Video Game Consoles in the Enterprise

—Video game consoles share many of the characteristics of an ideal device for use in enterprise deployments. In comparison to many desktop and notebook PCs available in the market, modern video game consoles are actually quite powerful and capa-ble. They provide an excellent user experience with simple and intuitive setup and operation. At the heart of the design of many modern video game consoles is security; they are remarkably resilient against very sophisticated hardware and software attacks. They are also rather cost-effective in comparison to modern PCs.

. Microsoft Xbox One X video game console [1].
Abstract-Video game consoles share many of the characteristics of an ideal device for use in enterprise deployments. In comparison to many desktop and notebook PCs available in the market, modern video game consoles are actually quite powerful and capable. They provide an excellent user experience with simple and intuitive setup and operation. At the heart of the design of many modern video game consoles is security; they are remarkably resilient against very sophisticated hardware and software attacks. They are also rather cost-effective in comparison to modern PCs.

I. INTRODUCTION
Video game consoles are ideal devices for enterprise deployments; they're powerful, versatile, easy to use, cost-effective, and extremely secure. The Microsoft Xbox One X, released in 2017, is an excellent example of a modern video game console which embodies many these attributes. The purpose of this paper is to describe the ideal characteristics of a device suitable for use in enterprise deployments and demonstrate how video game consoles are designed with these characteristics and traits in mind which, therefore, makes them an excellent fit. Throughout this paper the Xbox One X is used as an example of such a device but many of the points being made apply to almost all modern video game consoles.

II. PERFORMANCE
Relative to desktop and notebook PCs available at its time of release, the Xbox One X is quite powerful in comparison. Unsurprisingly, performance is critical when considering devices for use in the enterprise. It is fairly common for enterprise users to be working across multiple applications and contexts at once; high-performance devices aid user workflow and productivity.
The Xbox One X features a semi-custom system on a chip (SoC) developed in partnership with Microsoft and Advanced Micro Devices (AMD) [2]. The SoC is implemented using Taiwan Semiconductor Manufacturing Company's (TSMC) 16nm Fin Field-effect transistor (FinFET) Plus (16FF+) technology; it features a CPU composed of 8x 64-bit x86 cores operating at 2.3 GHz and a GPU composed of 40x compute units operating at 1.172 GHz. The SoC uses a unified memory pool, shared by both the CPU and the GPU, which consists of 12 GB of GDDR5 DRAM; the total memory bandwidth is 326.4 GB/s. The console supports HDMI 2.0b display output with highbandwidth digital content protection (HDCP) 2.2, 10-bit HDR, and a resolution of 3840 x 2160 at 60Hz. The GPU is further optimized for a version of Microsoft's DirectX 12 graphics API specific to the system.
For comparison, the Intel Core i5-8600T, an Intel eighth-generation desktop SoC released several months after the Xbox One X, features a CPU composed of 6x 64-bit x86 cores operating at a base frequency of 2.3 GHz and a GPU operating at 1.15GHz; this SoC is implemented using Intel's third-generation 14nm++ technology [3]. It supports HDMI display output with a resolution of 4096 x 2304 at 24Hz; it also supports the mainstream version of Microsoft's DirectX 12 graphics API.
It's important to understand that while these two SoCs differ drastically in regards to cost, intended use, process technology, thermal design power (TDP), instructions per cycle (IPC), and various other aspects of SoC and CPU and GPU design, the intent here is to highlight that the Xbox Series X is powerful and feature-rich in comparison to mainstream compute devices available at the time of its release.

III. USER EXPERIENCE
The Xbox One X provides an elegant and engaging experience for all ages and skill levels. This characteristic is ideal for enterprises because it enables all of its users to be functional and productive without requiring additional training, learning, etc.

A. Ease of use
Content (games) aside, the system is designed for both children and adults with limited experience or understanding of technology. Only two cables are required to use the system: power and HDMI (to connect it to a display). User input and haptic feedback is performed through an ergonomically designed controller; however, the system also supports traditional keyboard and mouse input [4]. System and software (game) updates and purchases are obtained through a single source, the Microsoft Store, which is tightly integrated into the system making it easy and intuitive to find, purchase, and download software.

B. Versatility
The system is also rather versatile. The console can support applications developed using the Universal Windows Platform (UWP) [5]. Aside from the obvious (games), this includes, but is not limited to, video streaming applications, music streaming applications, video conferencing applications, web browsers, and cloud storage applications. Enterprises have the ability to write their own custom internal UWP applications and independent software vendors (ISVs) can also develop and distribute UWP applications for public consumption.

IV. SECURITY
At the heart of the system's design is thoughtful and practical defense against a wide range of threats. Without question, security is paramount in enterprise contexts. It is common for users to access and store sensitive information which is crucial to the success and well-being of the organization and its stakeholders (e.g. employees, customers, clients, shareholders, etc.).

A. Identity and access management
Centralized identity and access management (IAM) is used throughout the entire ecosystem. Users of the system are required to authenticate using a Microsoft account; this identity is then used for access and privilege management. Identity is required to associate and maintain licenses for software (games and applications) and subscription services. It is also used to control communication and interaction with other users; access to user information (e.g. online status, currently running software, etc.) and interactions (e.g. text messages, voice messages, in-game chat, etc.) can be explicitly granted to or revoked from other users.

B. Patching and updates
The system is designed such that only fully patched and updated systems and software can access protected resources (Xbox LIVE, game servers, etc.) and interact with other compliant (patched and updated) systems and users.
Upon boot, the system attempts to connect to Xbox LIVE. Upon connection, it then checks for any system updates and prompts the user to download and install them. If the user chooses to skip/decline any pending updates or if a connection to Xbox LIVE cannot be made (for whatever reason), they can continue to use the system offline and use software (games) that is already installed. Very simply, the system will not allow a user to connect to Xbox LIVE (e.g. to play games, to chat with friends, etc.) unless the system is fully patched and updated.
If the system is fully patched and updated but the software (game) the user wishes to launch is not fully updated, the user is prompted to download and install any pending updates. If the user chooses to skip/decline any pending updates, they can continue to use the software offline; in other words, they cannot interact (play) with other users online using that software unless it is fully patched and updated.

C. Hardware security
The Xbox One X was designed to be remarkably resilient against various hardware and software attacks [6]. The entire business model of a modern video game console is centered around software sales, not hardware sales. They are designed around the premise that the end-user cannot be trusted; an end-user's motivation is to play games for free (piracy) and/or modify the game to achieve an unfair advantage over other players (cheat). Therefore, extreme measures must be taken to prevent physical attacks against the system. However, the end-user isn't the only untrusted entity. Quite literally, the only trusted entity of the entire Xbox One X system is the SoC itself; the internal storage, DRAM, optical drive, etc. are considered untrusted. Therefore, all information which leaves the SoC must be encrypted and all information which enters the SoC must be decrypted and integrity checked.
All data is stored in non-volatile memory using a format known as the Xbox Virtual Disk (XVD). As illustrated in Figure 2, all data is stored in an NT File System (NTFS) virtual disk and then encrypted and hashed (for both confidentiality and integrity); finally, the root digest of the hash tree is signed using Microsoft RSA (for integrity of the hash tree itself). The system SoC, illustrated in Figure 3, features a custom-designed element referred to as the Streaming Crypto Engine (SCE) which is able to decrypt information loaded from the internal storage as fast as it can be read from the underlying I/O bus (in the case of the Xbox One X, SATA III). Keys used to decrypt information are fed into the SCE through a dedicated hardware pin connecting it to the Crypto Engine inside of another customdesigned element within the SoC referred to as the Security Complex; this ensures that the keys are never exposed to software at any point in time. This Security Complex also closely monitors the system clock, voltage, temperature, and reset; these are commonly manipulated to attack a system.
One of the core tenets of the console's security design is defense in depth; in other words, an attacker must break through multiple layers of security. In addition to encrypting and integrity checking all information which passes through the SoC, the system uses a three-OS architecture [7] as illustrated in Figure 4. The Host Operating System (OS) contains all of the drivers and necessary components for interacting with and communicating with the underlying hardware. The Software OS contains the game or application that is running in the foreground. The System OS is responsible for everything outside of the software title itself such as networking communication and drawing any user interface elements outside of the soft-  ware. As illustrated in Figure 4, the majority of the system memory is allocated to the Software OS. The Hypervisor is responsible for enforcement of signed code. Using the stage-2 CPU MMU, it will verify that every page of memory which is marked for execution is signed by Microsoft; if it is not signed, it will not be executed. This architecture not only allows developers to create more engaging experiences, it further strengthens the overall security of the system by layering and separating software components.

V. COST
At release in 2017, the Xbox One X was sold for USD 499; the system included 1 TB of electromechanical internal storage and a controller. For comparison, the same USD 499 spent today can buy a Lenovo ThinkCentre M720q which includes 128 GB of solid-state internal storage, an Intel Pentium Gold G5400T SoC, and 4 GB of DDR4 DRAM [8]. Clearly, the console is rather competitively priced compared to modern PCs. However, the true cost of any hardware deployment in the enterprise extends far beyond the device itself. One must consider patching, maintenance, and management of the device throughout its entire lifecycle. Considering that patches and software are released and distributed directly through Microsoft via Xbox LIVE, there is less operational overhead for an enterprise which would otherwise have to build its own infrastructure to do so.

VI. CONCLUSION
The notion of using a video game console in the enterprise may seem laughable at first glance. However, as discussed, video game consoles actually embody many of the characteristics of an ideal device for use in the enterprise: high performance, excellent user experience, versatility, costeffective, and secure at its core. Technologies from video game consoles are already trickling into the enterprise. Security technologies found in some of the latest AMD CPUs such as Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) originated in the design of the Xbox One X [9]. Hypervisor-Protected Code Integrity (HVCI), a feature now generally available in Hyper-V for Windows, originated in the design of the hypervisor signed code enforcement technology previously discussed. Microsoft's recently announced Pluton security processor originated in the SoC previously discussed [10]. The Xbox One X is just one example; other modern consoles such as the Sony PlayStation 4 and the Nintendo Switch share the same characteristics. Recently released consoles such as the Microsoft Xbox Series X and S and the Sony PlayStation 5 carry these traits forward; performance has improved with adoption of NVM Express (NVMe) internal storage and semi-custom variants of AMD's Zen2 CPU cores and RDNA2 GPU cores while security has improved simply because threats (piracy and cheating) and attacks only become more advanced over time.