Secure Service Containers are a Virtual Appliance Framework for Sensitive Workloads

Secure Service Containers

Businesses face two types of security risk: regulatory, where compliance is demanded and enforced by an industry or government body, and failure to comply results in a fine and/or suspension; and existential, where failure to secure corporate assets from a breach can challenge the existence of the organization. As the complexity of security needs and requirements grows, the categories will overlap. Patient healthcare records are an example of this. Regulations require strict confidentiality of such records, and patients demand their health records remain secure. Data loss due to a breach could ruin an organization.

Clients must find IT technology that addresses both regulatory and existential concerns. IBM delivers that technology in the form of the IBM Secure Service Container (SSC), available on IBM z Systems* and IBM LinuxONE* servers. SSC provides security against many such risks. SSC provides full encryption of data at rest and in flight. Its integrity is verifiable. It is reliable. Isolation of workloads running within an SSC on IBM z* or LinuxONE is better than if those workloads were on separate servers. The SSC appliance model reduces much of a solution’s governance to a single check box.

Numerous Risks

Security-sensitive systems are subject to a number of risks in a production environment:

• Administrators have privileges that, from a functional perspective, they shouldn’t. However, non-functional requirements of installation and maintenance require them to have such privileges. Administrators may interfere with the operation of a solution:

  • Accidentally, as in a botched upgrade or misconfiguration of some component of the solution
  • Through malice
  • Through failure to properly harden or maintain the hardening of a server

• Side-channel attacks attempting to exploit flaws in solution implementation
• File system tampering, damage, or the loss or corruption of individual files
• The threat from neighboring applications on several levels in a virtualized environment from attempting to probe memory or storage to simply negatively affecting performance

For one to be fully confident, the solution must:

  • Be fully isolated at all levels from all forms of influence from neighboring solutions
  • Encrypt data at rest and in flight
  • Be verifiably tamper-proof
  • Require as close to zero administrative attention and requisite privileges as possible for operation

SSC provides a uniquely secure environment on IBM z or LinuxONE, delivering on these requirements in a way that would be otherwise difficult and costly.

Isolation and Guaranteed Service

The outermost level of the SSC is the LPAR—in effect, a VM hosted by the “bare-metal,” firmware-based hypervisor PR/SM*. LPARs define the resources available to the OS running within it (e.g., CPUs, memory, etc). Resources, like CPUs, may be dedicated, shared or even over-committed. This virtualization technology in z Systems and LinuxONE provides several advantages. SSC benefits most from:

  • Performance: PR/SM can manage resources in a way that maximizes utilization but still meets service levels for high-priority workloads, even if lower-priority workloads in another LPAR experience a spike in demand
  • Security: PR/SM is certified to Common Criteria Evaluation Assurance Level (EAL) 5+, an international standard (ISO/IEC 15408), and means PR/SM isolates LPARs better than any other hypervisor isolates its VMs. With multiple LPARs that must communicate, workloads can be more secure than two separate servers as no vulnerable networking gear needs to be employed to connect them.

LPARs, therefore, provide the performance and security of a dedicated system, but without the wasteful practice of over-provisioning hardware to account for periodic spikes in demand, or the inferior security isolation of other hypervisors.

Mark Moore is a senior software engineer with the IBM Competitive Project Office.

comments powered by Disqus



2018 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

Upgrade Your Mainframe with Operational Business Intelligence

Companies race to transform their businesses by delivering operational insights to their employees

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters