Adolfo V Aguayo of Intel announced the 2.0.7 release of OpenCIT (Open Cloud Integrity Technology) library. The first time I’ve heard of OpenCIT, and they’re already at a 2.x release. 😦 Excerpted announcement:
Open CIT is the next generation attestation solution. Open CIT provides features and capabilities in its entirety, as was made available in the Premium version, including support for ESX and Citrix-Xen, in addition to KVM on Ubuntu and RHEL. Open CIT provides ‘Trust’ visibility of the cloud infrastructure and enables compliance in cloud datacenters. The solution leverages Intel processors with Intel® Trusted Execution Technology (Intel® TXT) to establish HW root of trust and builds the chain of trust across hardware, OS, hypervisor and including asset tagging for Location and boundary control. The Platform trust and asset tag attestation information is used by Orchestrators and/or Policy Compliance management to ensure workloads are launched on trusted and location/boundary compliant platforms, and they provide the needed visibility and Auditability of your infrastructure in both public and private cloud environments.
We are proud to announce the release of Open CIT. Open CIT provides features and capabilities in its entirety, as was made available in the Premium version, including support for ESX and Citrix-Xen, in addition to KVM on Ubuntu and RHEL. OpenCIT provides ‘Trust’ visibility of the cloud infrastructure and enables compliance in cloud datacenters. Below are the key features for Open CIT:
– Establish chain of trust of BIOS, firmware, OS kernel & hypervisor by verifying against configured good known values (Whitelists)
– Ability to tag/verify hosts with custom attributes (Asset Tags) stored in TPM. Ex: Location attributes
– Open Stack integration to utilize Platform Trust and asset tags for advanced VM management
– Mutual SSL authentication supported across all the communication channels.
– RESTful API interface for easier 3rd party integration
– Audit logging for all changes including tracking of the host trust status changes
– Self-extracting installers for ease of setup & Reference UI portal
– User defined TLS policy management for host’s connections.
Distributions currently supported and the Open Stack version used for our extensions:
– Linux distributions: Ubuntu 12.04 LTS, 14.04 LTS, RHEL 6.5 and 7.x, on KVM
– OS platforms that are supported for remote attestation: Citrix XenServer 6.2, VMWare ESXi 5.5, 6, Ubuntu 12.04 LTS, 14.04 LTS, RHEL 6.5 and 7.x,
– Open Stack extensions supported: Kilo & Liberty.
For more information, see the OAT-devel post: