NUREMBERG, GERMANY, Embedded World 2011–March 2, 2011–LynuxWorks™, Inc., a world leader in the embedded and security software market, today announced availability of LynxSecure 5.0. This new release of the award-winning LynxSecure separation kernel and hypervisor adds significant performance increases for fully virtualized guest operating systems (OSes) by utilizing new hardware technologies, and offering 64-bit and Symmetric Multi-processing (SMP) guest OS virtualization support.
This LynxSecure 5.0 release has also added a device sharing facility for systems with limited physical devices that complements the existing direct device assignment mechanism that has been available in previous versions of LynxSecure. With this release, the same highly secure virtualization solution used in safety- and security-critical military, medical and avionics embedded applications can now also be used in more Enterprise-based systems to support secure client virtualization, secure multi-tenancy and secure hardware appliances.
Software virtualization is commonly used on servers in Information Technology (IT) centers to gain a long list of benefits, including equipment consolidation, ease of management and the support of legacy applications. However, performance limitations and the lack of physical devices on client and embedded systems have traditionally made virtualization impractical. With LynxSecure 5.0 many of these limitations have been overcome. By implementing a new secure device virtualization mechanism, managed from a secure partition on LynxSecure, limited physical devices can now be virtualized and shared between guest OSes. By using LynxSecure’s policy-driven, inter-partition communication mechanism, the performance and security of the shared devices such as network, USB, HDD and graphics is optimized, bringing the benefits of security and virtualization to resource-limited client systems, such as laptop PCs or embedded devices.
“Detica is committed to help fight the war against cyber attacks, by advising and working with IT organizations to understand their existing infrastructure and then help introduce new technologies like LynxSecure,” said Henry Harrison, technical director of Detica. “The new features of LynxSecure 5.0 along with its secure underpinnings help to protect sensitive information held on corporate computers by segregating the corporate OS and applications from the environment used to browse the Internet.”
A key component for the usability of a secure virtualization solution on client devices is the performance of the OSes and applications that run on the virtualized system. LynxSecure 5.0 once again raises the bar for performance by building many new optimizations into its full virtualization component, offering near-native execution of fully virtualized guest OSes and their applications. A fully virtualized OS runs without any changes required to either the OS or the applications when housed in their secure enclave on LynxSecure. By utilizing key new processor technologies like the 2nd generation Intel® Core™ processors, along with key Intel hardware functions such as Extended Page Tables (EPT), Page Attribute Table (PAT) and Advanced Vector Extensions (AVX), in-house benchmarks show an execution speed within a few percentage points of running natively. These performance enhancements mean that developers can take advantage of the security offered by LynxSecure without compromising on either the performance or functionality of legacy and new OSes and applications.
LynxSecure’s market-leading technology convinces even high-demanding customers.
“secunet has been working with LynuxWorks and the LynxSecure product through its last two generations, and we have been very impressed with the security and functionality that it offers,” said Kai Martius, secunet Security Networks AG, the leading German company developing government-grade encryption and multi-level products. “The performance and virtualization enhancements made in LynxSecure 5.0 make this product a perfect companion for the security products that we develop at secunet, and we look forward to building an even stronger relationship with LynuxWorks.”
Another key feature added to LynxSecure 5.0 is the ability to run 64-bit fully virtualized guest OSes with SMP enabled. This now means that 64-bit OSes such as Windows 7, Linux and Solaris OSes can run across multiple cores managed by the security of LynxSecure. This functionality, when combined with the performance enhancements of LynxSecure 5.0, offers developers the opportunity to securely host off-the shelf OSes and applications on the same system as real-time operating systems (RTOSes) and legacy applications, allowing them to consolidate multiple physical systems into a single system utilizing the latest multi-core processors such as the quad core Intel® Core™ processors.
“The new 2nd generation Intel® Core™ processors provide a perfect blend of performance and security features that have allowed us to do some exciting things with LynxSecure 5.0 that were not possible before,” said Arun Subbarao, VP of Engineering at LynuxWorks. “For example LynxSecure 5.0 can now fully virtualize Windows 7 (64 bit) SMP, Windows XP (32 bit) SMP, and Solaris 10 TX (64 bit) SMP OSes in secure and isolated partitions. In a sense, this further blurs the line between embedded and Enterprise computing and makes combinations from both worlds entirely possible. For instance, an virtual appliance could be embedded into a desktop computer to provide maximum security with a minimum overhead. We are just beginning to imagine the possibilities of utilizing virtualization in a secure manner.”
The ability to consolidate two or more discrete OSes into a single multifunction unit allows for a huge savings in costs, system maintenance and physical space. It also opens the door for innovative new devices that leverage multiple OSes and reduce complexity.
Applications can be partitioned, and access to systems resources and assets can be isolated, to meet a broad range of security requirements. LynxSecure makes it possible to safely run multiple applications and different guest OSes on a single platform by isolating them into separate partitions to prevent unintended or dangerous software interactions. Peripherals such as keyboard, video, and mouse (KVM) can be virtualized for sharing across guest OSes or selectively assigned to a specific guest. Similarly, assets such as databases, disks, CD-ROM, network, USB and audio can be configured for sharing or be dedicated to a single operating system or application.
LynxSecure 5.0 is the first version to be ported to Intel’s low-power ATOM devices, offering the benefits of LynxSecure’s secure virtualization to a new set of connected mobile and embedded devices. LynxSecure supports both the ATOM e5xx and e6xx 32-bit processors, both in single and dual-core formats, and allows the combination of LynxOS RTOS and Linux OS to be securely co-resident on a single system.
LynxSecure 5.0 comes with the latest version of the Luminosity Integrated Development Envorinment (IDE). The Luminosity 4.7 IDE for LynxSecure 5.0 offers powerful development, debug and analysis tools integrated into an industry standard Eclipse-based framework for maximum interoperability. Luminosity 4.7 adds full support for developing LynxSecure 5.0 hypervisor kernel images along with a wide variety of guest OSes. Luminosity 4.7 provides a fast and easy way to configure the LynxSecure Hypervisor, assign devices to specific subjects such as the LynxOS-SE RTOS and Linux and Windows OSes, and build the downloadable image. Luminosity can then download and boot LynxSecure 5.0 and it’s guest operating systems (OS) and then debug applications running on the subjects. Luminosity offers a set of Wizards that take new users through the configuration process using a new “autoconfiguration” utility that runs on the target. A new streamlined target-resident version of Luminosity specifically designed to meet the needs of IT administrators will also be included with LynxSecure 5.0. It includes a utility that automatically configures target systems.
Visit Our Booth
To meet with the experts and learn more about LynxSecure 5.0 high-performance multilevel secure (MLS) systems and cross-domain platform solutions, please visit LynuxWorks at Embedded World, Hall 11, Stand 109.
LynxSecure 5.0 Availability
Like all LynuxWorks OSes, LynxSecure is based on open standards. LynxSecure 5.0 provides a seamless migration path for LynuxWorks customers whose Linux- and POSIX®-based applications can now run on virtualized Red Hat Linux and LynxOS family environments within LynxSecure partitions. The new release adds support for the 2nd generation Intel® Core™ processors and the Intel Atom processors. LynxSecure 5.0 is available as of March 2011.
About LynuxWorks
LynuxWorks, a world leader in the embedded software market, is committed to providing open and reliable RTOS and software tools to embedded developers. The company’s LynxOS family of OSes offers open standards with the highest level of safety and security features, enabling many mission-critical systems in defense, avionics and other industries. The latest product in the portfolio, the award winning LynxSecure offers a secure separation kernel and embedded hypervisor that forms a platform for the development of high assurance systems. Since it was established in 1988, LynuxWorks has created technology that has been successfully deployed in thousands of designs and millions of products made by leading communications, avionics, aerospace/defense, and consumer electronics companies. LynuxWorks’ headquarters are located in San Jose, CA. For more information, visit www.lynuxworks.com.