NEXT-GEN SECURE VIRTUALIZATION

Metalvisor is a commercial off the shelf (COTS) virtualized platform that offers a full security run-time solution that isolates and protects VM & Container workloads utilizing micro-segmentation. This deployment protects mission critical workloads and data from edge to cloud.

Available on SEWP

Performance

Metalvisor creates true VM isolation at the hardware level driving Quality of Service (QoS) through the roof compared to traditional virtualization. Each VM is allocated dedicated hardware (CPU, Cache, Memory, Storage, Network) when being provisioned. 

Real Time & Safety Systems can now be run on the Metalvisor virtualized platform. 

Traditional Virtualization

Traditional hypervisors tend to oversubscribe VMs and can cause resource contention that leads to poor performance. 

VM vCPUs share processing time on the physical CPU and in multi-tenant environments this time sharing of the CPU can cause latency and jitter that can cause unpredictable & unacceptable performance for mission critical systems.

Deterministic Performance

Metalvisor for Intel Processors is a new technology that uses new Intel 3rd Generation processors to provide dedicated hardware to each VM. No longer time sharing and competing for resources. 

Confidential Computing

We have been able to protect data at-rest and in-transit for a while now.

Now it is now possible to encrypt data while in-use using Metalvisor. 

Total Memory Encryption (TME)

Total Memory Encryption (TME) ensures that all memory accessed from the Intel CPU is encrypted, in order to provide greater protection against software & hardware attacks on the system memory.

Multi-Key Total Memory Encryption (MKTME)

Multi-Key Total Memory Encryption (MKTME) is used by the hypervisor to manage the use of keys to transparently encrypt system memory for each VM using different keys. Operating systems & applications can deploy without any changes. 

Security

Metalvisor provides hardware level isolation between VMs that provides defense-in-depth protection against Side-Channel Attacks (such as Meltdown & Spectre).

  • Reduced attack surface area minimizing Side-Channel Attacks
  • Chain of trust to verify and maintain system integrity from power-on through the launching of your most critical applications at runtime
  • Ensures only allow-listed applications can run, denying everything else

Side-Channel Attacks

Traditional hypervisors share hardware between VMs and can lead to Side-Channel attacks. These vulnerabilities allow malicous actors to steal data processed on the server.

Protection Against Side-Channel Attacks

Metalvisor for Intel Processors is a new technology that uses new Intel 3rd Generation processors technology to provide dedicated hardware to each VM.

This architecture provides defense in depth against Side-Channel attacks.

Available on SEWP V

Metalvisor Cloud

Metalvisor-C is built for large cloud-scale deployments. Metalvisor C is an infrastructure-as-a-service (IaaS) based platform for deploying mission-critical workloads. Metalvisor C utilizes the latest OpenStack and Intel processors to create a next-generation security platform that provides defense-in-depth protection from advanced threats and provides exceptional performance & bare-metal-like experience for virtual machines.

Contact Sales

Metalvisor Edge

Metalvisor-E is built for edge computing deployments down to a single machine. Metalvisor E is a hypervisor-based platform for deploying mission-critical workloads. Metalvisor E utilizes Cockpit and Intel processors to create a next-generation security platform that provides defense-in-depth protection from advanced threats and provides exceptional performance & bare-metal-like experience for virtual machines.

Contact Sales