Intel’s LaGrande vision for trusted virtualization

Quoting from DevX:

If there’s one word in IT that’s stuck around for decades, it’s “virtual.”

Why now? Why is Intel making such a fuss about virtualization and its new VT-x and LaGrande technologies? Why should we care?

VT-x, and a variety of other hardware technologies, are what’s behind Intel’s LaGrande initiative.

Intel’s LaGrande is part of Intel’s Safer Computing Initiative, which enhances various chips within a desktop, notebook or server to boost security. It comprises several components. One part includes improvements to the microprocessor, including execution protection and the VT-x instructions for virtualization. Another is a sealed storage subsystem, which uses embedded encryption to foil attackers; if the VMM is the only part of a system that has the key, this would stymie any attempt to bypass the VMM by a guest operating system or malware.

There are other aspects to LT as well, included controlled access to the keyboard, mouse and video subsystem; this is vital when you have multiple guest operating systems running on a desktop or notebook PC, and where they must be completely isolated from each other, while still sharing the same display and I/O devices. Another important element is memory protection, which controls how direct memory access (DMA) can read or modify specific memory pages.

The LaGrande technology is a work in progress; some parts of it, such as VT-x, are farther along, while others are still under development. Intel’s working on a two-three year timeframe for creating the whole set of LaGrande enhancements. From the perspective of trusted virtualization, however, the technology is imminent. So, when you think about system security, think about virtualization; and when you think about virtualization, realize that there’s more to it than simply saving money and electricity through hardware consolidation. Virtualization, to coin a phrase, is the Real Thing.

Read the whole article at source.