Trusted Computing Group releases server specs

The Trusted Computing Group (TCG) has a lofty goal -- to give the IT industry a base on which to develop systems that are less prone to attacks and malicious access. The nonprofit industry advisory board took a critical step toward that goal last week by releasing its specifications for trusted servers.

The TCG develops and promotes open specifications that IT vendors can lean on to help them protect and strengthen platforms against software-based attacks.

The basis of the specification is the Trusted Platform Module (TPM) chip, which stores digital keys, certificates and passwords that allow servers to "talk" to each other. The new specs include a new remote attestation feature that allows a third party to check to see if a box has been tampered with or compromised by a hacker attack or a virus. Another feature is key storage, in which encrypted keys help store data.

The industry's biggest players, including IBM, Intel Corp., AMD, Dell Inc., Hewlett-Packard Co., Lenovo, Sun Microsystems Inc., Sony and Microsoft, hold a place among the TCG's 112 members. The reason the group has such widespread support, said Mark Schiller, HP's director of trusted computing strategy group and the company's TCG representative, is that in an age where boxes from different vendors are talking more and more, trusted server conversation benefits everyone.

It is especially important, Schiller said, in utility computing environments, where box-to-box talk is all the rage.

"I think HP's view is that it is extremely important for there to be trust in the data center," Schiller said. "For server-to-server conversation, it's important to know if [a server] can trust the other server. There is always risk involved in server-to-server conversation … trusted computing will allow to have dialogue and test [each server's] state … and to know you have a lower chance of risk and really let you know what you're talking to."

According to Mike Kahn, managing director for Wellesley, Mass.-based Clipper Group, it's encouraging to see so many large-scale vendors getting together to try and hammer down a safer way for heterogeneous data centers to operate.

"Security is increasingly important, and to be able to have something where everyone agrees and become an international standard, well that's the way to do it. This is the way de facto standards are born," Kahn said. "The fact that there's one protocol for everyone to follow makes sense."

TCG marketing group chairman Brian Berger said the new specs represent a strong complement to the PC client specifications the group released in 2003, and many of the individual points outlined in the new specs are a direct response to concerns voiced by customers of vendors participating in TCG's work.

Thanks to these specifications, Berger said, server vendors can now build boxes that incorporate trusted specs.

"It is very important [that] the data integrity and authenticity on the server side complements the client side for trust," Berger said. "[People can say] now I can trust the client, the server and the information on these products."

The new specifications are now available at the TCG Web site. These products are available immediately.

Let us know what you think about the story; e-mail: Luke Meredith, News Writer