Microsoft Azure DCsv3 and DCdsv3 virtual machines are now generally available

Security and privacy are critically important when storing and processing sensitive information in the cloud, from payment transactions to financial records, personal health data, and more. 

DC-series virtual machines are unique as they offer support for Intel Software Guard Extensions (Intel® SGX). These virtual machines enable customers to define a private memory region (application enclave), where other processes are prevented from reading the data while it is being processing in the central processing unit (CPU), thus protecting data from the operating system, hypervisor, and even from cloud operators.

Today, we are announcing the general availability of DCsv3 and DCdsv3-series Azure Virtual Machines. Customers can now run large workloads while protecting the confidentiality and integrity of their data even while it is being processed. As containers becoming de facto for customers to run their applications, Azure Kubernetes Service (AKS) with Intel® SGX add-on AKS is also generally available (GA) supporting in all DCsv3 regions.

DCsv3 and DCdsv3 VMs are built on 3^rd Generation Intel® Xeon Scalable processors bringing in exciting new capabilities for customers. When compared to second generation Intel® Xeon E-2288G processors, the size of the Enclave Page Cache (EPC) memory has increased 1500 times, regular memory has increased 12 times and CPU cores have increased by 6x enabling larger workloads while maintaining data confidentiality.

With this generation, we are enabling customers to encrypt their virtual machine with unique key using Intel® Total Memory Encryption - Multi Key (TME-MK), which enables always-on encryption and provides protection against tenants on the same node. Leveraging both, customers using Intel SGX get confidential computing in application enclaves and additional protection for all software in their VMs.

Customer use cases

Multi-party data analytics

With an exponential growth of datasets and the desire to share data between multiple parties, organizations need to meet consumer data privacy and compliance requirements, particularly in heavily regulated industries such as healthcare.

Now, with DC-series virtual machines that are generally available today as part of the Azure confidential computing (ACC) portfolio will help organizations to meet their privacy and security needs and health care industry regulations like such as HIPAA and GDPR. For example, BeeKeeperAI on Microsoft Azure leverages DC-series virtual machines to create application enclaves enabling researchers and healthcare organizations to run analytics on a combined data set while maintaining confidentiality of the code and the data.

The platform will provide a “zero trust” environment to protect both the intellectual property of an algorithm and the privacy of healthcare data. Using Fortanix Enclave Manager for orchestration of Intel’s SGX secure enclaves on Azure confidential computing infrastructure with Azure Kubernetes Service (AKS), and CDHI’s proprietary BeeKeeperAI data access, transformation, and orchestration workflows, the platform will reduce the time and cost of developing clinical algorithms.   Michael Blum, CEO and Co-founder, BeeKeeperAI

Secure blockchain

In the financial industry, Azure confidential computing is increasingly being used as a platform for secure blockchain solutions. One such partner leveraging Azure is Fireblocks.

Some of the biggest cryptocurrency businesses, financial institutions, and enterprises in the world trust Fireblocks software and APIs to custody, manage treasury operations, access DeFi, mint and burn tokens, and manage their digital asset operations. We leverage Azure to hold one of the keys to our wallets due to Azure’s Confidential Computing and Intel SGX technology. With the ability to protect next-generation cryptographic algorithms such as MPC and zero-knowledge proofs, Azure is our solution of choice as we serve over 1,200 financial institutions and secure over $2.5 trillion and counting in digital asset transfers.   Michael Shaulov, CEO and Co-founder, Fireblocks

Get started with DCsv3 today

To deploy DCsv3 and DCdsv3 virtual machines using Azure portal, check out the quick start guide available here. Additionally, a getting started guide to deploy an Azure Kubernetes service (AKS) cluster with DCsv3 VM nodes is available here.

DCsv3 and DCdsv3 are now available in:

• Australia: Australia East
• Asia: Southeast Asia, Japan East
• Europe: West Europe, North Europe, Switzerland North
• North America: East US2, Central US, South Central US, West US

For latest information on region availability, please refer to Azure Products by Region. To learn about Azure confidential computing, Intel SGX and DCsv3 VMs, please refer below links

• Azure Confidential Computing – Protect Data In Use | Microsoft Azure
• Intel® Software Guard Extensions (Intel® SGX)
• DCsv3 and DCdsv3-series - Azure Virtual Machines | Microsoft Docs
• Confidential computing Intel SGX nodes on Azure Kubernetes Service (AKS) | Microsoft Docs
• Big data analytics on confidential computing - Azure Example Scenarios | Microsoft Docs
• QuickStart - Create Intel SGX VM in the Azure Portal | Microsoft Docs
• Azure Confidential Computing FAQ | Microsoft Docs