishing the trust status of both theservers and hypervisors gave the TWSE teamnew visibility into the status of the host plat-forms in the cloud. It was then able to defineand implement a new set of appropriate oper-ational policies and controls. The implementa-tion allowed for:


13

• Creation of TCPs to segregate high-integrity servers from those withunknown integrity properties

• Workload identification and policy-based placement of sensitive work-loads in the TCPs

• Controlled workload migration withsensitive workloads maintained withinthe TCPs

• Integration with McAfee ePO to pro-vide a consolidated management viewof security controls and events

The PoC successfully demonstrated a fullyoperational, fabric-based Cisco UCS M3server secured with a hardware root oftrust enabled by the Intel TXT featureavailable in Intel Xeon processors. VMwarevSphere 5.1 and VMware ESXi 5.1 provideda crucial foundation and base functionalityfor Intel’s hardware root of trust securitycapabilities and Intel TXT.

The built-in capabilities in vSphere 5.1 canalso increase performance and streamline

businesses to address their critical businessrequirements by providing greater overalltrust and support for security, policyenforcement, reporting, compliance man-agement, and audits.

In response to the learnings from thisPoC, and to address growing demandsand mandates form end users and gov-ernment entities for increased securitycontrols for cloud deployments, cloudproviders and software vendors, alongwith a growing ecosystem of technologyvendors, are collaborating to develop sys-tems, software, and interoperable solu-tions to support deployment and enable-ment of trusted computing infrastructure.The goal of this emerging infrastructureis to provide greater visibility, control,and compliance capabilities for the cloud,with a strong, bottom-up security posturebased on hardware and complemented bynew, extensible software solutions.

antivirus and antimalware deployment.Policy-based solutions from HyTrust willenable organizations to address andaccount for the trust of systems and applyeffective, comprehensive, automated poli-cies to manage the provisioning, deploy-ment, and movement of workloads.

HyTrust Appliance provided robust func-tionality and capabilities that addressedTWSE's overall trust and security require-ments. The extended functionality provides,in a secure way, direct and integrated sup-port with VMware vSphere and leadingGRC, SIEM, and McAfee ePO solutions.

As it considers how to build out its cloudinfrastructure to meet evolving businessneeds, TWSE has demonstrated with thisPoC that a hardware-assisted, trust-enabledinfrastructure can provide powerful newcapabilities and controls to address securityconcerns with the cloud. Other businessesand organizations will be able to benefitfrom Intel TXT-enabled systems and inte-grated solutions such as TCPs that enable

Find the solution that’s right for your organization. Contact your Intel representative, visit Intel’s Business

Success Stories for IT Managers (www.intel.com/Itcasestudies), or explore the Intel.com IT Center

(www.intel.com/itcenter). Learn more about Intel TXT at www.intel.com/txt.

http://www.intel.com/itcenter

http://www.intel.com/itcasestudies

http://www.intel.com/txt


14

Appendix A: Overview of Steps forIntel TXT and TPM Configuration forCisco UCS Systems Below are primary steps to manually provi-sion Intel TXT in the BIOS and establish theappropriate TPM configuration of a CiscoUCS blade server. Please note, if this is anew Cisco blade server being deployed, youdo not have to clear TPM ownership. Pleasego directly to Step 5. Once systems are con-figured and Intel TXT is enabled on a CiscoUCS blade server, you are ready to install atrusted hypervisor or operating system ker-nel to establish a server configuration thatis rooted in hardware trust.

Step 1: F2 to Enter BIOS

Step 2: Advanced > Trusted Computing >Pending Operation > TPM Clear

Step 3: F10 Save and Exit

Step 4: F2 to enter BIOS

Step 5: Advanced > Trusted Computing >TPM Support > Enable



Step 8: Advanced > Trusted Computing >TPM State > Enable



Step 11: Advanced > Trusted Computing >Pending Operation > Enable Take

Step 12: Advanced > Intel TXT (LT-SX)Configuration



15

Appendix B: VMware SoftwareSolutions VMware delivers a comprehensive set ofcustomer-proven solutions that help ITorganizations better manage virtual envi-ronments while protecting critical data andworkloads:

• VMware ESX and VMware ESXihypervisors allow enterprises to usetheir own security certificates whensecuring remote sessions. The username, password, and network packetssent to a VMware ESX server over anetwork connection when using theVMware Remote Console or theVMware Management Interface areencrypted in the VMware ESX serverby default when medium- or high-security settings are activated for theserver.

• VMware vCenter Server gives ITadministrators unprecedented visibilityand centralized control of every levelof the VMware vSphere virtual infra-structure. It provides granular privilegemanagement that limits who candeploy virtual machines to specificclouds and storage devices. Combinedwith well-defined operational process-es and work flows, these capabilitiescan provide maximum mobility for vir-tual machines while managing risk.

• VMware vCenter Lifecycle Managerenables IT administrators to track own-ership of virtual machines and to keeprecords of when virtual machines arecreated, deployed, and decommissioned.

• VMware vShield Zones allow for con-venient, centralized management byproviding highly granular views of theentire virtual machine and virtual net-work deployment, easing configurationof zone-based policies and reducing therisk of errors.

Appendix C: McAfee ePOThe solution provides end-to-end visibilitythrough a unified view of your securityposture. Drillable, drag-and-drop dash-boards provide security intelligence acrossendpoints, data, mobile, and networks forimmediate insight and faster responsetimes. Simplified security operations helpstreamline workflows for proven efficien-cies. Benefits include:

• End-to-end visibility. Get a unified viewof your security posture. Drillable, drag-and-drop dashboards provide securityintelligence across endpoints, data,mobile, and networks for immediateinsight and faster response times.

• Simplified security operations.Streamline workflows for proven effi-ciencies. Independent studies show ePOsoftware helps organizations of every

size streamline administrative tasks,ease audit fatigue, and reduce securitymanagement-related hardware costs.

• An open, extensible architecture. Useyour existing IT infrastructure. McAfeeePO software connects management ofboth McAfee and third-party securitysolutions to your LDAP, IT operations,and configuration management tools.

Appendix D: HyTrust ApplianceThe HyTrust Appliance is a virtual appli-ance. VMware vSphere-compatible, it sitsbetween the administrators of the virtualinfrastructure—the virtualization adminis-trators, the network administrators, theapplication owners—and the virtual infra-structure itself, in the management net-work.

HyTrust Appliance can verify the integrity ofthe physical hardware and hypervisor of thehost to ensure that the platform is fullytrusted. It provides the ability to label virtualmachines, as well as other virtual resources,and then apply policies to those labels.Combined with hardware root-of-trust,HyTrust Appliance provides the ability toverify the trust of the hardware and hyper-visor layer using Intel TXT and ensures totalplatform integrity of the virtual platform.


16

Figure D1 shows the HyTrust Applianceinline deployment.

The HyTrust Appliance has a robust array ofextended functionality that addresses theoverall TWSE business requirements andmakes it possible for TWSE to apply trustpolicies and security operations for its cloudinfrastructure.

Besides highlighting the use cases, theteam also showcased how hardware-basedsecurity enabled with the HyTrustAppliance delivers extended capabilitiesincluding:

• Verifying platform integrity is trustedvia Intel TXT

• Ensuring the hypervisor is hardenedand the virtual infrastructure is trustedvia Intel TXT

• Enforcing consistent administrativeaccess and authorization policies cov-ering all access methods

• Providing granular, user-specific,audit-quality logs of all administrativeaccess

• Enabling strong, multi-factor authentica-tion

• Securing privileged user access ofthe hypervisor through root passwordvaulting

With the HyTrust Appliance, there are noanonymous changes to the virtual infrastruc-ture. All administrative access must first beauthenticated, supporting two-factorauthentication. Access to the entire environ-ment may be tied back to a specific individ-ual—a critical requirement in security and

• Enabling additional oversight forhighly sensitive operations via second-ary approval

• Enforcing infrastructure segregationfor trusted compute pools and multi-tenancy use-cases

Figure D1. HyTrust (Virtual) Appliance Inline Deployment


17

compliance-conscious data centers. As thecentral authority over all change requests,the HyTrust Appliance provides granular,user-specific log records that can be usedfor regulatory compliance, troubleshooting,and forensic analysis. It offers an unprece-

information is collected. With total visibili-ty from HyTrust, organizations can accom-plish their audits and rely on their logs forforensics if needed.

Learn more at www.hytrust.com.

dented level of visibility into the state ofthe virtual infrastructure.

The HyTrust Appliance records allrequests, which are critical for securitypurposes. Every request is tied to theidentity of a specific user and all relevant

http://www.hytrust.com

Copyright © 2013 Intel Corporation. All rights reserved.

Intel, Xeon, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.

No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a computer with Intel® VirtualizationTechnology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). Intel TXT alsorequires the system to contain a TPM v1.s. For more information, visit http://www.intel.com/technology/security

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark andMobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary.You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when com-bined with other products.

Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configu-ration may affect actual performance.

Intel does not control or audit the design or implementation of third-party benchmark data or Web sites referenced in this document. Intel encourages all of its customers to visitthe referenced Web sites or others where similar performance benchmark data are reported and confirm whether the referenced benchmark data are accurate and reflect per-formance of systems available for purchase.

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTU-AL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILI-TY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIESRELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.

A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE ORUSE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES,AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISINGOUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION,WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS.

Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features orinstructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising fromfuture changes to them. The information here is subject to change without notice. Do not finalize a design with this information.

The products described in this document may contain design defects or errors known as errata which may cause the product to deviatefrom published specifications. Current characterized errata are available on request.

Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.

Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling1-800-548-4725, or go to: http://www.intel.com/design/literature.htm

0213/MG/SS

Documents

Building Trust and Compliance in the Cloud with Intel ... · Building Trust and Compliance in the ... Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology