Loading...

Announcing the public preview of Azure confidential VMs with Intel TDX

Announcing the public preview of Azure confidential VMs with Intel TDX

Microsoft is excited to announce the public preview of DCesv5 and ECesv5-series confidential VMs, coming December 2023. These VMs are powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX) and enable organizations to bring confidential workloads to the cloud without code changes to applications.

 

Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing.

 

 

With this release, we’ve integrated support for integrity features such as boot-time attestation and confidential disk encryption with enterprise key management options for PMK (platform-managed key) and CMK (customer-managed key) using Managed HSM with FIPS 140-2 Level 3 validation. For organizations wanting further separation of duties from the cloud service provider, we’re introducing a new ephemeral vTPM capability and disk integrity tooling which allows third parties to have flexibility and use custom key management, attestation, and disk protection solutions. 

 

Expanding partnerships with confidential computing partners

 

We continue to partner across the Confidential Computing Consortium to offer the best Linux experience. Canonical Ubuntu Server 22.04 LTS is available today with support for Full Disk Encryption, both SUSE Linux Enterprise Server and Red Hat Enterprise Linux are coming soon. We’ve also released Windows support for these VMs starting with Windows Server 2019, 2022 and Windows 11. This offering provides the broadest support for remote attestation solutions with native integration of Microsoft Azure Attestation, and support of Intel® Trust Authority for enterprises seeking operator independent attestation.

 

TDX-PartnerQuotes.png

 

Enabling confidentiality across a broad range of compute and memory optimized workloads

 

Through the gated preview, we continued to enhance performance with our Intel partnership. These new virtual machines are up to 20% faster than 3rd Gen Intel Xeon virtual machines, and we expect performance for I/O intensive workloads to continue to improve as the technology matures.

 

The DCesv5 and DCedsv5-series VMs are designed to offer a balance of memory to vCPU ratio, with up to 96 vCPUs and 384 GiB of memory. The ECesv5 and ECedsv5-series VMs are designed to offer an even higher memory to vCPU ratio, with up to 128 vCPUs and 768 GiB of memory. Both families support remote disks and up to 2.8 TB of local disk storage.

 

These VM families are designed to support a wide range of general computing workloads, such as load balancers, e-commerce systems, web front ends and desktop virtualization solutions. They’re also ideal for memory-intensive, large relational database servers, business intelligence systems, and other critical applications that process sensitive data.

 

Getting Started

  • You can start deployments from December 1st in Europe West, Europe North, Central US, and East US 2.

 

Helpful Links

Published on:

Learn more
Azure Confidential Computing Blog articles
Azure Confidential Computing Blog articles

Azure Confidential Computing Blog articles

Share post:

Related posts

Code AI apps on Azure - Python, Prompty & Visual Studio

Build your own custom applications with Azure AI right from your code. With Azure AI, leverage over 1,700 models, seamlessly integrating them ...

12 hours ago

Network Connectivity for RISE with SAP S/4HANA Cloud Private Edition on Azure

In this article, we will explore different ways to connect to RISE with SAP S/4HANA Cloud Private Edition deployment on Azure, guiding yo...

17 hours ago

Azure Landing Zones - Policy Refresh Q1 FY25

ALZ - Policy Refresh Q1 FY25 is here! As you may be aware, the ALZ team release cadence is now on quarterly basis to help customers and partne...

21 hours ago

Debug Queries More Efficiently with the Improved Error Messaging in Azure Cosmos DB Data Explorer

Azure Cosmos DB Data Explorer is a web-based tool available in the Azure Portal that allows you to manage data, as well as track and fix issue...

23 hours ago

Meet the Winners | Microsoft Developers Azure AI & Azure Cosmos DB Learning Hackathon

Azure Cosmos DB powers some of the world’s most popular intelligent apps like ChatGPT. In a recent hackathon, Over 9,500 developers engaged wi...

1 day ago

Introducing RBAC Authentication and more for the Azure Cosmos DB Integrated Cache

We’re excited to announce new features for the Azure Cosmos DB! The integrated cache is built into the dedicated gateway, and now there’s new ...

1 day ago

Microsoft DiskANN in Azure Cosmos DB Whitepaper

We are excited to publish a new whitepaper titled, Microsoft DiskANN in Azure Cosmos DB, where we examine the impressive capabilities of Micro...

1 day ago

Announcing Private Preview: VS Code Extension of vCore-based Azure Cosmos DB for MongoDB

Overview We’re excited to introduce a new VS Code extension for vCore-based Azure Cosmos DB for MongoDB ! This tool allows users to conn...

1 day ago

Azure Communication Services September 2024 Feature Updates

The Azure Communication Services team is excited to share several new product and feature updates released in August 2024. (You can view previ...

1 day ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy