Intel co-designs secure, easy-to-implement open-source ‘turnkey’ infrastructure
Intel Corp. and a series of partners are offering an alternative to the do-it-yourself nature of the rapidly growing Linux container market with a package designed to let customers buy container-based infrastructures rather than build them.
On Dec. 2, Intel and Linux container market partner CoreOS, Inc. announced a “turnkey” package of all the functions needed to deploy a CoreOS-based container infrastructure, an app integrated into one convenient package by Intel integration partner Redapt Inc., atop servers from perennial Intel partner Supermicro Computer Inc.
The package goes beyond the promise Intel and CoreOS made in April, when CoreOS announced it was developing a commercial, integrated package called Tectonic. The package integrates CoreOS Linux-based clustering and container-management software with the Rocket container runtime software, the open-source container-orchestration software Kubernetes, and other software needed to run a Google-like, container-based Cloud platform.
CoreOS built into the package a set of security components and configurations called Distributed Trusted Computing (DTC) – which it based on the well-tested Trusted Platform Module cryptoprocessor specification from the Trusted Computing Group (TCG). TCG also developed the Trusted Execution Technology Intel builds into its own chips using TPM cryptography.
DTC builds encryption and verification into each layer of software in the Tectonic package to validate individual nodes and clusters, verify system states before allowing containers to interact, and prevent attacks by protecting bootloaders, the OS and firmware. It also provides a solid audit-trail showing for container-based applications using cryptographic keys embedded in Tectonic firmware, according to CoreOS.
Tectonic also includes Quay Enterprise, an application that provides a secure container registry to protect the integrity of containers, even when they live on public Cloud platforms or on the risky side of a corporate firewall.
The technology is only an extension of security measures developed for physical servers, but is a significant step ahead for the relative security of application containers, according to CoreOS CEO Alex Polvi.
“All server structure infrastructure software is running untrusted right now,” Polvi told eWEEK for a Dec. 2 article. “You just kind of hope that what the server is running is what you expect it to be.”
According to Polvi, Tectonic isn’t such a great leap either, except that it bypasses the need for infrastructure tools to build the Cloud in which to house enterprise applications – which is the current pattern. Polvi told eWEEK the effort is comparable to requiring every enterprise that wanted to use containers to build its own Linux distribution first.
“The ability to ensure that an entire system, from hardware to software, is in a trusted state before and while running an arbitrary application, has long been a goal for the industry,” said RedMonk analyst Fintan Ryan, who was quoted in the CoreOS announcement.
Matthew Prince, co-founder and CEO of Cloud security service provider CloudFlare, agrees with Ryan. “The combination of containers, distributed systems and now trusted computing represents a big change for server infrastructure,” he told eWEEK.
Containers such as Dockers and CoreOS became a hot commodity based on their potential to allow enterprise datacenters to remake themselves in the hyperscaled, hyperefficient facilities built by Internet giants, including Google and Facebook. The datacenters can custom-design, assemble and integrate all the pieces themselves.
The containers also scale more efficiently than virtualized servers because they don’t build into each unit every component a standalone server would need to function, as typical virtual machines do, according to an explanation of CoreOS company strategy posted by Polvi in a blog after the April announcement of Tectonic.
Google developed and open sourced a series of applications, including the systems management software Kubernetes, to help automate the effort of coordinating workflows, authenticating container-based applications and services, managing updates and deployments, and all the other housekeeping required to keep thousands of subroutines working smoothly within a single infrastructure, Polvi noted.
But few enterprises can justify assembling and integrating all necessary bits of infrastructure, because they limit the appeal of containers. This is despite the speed and convenience with which they could support continuous-development methods including DevOps, Polvi wrote.
Integrating all the functions needed for a Google-like datacenter into one package “democratizes containers and Cloud computing,” according a blog posted in May by Jonathan Donaldson, vice president and general manager of the Software Defined Infrastructure division of Intel’s Data Center group.
The post Simpler packaging, better security may let users ‘buy’ rather than ‘build’ container-based Clouds appeared first on Go Parallel.