Visos™ runtime environment (vre) – Kanguru RocIT Defender User Manual

ROCIT DEFENDER™

USER’S GUIDE

© 2009-2011 Absolute Identification, Inc.

Page 8

All Rights Reserved

4.

ViSoS™ Runtime Environment (VRE)

4.1.

VRE Overview

The VRE (ViSoS

TM

Runtime Environment) is a hardened environment that has

undergone extensive security-enhancing customizations. It is a secure, locked down,
Linux-based operating system that has passed thousands of Department of Defense
tests to ensure that the environment is protected against most security threats.

When the end-user boots and authenticates to the drive, the VRE is booted from the
secure encrypted partition. End-users do not have access to the underlying runtime
environment or file system. They are only provided with the minimum privileges
necessary to run the applications that are configured and deployed for the specific
customer solution, including Oracle VirtualBox Virtual Machine Manager (VMM).
This means that the administrator can configure the drive and limit the end-user’s
ability to access items within the VRE. The RocIT Defender solution does, however,
provide an administrative login capability that enables an administrator, who has
the password, access to the underlying VRE and file system and the ability to debug
and/or customize a particular drive. Note: Performing any specific drive
customization should not be required, and is not recommended. All configuration
and/or application or module changes should be made against a master RocIT
image and pushed out to all end-user drives through the centralized RocITSafe
Update Service.

When the VRE is first started, it will perform a lookup against the enterprise’s (or
Absolute ID's) update service to determine if any updates are required. If there are
any updates, the VRE update module will automatically download and install the
updates onto the specific user’s drive.

Additionally, the VRE provides the ability to perform advanced configuration and
customizations, including the ability to customize the network interface, drivers,
and end-user applications.

4.2.

Virtual Machine Manager (VMM) – Oracle VirtualBox

The VRE comes preconfigured with Oracle VirtualBox version 3.2.10 Virtual
Machine Manager (VMM) and one or more guest operating systems (Virtual
Machines – VM’s) within the Bootable version of the application. Refer to

http://www.virtualbox.org/

for information on utilizing Oracle VirtualBox.

Currently, the only VMM (also known as a hypervisor) supported is Oracle
VirtualBox. The VMM within the VRE is configurable and supports the ability to
dynamically or statically define rules and settings such as:

Dynamic attachment and support of external smart card readers (SCR’s).