Cloud Services

TPS (Transparent Page Sharing) and vCloud Air

Transparent Page Sharing (TPS) is a memory oversubscription technique that reduces physical memory usage by sharing identical memory pages between virtual machines (VMs) – e.g., when two VMs are running the same operating system. Academic security researchers have recently shown that TPS may be used to gain unauthorized access to data running in VMs on vSphere and Xen hypervisors under certain highly controlled conditions. In a lab environment, the researchers demonstrated that they could recover an AES encryption key used by another VM running on the same physical server.

Out of an abundance of caution, we have turned off TPS in vCloud Air multi-tenant environments (the VPC and DR services). There is no impact to customers from this change.

For more information on the research and the changes to TPS in VMware vSphere, see VMware Knowledge Base article 2080735 http://kb.vmware.com/kb/2080735

The VMware security team’s blog is here: https://blogs.vmware.com/security/2014/10/transparent-page-sharing-additional-management-capabilities-new-default-settings.html

Comments

One comment has been added so far

Leave a Reply

Your email address will not be published. Required fields are marked *