zStation

A Complete Re-Think

Beacen zStation is a fifth-generation, fully 64-bit Linux-based operating environment that represents a complete reimagining of the modern endpoint. Unlike traditional monolithic distributions, zStation is modular, intelligent, and policy-driven, capable of dynamically assembling itself at runtime. With a system footprint as small as 1/1000th the size of conventional Linux builds, zStation is, in essence, a computer smart enough to build itself.

This lightweight, highly optimized system runs entirely in volatile memory, with no reliance on local persistent storage, resulting in performance levels unreachable by systems executing from disk. The operating system is constructed on demand—booting only the necessary kernel objects and device drivers to support the detected hardware—while fully utilizing the endpoint’s local devices, including graphics and audio subsystems.

Stateless, Perishable, and Secure by Design:

zStation is a completely stateless platform. Each session is a brand-new instantiation of the operating environment, built fresh from policy and executed in RAM. The base system is read-only, eliminating traditional malware and ransomware attack surfaces.

This perishable computing model means that attack vectors dependent on persistent infection are nullified. Since endpoints are no longer a source of ingress, external threat exposure is significantly minimized. Internally, threats are mitigated via limited kernel access, strict policy enforcement, and detailed logging and auditing. Users are unable to execute unauthorized software, as their environment is dynamically constructed and cryptographically validated.

Disarming Threats:

• Attack vectors typically exploited by placing viruses or malware are gone. Because end points are no longer a source of ingress, external threats are drastically reduced and overall enterprise security enhanced.
• Internal threats are mitigated through limited access to underlying kernel, detailed auditing, and logging. End points are composed at runtime based on policy, thus end users are impaired from executing unapproved software on a zStation.

Cloud Computing & Internet of Things (IoT):.

The Beacen vSeries platform is not just for desktops, this advanced operating system technology is also applicable for cloud server and Internet of Things (IoT) implementations. zStation’s size, performance, security and dynamic provisioning make it ideal for IoT devices. Its development and deployment environment and architecture make it ideal for Continuous Integration Continuous Delivery (CICD) software development lifecycles. Enterprises can be guaranteed that the running versions of applications are completely consistent across all running instances enabling true elasticity across the cloud.

zStation Construction and Boot

The Diagram below depicts the order of operating elements installation. There are three phases of installation, with capability of the system improving each phase.

The boot phase provides core functionality. Modularity is key to zStation construction, with all required boot elements loosely coupled modules dynamically fused to form the running image. Starting with the requisite boot loader, kernel and root image comprise a base system.

Once the base system is booted, an inventory of all hardware present is compiled. A request is sent to the vServer policy engine to provide the required Platform Modules (PM) required for that endpoint. This is the beginning of the Device Determination Phase. vServer first identifies and packages required device drivers for the hardware platform, shipping them to the endpoint via our secure encrypted protocol. zStation installs the device drivers and performs any required kernel reconfiguration.

The balance of PMs are grouped into Graphics Engine, Window Manager, Desktop Experience, and Audio Modules. These modules can be defined by device type and/or Peer Group, providing end users with a specialized system customized for the device they are using. Only required device drivers and associated software are present. The resulting system knows exactly what software is present and what should be executing at every step of the boot process.

Graphics engine modules provide foundational graphics software, permitting administrator selection of type and version. These modules also fuse any specific configuration requirements obtained from the device modules. Window Manager modules define user interaction with the system. Desktop and tablet (touch-screen) systems have different requirements, so decoupling the window manger allows dynamic delivery accommodation for the system in use. Desktop Experience modules provide the user interface, and can be tailored to both device and application.

It is at this point the end user is prompted with a login screen, beginning the Identity Determination Phase. From this point forward, all system elements are delivered based on user identity and location. The user session is executed within a secure container, with user identity in fact only known to the vServer Policy Engine. It is completely transparent to local zStation kernel.