CompatibleOne and Intel are Cooperating to Deliver a Hardware Based Root of Trust for Workloads in Open Clouds

Share Article

The cooperation aims to offer Trusted Compute Pools services to users who require improved visibility and control in the infrastructure where their services run.
CompatibleOne has pioneered the use of Trusted Compute Pools in a cloud service broker.

OW2, the global open source infrastructure software community announces today at Cloud Expo West in Santa Clara, CA. that CompatibleOne, The Open Source Cloud Broker, and Intel are joining forces to deliver a hardware based root of trust for workloads in open clouds.

The goal of this collaboration is to offer Trusted Compute Pools services to users who require improved visibility and control in the infrastructure where their services run. This is delivered by providing pools of compute nodes which are verified in running known and good hypervisors for ensured trustworthy environment.

Trusted Compute Pools: Cloud subscribers may have applications or virtual machines that need to run in trustworthy environments. Thanks to hardware-based security features, such as Intel® Trusted Execution Technology (TXT), cloud service providers are able to build Trusted Compute Pools. Combined with remote attestation server from Open Attestation, an open source project, service providers can ensure that the compute node is running software with verified measurements. Thus they can establish the foundation for a trusted cloud stack. Through the use of Trusted Compute Pools, cloud subscribers can request services to be run on verified compute nodes.

Trusted Brokerage Services: CompatibleOne is an open source cloud service broker i.e. a cloud services management software with brokering capabilities. CompatibleOne can provision, deploy and manage any type of cloud services (from IaaS to PaaS), these services being supplied by heterogeneous service Providers selected according to Service Level Agreement (SLA) as defined between the consumers and the platform operators. This means that customers may specify their proper SLA, which their workloads request, in terms of security policy, such as specifying the trustworthiness of the compute nodes on which these workloads will be processed. In that case, CompatibleOne platform will provision and deploy these workloads on the most compliant cloud providers i.e. only the ones who have deployed Trusted Compute Pools. CompatibleOne is able to do so in a complete secured (TLS) and non-intrusive fashion through native OpenStack API (Nova). Thanks to its secured post-configuration and monitoring services it will also be able to enforce the security policy at run time.

The combination of Trusted Compute Pools, Trusted Brokerage Services and OpenStack provides all means to insure that the customers' VMs are processed in a trustworthy environment:
1) Intel TXT attests that the chain made by H/W, Bios, OS, hypervisor is secured.
2) OpenStack (Folsom version) which has integrated support for Trusted Compute Pools, is able to attest to the trustworthiness of the compute nodes on which these workloads will be processed (including hypervisor such as KVM).
3) CompatibleOne integrating OpenAttestation features is able to deploy workloads only on attested computing nodes and to control at any moment that the VMs deployed on OpenStack Trusted Compute Pools are still compliant with security policy defined by customers' SLA.

This significantly reduces the uncertainty in terms of security. In the case of an Hybrid Enterprise IT (public organization or private firm) with a strong security policy, this solution will offer to the CIO a comprehensive set of tools which can be customized to fit with the governance rules of the enterprise, and integrated well with their operational environments. Plus they will be able to deal only with providers able to support Trusted Compute Pools.

“Intel Trusted Execution Technology is providing the highest level of trustworthiness for the deployment of workloads on cloud computing infrastructures.” says Jean-Pierre Laisne, CompatibleOne Project Coordinator, “Thanks to TXT, CompatibleOne is able to provision resources on attested trusted compute nodes in a unique fashion enabling the level of trust that users are requesting” he adds.

“CompatibleOne has pioneered the use of Trusted Compute Pools in a cloud service broker and by doing so has set the pattern for the industry to follow.” says Billy Cox, Intel Director of Cloud Software Strategy. “Cloud users will now be able to obtain and use trusted infrastructure from service providers.”

CompatibleOne is an open project, its software will be made available to the global open source community through the OW2 Open Source Cloudware initiative (OCSi). The OSCi is the vehicle through which participants from all over the world can join in the action.
Visit CompatibleOne at Cloud Expo West, booth #915 and attend the presentation “Next-Generation Cloud Management: The Cloud Service Broker” by Iain James Marshall & Jean-Pierre Laisne Monday, November 5th, 4:25 - 5:05 pm.

About CompatibleOne
The CompatibleOne collaborative project develops the first industry-grade open source cloud broker. CompatibleOne was launched as a collaborative project to come up with ideas addressing the need for interoperability in the field of Cloud Computing. The project quickly evolved until it converged in developing a cloud computing broker. CompatibleOne is an open source collaborative project supported by 14 partners. Its technology is based on open standards and its approach fully leverages OCCI, the open cloud computing interface. CompatibleOne has defined a four-step fully functional manifest-to-service provisioning cycle of the CompatibleOne broker. The CompatibleOne platform is aligned with the Cloud Computing Reference Architecture2 of the National Institute of Standards and Technology (NIST). Visit

About OW2
OW2 is an independent industry community dedicated to developing open source code infrastructure (middleware and generic applications) and to fostering a vibrant community and business ecosystem. The OW2 Consortium hosts some one hundred technology projects, including ASM, Bonita, eXo Platform, JOnAS, JORAM, Orbeon Forms, Orchestra, Spagic, SpagoBI and XWiki. OW2 is an open source dissemination partner in a number of collaborative projects, such as CHOReOS, CompatibleOne, OpenCloudware and XLcloud. Visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

(336) 114-3043 x1
Email >

Jean-Pierre Laisne
Follow us on
Visit website