Manualshelf

Security Overview of the Integrity Virtual Machines Architecture

ManualsBrandsHP ManualsSoftwareHP-UX vPars and Integrity VM v6
123456789
2
Introduction
HP Integrity Virtual Machines (Integrity VM) is a soft partitioning and virtualization technology within
HP's Virtual Server Environment, which enables you to create multiple virtual servers within a single
HP Integrity server, hard partition, or blade. A single HP Integrity system running Integrity VM can
support multiple virtual machines, each with its own separate “guest” operating system. As a result,
each virtual machine (VM) can host its own applications in an isolated environment. Integrity VM
shares the physical resources of the Integrity server amongst all of the virtual machines it hosts. You
can define virtual machines as single-CPU or SMP servers with the flexibility to host many virtual CPUs
on a single physical processor. The same is true for I/O a single I/O card can be shared by
multiple virtual machines.
HP enables both flexibility and scalability with its Integrity VM technology. You can create virtual
servers with multiple virtual CPUs and I/O devices, each running a separate operating system
instance with different OS versions, applications, and users. The result is a virtual machine
technology that provides increased hardware utilization and flexibility in server provisioning with
isolation, improved system availability, and higher capacity.
Integrity VM development is performed using strict security guidelines and each product release
undergoes a formal security review in the design phase.
Integrity Virtual Machines Architecture
There are effectively multiple layers of technology in the Integrity VM architecture the physical
computer system and its operating system (VM Host) supporting the virtual machine environment,
Virtual Machine Monitor (VMM), and finally the virtual environment which contains virtual Ethernet
switches and virtual machines.
Virtual Machine Host System
The VM Host is responsible for managing and allocating physical resources to virtual machines. It
also enforces isolation of virtual machines while providing communication capabilities for virtual I/O
adapters and Ethernet switches.
The VM Host’s operating system is HP-UX 11iv2 which has an EAL4+ assurance rating. HP-UX 11iv2
has been successfully evaluated against the requirements for the EAL4 Common Criteria (ISO 15408)
Assurance Level, augmented by ALC_FLR.3 (flaw remediation), using the Controlled Access (CAPP)
and Role-Based Access Control (RBAC) Protection Profiles
Virtual Machine Control
Each virtual machine is managed analogously to a UNIX process. After a VM’s threads finish
execution of their time-slice on a given physical processor, they are context-switched out with their
state and register contents saved. Before another process or VM begins execution, its context is
restored, including its register contents, before execution begins. In doing so, the VM Host’s
operating system removes register contents and state of the previously executing thread from that
processor.