Atom feed of this document
 

 Trusted compute pools

Trusted compute pools enable administrators to designate a group of compute hosts as trusted. These hosts use hardware-based security features, such as the Intel Trusted Execution Technology (TXT), to provide an additional level of security. Combined with an external stand-alone web-based remote attestation server, cloud providers can ensure that the compute node runs only software with verified measurements and can ensure a secure cloud stack.

Through the trusted compute pools, cloud subscribers can request services to run on verified compute nodes.

The remote attestation server performs node verification as follows:

  1. Compute nodes boot with Intel TXT technology enabled.

  2. The compute node BIOS, hypervisor, and OS are measured.

  3. Measured data is sent to the attestation server when challenged by attestation server.

  4. The attestation server verifies those measurements against a good and known database to determine nodes' trustworthiness.

A description of how to set up an attestation service is beyond the scope of this document. For an open source project that you can use to implement an attestation service, see the Open Attestation project.

Log a bug against this page


loading table of contents...