By Ron Breault
“You guys are truly leading the industry!”
We recently achieved the general availability milestone for the latest release of our Wind River Titanium Cloud product family. While this release is brimming with new features and functionality, we especially “doubled down” on security across the products in our Titanium Cloud portfolio. Moving the security yard sticks to stay a few steps ahead of the “bad guys” is nothing new for us, but with this release, we’ve done something particularly unique. As one of our lead customers put it during a deep dive, we “completely exceeded their expectations.” They’re so pleased in fact, that they want us to join them at a security conference later this summer. This kind of a reception for a new software release is fantastic news for our Engineering team who did the heavy lifting, and it’s equally good news for all the companies putting their trust into Titanium Cloud to run their critical infrastructure. It bears repeating: “When it matters, it runs on Wind River.”
At a high level, there are three security technologies in our latest update that are particularly important enablers for companies building distributed, SD-WAN or vCPE products on our Titanium Cloud offerings. These technologies are Secure Boot, TPM key storage, and virtual TPM for ultra-secure guest virtual machines (VMs).
Secure Boot is capability which protects the integrity of a product by ensuring the image it boots from has not been tampered with, or in any way altered, since it was originally securely delivered and installed. Achieving this integrity is a multistage process involving cryptographic keys, image signatures, boot loaders, and leveraging special purpose firmware and hardware. A Trusted Platform Module (TPM) is a highly specialized cryptographic co-processor and storage module which systems can employ in a variety of ways to protect ‘secrets’ (e.g. private keys) which are vital to the secure operation of the platform. By intelligently leveraging the capabilities of a TPM, a platform can implement security controls which even privileged users (e.g. ‘root’) cannot tamper with. A closely related technology is Virtual TPM (vTPM), a relatively recent industry security advancement, which provides the mechanism to enable guest VMs to enjoy the security benefits of a TPM within their contained virtual environment.
Wind River has implemented and delivered features based on these underlying technologies in our latest release. Collectively, they provide an incredibly strong, secure foundation for applications building or deploying on the Titanium Cloud family of products. While each feature is interesting in and of itself, our work on the vTPM in particular is generating a lot of enthusiasm. vTPM as a concept is not new, but the details of how to implement it are still being actively worked in the open source community. A significant challenge and hurdle has been how to securely manage vTPMs in a modern cloud environment: VMs migrate from server to server; live migration support is a must; underlying hosts may have differing physical TPM devices. Through significant Wind River R&D, and close partnering with our customers, we have developed an innovative vTPM solution which addresses these challenges. While listening to the details in a recent meeting, a security architect with one of our customers commented “You guys are truly leading the industry!”
If you’d like to learn more about the Titanium Cloud portfolio, please contact your local Wind River sale manager, or visit us here.