Metalvisor is a commercial off the shelf (COTS) virtualized platform that offers a full security run-time solution that isolates and protects VM & Container workloads utilizing micro-segmentation. This deployment protects mission critical workloads and data from edge to cloud.
Available on SEWP
Metalvisor creates true VM isolation at the hardware level driving Quality of Service (QoS) through the roof compared to traditional virtualization. Each VM is allocated dedicated hardware (CPU, Cache, Memory, Storage, Network) when being provisioned.
Real Time & Safety Systems can now be run on the Metalvisor virtualized platform.
Traditional hypervisors tend to oversubscribe VMs and can cause resource contention that leads to poor performance.
VM vCPUs share processing time on the physical CPU and in multi-tenant environments this time sharing of the CPU can cause latency and jitter that can cause unpredictable & unacceptable performance for mission critical systems.
Metalvisor for Intel Processors is a new technology that uses new Intel 3rd Generation processors to provide dedicated hardware to each VM. No longer time sharing and competing for resources.
We have been able to protect data at-rest and in-transit for a while now.
Now it is now possible to encrypt data while in-use using Metalvisor.
Total Memory Encryption (TME) ensures that all memory accessed from the Intel CPU is encrypted, in order to provide greater protection against software & hardware attacks on the system memory.
Multi-Key Total Memory Encryption (MKTME) is used by the hypervisor to manage the use of keys to transparently encrypt system memory for each VM using different keys. Operating systems & applications can deploy without any changes.
Metalvisor provides hardware level isolation between VMs that provides defense-in-depth protection against Side-Channel Attacks (such as Meltdown & Spectre).
Traditional hypervisors share hardware between VMs and can lead to Side-Channel attacks. These vulnerabilities allow malicous actors to steal data processed on the server.
Metalvisor for Intel Processors is a new technology that uses new Intel 3rd Generation processors technology to provide dedicated hardware to each VM.
This architecture provides defense in depth against Side-Channel attacks.