The VoyagerVM 4.0 (VM4) is the latest addition to the Voyager compute family, with the most advanced security to run any cloud and software architecture at the edge safely. 

All Cloud Service Providers (CSP) have a Shared Responsibility Model¹⁺²⁺³ (SRM) that outlines the security and protection of the cloud and highlights how cloud users should protect their cloud and connected edge. In short, the CSP is responsible for the “security of the cloud”, and the customer is responsible for their “security in the cloud and at the edge”. 

Ultimately, anyone connecting to a Commercial or Government cloud must ensure the highest level of security of their applications in the cloud and at their connected edge. 

VoyagerVM 4.0 Security

Klas is known for delivering solutions to the highest standard e.g. TrueTactical and security. At Klas, security is not an afterthought, but baked in at the design phase. Our engineers select and implement the latest technologies that provide the maximum security for the customer. With VM4, customers get hardware security baked in that cannot be circumvented and acts as a critical foundation for building a secure edge, key capabilities include:

Self-encrypting drives:  the VM4 has four unique NVMe-based storage devices, that are all self-encrypting. Knowing that the edge is unprotected and the potential for tampering is high, we have eliminated the threat of sensitive data being compromised by ensuring all data is encrypted.

Isolated OS drive: Another critical design aspect of the VM4 is the separate and soldered-down NVMe storage device. The fixed storage device provides a secure space to run any Operating Systems (OS). A further advantage of running the OS on a seperate disk, is that sensitive is not loss in the event of an OS failure.  

Trusted Platform Module (TPM2.0): A secure crypto-processor for cryptographic operations. Combined with the Intel Xeon D secure boot capabilities, the user can generate a digital signature for the OS. The digital signature is used to identify if the OS has been modified and will prevent the VM4 from booting. This critical security capability mitigates against some of the most advanced OS security threats.

A biased BIOS! 

It is well known and documented that legacy BIOS and the chipsets used in the boot instruction, such as the baseboard management controller (BMC), have been exploited as a backdoor to get into the hardware for nefarious reasons.  

At Klas, we have taken the opportunity to ensure that the VM4 and its boot firmware cannot be tampered with or has any backdoors. The VM4.0 uses the latest Intel Unified Extensible Firmware Interface (UEFI) specification that supports secure boot, ensuring the boot process cannot or has not been tampered prior to booting. 

A further example of how Klas ensures the VM4 is secure is that we remove all factory-set credentials. For example, BMC chipset vendors document the administrator credentials online. A simple, yet often overlooked step is the removal of the known credential. However, with VM4, you can be assured that your BIOS is biased towards the highest security best practices and standards.

Security to the edge and beyond

With the cloud or software architecture secured at boot time, the next step is to secure the running operations and data transfer.

A crucial feature of the new Intel Xeon D in the VM4 is the hardware-accelerated security capabilities, providing faster cryptography with the latest security algorithms. 

For example, CSPs continuously assess and upgrade the cloud security posture. An excellent example is the sunsetting of the use of the Transport Layer Security (TLS) version 1.1 protocol in favor of TLSv1.2 and higher⁴. 

An important aspect of the VM4 is that it can handle all of the latest CSP requirements, but more importantly, with no performance impact on end-user applications running at scale.

Security hardened for the safest edge experience

VoyagerVM 4.0 delivers the most advanced security for the protection of Government and Commercial applications. With VM4, you can be confident that any application running at the edge is highly protected.

For more information on the VoyagerVM 4.0, please visit – https://www.klasgroup.com/products/voyager-vm-4-0/

Resources

1. 1. AWS Shared Responsibility Model – https://aws.amazon.com/compliance/shared-responsibility-model/
   2. Azure Shared Responsibility Model – https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
   3. Google Shared Responsibility Model – https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate 
   4. AWS TLS update notification – https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/

Further Reading

Innovating at the Edge with VoyagerVM 4.0
VoyagerVM 4.0 the power to do more at the Tactical Edge.