Cloud computing is becoming increasingly popular. In cloud computing, a cloud may be an aggregation of resources provisioned on demand. Cloud computing may involve cloud resources performing computations instead of, or in addition to, a user's computer. Cloud computing has been compared to a utility, where computing is the service being provided. Cloud computing, however, may present issues with information security and integrity. Use of cloud computing requires trusting the computers that make up the cloud, the network with which the cloud is connected, the individuals and organizations that operate the cloud, and the physical environment in which cloud resources are placed. Trusting these computers in existing clouds, however, is not an acceptable risk for many.
Another known concept is remote-access clients. A company may already have laptops used by its employees via remote access architecture such as a virtual private network (VPN). In such architecture, the result may be a trusted software image running in an untrusted environment connecting back to the company. However, such a prior art architecture is insufficient in various respects for many companies' needs.
Another known concept may be to trust a hypervisor given to a cloud tenant by its cloud provider. Though not technically secure, the tenant may create trust via contractual obligation with the cloud provider. This may be analogous to trusting an outside vendor with the tenant's networks, for example, which various companies already do today. However, such contractual arrangements may be insufficient in various respects for many companies.
In addition, prior art, such as the “gPXE Secure Network Booting Project Proposal,” describe systems which allow the booting of machines on non-secure networks, as well as the possibility of booting from a server not within the local network. Such systems may use Safebootmode features to assure that no bogus trivial file transfer protocol (TFTP) servers on the network can supply boot files that might present a rogue login screen to capture a password. However, such systems do not address verification of the authenticity of the clients requesting the boot, if the clients are supposed to boot in automated fashion in an untrusted environment.
In addition, an open source network boot firmware, such as iPXE, may offer systems that provide a preboot execution environment (PXE) implementation enhanced with additional features. Different from a traditional PXE ROM, iPXE may be able to boot over a wide area network (WAN) such as the Internet. If the machine being tested is connected to the Internet, the iPXE demonstration image may be booted.
In view of such issues, improvements in cloud computing environments are needed.