Container technologies offer the exciting prospect of rapidly scaling applications and services without the large overhead of traditional virtualization environments. However, container technologies bring security vulnerabilities that a skilled intruder running inside a container can exploit to infiltrate other containers and eventually take over a cloud environment.
In this talk, Intel’s security, virtualization and Linux technologists collaborate to show how a trusted container environment can be deployed in an OpenStack environment that will:
- Ensure a root of trust for the platform on which a containerized app is deployed through trusted platform modules
- Encrypt the containerized workload and manage the key exchange process so it can only be decrypted and deployed on the targeted server as a trusted container
- Rapidly launch the trusted container in a fraction of the time it would take to launch a traditional VM
- Protect each container from other potentially rogue containers through isolation technologies already present in Intel® Architecture servers
This capability opens the door to a variety of Enterprise usages for OpenStack, which will be outlined