Red Hat Training

A Red Hat training course is available for Red Hat Virtualization

10.4. Trusted Compute Pools

Trusted compute pools are secure clusters based on Intel Trusted Execution Technology (Intel TXT). Trusted clusters only allow hosts that are verified by Intel's OpenAttestation, which measures the integrity of the host's hardware and software against a White List database. Trusted hosts and the virtual machines running on them can be assigned tasks that require higher security. For more information on Intel TXT, trusted systems, and attestation, see https://software.intel.com/en-us/articles/intel-trusted-execution-technology-intel-txt-enabling-guide.
Creating a trusted compute pool involves the following steps:
  • Configuring the Manager to communicate with an OpenAttestation server.
  • Creating a trusted cluster that can only run trusted hosts.
  • Adding trusted hosts to the trusted cluster. Hosts must be running the OpenAttestation agent to be verified as trusted by the OpenAttestation sever.
For information on installing an OpenAttestation server, installing the OpenAttestation agent on hosts, and creating a White List database, see https://github.com/OpenAttestation/OpenAttestation/wiki.

10.4.1. Connecting an OpenAttestation Server to the Manager

Before you can create a trusted cluster, the Red Hat Virtualization Manager must be configured to recognize the OpenAttestation server. Use engine-config to add the OpenAttestation server's FQDN or IP address:
# engine-config -s AttestationServer=attestationserver.example.com
The following settings can also be changed if required:

Table 10.7. OpenAttestation Settings for engine-config

Option
Default Value
Description
AttestationServer
oat-server
The FQDN or IP address of the OpenAttestation server. This must be set for the Manager to communicate with the OpenAttestation server.
AttestationPort
8443
The port used by the OpenAttestation server to communicate with the Manager.
AttestationTruststore
TrustStore.jks
The trust store used for securing communication with the OpenAttestation server.
AttestationTruststorePass
password
The password used to access the trust store.
AttestationFirstStageSize
10
Used for quick initialization. Changing this value without good reason is not recommended.
SecureConnectionWithOATServers
true
Enables or disables secure communication with OpenAttestation servers.
PollUri
AttestationService/resources/PollHosts
The URI used for accessing the OpenAttestation service.

10.4.2. Creating a Trusted Cluster

Trusted clusters communicate with an OpenAttestation server to assess the security of hosts. When a host is added to a trusted cluster, the OpenAttestation server measures the host's hardware and software against a White List database. Virtual machines can be migrated between trusted hosts in the trusted cluster, allowing for high availability in a secure environment.

Procedure 10.9. Creating a Trusted Cluster

  1. Select the Clusters tab.
  2. Click New.
  3. Enter a Name for the cluster.
  4. Select the Enable Virt Service radio button.
  5. In the Scheduling Policy tab, select the Enable Trusted Service check box.
  6. Click OK.

10.4.3. Adding a Trusted Host

Red Hat Enterprise Linux hosts can be added to trusted clusters and measured against a White List database by the OpenAttestation server. Hosts must meet the following requirements to be trusted by the OpenAttestation server:
  • Intel TXT is enabled in the BIOS.
  • The OpenAttestation agent is installed and running.
  • Software running on the host matches the OpenAttestation server's White List database.

Procedure 10.10. Adding a Trusted Host

  1. Select the Hosts tab.
  2. Click New.
  3. Select a trusted cluster from the Host Cluster drop-down list.
  4. Enter a Name for the host.
  5. Enter the Address of the host.
  6. Enter the host's root Password.
  7. Click OK.
After the host is added to the trusted cluster, it is assessed by the OpenAttestation server. If a host is not trusted by the OpenAttestation server, it will move to a Non Operational state and should be removed from the trusted cluster.