Metalvisor & OpenShift (Pt. 1)

Brad Sollar
Chief Technical Officer

February 18, 2023

Metalvisor & OpenShift

Red Hat's OpenShift and Metalvisor is a powerful combination well-suited for running edge computing workloads. Here are some reasons why OpenShift and Metalvisor are the perfect platforms for secure edge computing.

OpenShift is a leading container orchestration platform, providing an easy-to-use interface for managing containers and microservices.

OpenShift enables organizations to run and manage containerized applications and services at scale, making it a great choice for edge computing workloads. OpenShift Container Platform supports hybrid cloud deployments, allowing users to deploy their clusters on a variety of public cloud platforms or in their own data center. This gives users the flexibility to deploy their applications where it makes the most sense for their business, whether that's in a public cloud, a private data center, or a combination of both.

OpenShift Container Platform also benefits from the integration of major components from Red Hat Enterprise Linux (RHEL) and related Red Hat technologies. This integration provides users with a robust, enterprise-grade platform that is tested and certified to meet the high-quality standards of Red Hat's software.

In addition, OpenShift Container Platform is developed using an open source development model, which means that the source code is available from public software repositories and development is completed in the open. This fosters rapid innovation and development, as well as collaboration between developers and users. This open collaboration helps to drive the evolution of the platform and ensures that it meets the needs of its users.


Metalvisor is designed to protect systems starting with the silicon and up through the application stack by using hardware-based isolation and cryptography to create immutable, locked-down, and tamper-proof tenants for workloads at the edge. Metalvisor works with Intel processors to create additional security features to mitigate physical and cyber threats.

A technology originally developed and used in the United States Department of Defense, Metalvisor is now commercially available and uses Red Hat Enterprise Linux as the foundation for orchestration which allows for efficient management of multiple workloads running on the platform. Metalvisor is specifically designed for multi-tenant workloads and it's been tested and validated for compatibility with Red Hat Enterprise Linux.

Zero Trust principles are built into the design by “trusting nothing, and always verifying” starting with the Intel processor, where cryptographic verification of hardware leads to a secure hardware-based root of trust where higher-level software and application chains of trust are built. The entire system is constantly verifying the runtime of workloads, enforcing security policy, and protecting against advanced attacks.

Unlike traditional systems that depend on implicit trust of either the hardware or virtualization layer, Metalvisor implements isolated domains, launched from firmware sitting below the OS level. A dedicated policy engine independent of OS designed to uniquely perform security policy & cryptographic verification for all resources in hardware & software.

"Metalvisor can help to secure OpenShift Control & Compute nodes by giving them full memory encryption, each with a unique encryption key. "

Confidential Compute

Confidential Computing is a technology that protects data and computations in-use, while they are being processed. It provides an isolated and secure environment for data processing and can be used to protect AI and ML models at the edge. Confidential computing uses hardware-based security features, such as secure enclaves, to isolate sensitive data and computations and prevent unauthorized access or tampering.

Here's how confidential computing can help protect Edge workloads such as AI and ML models at the edge:

  1. Data privacy: Confidential computing ensures that sensitive data, such as personal or financial information, is protected from unauthorized access or tampering, even when it is being processed by AI or ML models.
  2. Model protection: Confidential computing can protect AI and ML models from reverse engineering, tampering, or theft. This is important for organizations that have invested in developing proprietary models and do not want to risk their intellectual property being compromised.
  3. Compliance: Confidential computing can help organizations meet regulations and standards, such as GDPR, that require the protection of sensitive data.
  4. Improved performance: By processing data and computations in a secure and isolated environment, confidential computing can help improve the performance of AI and ML models by reducing the overhead of encryption and decryption.

Confidential Computing provides an important layer of security for AI and ML models, protecting sensitive data and computations and helping organizations to meet regulatory requirements while improving performance and protecting intellectual property.

Confidential Compute: Metalvisor & OpenShift

Metalvisor provides confidential compute using multi-key total memory encryption on Intel CPUs. Metalvisor is a TypeZero hypervisor, which protects compute workloads at the edge.

This makes it ideal for use in edge computing environments, where data privacy is paramount. Metalvisor runs directly on the hardware, creating a secure environment for virtual machines. Sensitive data is protected from unauthorized access and data breaches.

One of the critical features of the Metalvisor is its use of multi-key total memory encryption. This means that all memory used by the virtual machines is encrypted. This provides a high level of security, as attackers cannot access the encrypted data even if they gain access to the physical device.

Mainsail's Metalvisor uses unique encryption keys for each virtual machine (VM) to provide defense in depth against potential data breaches. Each VM has its own encryption key, which is used to encrypt its memory and stored data. This provides an additional layer of security compared to traditional encryption methods, where a single key is used to encrypt all data.

If a single VM is compromised, the attacker would only have access to the encrypted data of that VM and not the data of other VMs. This minimizes the damage that a single security breach can cause.

Metalvisor can help to secure OpenShift Control & Compute nodes by giving them full memory encryption, each with a unique encryption key. This is done transparently to OpenShift, with no refactoring of workloads, use of SDKs, or any additional software needed. This is a built-in feature of Metalvisor and is on by default. This helps protect Edge deployments against physical attacks where an attacker could pull the memory out of a machine and then read the memory in a server they own. This is known as cold data extraction or cold boot attacks.

Metalvisor is designed to be easy to use, with a simple and intuitive user interface via Cockpit. Administrators can quickly create, cryptographically sign, and manage virtual machines. Metalvisor provides a secure and reliable solution for Confidential Computing, using multi-key total memory encryption and hardware-based encryption capabilities on Intel CPUs. With its easy-to-use interface and simplified cryptography, Metalvisor is an ideal solution for organizations that need to process sensitive data in edge computing environments securely.

In the next article we will look at how Metalvisor can enhance Zero Trust for OpenShift.