Enterprise security is among top priority for CIOs due to ongoing threats from cyber-attacks and many are moving down the stack from software to hardware. High sensitivity workloads requires a secured full-stack platform.
The application of trusted computing technology to enhance cloud infrastructure security has been recognized by industry. Since Folsom, OpenStack has begun integrating TXT/TPM feature to ensure a VM or workload can be run on a trusted compute pool. The dynamic nature of cloud workload (on-demand, high automation, etc) demands stringent requirements for the application of trusted compute technology. In order to provide trusted services to VM, virtual trusted root technology was introduced. Compare to pass-through mechanism, this solution adopts software-based device emulation technology to build vTPM which effectively resolve potential issues in VM migration, snapshot and other scenarios and also includes full lifecycle VM management.
- 1. How to build vTPM based on software emulation, including the enhancement of libvirt, qemu, gestOS, etc.
- 2. How does this vTPM construction method solve the data synchronization and data security problems with respect to the life cycle of virtual machine
- 3. How is the vTPM construction method integrated with openstack to meet the characteristics of cloud computing resource dynamics, on-demand services, automation, etc.
- 4. The influence of this vTPM construction method on the performance and stability of virtual machine.