Azure Confidential Computing Blog articles

Azure Confidential Computing Blog articles

https://techcommunity.microsoft.com/t5/azure-confidential-computing/bg-p/AzureConfidentialComputingBlog

Azure Confidential Computing Blog articles

New milestones at Ignite 2022 for Azure confidential computing

Published

New milestones at Ignite 2022 for Azure confidential computing

Today we are pleased to announce six major milestones in the Azure confidential computing portfolio: 

  1. General availability of guest attestation for AMD EPYC™ SEV-SNP based confidential VMs 
  2. General availability of Azure Kubernetes Service (AKS) node pools using AMD EPYC™ SEV-SNP based confidential VMs 
  3. General availability of AMD EPYC™ SEV-SNP based confidential VMs for SQL Server on Azure Virtual Machines 
  4. Public preview of the Windows 11 desktop option running on AMD EPYC™ SEV-SNP based confidential VMs for Azure Virtual Desktop 
  5. Preview of the Azure Managed Confidential Consortium Framework 
  6. Preview of customizable firmware for AMD EPYC™ SEV-SNP based confidential VMs 

Confidential VMs and guest attestation 

The AMD Azure EPYC™ SEV-SNP DCasv5 and ECasv5-series confidential VM series provides a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities. These capabilities harden guest protections to deny the hypervisor and other host management code access to VM memory. This helps prevent operator access to data residing in the confidential VM. Customers can easily migrate their legacy workloads from on-premises environments to the cloud with minimal performance impact and without code changes by leveraging the new AMD-based confidential VMs. These confidential VMs also support added protections such as confidential OS disk encryption with a customer managed key, and integrations with Azure Managed HSM (Hardware Security Module) and Azure Key Vault. Customers can also use the free Microsoft Azure Attestation (MAA) service to verify the operating environment, and the root of trust based on the AMD CPU and the hardware Trusted Processor Module. 

Jeff_Birnbaum_0-1665534498322.png

Guest attestation is a new feature enabled for confidential VMs. Guest attestation allows for verifying the identity, trustworthiness and known secure configuration of the Trusted Execution Environment on which the guest VM is executing. Remote attestation artifacts (token and claims) received from another system (on a Confidential VM) can enable relying parties to gain trust to make transactions with the remote system. And with its interface with Microsoft Defender for Cloud, users can receive recommendations and alerts of unhealthy CVMs. To learn more about guest attestation, see the documentation and the blog post 

Jeff_Birnbaum_1-1665534498324.png

 

Confidential VM node pools on AKS 

Azure Kubernetes Service (AKS) node pools using confidential VMs has been in public preview since August 2022. This service allows users to run sensitive Kubernetes managed workloads on confidential VMs without the need to modify their applications. Today this service becomes generally available. To learn more, read the documentation and the blog post. 

Jeff_Birnbaum_2-1665534498326.png

 

Confidential VM option for SQL Server on Azure VMs 

SQL Server on Azure Virtual Machines lets users migrate their SQL Server instances to Azure and run them on the VM type of their choice. Running SQL Server on confidential VMs allows SQL Server users to migrate their most sensitive SQL database application to Azure without changes to their application or database schema, while protecting data when in use in memory. With Azure confidential VMs, you can also reinforce the protection of your data at rest (in database files) by enabling confidential OS disk encryption and encrypting data disks using BitLocker with keys stored on the OS disk. This makes the protected disk content accessible only to the VM. To learn more, read the documentation and the blog.

Jeff_Birnbaum_3-1665534498327.png

 

Azure Virtual Desktop (AVD) on confidential VMs 

Azure Virtual Desktop (AVD) lets users run Windows desktop on Azure and access it securely from any device running the AVD client. With the public preview of the Windows 11 desktop option running on confidential VMs, users can now run their sensitive desktop applications on Azure, with data always cryptographically protected. Read the documentation to learn more. 

Jeff_Birnbaum_4-1665534498328.png

 

Azure Managed Confidential Consortium Framework 

Finally, with the preview of Azure Managed Confidential Consortium Framework, we are offering a new Azure service that hosts the infrastructure for the open source Confidential Consortium Framework (CCF), simplifying the experience for developing and hosting CCF applications. CCF lets users create decentralized trust services on a confidential governed network. The framework decouples network and application governance from node provisioning and operation, making it possible for limited-access operators to maintain the infrastructure and ability to execute transactions without having access to their contents.  Network governance on the other hand, for example deciding what code to execute, is entirely driven by consortium members, is rules-based, programmable, and auditable to all participants through an immutable verifiable history ledger. Examples of decentralized trust stateful services that can be built on Azure Managed Confidential Consortium Framework include: banking consortium to share reference data about securities, payment provider run fraud detection algorithms to flag without revealing information, and many more. To learn more about the CCF, visit the new website, read the documentation. To learn more about Azure Managed Confidential Consortium Framework read the blog post. And sign up for the preview to try it for yourself. 

Jeff_Birnbaum_5-1665534498329.png

 

Confidential VMs with customizable firmware 

For organizations seeking more control over the confidential trust boundary, we have a preview of customizable firmware for confidential VMs. This reference implementation enables sophisticated customers to further minimize dependency on Azure services and UEFI-based firmware, by replacing it with a Linux kernel and runtime. Applications are reviewed on an ongoing basis, to help us shape future implementations of this program. 

 

Get started with Azure confidential computing now  

Customers of all sizes, across all industries, want to innovate, build, and securely operate their applications across multi-cloud, on-premises, and edge. Just as HTTPS has become pervasive for protecting data during internet web browsing, we believe that confidential computing will be a necessary ingredient for all computing infrastructure.  

Get started here: 

Continue to website...

More from Azure Confidential Computing Blog articles

General Availability: Azure Managed HSM Backup/Restore when Storage is Behind a Private Endpoint

General Availability: Azure Managed HSM Backup/Res ...

3m

Public Preview: Azure Managed HSM Backup/Restore when Storage Account is Behind a Private Endpoint

Public Preview: Azure Managed HSM Backup/Restore w ...

4m

General Availability: Managed HSM Networking Settings in Azure Portal

General Availability: Managed HSM Networking Setti ...

4m

New innovations in confidential computing from Azure at Ignite 2023

New innovations in confidential computing from Azu ...

5m

Announcing Azure confidential VMs with NVIDIA H100 Tensor Core GPUs in Preview

Announcing Azure confidential VMs with NVIDIA H100 ...

5m

Announcing the public preview of Azure confidential VMs with Intel TDX

Announcing the public preview of Azure confidentia ...

5m

Announcing: Microsoft moves $25 Billion in credit card transactions to Azure confidential computing

Announcing: Microsoft moves $25 Billion in credit ...

5m

What’s new: RHEL 9.3 support for AMD confidential VMs, temp disk encryption, new regions

What’s new: RHEL 9.3 support for AMD confidential ...

5m

O'Reilly Media report: Azure Confidential Computing and Zero Trust

O'Reilly Media report: Azure Confidential Computin ...

5m

Protecting Azure customers with the power of Azure confidential ledger

Protecting Azure customers with the power of Azure ...

5m

Related Posts

Azure SDK Release (April 2024)

Azure SDK Release (April 2024)

12h

Sneak peek at new Azure edge infrastructure

Sneak peek at new Azure edge infrastructure

1d

Power BI Azure Maps visual - reference layer & Power BI Embedded support

Power BI Azure Maps visual - reference layer & Pow ...

1d

Harnessing Innovation with Microsoft Azure Service ...

2d

Public Preview of Azure Arc Site Manager

Public Preview of Azure Arc Site Manager

2d

Sneak peek at new Azure edge infrastructure at Hannover Messe 2024

Sneak peek at new Azure edge infrastructure at Han ...

2d

Private Preview for External REST Endpoint Invocation with Azure SQL Managed Instance

Private Preview for External REST Endpoint Invocat ...

2d

Azure IaaS, Silk Platform, and Silk Instant Extracts: Relational Databases to Azure AI

Azure IaaS, Silk Platform, and Silk Instant Extrac ...

2d

Building a Custom AI Text Editor using Microsoft’s Azure OpenAI

Building a Custom AI Text Editor using Microsoft’s ...

2d

Azure Data Factory\ Synapse Analytics: Validate File\Folder before using!

Azure Data Factory\ Synapse Analytics: Validate F ...

3d