X

The browser version you are using is not recommended for this site.
Please consider upgrading to the latest version of your browser by clicking one of the following links.

Establishing Platform Trust in Edge Environments

AMI TruE Platform Attestation

AMI TruE Platform Attestation

Overview of AMI

AMI provides foundational technology and security solutions so the world’s compute platforms Power Up, Stay On, and Run Secure from on-premises to the cloud to the edge, each time, every time.

AMI is a crucial provider to the Open Compute ecosystem and is a member of numerous industry associations and standards groups, such as the Unified EFI Forum (UEFI), National Institute of Standards and Technology (NIST), National Cybersecurity Excellence Partnership (NCEP), and the Trusted Computing Group (TCG).

AMI’s unwavering customer support have generated lasting partnerships and spurred innovation for the most prominent brands and providers on the market.

Prerequisites

Smart Edge Open Controller Node: Desktop or VM with 4 Core 2.66 GHz CPU, 16 GB Memory, 200 GB Disk Space, Gbps Network with IPv4, CentOS 7.9 or Ubuntu 20.04, Kubernetes Control Plane, Docker Registry, Ansible Controller, NFS Server.

Smart Edge Open Worker Node: Desktop or VM with 4 Core 2.66 GHz CPU, 16 GB Memory, 200 GB Disk Space, Gbps Network with IPv4, CentOS 7.9 or Ubuntu 20.04.

Smart Edge Open Edge Node with Security: Physical Server, Intel® Ice lake Class, 4 Core 2.66 GHz CPU, Minimum 16 GB Memory, All Memory Modules Populated, 200 GB Disk Space, Gbps Network with IPv4, UEFI BIOS, TPM 2.0 Enabled and Cleared, Intel® TXT, UEFI Secure Boot, Intel® SGX, CentOS 7.9 or Ubuntu 20.04

AMI TruE Overview

The use of firmware in the data center has increased over the years. With the increase of firmware in the data center comes an increase in firmware vulnerability, which drives interest in firmware security and integrity to a new high. AMI TruE delivers holistic data center security solutions using Intel® Security Libraries for data centers and Intel SGX technology to establish and track all servers’ trusted compute status.

Benefits include:

Complete Data Center and Edge Security Solution

Foundational Security based on Intel® Security Libraries for Data Centers

Establishes and tracks all server’s trusted compute status

Provides remediation measures for untrusted platforms

Enables workload launch time protection using Kubernetes

Confidential Computing with Intel® SGX

Enables workload launch time protection including SGX enabled systems

Eases deployment of SGX attestation of workload, protection of keys, etc.

Remediation with Provisioning

Redfish based provisioning features

In-band Provisioning

Action Service Framework

Out-of-band Management with DMTF® Redfish Standards

Resource discovery and management

Continuous monitoring

Remediation actions

Deployment Model

AMI TruE supports a scalable and distributed deployment model, the diagram below shows the deployment model.

The Intel Smart Edge Open Controller Node hosts the control plane components, the platform security service is hosted on the worker node. The platform security agent is running on each edge node managed by AMI TruE.

Background Removal Extracting truth inside visuals

Use Case1: Launch Time Protection

Problem: Edge infrastructure hardware/firmware/software are not typically tracked by the infrastructure providers. Edge infrastructure admins are less aware of whether the hosts on which they are launching the workloads is verified, compromised, or susceptible to outside attacks.

Solution: Cloud orchestrators like Kubernetes can label server nodes with the key value attributes. AMI TruE remote attestation services can publish trust and informational attributes to the orchestrator for use in workload launching decisions like launch sensitive workloads on trusted edge servers only.

Value: Edge infrastructure admins can schedule their application workloads with orchestrator policy, ensuring they land on trusted hardware. With custom asset tag labeling, they can launch every workload on the host that is categorized to meet specific requirements.

Background Removal Extracting truth inside visuals

Where to Purchase

Please contact swsales@ami.com or contact us via https://www.ami.com/contact-us/

Follow us on

https://twitter.com/AMI_PR

https://www.linkedin.com/company/ami/

Optimized for OpenNESS

Install

Contact AMI to get the install bundle.

Deploy service

Refer the quick start guide in the install bundle.

Where to Purchase

Please contact swsales@ami.com or contact us via https://www.ami.com/contact-us/

Explore our Builders Programs

Through focused collaborations, Intel Builders members accelerate optimized solutions to market and deliver tools and documentation to speed solution deployments.

Intel® AI Builders

Intel® AI Builders

Learn how solution providers are using the Intel® AI portfolio to help customers extract deeper insights from their data.

Intel® Data Center Builders

Intel® Data Center Builders

Learn how a robust ecosystem of leading systems and software solutions partners are working together to drive the future of data center innovation.