Foundational Security with Intel® TXT and Citrix Xenserver®

Solution Brief Intel® Trusted Execution Technology (Intel® TXT)

Foundational Security with Intel® TXT and Citrix XenServer®

How Intel and Citrix work together to protect sensitive data

In today’s data-driven climate, your data is your business. Nearly every aspect of the enterprise—from the mailroom to the research and development lab—relies on some sort of access to corporate data. In addition to instant access to critical data, enterprises need the ability to adjust to changing market or regulatory conditions quickly while keeping IT costs down. To meet these competing demands, enterprises are adopting cloud strategies to maximize their agility while reducing infrastructure costs. But accelerated cloud-strategy adoption, combined with increasing regulatory constraints, can test the limits of even the most well- designed security strategies. Intel and Citrix can help enterprises build secure cloud foundations that provide the agility, security, and costs savings they require. The combination of Intel® Trusted Execution Technology (Intel® TXT) and Citrix XenServer® can help ensure that your compute pools remain trusted with hardware-based security.1

New Technologies Equal New reside in the same physical space Security Challenges within the data center. With cloud deployments, an application might run As enterprises continue to adopt on a physical server located in one data cloud technologies, security managers center, while that application’s data struggle to maintain server security might reside in a separate data center policies and compliance, audit, and thousands of miles away. reporting enforcement in an increasingly abstracted computing environment. Data This abstraction creates new is no longer confned to discrete physical opportunities for attackers to gain servers in bunker-like data centers. With control of the underlying hardware cloud technologies, virtual machines platform. Once the platform is (VMs) containing sensitive data can reside compromised, an attacker might on any number of physical hosts in any be able to compromise any virtual number of physical locations. machines running on the platform. An IT organization might have hardened In addition, cloud environments can operating systems and networks complicate audit- and compliance- protecting its data, but an unsecured policy enforcement. In traditional hardware platform can jeopardize even physical-server deployments, the the best security implementation. hardware, applications, and data can Foundational Security with Intel® TXT and Citrix XenServer®

Intel TXT and Citrix XenServer: The • Sealed storage, which protects At a Glance: Intel® TXT Building Blocks of a Secure Cloud a host’s known-good state and Citrix XenServer® cryptographic values. To meet these evolving challenges, Intel Intel and Citrix can help and Citrix have collaborated on secure • Protected execution and memory enterprises of any size cloud solutions that take advantage of space, where sensitive cryptographic secure their cloud platforms hardware-assisted security to provide values can be processed. while virtualizing their most a foundation of trust. Large, complex • Attestation, which confrms that the demanding workloads. cloud deployments provide more host confguration is either trusted or With Intel TXT and Citrix avenues for attackers to gain control untrusted and provides this information XenServer, enterprises can of platforms. The combination of Intel for compliance and audit purposes. realize the benefts of an agile TXT and Citrix XenServer helps protect infrastructure-as-a-service (IaaS) the underlying platform from threats Intel TXT creates a measured model with a root of trust built of BIOS, hypervisor, or other frmware launch environment (MLE) that into the hardware. attacks, in addition to software-based cryptographically compares critical aspects of the hardware and software With servers powered by attacks such as root-kit installations. environment at startup to determine if Intel® Xeon® processors and To protect against sophisticated any tampering has taken place. When a Citrix XenServer, enterprises attacks, security must start at the cloud cloud administrator initially confgures a can better protect their cloud infrastructure’s hardware level and host running Citrix XenServer, Intel TXT platforms from attacks that extend to the software stack. Intel TXT, is used to create unique cryptographic target a server host’s BIOS, a hardware-based technology found on identifers for critical elements of frmware, and hypervisor. Tools platforms powered by the Intel® Xeon® the launch environment, including such as OpenStack* let cloud processor E5 v3 family and the Intel Citrix XenServer and the host’s BIOS administrators create auditable Xeon processor E7 v3 family, provides a and frmware. Once Intel TXT creates security policies to help protect hardware root of trust through: each identifer, it securely stores virtual machines and prevent the identifers in the host’s Trusted them from starting and running • Verifed launch, a hardware-based chain Platform Module (TPM),2 a tamper- on compromised hosts. of trust that enables a host powered by an Intel Xeon processor to compare its startup resistant cryptographic processor and As enterprises in highly regulated environment to a known-good state. Any protected-memory space built into industries such as government, variation from the host’s known-good the host’s hardware. Together, these healthcare, and fnance embrace state can be cryptographically detected cryptographic signatures identify the cloud technology, having a root and acted upon. host’s known-good state. of trust built into the hardware is crucial to conform to regulations and service-level agreements Intel® Trusted Execution Technology (Intel® TXT) (SLAs) that require tighter data security, attestation of host integrity, and virtual machine location constraints.

Figure 1. Intel® Trusted Execution Technology (Intel® TXT) and Citrix XenServer® work together to help ensure a chain of trust

2 Foundational Security with Intel® TXT and Citrix XenServer®

Once a host’s known-good state is Enterprises can use asset tagging to stored in the TPM, Intel TXT measures defne logical boundaries within or At a Glance: Citrix each launch environment element at among trusted compute pools. With XenServer® startup and compares the measured asset tagging, cloud administrators values with the known good–state can assign unique values—such as values. If the values align, the host geographic location—to each host Citrix XenServer is a bare- boots into a trusted state. If the within the trusted pool. Security metal virtualization platform values do not align, the host boots administrators can then create security built on the open-source Citrix into an untrusted state. Intel TXT can policies to constrain which hosts within Xen® hypervisor. Used by many fag unexpected attestation results, the pool can run sensitive workloads. of the world’s largest public- which can then be queried by remote When a virtual machine is ready cloud service providers, Citrix attestation software to determine if to migrate to another host, cloud- XenServer can help you handle additional scrutiny or security measures management software can use security the most demanding workloads, need to take place. policies and asset-tag information to and it is designed to scale with restrict the virtual machine to a defned your business needs. Building Upon a Secure Foundation subset of the trusted-pool hosts. The Citrix XenServer hypervisor With Intel TXT and Citrix XenServer as Asset tagging can also enable intelligent takes advantage of Intel® the foundation, enterprises can create workload distribution. Many enterprises Virtualization Technology (Intel® trusted compute pools—groups of require diferent levels of performance VT), which further enhances hosts with verifed security integrity— from their cloud infrastructures. Some the hypervisor’s performance that can have sophisticated security, compute pools might incorporate hosts on servers powered by Intel® auditing, and reporting policies applied designed around the Intel Xeon processor Xeon® processors. Combined 1 using third-party orchestration and E5 v3 family for workloads such as with capabilities such as high reporting tools. email processing, while other pools availability, VM protection and might contain hosts built on the Intel recovery, live VM migration, and One of the benefts of a cloud Xeon processor E7 v3 family for more dynamic memory allocation, infrastructure is the ability to demanding workloads. Administrators Citrix XenServer delivers the seamlessly migrate virtual machines can create policies and templates to performance and features that among pools of hosts using restrict virtual machines to specifc hosts make it a clear choice for any technologies such as the Citrix based on the types of workloads running size of enterprise. XenMotion® feature of Citrix XenServer. within the virtual machine. But if a virtual machine moves to a compromised host, an attacker could potentially compromise the virtual machine itself along with its data. Intel TXT and Citrix XenServer,3 combined with tools such as OpenStack*, let cloud administrators create security policies VM Migration Request Target Asset Determination VM Migration Allowed to prevent virtual machines from being started on or migrated to untrusted hosts, maintaining the integrity of the virtual machine and its data. While virtual machines can migrate anywhere within a trusted pool of hosts, cloud administrators might want to constrain virtual machine movement for Host Policy Engine New Host various reasons. For example, fnancial Figure 2. Asset tagging helps restrict virtual-machine movement to specifc hosts or healthcare institutions might be bound by government regulations to keep sensitive data within specifc geographic boundaries. 3 Foundational Security with Intel® TXT and Citrix XenServer®

Compliance Peace of Mind administrators can quickly determine Find Out More through Auditing if hosts have been compromised and can take action automatically to isolate Verifying the security of your hardware potentially compromised workloads. Intel TXT: and where your data and workloads www.intel.com/txt reside is as important as the security Intel and Citrix: Enabling Secure policies that constrain virtual-machine Citrix XenServer: Cloud Solutions for a Changing World movement. In addition, government http://www.citrix.com/products/ regulations in industries such as Cloud solutions from Intel and Citrix can xenserver/ healthcare and fnance require regular provide enterprises with a more-secure OpenStack: auditing of systems and data to help foundation to help protect critical and http://www.openstack.org/ ensure data is kept safe from threats sensitive workloads. With third-party both within and outside the enterprise. support from solutions like OpenStack, enterprises can be confdent that their Intel TXT and Citrix XenServer provide cloud solutions will give them the the infrastructure for attestation of capabilities they need to compete in host integrity and auditing of virtual- increasingly competitive and regulated machine health and location. With tools business environments. such as OpenStack, auditors and cloud

1 Intel technologies’ features and benefts depend on system confguration and may require enabled hardware, software or service activation. Performance varies depending on system confguration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. 2 The Intel Trusted Platform Module (TPM) is based on standards created by Trusted Computing Group, an industry collaboration efort to implement security standards across multiple platforms. 3 Intel® TXT support for Citrix XenServer® requires the Measured Boot Supplemental Pack.

Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, ftness for a particular purpose, and non- infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifcations and roadmaps

Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm

Intel, the Intel logo, and Xeon are trademarks of Intel Corporation in the U.S. and other countries.

Citrix, the Citrix logo, XenServer, Xen and XenMotion are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries.

* Other names and brands may be claimed as the property of others. Printed in USA 0415/TA/PRW/PDF Please Recycle 332410-001US