IBM's Research Labs say they've figured out a way to embed what they call "Fort Knox-like" mainframe-like security directly into virtualization and management software that are already deployed inside data centers.

They call the stuff sHype (okay, who named this one?) and describe it as a secure hypervisor that runs in conjunction with commercial and open source hypervisors and throws a security "wrapper" around distributed workloads in heterogeneous x86 and blade environments.

IBM intends to extend sHype beyond x86 hardware.

Evidently parts of sHype have already been contributed to the open source community and are being used in Xen for its mandatory access control (MAC) widgetry, which gives Xen a unified security framework for Windows and Linux virtualization.

It's also working with industry groups to standardize sHype.

sHype works by establishing a virtual machine that IBM says acts like a data center "security foreman" and uses user-set policies to lock down the data center's contents. It automatically sets policies that evaluate, rank and code workloads as well as the physical and virtual resources needed to run each workload and once they're loaded together, IBM says, "the integrity of the data and resources is assured and can be better managed by the hypervisors."

Meanwhile, IBM has scaled up the number of virtual machines its mainframes can support and claims that one copy of the new z/VM 5.3 can host more than 1,000 virtual images, eliminating the need to spread large VM-based workloads across multiple copies of z/VM. It can also support 32 processors, up from 22.

Naturally IBM sees the facility being used for Linux.

The 5.3 rev is due out the end of June.