In today’s multi Tennent environment your hypervisor or Virtual machine data can be compromised by anyone. Intel SGX makes sure that the application data is encrypted and safe from these unwanted threats.
Example of such data can be
Biomatrix
Password
medical information
Intellectual property.
Intel SGX allows the developers to protect the sensitive data while it’s been executed in the memory. in short, they allow an application to keep a secret from Hypervisor or the Operating system.
We are not saying that OS like Linux, Windows or hypervisor like ESX is insecure but we are removing them from accessing some sensitive information which is kept secret.
Intel® Software Guard Extensions (Intel® SGX) is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. in short it’s hidden or encrypted by the Intel® Software Guard Extensions. from the Guest OS Kernal or the Hypervisor.
Developers can partition sensitive information into enclaves, which are areas of execution in memory with more security protection. The good news is vSpehre 7 Supports Intel SGX before you can use vSGX there are 4 conditions that are a must.
Before Application can us vSGX
- The CPU in the system must support Intel® Software Guard Extensions.
- The System BIOS must support Intel® SGX.
- Intel® Software Guard Extensions must be enabled in the BIOS
- Intel® SGX Platform Software or PSW must be installed on the system.
The application can request from the hardware that support SVG. New Intel ice lake CPU will have dual-socket Intel® Software Guard Extensions. vSphere 7 passes this through. 128 MB of enclave it can hold logic and data biometric etc.
When we enable this feature. of course it a cool thing to keep secret which only application can see the caveat is you loose some of the VMware features as the hypervisor can’t see inside of all of your VM memory. You will instantly lose the ability to Snapshot and vMotion
Some of the new features with vSphere 7 and vCenter 7 are given below:
Content Library with version control
vSphere 7 and vSGX Intel Software Guard Extension
vCenter Server Upgrade Planner
Improved vMotion
References:
Intel Sofware Guard Extension:
https://software.intel.com/en-us/sgx/details
https://software.intel.com/sgx?utm_source=ISTV&utm_medium=Video&utm_campaign=ISTV_2017
INTEL SOFTWARE GITHUB: http://bit.ly/2zaih6z
INTEL DEVELOPER ZONE LINKEDIN: http://bit.ly/2z979qs