10.4. Trusted Compute Pools
Trusted compute pools are secure clusters based on Intel Trusted Execution Technology (Intel TXT). Trusted clusters only allow hosts that are verified by Intel's OpenAttestation, which measures the integrity of the host's hardware and software against a White List database. Trusted hosts and the virtual machines running on them can be assigned tasks that require higher security. For more information on Intel TXT, trusted systems, and attestation, see https://software.intel.com/en-us/articles/intel-trusted-execution-technology-intel-txt-enabling-guide.
Creating a trusted compute pool involves the following steps:
For information on installing an OpenAttestation server, installing the OpenAttestation agent on hosts, and creating a White List database, see https://github.com/OpenAttestation/OpenAttestation/wiki.
- Configuring the Manager to communicate with an OpenAttestation server.
- Creating a trusted cluster that can only run trusted hosts.
- Adding trusted hosts to the trusted cluster. Hosts must be running the OpenAttestation agent to be verified as trusted by the OpenAttestation sever.
10.4.1. Connecting an OpenAttestation Server to the Manager
Before you can create a trusted cluster, the Red Hat Virtualization Manager must be configured to recognize the OpenAttestation server. Use
engine-config
to add the OpenAttestation server's FQDN or IP address:
# engine-config -s AttestationServer=attestationserver.example.com
The following settings can also be changed if required:
Option
|
Default Value
|
Description
|
---|---|---|
AttestationServer
|
oat-server
|
The FQDN or IP address of the OpenAttestation server. This must be set for the Manager to communicate with the OpenAttestation server.
|
AttestationPort
|
8443
|
The port used by the OpenAttestation server to communicate with the Manager.
|
AttestationTruststore
|
TrustStore.jks
|
The trust store used for securing communication with the OpenAttestation server.
|
AttestationTruststorePass
|
password
|
The password used to access the trust store.
|
AttestationFirstStageSize
|
10
|
Used for quick initialization. Changing this value without good reason is not recommended.
|
SecureConnectionWithOATServers
|
true
|
Enables or disables secure communication with OpenAttestation servers.
|
PollUri
|
AttestationService/resources/PollHosts
|
The URI used for accessing the OpenAttestation service.
|
10.4.2. Creating a Trusted Cluster
Trusted clusters communicate with an OpenAttestation server to assess the security of hosts. When a host is added to a trusted cluster, the OpenAttestation server measures the host's hardware and software against a White List database. Virtual machines can be migrated between trusted hosts in the trusted cluster, allowing for high availability in a secure environment.
Procedure 10.9. Creating a Trusted Cluster
- Select the Clusters tab.
- Click.
- Enter a Name for the cluster.
- Select the Enable Virt Service radio button.
- In the Scheduling Policy tab, select the Enable Trusted Service check box.
- Click.
10.4.3. Adding a Trusted Host
Red Hat Enterprise Linux hosts can be added to trusted clusters and measured against a White List database by the OpenAttestation server. Hosts must meet the following requirements to be trusted by the OpenAttestation server:
- Intel TXT is enabled in the BIOS.
- The OpenAttestation agent is installed and running.
- Software running on the host matches the OpenAttestation server's White List database.
Procedure 10.10. Adding a Trusted Host
- Select the Hosts tab.
- Click.
- Select a trusted cluster from the Host Cluster drop-down list.
- Enter a Name for the host.
- Enter the Address of the host.
- Enter the host's root Password.
- Click.
After the host is added to the trusted cluster, it is assessed by the OpenAttestation server. If a host is not trusted by the OpenAttestation server, it will move to a
Non Operational
state and should be removed from the trusted cluster.