Technology that Opens the Clouds

Almost a year ago I posted an article about why the time is right for cloud computing.

In that post, I spoke a lot about the changes that made the cloud an interesting option.  I will stop here to define my terms (note: I did not say define the terms, but define my terms as I am using them, at least for today).  For the next minute or so, Cloud is an environment I can host some of my business compute functionality where I retain management and control of the "Applications" and “Servers”.  Cloud means just about everything to somebody today...


Here is where I say "I've looked at the cloud from both sides now," but then I get that song by Joni Mitchell stuck in my head for the rest of the day, so I am not going to say that – no way.  This also is a pretty good indicator of my age demographic when a Joni Mitchell song can get stuck in my head.

Moving on, the key idea in my earlier post was that virtualization has changed the game.  Virtualization provided a container that made the future of cloud technology possible. Intel has done a lot to make virtualization better. With the myriad of technologies ( VTx, VTd, VTc, …) layered into the processor, chipset, network adapters, etc Intel made it possible to virtualize everything.  With overhead as low as 4-6%, why not virtualize every server?

Finally, I want to talk about some of the other “barriers” to cloud adoption.  Virtualization made it possible, but there are reasons not to play there today; namely safety/privacy/security.

The first Intel technology I want to mention is AES/NI (an oh-so-clever engineering driven name).  AES/NI are a set of new instructions supported across all current Intel Xeon processors.  These instructions are called by encryption/decryption algorithms to improve encrypt/decrypt performance by as much as 400%.   What this enables for the folks counting coins and running servers and applications is an end to the encryption trade off.  If encrypting databases uses an extra 10-15% of my server, I might sweat the cost benefit before I click the encrypt checkbox.  With encryption pushed down to 2 or 3%, it is a no brainer.  Safer is better and I can afford to encrypt everything.  Even if someone/thing gets access to my data on disk, it will look like this #$%^&*()_ :).  Well, not exactly, but it will not be valuable.  AES/NI delivers the encryption performance to eliminate encryption cost benefit gambling.

The second technology that will make clouds “safer” is Intel TXT ( aka Trusted Execution Technology).  Here is Ken’s explanation of TXT and its benefit:  In a non-virtualized world, you load a series of applications onto your server.  The operating system has various rules about what code can see what, and what codes touch certain bits of memory.  This is good enough for most businesses, and as long as they have control of the operating system and take appropriate steps to prevent OS corruption, they feel ‘reasonably’ safe with their software jewels on the server.  In reality the hardware has access to “everything” but hacking the processor and chipset have to date been sufficiently difficult to make this situation “good enough”.

Then, along comes virtualization.  In a virtualized environment I can still have that sense of blissful safety in my management and control of my operating system in My VM.  The issue comes in what is under my VM.  Instead of raw Iron (silicon and microcode) there is a hypervisor.  This hypervisor is a chunk of software that has God-like access to anything in any of the VMs it controls.  Actually, it is a lot like the hardware in the non-virtualized example.  The issue is the “soft” part of software.  A hypervisor could be corrupted.  It's not trivial and not common but quite possible.  This is what TXT was built to address.  TXT “measures” the boot of the hypervisor and can assure that this critical chunk of software has not been deflowered.  TXT enables a VM owner to Trust that the hypervisor has not been corrupted, and therefore trust the cloud platform.

With VT, AES, and TXT Intel has made the cloud explosion possible.