Astra Linux: Brest Virtualization

Main article: Virtualization. Classification and applications

The Brest virtualization software package ensures the operation and management of virtual machines in the Astra Linux Special Edition operating system. Designed for use in information systems that process restricted information.

2024

Brest Virtualization Tool 3.3 with Astra Linux support 1.7.4.UU.1

Astra Group on May 20, 2024 announced the release of a large-scale update of the Brest Virtualization Tool 3.3 software complex (Brest PC) and at the same time the release of operational update 3.3.1. The updated version of the product refers to support for compatibility with the online upgrade of Astra Linux 1.7.4.UU.1, which is a cumulative security update. It is designed to neutralize threats to the exploitation of identified vulnerabilities and improve the functionality of special-purpose operating systems. The release adds the possibility of a seamless transition from version 3.2 to version 3.3 and 3.3.1 and includes a number of significant improvements and innovations made on the basis of feedback from partners, customers, Group specialists and internal developer service.

PC SV "Brest" is a Russian platform with built-in information protection Astra OS tools Linux for administering cloudy IT infrastructures any complexity. Virtualization system-based tasks include centralized cluster management, scaling and resiliency, site-to-site migration virtual machines , creating machine groups from templates, deploying secure virtual desktop infrastructures (), VDI virtualizing networks, storage, and building secure cloud solutions.

The main changes in the platform are related to the upgrade of software packages of the virtualization, management, data storage, file, network and other subsystems. With the update to the specified version, it will be possible to support modern hardware and drivers, OS cores version 5.15.

Release 3.3 developed a software component - an application with a graphical interface for configuring and installing the system, abbreviated KUB (Brest PC control console). It allows an administrator to remotely deploy a full-format system from a single management interface to the required number of servers, specifying their roles and applying the necessary settings for each of them. Version 3.3.1 in the CUBE improves the security of passwords and redesigned the multi-configuration management interface, which allows you to deploy several installations of the Brest PC using one CUBE installation. Also added checks for the uniqueness of some parameters (hostname, IP, etc.) and the filling of required fields, which makes it possible to prohibit the launch of the deployment on some servers.

In PC SV "Brest" version 3.3, the developers implemented the ability to create services (SaaS) and a group of virtual machines (VM) with auto-scaling. The mechanism for creating services is a multi-tier application, each tier of which is a separate application. It is it that functions on a separate VM. Each group of virtual machines is created and managed as a whole, and the service is automatically reconfigured according to the specified elasticity rules, i.e. automatically changing the number of virtual machines with the specified role.

Significant improvements also include the implementation of a memory deduplication mechanism based on the exclusion of copies of duplicate data in RAM, which allows the system core to check two or more already running VMs and compare the memory pages they use. This improves the performance of some applications and the efficiency of using existing resources.

In the updated version, software improvements were made to meet the FSTEC requirements for virtualization tools, which include the addition of a dependent module (astra-kvm-secure) for the implementation of role-based access control, the creation of new default groups in the FreeIPA CD, disabling the firewald service during system installation, etc.

The Brest PC version 3.3.1 has added options for the Brestuser Create command for non-interactive launches, a dashboard with information about storage, checking the correctness of entering parameters when starting the configuration of the PC PC management server, which eliminates the need for reinstallation in case of incorrectly entered data during initialization. It also reduced the monitoring agent time required to collect VM data on virtualization servers by 6 times. An algorithm for assigning mandate labels to disks has been developed. Previously, a special service was responsible for this, now this function is included directly in the drivers, which avoids errors with certain actions and speeds up labeling.

Another important change in version 3.3.1 is the Brest_LVM driver (alpha version intended only for test purposes) with storage capabilities in the Brest PC, such as status snapshots and backup of virtual machines (VMs), "thin disks" (the most optimal image for saving disk space in the storage system) and support for Parsec MSI.

For customers who already have version 3.2 of the Brest PC, Astra Group technicians have prepared instructions that describe the mechanism for updating the system to version 3.3 and 3.3.1 and migrating to it.

One of our priorities is to provide the Russian virtual infrastructure market with a reliable and scalable solution that can solve the main tasks of our Customers. In the new version of the Brest PC, we significantly simplified and made the installation of the system more friendly thanks to the graphical installer. We have significantly expanded the capabilities of the product to work with the network subsystem using a virtual router and have implemented a large number of security improvements. Of course, our work will not stop there, we will continue to improve the product, relying on feedback from our customers, "said Denis Mukhin, head of the virtualization and cloud services directorate at Astra Group.

Virtualization system Compatibility with UserGate Next-Generation Firewall 6.1.9

Astra Group and UserGate on May 15, 2024 announced the certification of the next generation firewall UserGate Next-Generation Firewall 6.1.9 (NGFW) as part of the Ready for Astra technology partnership program. The experts conducted a series of tests and made sure that the product works correctly in a single circuit with the latest updates to the Brest 3.2 secure virtualization platform and the software complex for managing ALD Pro 2.2.1 domain objects - Astra Group solutions in demand on the market. Read more here.

2023

As part of PAC VDI from Delta Computers

On May 5, 2023, Delta Computers introduced a Russian hardware and software complex for deploying infrastructural workplaces. The introduction of a hardware and software complex simplifies the administration of computers and thus reduces the organization's costs of maintaining infrastructure here.

As part of the Russian PAC "DataRu Piastre"

On the basis ON of the software GC "Astra" and hardware complex (PAC) "" PIASTRE Data from and, domestic producer server and network equipment DSS other IT solutions of the company was created. DataRu The product is designed to quickly create large-scale multi-user systems that are suitable for processing various, including confidential, systems. This was reported data on March 28, 2023 by the Astra Group of Companies.

The software part of PAC PIASTRE is based on OCAstra Linux Special Edition, and also includes other solutions from the software stack of Astra Group of Companies. Among them are the Brest Virtualization Tools software package, the ALD Pro centralized cluster management tool, the DCImanager equipment monitoring system and RuBackup backup tools. The software of the Astra Group allows not only to deploy large high-load systems, but also to provide the maximum level of security that is relevant for customers who work with confidential information of varying degrees of secrecy. Read more here.

2022

Russian virtualization. Review of 15 developers of domestic products

The TAdviser analytical center studied who is on the Russian virtualization market, analyzed the functional and integration capabilities of products, and assessed the experience of development companies. Among the companies and products studied are ASTRA Group of Companies (Brest products, Termidesk, VMmanager). Read more about the research here.

As part of the Step Logic solution for creating a geo-distributed virtualization cluster

On September 19, 2022, the company STEP LOGIC Disaster Recovery Cluster Development and Laboratory Testing virtualizations announced completion based on and. domestic software hardware More. here

Availability in# CloudMTS

GK Aster"" cloudy provider and#CloudMTS 7 September 2022 announced cooperation, within the framework of which they plan to provide in the cloud demanded services based on domestic software Astra GK, including the Brest Funds complex virtualizations. More. here

As part of a cloud platform based on the Russian software of the Astra Group and MasterCloud solutions

Astra Group of Companies and Mastertel on August 23, 2022 announced that they had entered into a partnership agreement with the aim of creating and developing a cloud platform for the provision of services IaaS and. The SaaS Russian developer's stack also included a set of virtualizations Brest tools. More. here

2021

Compatibility with "Aerodisk Vostok"

On November 9, 2021, the Astra Linux GC announced that, together with Aerodisk, the compatibility of the Aerodisk Vostok data storage system (DSS) and the Brest virtualization software package was confirmed. Read more here.

As part of the PAC for creating VDI

Astra Linux Group of Companies on June 15, 2021 announced that, together with Delta Solutions Group of Companies, on the basis of their own products, they have developed a completely domestic software and hardware complex (PAC) for the deployment of virtual workplace infrastructures. The software base for it is the Astra Linux family OS, PC "Brest Virtualization Tools." Read more here.

2020

PK SV "Brest" 2.5

On July 15, 2020, Astra Linux GC announced the release of a large-scale update to the Astra Linux virtualization system. The key change is the integration in a single Astra Linux Special Edition OS solution with built-in certified IPS, an updated version of the Brest 2.5 PC virtualization management system and the Brest. VDI extension for creating and administering virtual desktop infrastructures with remote access in any, including secure, information systems.

PK SV "Brest"

According to the company, the comprehensive solution allows you to create and administer virtual IT structures of any complexity using the entire spectrum of IPS from the Astra Linux Special Edition OS and ensures the operation of virtual machines in conditions of discretionary and mandatory access control. Virtualization system-based tasks include centralized cluster management, scaling and resiliency, migrating running virtual machines between nodes, creating machine groups from templates, deploying secure virtual desktop infrastructures (VDIs), virtualizing networks, storage, and building secure cloud solutions.

The updated version of the Brest PC supports FreeIPA for centralized setting of access and audit policies, as well as user identification management. The administration of their accounts has become more convenient due to the use of the group-merging mechanism. Flexible load balancing has improved virtual machine availability and infrastructure resiliency. Machine migration between nodes or clusters automatically starts when the host load increases. The mechanism implemented in the update for automatic transfer to 127 integrity level ensured the security of the system. For the convenience of working with pools of virtual machines, a widget has been added and the mechanism for selecting templates for their creation has been rebuilt. The process of mass changing machine settings has been simplified: all options saved in the template are now inherited. In the updated version of the software complex, the speed of creating virtual infrastructures has increased due to the automatic configuration of PostgreSQL during the initial deployment of the cluster.

The updated Brest PC has a dynamic web interface that adapts to the width and resolution of the monitor, and it is now possible to check whether the virtual machine is connected to the console through the interface for managing their state. In addition, the update implements UEFI support in OpenNebula and a smaller installation image of the system.

The BrestVDI extension makes it possible to create virtual workplaces, modify them, clone them, etc. The Brest.VDI.Center connection broker (manager), which is part of it, is used to start, stop, configure virtual machines, monitor their status, authorize users, etc. Specialized agents can be installed in the environment of any OS and ensure the operational interaction of virtual machines with the broker. Brest.VDI also allows you to organize secure remote operation of users due to the presence of clients for remote connection. The Astra Linux virtualization system is included in the "Unified Register of Russian Programs for Electronic Computers and Databases" of the Ministry of Communications, complies with regulatory requirements and is certified by the Ministry of Defense of Russia. The product is not subject to mandatory FSTEC certification, since it contains IPS from the Astra Linux Special Edition OS and there are no means of protection against unauthorized access.

As of July 2020, we are actively increasing functionality and have recently completed the development of its component - the Brest.VDI expansion. In all key parameters, our virtualization solution is comparable to foreign counterparts. told Ilya Sivtsev, CEO of Astra Linux GC

Obtaining a certificate from the Russian Ministry of Defense

On February 19, 2020, the Group of Companies Astra Linux announced the successful certification of virtualizations the Brest protected environment management software for requirements. information security Ministry of Defense of the Russian Federation Thus, PC "Brest" on the basis of operating system special purpose Astra Linux Special Edition is one of the first means of virtualization management that received an MO certificate for Russia use in the information systems of defense industry enterprises and other organizations of the department that process confidential information, including those constituting a secret state to the level of "top secret."

The Brest software complex implements the management of virtual infrastructures of any complexity using the full range of information protection tools of the Astra Linux Special Edition special-purpose operating system and ensures the operation of virtual machines in conditions of discretionary and mandatory access control.

The tasks solved by the Brest PC include centralized management of virtualization clusters, scaling and ensuring their fault tolerance, creating a secure desktop virtualization environment (VDI) and servers of the x86-64 architecture, virtualization of networks, storage, migration of working virtual machines between nodes of the virtualization cluster, group creation of virtual machines from templates, building secure cloud solutions.

{{quote 'author = comments Astra Linux Innovation Director Roman Mylitsyn' For us as a development company, Brest PC certification according to the information security requirements of the Russian Ministry of Defense is a landmark moment. We went to this for several years. For those customers who work with the state secret and whose IT infrastructures should be certified in the system of the Ministry of Defense of Russia, it was important to get a certified software product for virtualization management. Now the capabilities of such enterprises in terms of improving information systems will seriously expand, }}

For organizations whose information systems must meet the security requirements of FSTEC Russia, the Astra Linux GC has developed a second version of Brest with advanced functionality and operational updates. The software complex for managing the Brest virtualization environment has an optimal architecture, which was achieved by transferring information protection tools to the operating system level, so the software package itself does not need to be certified in the FSTEC of Russia.