CTT Big4 News IBM Cloud Recently #IBM009

CTT Big4 News IBM Cloud Recently #IBM009

Hello Friends, welcome to Big4 Recently

AWS, IBM, Google & Azure – the Big4 Cloud Service providers. In this article, we will explore latest IBM Cloud Recently.


Increased application security & control with IBM Cloud HSM 7.0

IBM has announced the global availability of our next generation Hardware Security Module (HSM) – IBM Cloud HSM 7.0 – providing high-assurance key generation, protection and storage.

Based on the latest Gemalto’™ SafeNet HSM technology, IBM Cloud HSM is a dedicated, single-tenant hardware appliance that safeguards and manages sensitive digital cryptographic key information by storing, protecting and managing cryptographic keys in a hardened FIPS-validated, private-network-attached appliance.

To put it simply, IBM Cloud HSM gives you enterprise-strength access controls for today’s security-critical applications. These critical appliances protect the cryptographic infrastructure of some of the most security-conscious organizations in the world by securely managing processing.

The integration of IBM Cloud HSM 7.0 including SafeNet Luna Network HSM A750 enables superior performance by running over 20,000 ECC and 10,000 RSA operations per second (3X to 5X faster than previous HSM releases)[1]. And with dual, hot-swappable power supplies and clustering for high availability and backup, there’s always consistent performance with no downtime and guaranteed business continuity. In addition, IBM Cloud HSM is FIPS 140-2 Level 3 certified, so you can be assured you’re getting a secure, third-party validated solution.

Finally, this new solution is attached to IBM’s global private network that offers no-cost, secure network access to 60 IBM data centers around the world. All in all, IBM Cloud HSM 7.0 is the perfect general purpose network solution for your enterprise applications.

Data-in-use protection on IBM Cloud using Intel SGX

Business Challenge:

While external attacks outnumber internal incidents as causes of breaches, malicious internal incidents are on the rise – in 2017, 46% of internal attacks were malicious insider incidents. As businesses become data-driven, they understand data security and privacy are competitive differentiators [1].

However, in today’s data economy, networked and perimeter-based security models fall short of bringing true end to end data security. Security and risk (S&R) leaders are adopting Zero Trust architectural principles, using micro-perimeters and micro-segmentation making the data the new perimeter.

Figure 1: Data-in-use protection using Intel SGX

While today’s IAM, data-at-rest and in-transit solutions together tremendously help enterprises with data security, it is not an end-to-end solution without data-in-use protection.

Intel SGX:

Intel® Software Guard Extensions (Intel® SGX) is a technology that can protect data-in-use through hardware-based server security.  Intel SGX lets application developers protect select code and data from disclosure or modification. Intel® SGX uses enclaves, which are trusted execution environments (TEE) that utilize a separate portion of memory that is encrypted for TEE use.

Intel SGX on IBM Cloud:

In December 2017, IBM announced early access to Intel SGX based offerings. Intel SGX bare metal servers are generally available across all regions on IBM Cloud. Take the following steps to provision SGX servers:

  1. Select “Bare Metal Server” from the IBM Cloud catalog for compute:

Figure 2: IBM Cloud Catalog for Compute

  1. Select other configuration options from the screen below:

Figure 3: Bare metal server configurations on IBM Cloud

  1. Select “Intel Xeon E3-1270 v6” configurations under single processor multi-core servers; select servers billed monthly.

Figure 4: Single processor server configurations

  1. Select “Software Guard Extensions” in the next screen:

Figure 5: System configuration options

Proceed to the next steps of your server configuration as you would for any other bare metal server. When you provision your server, it should have the SGX enabled in the BIOS. The provisioning may take several hours.

Installing Intel SGX driver and Platform Software(PSW):

After provisioning the server, and before running Intel SGX workloads, you need to install an Intel SGX driver and PSW (Intel SGX SDK is optional and meant for development purposes).

You can find the latest driver, PSW and SDK for your platform here or over here. Alternatively, you can also build and install from the github repository here.

Intel Software Guard Extensions installation Guide is located here.

Developing Intel SGX Protected Applications:

Intel SGX application consist of two parts: untrusted code and trusted enclave that it securely calls into. A developer can then create one-to-many trusted enclaves that work together to support distributed architectures. Common uses include key material, proprietary algorithms, biometric data, and CSR generation.

Developers can start with the following steps:

  1. Identify secure data that needs to be protected.
  2. Find the methods/functions that modify the secure data.
  3. Partition the code into trusted enclaves and untrusted code.

At runtime, the Intel SGX instructions build and execute the enclave into a special protected memory region with a restricted entry and exit location, that’s defined by the developer. This prevents data leakage. Enclave code and data inside the CPU can be accessed only by the application’s untrusted component and enclave data written to disk is encrypted and checked for integrity [2].


What’s included in the IBM Cloud Developer Tools CLI version 1.3.0

Create Applications from Open API 2.0 Specifications

New in this release the create command is enhanced to allow creating an application from an Open API 2.0 Specification.  Simply proceed through the use of the create command as normal, but for Java, Node, and Swift runtimes, there is a new starter with the description Create Project or Empty Starter.  Using this starter will then provide a prompt where you can enter the location of the Open API 2.0 document as a URL.  For example:  https://github.com/OAI/OpenAPI-Specification/blob/master/examples/v2.0/json/petstore.json

 Deploy Applications to IBM Cloud Private

This release provides support to seamlessly use the helm client provided by IBM Cloud Private to deploy using the deploy command to that environment.  To setup your client for this deployment, there are two new prerequisites:

  1. You must use a specific helm release as described here.
  2. You must also use the bx prplug-in to add a certificate for use by helm as detailed here.  Instructions for installing the prplug-in are here.

With those prerequisites completed, deploying to your IBM Cloud Private is completed as with prior releases with bx dev deploy -t container from your application directory.  The deploy command will prompt you for a deployment image name for the application.  This is <your-ICP-host-and-port>/<your-ICP-namespace>/<the-app-name>.  For example:  mycluster.icp:8500/default/someAppName

Start developing your cloud native applications with IBM Cloud Developer Tools CLI today!  Create a new project or enable an existing one and enjoy a streamlined developer experience to get your applications on the IBM Cloud and IBM Cloud Private.

That’s it friends, please visit specific Cloud provider news that you are interested in from below links.


Author: Debashree

A Technical writer and passionate about digital life. Always eager to learn and share knowledge.