Blog Post

Azure Confidential Computing Blog
3 MIN READ

Private Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX

mmcrey's avatar
mmcrey
Icon for Microsoft rankMicrosoft
Apr 24, 2023

Today, we’re excited to announce the expansion of our Confidential VM family with the launch of the DCesv5-series and ECesv5-series in private preview. Featuring 4th Gen Intel® Xeon® Scalable processors, these VMs are backed by an all-new hardware-based Trusted Execution Environment called Intel® Trust Domain Extensions (TDX). Organizations can use these VMs to seamlessly bring confidential workloads to the cloud without any code changes to their applications.

 

At Azure, we strive to ensure your data is always under your control with the most-comprehensive enterprise compliance and security safeguards. Intel TDX helps harden the virtualized environment to deny the hypervisor and other host management code access to VM memory and state, including the cloud operator. Intel TDX helps assure workload integrity and confidentiality by mitigating a wide range of software and hardware attacks, including intrusion or inspection by software running in other VMs.

 

Trusted Execution Environments continue to rapidly improve in performance

 

On compute-intensive workloads, the new virtual machines protected with Intel TDX perform on-par with general-purpose D16sv5 virtual machines. Throughout the preview, we plan to further optimize and tune, and will release additional performance benchmarks for CPU, memory, and IO-intensive workloads.

 

 

Confidential virtual machines support a broad range of workloads

 

We continue to raise the security bar for general-purpose and memory-optimized virtual machines. This offering enables organizations to further fortify code and data, particularly for complex artificial intelligence models, training data, and inference data. Confidential VMs continue to demonstrate strength with migrating sensitive databases, enterprise applications, as well as mission-critical SAP instances.

 

  • DCesv5 series offers up to 96 vCPUs and range between 4 GiBs of memory, up to 384 GiBs
  • ECesv5 series offers up to 64 vCPUs and range between 8 GiBs of memory, up to 512 GiBs

 

New remote attestation capabilities

 

Since organizations will want to attest the environment, we provide capabilities to retrieve hardware evidence for cryptographic verification of the TEE state and third-party root of trust. Organizations will have native support for attestation with Microsoft Azure Attestation, and we’ve worked closely with Intel on support for “Project Amber”, Intel’s upcoming trust service, helping enterprises that want to enforce operator-independence and separation of duties deploying Confidential Computing.

 

Expanding support for confidentiality with ecosystem partners

 

We collaborated with the Confidential Computing Consortium to provide a first-class Linux experience for the platform. Throughout the preview, Canonical Ubuntu Server 22.04 LTS, SUSE Linux Enterprise Server 15 SP5 and SUSE Linux Enterprise Server for SAP 15 SP5 are available for testing. Canonical and SUSE consistently exhibit reliability and security for enterprise workloads. We are working on adding support for Red Hat Enterprise Linux (RHEL) and Windows support.

 

Sign up for the preview

 

Azure has built this product from the ground up in conjunction with a wide array of security-minded cloud professionals – from those seeking simple and highly secured cloud compute, to those responsible for their organizations’ most regulated and confidential data. Sign-up for the preview today.

 

Helpful Links

Updated Oct 31, 2023
Version 5.0
No CommentsBe the first to comment