Event Details

Please note: All times listed below are in Central Time Zone

Full-stack security chain of trust and best practices in Cloud

Enterprise security is among top priority for CIOs due to ongoing threats from cyber-attacks and many are moving down the stack from software to hardware. High sensitivity workloads requires a secured full-stack platform. 

The application of trusted computing technology to enhance cloud infrastructure security has been recognized by industry. Since Folsom, OpenStack has begun integrating TXT/TPM feature to ensure a VM or workload can be run on a trusted compute pool. The dynamic nature of cloud workload (on-demand, high automation, etc) demands stringent requirements for the application of trusted compute technology. In order to provide trusted services to VM, virtual trusted root technology was introduced. Compare to pass-through mechanism, this solution adopts software-based device emulation technology to build vTPM which effectively resolve potential issues in VM migration, snapshot and other scenarios and also includes full lifecycle VM management.

What can I expect to learn?
  • 1. How to build vTPM based on software emulation, including the enhancement of libvirt, qemu, gestOS, etc.
  • 2. How does this vTPM construction method solve the data synchronization and data security problems with respect to the life cycle of virtual machine
  • 3. How is the vTPM construction method integrated with openstack to  meet the characteristics of cloud computing resource dynamics, on-demand services, automation, etc.
  • 4. The influence of this vTPM construction method on the performance and stability of virtual machine.
Tuesday, November 5, 5:00pm-5:10pm (9:00am - 9:10am UTC)
Difficulty Level: Advanced
Trusted Compute Senior R&D Engineer
Work in Inspur Electronic Information Industry Co.,Ltd., Security Technology Department.Engaged in trusted computing, virtualization security and host security research and development. FULL PROFILE
Cloud Archiect
Brin Zhang,  a  cloud architect at IEI, and he works on OpenStack Community since the Rocky release.  He is devote himself to the community and application promotion. He has deeply involved in OpenStack Nova, Cinder, Glance and Cyborg etc. projects, and he is a core member/reviewer in OpenStack Cyborg project, and help FPGA driver, NVMe SSD driver and others drivers to achieve.... FULL PROFILE