Configuration Management Engine
Purpose
The Configuration Management Engine serves two (2) functions:
Ensuring that incoming configurations are stored immutably and scanned for any malicious code, in a way that guarantees their integrity and the integrity of the scanning and storage process.
Managing the storage of those configurations themselves on attached drives, in a way that scales to arbitrary file types and data volumes.
How It Works
The Configuration Management Engine is composed of three (3) distinct but inter-woven pieces: Malware Scanner, Integrity Enforcer, and Storage Layer.
Malware scanner
The system includes a pluggable malware scanning engine for checking all incoming configuration snapshots.
Integrity enforcer
The configuration manager runs inside specialized hardware called a Trusted Execution Environment, or TEE (for more, see Cybersecurity). The Axilon platform currently uses AMD Secure Encrypted Virtualization as its TEE of choice. This specialized hardware guarantees that the code running on the enclave is unmodifiable while active even by someone with access to the host, preventing malware from infecting or modifying stored configurations.
Storage layer
The platform uses an object storage engine to support arbitrary binary data of all volumes, whose backing store is initially the hard disk of the Axilon server. (It is also possible to use a NAS or SAN as backing storage in the case of large data volumes.)
Last updated