Bromium Secure Platform

XenServer supports Bromium Secure Platform on Windows VMs. This feature protects your enterprise from breaches and enables users to perform any operations without compromising security.


The minimum supported Bromium version is 4.0.4.

Using this feature, you can:

  • Protect your enterprise against known and unknown threats.

  • Detect and monitor threat activity as it happens.

  • Respond to a visualization of the attack and view the remedial measures taken.

Compatibility requirements and caveats

XenServer supports Bromium on:

  • CPU: Intel Core i3, i5, i7 v3 (Haswell) or later with Intel Virtualization Technology (Intel VT) and Extended Page Tables (EPT) enabled in the system BIOS.

    AMD CPUs are not supported.

  • VMs: Windows 8.1 (64-bit) and Windows 10 (64-bit).

  • VM resources: At least 2 vCPUs, 4 GB RAM and 32 GB disk space.

For VMs that are running Bromium, XenServer does not support and prevents the use of the following features:

  • Any form of VM motion (for example: live migration, storage live migration).

  • Use of Dynamic Memory Control (DMC).


It is possible to use PCI pass-through and vGPU for a VM that has enabled nested virtualization. However, XenServer does not support such configurations.


Bromium Secure Platform uses nested virtualization support. XenServer supports this feature for use with Bromium Secure Platform only. Nested virtualization is not supported for other use cases. To use this feature, you must run XenServer Premium Edition or have access to XenServer through a Citrix Virtual Apps and Desktops entitlement or Citrix DaaS entitlement.


To prepare your XenServer system for use with Bromium Secure Platform, perform the following steps:

  1. On each host, force the use of software VMCS shadowing by running the following command at the command prompt:

    /opt/xensource/libexec/xen-cmdline --set-xen force_software_vmcs_shadow
  2. Restart the host.

  3. On each VM, enable nested-virtualized support using the following commands:

    VM=`xe vm-list name-label='<vm_name>' --minimal`
    xe vm-param-set uuid=$VM platform:nested-virt=1


    For Citrix Virtual Desktops, use the gold image for nested virtualization.

  4. Install Bromium Secure Platform in the VM by following its installation instructions.

Bromium Secure Platform