AMI® TruE™ Trusted Environment Platform Security Solution

The AMI TruE™ Trusted Environment Platform Security Solution enables confidential computing that isolates sensitive data in an encrypted CPU enclave during processing, using Intel® Software Guard Extensions (Intel® SGX) and Intel® Security Libraries for Data Centers (Intel® SecL-DC) found in the latest Intel® Xeon™ Processors to enable a true trusted environment for confidential computing and secure cloud execution.

AMI TruE enables secure computing, easy to deploy workload attestation and secure application keys without compromising confidentiality or adding cost. It delivers a holistic, secure datacenter solution that is scalable, extensible and built for cloud-to-edge applications. It establishes and tracks the servers’ trusted compute status in the data center, complies with data sovereignty regulations, runs sensitive workloads on trusted servers and provides remediation measures for untrusted platforms.

AMI TruE helps datacenters secure platforms throughout the entire platform life cycle, by providing end-to-end firmware security and verification across the datacenter and integrating with other datacenter management and orchestration tools to provide a holistic view of platform firmware security for all servers in use. Supply chain attacks can be easily avoided by attesting the shipped firmware and software hash information of new platforms. After deployment, server trust validation continues to attest the integrity of the firmware and software running across the enterprise.

Features and Benefits

  • TRUST IN YOUR DATA CENTER – Establish and track the trust status of all compute servers in the data center.
  • COMPLY WITH DATA SOVEREIGNTY – Ensure seamless compliance with various regional data sovereignty regulations.
  • ATTEST NEW SERVER INSTALLATIONS – Avoid supply chain attacks and other physical tampering.
  • RUN SENSITIVE WORKLOADS ON TRUSTED SERVERS – Ensure workloads containing sensitive information run only on trusted nodes with KUBERNETES® integration.
  • EXTENSIBLE SOLUTION WITH RESTFUL API – Elect to use AMI TruE out-of-the-box or integrate AMI TruE with your existing data center management infrastructure.

Do you know all the Firmware Running on your Platform?

Modern platforms have numerous components running their own firmware. It used to be just the Server BIOS, BMC and Option ROM firmware. Today, it's every component. This includes Non-Volatile DIMMs, Power Supplies, NICs and every other component that you can think of. This broadens the attack surface, opening up multiple vectors for intrusion into the platform's chain of trust.

How do you trust ALL your Platform Firmware?

Trusted Hardware

The future of trusted hardware is here now. Running sensitive workloads in a black box, such as in an Intel® SGX secure enclave, furthers data privacy, sovereignty and protection in the cloud by reducing the attack surface in the data center.

Intel® Software Guard Extensions (Intel® SGX), Intel® Security Libraries for Data Centers (Intel® SecL-DC) and AMI TruE enables Platform Trust and Runtime Encryption.

(Roll over image below)

Platform Trust

AMI TruE uses a trust agent running at the OS level to collect firmware and software hash information from the Trusted Platform Module (TPM), which is used to determine platform trust by comparing this hash information to known trusted hashes. A customer installed and managed attestation server will keep all the various hashes collected across the data center and track which ones are trusted or untrusted. When a node is found to be untrusted, it can be scheduled for automatic firmware updates based upon data center policy.

Intel® Software Guard Extensions (Intel® SGX) + AMI TruE enabling Confidential Computing

Leveraging Intel® SGX secure enclaves, AMI TruE enables secure computing, easy to deploy workload attestation and secure application keys without compromising confidentiality – to deliver a secure data center solution that is scalable, extensible and built for cloud-to-edge applications. It establishes and tracks the servers’ trusted compute status in the data center, complies with data security regulations and provides remediation for untrusted platforms. Adding support for these key security features makes AMI TruE a reliable and easily deployed solution for data centers and cloud service providers that delivers functional computing, attestation, confidential computing and cloud execution without compromise.

(Roll over image below)

Privacy and Data Sovereignty

AMI TruE enables data centers and businesses the ability to comply with privacy laws and data sovereignty regulations by binding the server's geographic location to its asset tag information – creating what is called a geo-tag. With AMI TruE, protected personal data can be identified and separated, and compliance with data sovereignty regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), can be assured.

AMI TruE enables geo-tagging servers, assuring regional data sovereignty regulations are followed for region specific workloads

Customization with Flavors

Combine platform requirements in any combination to create flavors.

Flavors help determine whether a particular compute node is suitable for certain workloads. Apply one or more flavors to any subset of your managed environment to enforce platform trust requirements, operating system requirements, geographic location requirements, and more. AMI TruE even gives you the ability to create custom attributes for your flavors.

Integration with Cloud Orchestration

By assuring that your environment is running only trusted firmware and software, integration with popular industry cloud orchestration software, such as KUBERNETES®, allows AMI TruE to ensure that workloads containing sensitive information or data requiring data sovereignty compliance are run only on trusted compute nodes in the required geographic location. KUBERNETES® integration allows for the enforcement of flavors to be automated by the data center workload orchestration environment.

Designed with Extensibility in Mind

While AMI TruE comes as an extension to our AMI Composer™ data center management software for an out-of-the-box product, it uses RESTful APIs for ease of integration into other data center management environments.

End-to-End Security with AMI TruE

AMI TruE helps data centers secure platforms throughout the entire product life cycle. Supply chain attacks can be easily avoided by attesting the shipped firmware and software hash information with the attestation server upon installation into an existing trusted environment. After deployment, server trust validation continues to attest the integrity of the firmware and software running throughout the data center.

Download the NISTIR 8320 Report on Hardware-Enabled Security: Container Platform Security Prototype

Please visit the National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSCR) Publication site to download the NISTIR 8320 Report on Hardware-Enabled Security: Container Platform Security Prototype.

    Sign-up for a Demo

    For more information, please contact an AMI Sales Representative using the form below.

    Connect Partner Develop Power on Manage Be Secure with AMI