VMworld 2014 Intel and HyTrust have teamed up to build software that can control where in the world your virtual machines are allowed to run.
The core of the collaboration is Intel's Trusted Execution Technology (TXT) – special kit that attempts to validate a machine's BIOS, hypervisor and hardware state.
That's a handy trick because some strains of malware temper with the lowest levels of computers to avoid detection. TXT promises to sense such changes before a machine boots, to make sure unexpected alterations don't represent something nasty.
A few months ago Intel added location awareness to TXT, and it is this new feature that HyTrust has tapped into for the VMworld launch of “Boundary Controls” – a new product that lets you set policies for where workloads can run.
There are two motives for controlling the location in which virty servers can run.
The first is security. Virtual machines are portable, which is great for server utilization but a little worrying if a mission-critical app suddenly starts to run in a branch office where servers may meet a TXT profile but staff aren't likely to need the app or the data it relies upon. Indeed, such activity could be a sign of something going awry. Boundary Controls will stop such sensitive workloads from making it out of the building in which they are intended to run.
The second motive is data sovereignty, as various nations' laws frown on personal data leaving their shores. Geolocating workloads nips the risk of flouting such laws in the bud.
HyTrust doesn't provide all the pieces to make this happen. Intel provides a piece of software called Mount Wilson that drives the TXT services built into its kit. A new version 2.0 of Mount Wilson is imminent and will ship with HyTrust's code.
Intel and VMware are both HyTrust investors, so the location and timing of the launch – at VMworld 2014 in San Fransisco – itself represents a nice bit of location control. ®