Microsoft Confidential Compute Updates - Q2 2023
Within this blog, We want to give an overview of all the feature in Q2 2023 that becomes available in General Availability and/or Technical Preview by Microsoft. This information can be found at Microsoft Azure Updates and Azure Confidential Computing Blog.
Features are now supported by Microsoft (GA):
- [General available] Confidential containers on Azure Container Instances (ACI)
Confidential containers on Azure Container Instances (ACI), now generally available, enables you to run containers in a trusted execution environment (TEE) that provides hardware-based confidentiality and integrity protections for your container workloads while in use in memory. Confidential containers on ACI is supported as a new SKU that you can select when deploying your workload and will provide you with the following benefits for workloads processing highly sensitive data:- Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- In-memory encryption of data with a hardware based dedicated key per container group helping to guard against attacks from a malicious OS, or Hypervisor components;
- Support for remote attestation to enable a relying party to verify that a service is running in a TEE before processing any sensitive data. As part of confidential containers on ACI, an agent will validate the authenticity of the hardware and application components which can be verified through a remote attestation service before any sensitive data is released to the TEE.
For more information, read the blog announcement and the documentation.
Features are not yet supported by Microsoft (GA)
- [Public Preview] Confidential Virtual Machines (VM) support in Azure Virtual Desktop
Azure Confidential Virtual Machines (VMs) support in Azure Virtual Desktop is in public preview. Confidential Virtual Machines increase data privacy and security by protecting data in use. The Azure DCasv5 and ECasv5 confidential VM series provide a hardware-based Trusted Execution Environment (TEE) that features AMD SEV-SNP security capabilities, which harden guest protections to deny the hypervisor and other host management code access to VM memory and state, and that is designed to protect against operator access and encrypts data in use. With this preview, support for Windows 11 22H2 has been added to Confidential Virtual Machines. For more information, read the blog announcement and the documentation. - [Public Preview] AMD Confidential VM option for Azure Databricks
Azure Databricks customers can now specify AMD-based confidential VMs for their Azure Databricks cluster driver node and cluster worker nodes. Azure AMD-based confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use, in memory, is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators. This will help customers analyze more sensitive data on Azure Databricks. For more information, read the blog announcement and the documentation. - [Public Preview] Red Hat Enterprise Linux (RHEL) 9.2 support for AMD confidential VMs
Azure customers can now specify the RHEL 9.2 Technical Preview image as the guest OS for their AMD-based confidential VMs. This ensures any sensitive data processed by their RHEL guest OS is protected in use, in memory. Azure AMD-based confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use, in memory, is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators. These features are included with all Azure confidential VMs:- Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- In-memory encryption of data with a hardware based dedicated key per container group helping to guard against attacks from a malicious OS, or Hypervisor components;
- Support for remote attestation to enable a relying party to verify that a service is running in a TEE before processing any sensitive data.
For more information, read the blog announcement post.
- [Public Preview] AMD confidential VM option for Azure Data Explorer (ADX)
Azure Data Explorer (ADX) customers can now specify an AMD-based confidential VM SKU for their ADX cluster nodes. Azure AMD-based confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use, in memory, is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators. This will help customers analyze more sensitive data on ADX. For more information, read the blog announcement and the documentation. - [Public Preview] Azure Backup support for confidential VMs using Customer Managed Keys
Azure Backup now supports the backup of confidential VMs having confidential OS disk encryption using Customer Managed Keys. This support is in Private Preview and is available only for subscriptions that are in the allowlist. You can sign up for the preview to enrol your subscription using the sign-up form. Please note: Microsoft have already announced the Limited Preview of Azure Backup support for Confidential VMs using Platform Managed Keys. Feature details:- Backup is supported in all regions where confidential VMs are currently available;
- Backup of confidential VMs is only supported using Enhanced Policy;
- Item-level restore, Cross-region restore, and Cross-subscription restore are unsupported. Original Location Restore, Alternative-Location Restore, Restore Disks, and Cross Zonal Restores are supported;
- Restore is also supported in scenarios if customer accidentally loses / deletes customer managed key or key vault or disk encryption set used for encrypting confidential VM OS disk;
- Key rotation for Customer Manager Key used for Confidential VM is not supported.
- [Public Preview] Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX
Today, Microsoft is excited to announce the expansion of our Confidential VM family with the launch of the DCesv5-series and ECesv5-series in preview. Featuring 4th Gen Intel® Xeon® Scalable processors, these VMs are backed by an all-new hardware-based Trusted Execution Environment called Intel® Trust Domain Extensions (TDX). Organizations can use these VMs to seamlessly bring confidential workloads to the cloud without any code changes to their applications. At Azure, Microsoft strives to ensure your data is always under your control with the most-comprehensive enterprise compliance and security safeguards. Intel TDX helps harden the virtualized environment to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access. Intel TDX helps assure workload integrity and confidentiality by mitigating a wide range of software and hardware attacks, including intrusion or inspection by software running in other VMs. Confidential virtual machines support a broad range of workloads:- DCesv5 series offers up to 96 vCPUs and range between 4 GiBs of memory, up to 384 GiBs;
- ECesv5 series offers up to 64 vCPUs and range between 8 GiBs of memory, up to 512 GiBs.