Virtualization: Making It Real

Hardware and software manufacturers combine their expertise to create a secure, workable platform.

Virtualization—by which two previously disparate operating systems (OSs) can now run on the same hardware platform—has been around since the 1960s. Yet the Intel® Core™ 2 Duo processor with the Mobile Intel® GM45 Express chipset has now made virtualization a practical and economical solution for applications in today’s embedded-systems market. Of course, processing speed has always been a factor when considering virtualization. Yet data integrity is by far the biggest concern in mission-critical applications for markets like medical, healthcare, and military.

Secure Operation Is Vital

When two different OSs are placed on the same server, there’s a risk of data bleeding between the two. As a result, challenges arose when a practical platform was to be configured to prove how virtualization could cut costs and increase versatility in applications in the medical and healthcare market. The platform’s developers needed to find a hypervisor or virtual machine monitor (VMM) that also included a separation kernel to address current and future security issues. LynxSecure from LynuxWorks was the only secure hypervisor utilizing hardware-virtualization technology (VT) and supporting multiple cores.

A typical hypervisor allows users to host multiple OSs. Because it may not provide any separation between them, however, a Windows ® guest OS can access information on a guest Linux® OS and vice versa. In practical terms, there could be a loss of data integrity between the application that organizes patient billing and the application that collects patient bio-data. With a level of security designed to support both CC EAL-7 and DO-178B Level A in place, users of the test platform were able to run their disparate legacy and bespoke applications on the Intel Core 2 Duo processor without risk.

Software was only part of the solution. The other half of the equation was to pair the secure hypervisor with hardware that could run the Intel® Virtualization Technology (Intel® VT), including VTx and VTd technology, which acts as a fail-safe and enables the separation kernel to actually perform its duties. Other key requirements for a practical product were ease of implementation, compact size, low power consumption, and long product life cycle.

Hardware Completes The Solution

Complementing the software solution necessitated a hardware manufacturer with a good track record of implementing Intel’s leading-edge technologies. American Portwell Technology was the most suitable candidate. As a member of the Intel® Embedded and Communications Alliance (ECA), American Portwell Technology had the relevant experience and expertise to produce the embedded-systems board that would power the application. Both parties determined that the Mobile Intel GM45 Express chipset was the perfect vehicle to drive the hypervisor. American Portwell Technology was one of the first ECA members to implement that actual chipset in a viable embedded-systems board.

In addition to being able to support secure virtualization, the medical application placed many other demands on the embedded- systems board. It needed to be able to support the chipset’s built-in Mobile Intel® Graphics Media Accelerator 4500MHD as well as the DVI display interface, Intel®’s Trusted Platform Module (TPM), and Intel® Active Management Technology to ensure an easy upgrade. From a project perspective, American Portwell’s lowpower WADE-8067 addressed all of these requirements and more. It is based on the Mini-ITX form factor, which makes it flexible for applications in the medical space as well as the government, avionics, automotive, military, and industrial-control markets. It also offers long life-cycle support, which gives users peace of mind.

Demonstrating Real Virtualization

Today, the WADE-8067 with LynxSecure solution is used as a platform to demonstrate the benefits of virtualization, which include the following:

• Cost savings
• Space savings
• Promotes easy, focused maintenance
• Ensures data integrity and security
• Provides greater flexibility

Stuart Fisher is product manager for LynxSecure at LynuxWorks in San Jose, CA.

Frank Shen is product marketing director at American Portwell Technology Inc. in Fremont, CA.