Microsoft Confidential Compute Updates - Q4 2023
Within this blog, We want to give an overview of all the feature in Q4 2023 that becomes available in General Availability and/or Technical Preview by Microsoft. This information can be found at Microsoft Azure Updates and Azure Confidential Computing Blog.
Features are now supported by Microsoft (GA):
- [General available] Encryption with customer-managed keys in Azure Health Data Services
Data stored in Azure Health Data Services is automatically and seamlessly encrypted with service-managed keys managed by Microsoft. You can now enable data encryption with customer-managed keys (CMK) for new and existing FHIR® and DICOM® services, providing your organization with improved flexibility to manage access controls. Data encryption with customer-managed keys for Azure Health Data Services enables you to bring your own key to protect and control access to the key that encrypts your organization’s data at rest. It also allows organizations to implement separation of duties in the management of keys and data. Additionally, you can centrally manage and organize keys using Azure Key Vault. With customer-managed encryption, you're responsible for and in full control of a key's lifecycle, key usage permissions, and auditing operations. To learn more: - [General available] AMD confidential VM option for Azure Databricks
Microsoft is announcing the general availability of the AMD confidential VM option for Azure Databricks. This option lets users of Azure Databricks specify DCasv5 or ECasv5 series VMs for their Azure Databricks cluster driver node and worker nodes. These confidential VMs are designed to offer a hardware-based trusted execution environment (TEE) leveraging AMD Secure Encrypted Virtualization (SEV) - Secure Nested Paging (SNP) technology. This hardens guest protections to help deny the hypervisor and other host management code access to VM memory and state and can help protect against operator access. Keys used for VM memory encryption are generated by a dedicated secure processor inside of the AMD CPU and cannot be read from software. Confidential VMs for Azure Databricks are available in these regions:- North America: West US, East US;
- Europe: North Europe, West Europe, Switzerland North, Italy North;
- Asia: Southeast Asia, Central India, East Asia, Japan East.
For the most up-to-date information on regional availability, visit the Azure Global infrastructure site. To learn more, read the announcement blog and the documentation.
- North America: West US, East US;
- [General available] AMD confidential VMs in new regions for November 2023
Azure AMD-based confidential VMs (DCadsv5-series, DCasv5-series, ECadsv5-series, and ECasv5-series) are now generally available in the Italy North, Germany West Central, and UAE North regions. This brings these confidential VM SKUs to a total of 12 regions worldwide:- North America: East US, West US;
- EMEA: Switzerland North, Italy North, North Europe, West Europe, Germany West Central, UAE North;
- Asia: Japan East, Central India, East Asia, Southeast Asia.
These confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use, in memory, is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators. These features are included with all Azure confidential VMs: - Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- In-memory encryption of data with a hardware based dedicated key per VM helping to guard against attacks from a malicious OS, or Hypervisor components;
- Support for remote attestation to enable a relying party to verify that a service is running in a TEE before processing any sensitive data.
To learn more about confidential VMs, click here. To check the latest regional availability of these VMs visit the Products available by region page for virtual machines.
- North America: East US, West US;
- [General available] Azure SQL Database Always Encrypted with virtualization-based security (VBS) enclaves
Always Encrypted is a family of industry-leading data protection features that provide a separation between those who own the data and can view it, and those who manage the data but should have no access. Until now, Always Encrypted with secure enclaves in Azure SQL Database relied on a hardware solution, Intel Software Guard Extensions (SGX) hardware enclaves. With the release of Azure SQL Database Always Encrypted with virtualization-based security (VBS) this dependency is removed. Unlike Intel SGX, virtualization-based security (VBS) is a software-based solution with no hardware dependency. This allows you to bring the benefits of Always Encrypted with secure enclaves to all Azure SQL Database offerings. You can use the feature with a compute tier (provisioned or serverless), a purchasing model (vCore or DTU), a compute size (currently, up to 128 vCores), and a region that best matches your workload requirements. And, since VBS enclaves are available in existing hardware offerings, they come with no extra cost.
Features are not yet supported by Microsoft (GA)
- [Public Preview] Intel TDX based confidential VMs now available in the Azure portal, Azure CLI and ARM templates
Today, we are announcing the availability of the DCesv5 and ECesv5-series confidential virtual machines (VMs) in the Azure portal and via the CLI and ARM templates. These VMs are powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX) and enable organizations to bring confidential workloads to the cloud without code changes to applications. You can start deployments in December in Europe West, Europe North, Central US and East US 2. Helpfull links: - [Public Preview] New Basic SKU functionality for Azure confidential ledger
Azure confidential ledger is launching a Basic SKU to serve customers of other Azure products needing higher integrity protection. The Basic SKU will have limited transactions per second compared to the Standard SKU. It is ideal for cases where periodic hash digests are sent to the Azure confidential ledger for advanced integrity protection of your main data source. The Basic SKU will be free of charge for the duration of the gated preview.
To learn more, read the blog announcement. - [Public Preview] Announcing the preview of Azure Managed Confidential Consortium Framework
Customers can now build and host decentralized governance applications in an Azure hosted, managed environment with the infrastructure of Azure confidential computing underneath. These decentralized applications leverage the Confidential Consortium Framework’s principles: decoupling the transaction computations, executed within Trusted Execution Environments (TEEs), from the framework governance. Such an architecture allows for the set of nodes executing the transactions to do so without access to the contents and are ideal for building applications with programmable confidentiality on data and information that might be needed between multiple parties. The product has applicable scenarios in financial services, banking, healthcare and other regulated industries.
To learn more, read the blog announcement. - [Public Preview] Azure confidential VMs with NVIDIA H100 Tensor Core GPUs
Microsoft is announcing the preview of Azure confidential VMs with NVIDIA H100 Tensor Core GPUs and inviting customers to sign up. This NCC H100 v5 VM SKU is based on AMD 4th Gen EPYC processors with SEV-SNP technology paired with NVIDIA H100 Tensor Core GPUs. These VMs allow Azure customers to migrate their most sensitive GPU intensive workloads to Azure with minimal performance impact and without code changes. These NCC H100 v5 VM SKUs provides a hardware-based TEE that enhances guest protection against potential access by the hypervisor and other host management code to VM memory and state, thereby safeguarding against unauthorized operator access. Customers can initiate attestation requests inside these VMs to verify that the VMs are running a properly configured TEE before releasing keys and launching sensitive applications.
To learn more, read the blog announcement. - [Public Preview] Confidential temp disk encryption for confidential VMs
Microsoft is announcing the public preview of confidential temp disk encryption for confidential VMs. Until recently, confidential encryption has only been available for OS disks. It binds the disk encryption keys to the virtual machine’s TPM (Trusted Platform Module) and makes the disk content accessible only to the VM. With this release, Microsoft now allow encryption of the temp disk using in-VM symmetric key encryption technology after the disk is attached to the confidential VM (CVM). Most CVMs contain a temp disk, which is not a managed disk. The temp disk provides fast, local, and short-term storage for applications and processes. It is intended to only store data such as page files, log files, cached data, and other types of temporary data. This feature is not enabled by default but can be enabled through an opt-in process. The pre-requisites are that the OS disk needs to be confidentially encrypted and the Azure Disk Encryption (ADE) extension needs to be installed to encrypt the temp disk.
To learn more, read the blog announcement. - [Public Preview] Confidential containers on Azure Kubernetes Service (AKS)
Confidential containers on Azure Kubernetes Service (AKS), leveraging the Kata confidential containers open-source project, is now in public preview. It enables you to run individual pods in their own trusted execution environment (TEE) with hardware-based confidentiality and integrity protections for your container workloads while in use in memory. Confidential containers on AKS is supported as a new SKU that you can select when deploying your workload and will provide you with the following benefits for workloads processing highly sensitive data:- Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- In-memory encryption of data with a hardware based dedicated key per container group helping to guard against attacks from malicious OS or hypervisor components, and even your own tenant administrators;
- Support for remote attestation to enable a relying party to verify that a service is running in a TEE before processing any sensitive data. As part of confidential containers on AKS, an agent will validate the authenticity of the hardware and application components which can be verified through a remote attestation service before any sensitive data is released to the TEE.
To learn more, read the blog announcement.
- Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- [Public Preview] New Marketplace app for Storage customers and feature enhancements to portal for Azure confidential ledger
Azure storage customers will now be able to use an Azure confidential ledger Marketplace application to further protect their blob data. Data signatures from blob can be harvested and stored in a confidential ledger for tamper protection. At a later point in time and to demonstrate tamper proofness for compliance and auditing purposes, signatures can be recalculated and validated against the signature in Azure confidential ledger. Next, the Azure confidential ledger Portal experience has been improved with a new Ledger Explorer feature that allows observing transactions and validating the cryptographic proofs of ledger transactions. The multi-admin delete upcoming feature will allow deleting ledgers only with approval from multiple administrators, compared to a single administrator requested delete today. To learn more, read the blog announcement. - [Public Preview] Disk Integrity Tool for confidential VMs in Azure
Microsoft is announcing the preview of the disk integrity tool for confidential VMs. The disk integrity tool is built on top of the existing confidential VM flow and enables you to measure and attest that your OS disk is launched as expected. This tooling comes as an Azure CLI extension, that organizations can install in their own trusted environment, run a few simple commands, and integrity protect the root/system partition of their disk. After the confidential VM boots with the integrity protected disk, users can cryptographically attest that OS disk's root/system partition contents are secure and as expected before processing any confidential workloads. This helps to complete the attestation story from the hardware layer to the application layer in a confidential VM. To learn more, click here. - [Public Preview] Red Hat Enterprise Linux (RHEL) 9.3 support for AMD-based confidential VMs
Azure customers can now specify the RHEL 9.3 image as the guest OS for their AMD-based confidential VMs. This helps ensure sensitive data processed by their RHEL guest OS is protected in use, in memory. Azure AMD-based confidential VMs provide a strong, hardware-enforced boundary that hardens the protection of the guest OS against host operator access and other Azure tenants. These VMs are designed to help ensure that data in use, in memory, is protected from unauthorized users using encryption keys generated by the underlying chipset and inaccessible to Azure operators. These features are included with all Azure confidential VMs:- Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- In-memory encryption of data with a hardware based dedicated key per VM helping to guard against attacks from a malicious OS, or Hypervisor components;
- Support for remote attestation to enable a relying party to verify that a service is running in a TEE before processing any sensitive data.
To learn more, read the blog blog announcement.
- Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries;
- [Public Preview] Announcing the public preview of Azure confidential VMs with Intel TDX
Microsoft is excited to announce the public preview of DCesv5 and ECesv5-series confidential VMs, coming December 2023. These VMs are powered by 4th Gen Intel® Xeon® Scalable processors with Intel® Trust Domain Extensions (Intel® TDX) and enable organizations to bring confidential workloads to the cloud without code changes to applications. Confidential VMs are designed for tenants with high security and confidentiality requirements, providing a strong, hardware-enforced boundary. They ensure that your data and applications stay private and encrypted even while in use, keeping your sensitive code and other data encrypted in memory during processing. With this release, Microsoft integrated support for integrity features such as boot-time attestation and confidential disk encryption with enterprise key management options for PMK (platform-managed key) and CMK (customer-managed key) using Managed HSM with FIPS 140-2 Level 3 validation. For organizations wanting further separation of duties from the cloud service provider, Microsoft introducing a new ephemeral vTPM capability and disk integrity tooling which allows third parties to have flexibility and use custom key management, attestation, and disk protection solutions. Microsoft continue to partner across the Confidential Computing Consortium to offer the best Linux experience. Canonical Ubuntu Server 22.04 LTS is available today with support for Full Disk Encryption, both SUSE Linux Enterprise Server and Red Hat Enterprise Linux are coming soon. Microsoft also released Windows support for these VMs starting with Windows Server 2019, 2022 and Windows 11. This offering provides the broadest support for remote attestation solutions with native integration of Microsoft Azure Attestation, and support of Intel® Trust Authority for enterprises seeking operator independent attestation. Through the gated preview, Microsoft continued to enhance performance with the Intel partnership. These new virtual machines are up to 20% faster than 3rd Gen Intel Xeon virtual machines, and Microsoft expect performance for I/O intensive workloads to continue to improve as the technology matures. You can start deployments in December in Europe West, Europe North, Central US and East US 2. Helpfull links: