Today cloud data protection is a critical requirement, and it will be even more important in the future as we have more in-depth and sensitive data in the cloud for new types of workloads (such as IoT and machine learning). Since VMs (Virtual Machines) are the key container of such data, it is crucial to protect VMs at rest (as in storage), in-transit (as in network), and during execution.
Encryption is considered as the foundation technology for VM protection, and there are established encryption technologies for VMs at rest and in-transit. Intel Multiple Key Total Memory Encryption (MK-TME) is Intel platform's new hardware feature which supports VM encryption during runtime, thus completes VM protection in VM's entire lifecycle. In this presentation, we give you an introduction to Intel MK-TME, including its hardware architecture, Linux/KVM design, and typical deployment in the cloud.
