X86 Architecture cracked Cloud data center four puzzles

When cloud computing is rising over the IT world as a beautiful business model, save money! Improve utilization!...... A series of temptations for corporate IT managers to covet. The editor of the Harvard Business Review, in the article "The Big Switch:rewiring the world, from Edison to Google", describes the bright vision of cloud computing, which allows people to use computing resources like electricity.

However, there is always a gap between the reality and the ideal, and while countless it people are looking down, cloud computing faces many hurdles: compliance and security, flexibility, reliability, computational density, and energy efficiency are many "exclaiming".

How can you have a data center for cloud computing? How can you fully enjoy the benefits of cloud computing? How to not be eliminated from the wave of cloud computing?...... Enterprise CIOs are starting round after round of frantic exploration, trying to find the best solution for cloud computing, networking, storage, and more. This article will combine the four aspects of cloud computing data center, including security, flexibility, RAS features, compute density and energy efficiency, and explain how the X86 architecture can help users build the best practices of enterprise cloud computing data centers from processor technology.

One of cloud data center puzzles: Security

X86 Architecture Best Practices: Intel Trusted Execution Technology +aes instruction set

Because of the characteristics of cloud computing architecture, data is likely to be stored in different places and stored in plaintext, which greatly threatens the privacy and security of the data. General anti-virus software and firewalls can only operate in the operating system, but the VMM under the operating system is powerless, so VMM often drift away from security.

The trusted execution technology for Intel processors (Trusted Execution Technology,txt), formerly known as Intel LaGrande Security Technology, has been renamed since 07. It uses hardware keys and subsystems to control internal resources, and determines which programs, which users are allowed to access or deny access to these resources, and enhances the security of resources from the hardware level.

▲ Figure 1 How Intel's trusted execution technology works by creating a unique cryptographic identity for each authorized logged-on component and providing a hardware-based mechanism to prevent any code that is inconsistent with the authorization code from running

Intel's trusted execution technology consists of a sharp chipset, a series of jobs and virtual machine software that protects important data from being attacked. Intel's trusted execution technology requirements include five aspects: Protected execution--cannot execute other software without obtaining authorization; Sealed storage--provides hardware encryption and storage keys that cannot be used and opened on other platforms; Protected input--All input terminals require authentication, such as USB hardware, which cannot be opened without proper encryption; Protected graphics--does not allow the screen to be illegally extracted; Protected launch--can control the operating system and the main components of the system tools, will not be started or rewrite/rewrite/register action.

In addition to Intel's trusted execution technology, from the 32nm westmere architecture, the AES (Advanced encryption standard,aes) instruction set was added to the X86 architecture, containing six instructions, This includes four instruction sets for AES plus decryption operations, and two instruction sets that support key extensions. AES Instruction set realizes the support of AES encryption in hardware design, and optimizes the speed and security of data encryption and decryption process compared with AES encryption by software.

(Responsible editor: The good of the Legacy)