LynxSecure 5.0 features increased performance and virtualization

by Toni McConnel , TechOnline India - March 03, 2011

LynxSecure 5.0 from Lynux Works, Inc., is a new release of the LynxSecure separation kernel and hypervisor that adds significant performance increases for fully virtualized guest operating systems (OSes) by utilizing new hardware technologies.

LynxSecure 5.0 from Lynux Works, Inc., is a new release of the LynxSecure separation kernel and hypervisor that adds significant performance increases for fully virtualized guest operating systems (OSes) by utilizing new hardware technologies. The new release also offers 64-bit and Symmetric Multi-processing (SMP) guest OS virtualization support.

LynxSecure 5.0 includes a device sharing facility for systems with limited physical devices that complements the existing direct device assignment mechanism that has been available in previous versions of LynxSecure. The same highly secure virtualization solution used in safety- and security-critical military, medical and avionics embedded applications can now be used in more Enterprise-based systems to support secure client virtualization, secure multi-tenancy and secure hardware appliances.

Software virtualization is commonly used on servers in Information Technology (IT) centers to gain a long list of benefits including equipment consolidation, ease of management, and the support of legacy applications. However, performance limitations and the lack of physical devices on client and embedded systems have traditionally made virtualization impractical. With LynxSecure 5.0 many of these limitations have been overcome. By implementing a new secure device virtualization mechanism, managed from a secure partition on LynxSecure, limited physical devices can now be virtualized and shared between guest OSes. By using LynxSecure’s policy-driven, inter-partition communication mechanism, the performance and security of the shared devices such as network, USB, HDD and graphics is optimized, bringing the benefits of security and virtualization to resource-limited client systems, such as laptop PCs or embedded devices.

A key component for the usability of a secure virtualization solution on client devices is the performance of the OSes and applications that run on the virtualized system. LynxSecure 5.0 has built many new optimizations into its full virtualization component, offering near-native execution of fully virtualized guest OSes and their applications. A fully virtualized OS runs without any changes required to either the OS or the applications when housed in their secure enclave on LynxSecure. By utilizing key new processor technologies like the 2nd generation Intel Core processors, along with key Intel hardware functions such as Extended Page Tables (EPT), Page Attribute Table (PAT) and Advanced Vector Extensions (AVX), in-house benchmarks show an execution speed within a few percentage points of running natively. These performance enhancements mean that developers can take advantage of the security offered by LynxSecure without compromising on either the performance or functionality of legacy and new OSes and applications.


Another key feature added to LynxSecure 5.0 is the ability to run 64-bit fully virtualized guest OSes with SMP enabled. This now means that 64-bit OSes such as Windows 7, Linux and Solaris OSes can run across multiple cores managed by the security of LynxSecure. This functionality, when combined with the performance enhancements of LynxSecure 5.0, offers developers the opportunity to securely host off-the shelf OSes and applications on the same system as real-time operating systems (RTOSes) and legacy applications, allowing them to consolidate multiple physical systems into a single system utilizing the latest multi-core processors such as the quad core Intel Core processors.

LynxSecure 5.0 can now fully virtualize Windows 7 (64 bit) SMP, Windows XP (32 bit) SMP, and Solaris 10 TX (64 bit) SMP OSes in secure and isolated partitions.

The ability to consolidate two or more discrete OSes into a single multifunction unit allows for a huge savings in costs, system maintenance and physical space. It also opens the door for innovative new devices that leverage multiple OSes and reduce complexity.

Applications can be partitioned, and access to systems resources and assets can be isolated, to meet a broad range of security requirements. LynxSecure makes it possible to safely run multiple applications and different guest OSes on a single platform by isolating them into separate partitions to prevent unintended or dangerous software interactions. Peripherals such as keyboard, video, and mouse (KVM) can be virtualized for sharing across guest OSes or selectively assigned to a specific guest. Similarly, assets such as databases, disks, CD-ROM, network, USB and audio can be configured for sharing or be dedicated to a single operating system or application.

LynxSecure 5.0 is the first version to be ported to Intel’s low-power ATOM devices, offering the benefits of LynxSecure’s secure virtualization to a new set of connected mobile and embedded devices. LynxSecure supports both the ATOM e5xx and e6xx 32-bit processors, both in single and dual-core formats, and allows the combination of LynxOS RTOS and Linux OS to be securely co-resident on a single system.

LynxSecure 5.0 comes with the latest version of the Luminosity Integrated Development Envorinment (IDE). The Luminosity 4.7 IDE for LynxSecure 5.0 offers powerful development, debug and analysis tools integrated into an industry standard Eclipse-based framework for maximum interoperability. Luminosity 4.7 adds full support for developing LynxSecure 5.0 hypervisor kernel images along with a wide variety of guest OSes. Luminosity 4.7 provides a fast and easy way to configure the LynxSecure Hypervisor, assign devices to specific subjects such as the LynxOS-SE RTOS and Linux and Windows OSes, and build the downloadable image. Luminosity can then download and boot LynxSecure 5.0 and it’s guest operating systems (OS) and then debug applications running on the subjects. Luminosity offers a set of Wizards that take new users through the configuration process using a new “autoconfiguration” utility that runs on the target. A new streamlined target-resident version of Luminosity specifically designed to meet the needs of IT administrators will also be included with LynxSecure 5.0. It includes a utility that automatically configures target systems.

Availability

LynxSecure 5.0 is available as of March 2011.

For more information visit http://www.lynuxworks.com

 

About Author

Comments

blog comments powered by Disqus