A new security certification allows federal agencies to use Red Hat's Enterprise Linux 5 with the KVM hypervisor on IBM systems for a variety of command and control and secure operations.
This story has been updated from its original versions with additional details.
A version of Red Hat’s Linux 5 operating system that is capable of running various types of software thanks to a built-in kernel-based virtual machine hypervisor, has been certified to meet internationally recognized security standards. Developed to run in IBM servers, the modified version of Linux allows open-source virtualization techniques to be deployed in homeland security applications, command and control systems and across government agencies that had been limited by existing virtualization technologies
With the Common Criteria Certification at Evaluation Assurance Level 4+, the KVM hypervisor on Red Hat Enterprise Linux and IBM x86 servers now meets federal security standards. This permits governments, financial institutions and security-conscious organizations to create secure, open virtualized IT environments and private clouds, Red Hat officials said.
The KVM hypervisor uses SE Linux to address agency security concerns about virtualization implementations because it allows virtual resources to run in separate containers that can be individually defended during an intrusion. Hypervisors allow computers to run multiple operating systems and/or software applications as separate virtual instances.
One of the advantages of Red Hat Linux with the KVM hypervisor is that it takes advantage of existing Red Hat developments, Gunnar Hellekson, chief technology strategist for Red Hat’s U.S. public-sector group, told GCN.
For example, Red Hat Linux 5 uses Security-Enhanced Linux, which is the result of a joint project by Red Hat and the National Security Agency. The security certification allows organizations to use Red Hat Linux 5 with the KVM hypervisor with confidence because the built-in SELinux will prevent virtual machines from attacking each other on the same host if they are compromised.
“No one had a general-purpose operating system with a hypervisor that had been Common Criteria certified,” said Hellekson. The Common Criteria accreditation process forces developers to choose a platform to certify on, hence Red Hat’s choice of IBM’s servers for the KVM hypervisor on Enterprise Linux 5, he said. Red Hat is working with other vendors to undergo Common Criteria accreditation with their platforms once Enterprise Linux 6 becomes available, he added.
The Red Hat system can also be stripped down to a core hypervisor for specialized operations, such as work in high-performance computing, he said. This flexibility is important because many users are wary of vendor lock-in with specialized tools such as hypervisors. Providing the KVM in an open system format with built-in security features offers users greater flexibility, he said.